{ "Event": { "analysis": "1", "date": "2025-05-27", "extends_uuid": "", "info": "[Threat Intel] Custom Arsenal Developed to Target Multiple Industries", "protected": false, "publish_timestamp": "1780383646", "published": true, "threat_level_id": "1", "timestamp": "1780383646", "uuid": "643a2194-c8b1-4f18-98ef-f9767b429683", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Additional Local or Domain Groups - T1098.007\"", "relationship_type": "" }, { "colour": "#40bedd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": "" }, { "colour": "#e72d65", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1574.001\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": "" }, { "colour": "#90e419", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"", "relationship_type": "" }, { "colour": "#fb3bcd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Host Information - T1592\"", "relationship_type": "" }, { "colour": "#2da3e8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Network Information - T1590\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Lateral Tool Transfer - T1570\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Account - T1087.001\"", "relationship_type": "" }, { "colour": "#ecc598", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Account - T1136.001\"", "relationship_type": "" }, { "colour": "#0aeb95", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Accounts - T1078.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#d92224", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-Stage Channels - T1104\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"", "relationship_type": "" }, { "colour": "#c615e8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scanning IP Blocks - T1595.001\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Account Manager - T1003.002\"", "relationship_type": "" }, { "colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#8c7e51", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Upload Malware - T1608.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Upload Tool - T1608.002\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Vulnerability Scanning - T1595.002\"", "relationship_type": "" }, { "colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-tool=\"sqlmap - S0225\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"JuicyPotato\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"STOWAWAY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Brute Ratel C4\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Vshell\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"Antivirus Web Shell Detection\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"SQL Injection Strings In URI\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"Potential Recon Activity Via Nltest.EXE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"Suspicious Download Via Certutil.EXE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"Suspicious Group And Account Reconnaissance Activity Using Net.EXE\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365527", "to_ids": false, "type": "link", "uuid": "fdd496f9-f1b9-4788-a60d-01382a336364", "value": "https://www.trendmicro.com/en_us/research/25/e/earth-lamia.html" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1748365527", "to_ids": false, "type": "text", "uuid": "aee62d68-5664-4c1d-bc45-eb4b4d9f6128", "value": "Earth Lamia, an APT threat actor, has been targeting organizations in Brazil, India, and Southeast Asia since 2023. The group exploits web application vulnerabilities, particularly SQL injection, to gain access to targeted systems. They have developed custom tools like PULSEPACK backdoor and BypassBoss for privilege escalation. Earth Lamia's targets have shifted over time, initially focusing on financial services, then logistics and online retail, and recently IT companies, universities, and government organizations. The group employs various techniques including DLL sideloading, use of legitimate binaries, and development of modular backdoors. Earth Lamia's activities have been linked to other reported campaigns, suggesting a complex and evolving threat landscape." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1748365527", "to_ids": false, "type": "text", "uuid": "b665ffbc-84fb-4aa5-8f0d-e2b4910cbe38", "value": "Name: Custom Arsenal Developed to Target Multiple Industries\nAuthor: AlienVault\nAdversary: Earth Lamia\nTags: [\"cve-2024-56145\", \"cve-2021-22205\", \"cve-2024-27198\", \"cve-2024-51378\", \"cve-2024-27199\", \"cve-2024-51567\", \"pulsepack\", \"dll sideloading\", \"sql injection\", \"bypassboss\", \"backdoor\", \"cobalt strike\", \"apt\", \"multi-industry targeting\", \"cve-2024-9047\", \"vshell\", \"custom tools\", \"vulnerability exploitation\", \"china-nexus\", \"cve-2017-9805\", \"brute ratel\", \"cve-2025-31324\"]\nTgtd countries: [\"Brazil\", \"British Indian Ocean Territory\", \"India\"]\nMlwr families: [\"PULSEPACK\", \"BypassBoss\", \"Cobalt Strike - S0154\", \"Brute Ratel\", \"VShell\"]\nAttack_ids: [\"T1053.005\", \"T1592\", \"T1587.001\", \"T1140\", \"T1608.001\", \"T1190\", \"T1583.001\", \"T1608.002\", \"T1595.002\", \"T1505.003\", \"T1136.001\", \"T1583.003\", \"T1059.001\", \"T1590\", \"T1078\", \"T1068\", \"T1059.003\", \"T1595.001\", \"T1078.003\"]\nIndustries: [\"Finance\", \"Government\", \"Technology\", \"Education\", \"Retail\", \"Transportation\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1748365527", "to_ids": false, "type": "threat-actor", "uuid": "2e1db61e-4ecf-4640-99af-62c8b0c42ab8", "value": "Earth Lamia" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "da261a8c-cf4e-45a0-8993-27a39e1cee4a", "value": "CVE-2017-9805" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "b352eaca-0bc5-4189-8aa5-d16e53a402cd", "value": "CVE-2021-22205" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "5271fdae-0693-4a35-9993-d393e0473b33", "value": "CVE-2024-27198" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "43b6f21d-d0a3-474b-ad8a-8c64f2f70e89", "value": "CVE-2024-27199" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "1ea9c319-b756-4efc-a906-117ced9a1a9e", "value": "CVE-2024-51378" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "38f0cfa5-fbef-44f3-8674-9adf4063987d", "value": "CVE-2024-51567" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "e2175d29-e77e-4912-9c63-958a518f6c70", "value": "CVE-2024-56145" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "ed2186f9-5d57-41da-be70-c52cee1b4795", "value": "CVE-2024-9047" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748365528", "to_ids": false, "type": "vulnerability", "uuid": "e341790c-a87f-4514-99c2-a96cedb59ec8", "value": "CVE-2025-31324" }, { "category": "Payload delivery", "comment": "Hacktool Rakshasa No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379288", "to_ids": true, "type": "sha256", "uuid": "7e2e8546-6049-44b8-9519-a642f133e17e", "value": "4598d35d789db350008c2307febe18859221923fe9f1fd2fa61bccc8eca8828e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool GodPotato No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379289", "to_ids": true, "type": "sha256", "uuid": "9fe237c6-0a27-4197-ae2f-b3742f20d1e4", "value": "d04904e32b5cb0f9b559855fac81d62c6ad0472dc443be02f08b6fe4a7d56f71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379289", "to_ids": true, "type": "sha256", "uuid": "30f880af-8725-4080-adb3-0471b6126f7d", "value": "5060bcd360683d43dcde43676d908d5d10b5310e71f16c42529b103b91818d57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379289", "to_ids": true, "type": "sha256", "uuid": "816f177b-0105-4789-aaf4-deb5b187ff4e", "value": "95fb0944a2348f1e326b4ce65b04a5b62e1587d90c40d3bb505dc93f5f61295a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379290", "to_ids": true, "type": "sha256", "uuid": "adec06f2-4caa-4aa3-b4ce-79d38d9b5de3", "value": "b8c0d54f40d0c9deafa44860799a54a09c32cc795498bf0e9f2bef49fa056288", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Stowaway No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379290", "to_ids": true, "type": "sha256", "uuid": "c60acc77-e400-48aa-bd58-f44879b7a243", "value": "d8e272f50e1d699870a74f8cbed06a9371212c208bcfa8b3c992a4744e84ed87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL sideloading loader No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379291", "to_ids": true, "type": "sha256", "uuid": "3f7610e4-a49d-49fe-97c2-9cf175ed99c6", "value": "0916166f5cf72e5869aeb75331a46f9bf978fa328b08e13ee356dd7b0b13afba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL sideloading loader No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379291", "to_ids": true, "type": "sha256", "uuid": "76e2fb9b-f108-4ca7-92be-528cb0e2806a", "value": "15a61d74ba86155e9d4636b9f081452a530b6766cc59e950d557a21eab96d60a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL sideloading loader No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379291", "to_ids": true, "type": "sha256", "uuid": "d2dd7566-5ab5-47c4-82bf-0c79b5838d64", "value": "3c50d4953e0f695d8e2849546dd0a4a9b8d06b3ab3d70d32e4181ca7f8c58b1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL sideloading loader No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379292", "to_ids": true, "type": "sha256", "uuid": "20f8b6bb-bb2a-4810-bc50-70e79c9d559f", "value": "d8364dc34ccece608beea861067fa31cae3f4ef0c3fcdf1804cc88d162c0ff15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL sideloading loader No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379292", "to_ids": true, "type": "sha256", "uuid": "63ecb0e9-697e-4419-ad0f-310b4fd476cf", "value": "edc9222aece9098ad636af351dd896ffee3360e487fda658062a9722edf02185", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL sideloading loader No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379292", "to_ids": true, "type": "sha256", "uuid": "eb92e56b-9e94-4162-b1d5-e05944e8ad52", "value": "ffdb183742a3404c3756ba654ea8eb7983650cbf8fdc4e8a6514870e251f2915", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379293", "to_ids": true, "type": "sha256", "uuid": "39d85ba3-8035-4dc8-9214-02e8f465e258", "value": "03bc25ae7222a8142e06629d22c62900e9cd2554ff7d2b9d8836125c6c4fea8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379293", "to_ids": true, "type": "sha256", "uuid": "1b6d06f3-3cca-4ea3-9021-41fc646ec890", "value": "a4f8ffff81c13d2bc6ba5f0ded5ea31b73450ad1a0f42c592f1040d46263846a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379294", "to_ids": true, "type": "sha256", "uuid": "acd5e725-7b79-4102-aa3f-c67f6d3b23eb", "value": "037bda8a7e324e378720ff143ca1810b95c78e74062913e9bc588aac9aa55483", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379294", "to_ids": true, "type": "sha256", "uuid": "7f7a0376-c65f-48d6-a8a6-7050b06307dd", "value": "038712505c782f6de7fd435805db35cd806da5132bd7b2f2b16b0c430b800f65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379294", "to_ids": true, "type": "sha256", "uuid": "88827221-06fc-4c11-a637-bf2382872d5e", "value": "1572c35417c425433d03477d8e02784739337db9c26df25c0e6b2aa0444c0668", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379295", "to_ids": true, "type": "sha256", "uuid": "452eb9fa-0aed-47ac-aeb3-5eea99fa7011", "value": "2629de99f35a283ad44e8fea20a3b536187c8babb24f18763429390f77144128", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379295", "to_ids": true, "type": "sha256", "uuid": "7c81b651-39c2-4c92-94ab-1fff3bb28dcd", "value": "2a5e8e3d02de6f13195ac962862e37918fa7ab9aa14d8fbe3eb9f2fb217b9517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379295", "to_ids": true, "type": "sha256", "uuid": "4f22fc1a-961a-42ab-8635-3e365a3862dd", "value": "2a62393c3b2e97cdbd03181d4e4cf699d4511c56a1c9c4ed8ff122f05eb919cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379296", "to_ids": true, "type": "sha256", "uuid": "fb23f5f1-6c74-41f3-9086-9a99b18f888f", "value": "2ea8980002af5ace6c34408626ac56b424ea0a2504ccd0281e09d560e8e05276", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379296", "to_ids": true, "type": "sha256", "uuid": "c855fd01-fec8-4f09-88f4-a06fe36b9099", "value": "367aa34601606f4f09a496dfeed1d301b8b76643f976ed02960d9e85cce38595", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379297", "to_ids": true, "type": "sha256", "uuid": "4f3340fb-8ed6-451f-be25-4329477ce3de", "value": "3e2f9c3b76c3b4d932783faeb7ab25cfed3edd939f58659e0aa92fd46a6b1111", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379297", "to_ids": true, "type": "sha256", "uuid": "321c1c9f-398e-4dba-9acb-be08aad9110b", "value": "54b0949e3771e1b1dd7eabdbaf2acffe5e527edafc4a5ffa6aaeb0a6047479f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379297", "to_ids": true, "type": "sha256", "uuid": "9b0eab33-65db-44d7-bb21-d46ca211f772", "value": "56a00f3f589909783b72ca6fe40d898f45d9787e94f4291a008259ff0a18b12c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379298", "to_ids": true, "type": "sha256", "uuid": "d138afa4-d0b4-4259-8419-ab23102385fd", "value": "613985e6cb0783fa378100d464065c0cfab636230ed76994d9daed6b19af3be1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379298", "to_ids": true, "type": "sha256", "uuid": "49e64b1c-a96f-42a1-8f53-6f7988680029", "value": "6d9b34bec276a1351ef46e63829237c7352a2e64118fe072a650979557b421b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379298", "to_ids": true, "type": "sha256", "uuid": "2adf689a-27cb-48e6-af58-600b7b64668f", "value": "8550677e8ca53235c5eda21401e75ab495e418877e71149d1ae0c3ce247c3124", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379299", "to_ids": true, "type": "sha256", "uuid": "f3b47ff8-923c-4c48-befa-1401da904474", "value": "92e82fe79025aa9e68cae7b734de8c840ec7c6dd439f17abefe69354d4a8bd6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379299", "to_ids": true, "type": "sha256", "uuid": "f6acdc0b-78e5-402e-b68d-6ef1f5edf746", "value": "b24316e81b6ebf954fab7a87a211554cde6986b239792610f8d234d05d2a2a1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379300", "to_ids": true, "type": "sha256", "uuid": "31e22165-ec15-4e41-83b6-c817c1afb7e3", "value": "dc27e0fabdbad970519d354a83f8c4791d2311dedb9e7ed3cee2d0f52078f000", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379300", "to_ids": true, "type": "sha256", "uuid": "d41b1991-905c-420b-b821-d911a47b432f", "value": "18cb28c5c7beae394111cf867b4e3cd8e154ab7c7f3d91016e0ead5d90009ee3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379301", "to_ids": true, "type": "sha256", "uuid": "55695fef-4b21-4830-a451-09becfd6bb61", "value": "3be0b7d41d9fedfcbf5dd8147640f1d12c5693936910fcc76d7af99243056b94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379301", "to_ids": true, "type": "sha256", "uuid": "b7d90d8e-a7d2-4124-b453-52551f72b884", "value": "608a5144ae8ddec032854092da555eb9e29626465657c1c5cc3de0ada0bfea7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379301", "to_ids": true, "type": "sha256", "uuid": "9dca5446-f80d-47ec-b1c2-9bde78d68776", "value": "7c56b87fbc92c9ff8bbd0f0979acb839eea8695c1fd18b731fdb0feca077fd4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379302", "to_ids": true, "type": "sha256", "uuid": "8c5393b8-7bad-4e0d-afd1-721ea64deb47", "value": "853e735b64cac5c64d18b78b35dc4129551909b8ee3bdb1ad2b6ef75349f0108", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379302", "to_ids": true, "type": "sha256", "uuid": "b5759cc2-423d-4fb1-8b2d-3589ec62de46", "value": "a7a7004ed404980e56f3e9dd4b349a42b39d08b310d32c8ec7db8d55ee693a93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket No sample in VT\r\nLast check:28/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1748379303", "to_ids": true, "type": "sha256", "uuid": "623d3e78-8a05-4ce9-b23a-4815570d7643", "value": "c8f855c7b1456739d1c03c4225093475baba75cb49d3f1051ba4e40831e5ce84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Earth Lamia hosting servers", "deleted": false, "disable_correlation": false, "timestamp": "1780041162", "to_ids": true, "type": "ip-dst", "uuid": "a513a15f-9d0d-42d9-86b2-cbd9bace8546", "value": "185.238.251.244", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#8e8779", "local": false, "name": "asn:asn=\"199959\"", "relationship_type": "" }, { "colour": "#d781fd", "local": false, "name": "asn:as-owner=\"CROWNCLOUD\"", "relationship_type": "" }, { "colour": "#7f61db", "local": false, "name": "asn:as-country=\"AU\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"australia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Earth Lamia hosting servers", "deleted": false, "disable_correlation": false, "timestamp": "1780041163", "to_ids": true, "type": "ip-dst", "uuid": "6902c071-f834-4241-893c-ada202201472", "value": "206.237.1.201", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d97e45", "local": false, "name": "asn:asn=\"932\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Earth Lamia hosting servers", "deleted": false, "disable_correlation": false, "timestamp": "1780041165", "to_ids": true, "type": "ip-dst", "uuid": "529e010f-3b42-4aeb-a253-3dbdca7bf2b0", "value": "206.238.179.242", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Cobalt Strike C&C Domain", "deleted": false, "disable_correlation": false, "timestamp": "1748383235", "to_ids": true, "type": "domain", "uuid": "bb78a32f-6019-4781-9246-64a7f0aa115c", "value": "chrome-online.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Cobalt Strike C&C Domain", "deleted": false, "disable_correlation": false, "timestamp": "1748383257", "to_ids": true, "type": "hostname", "uuid": "2dfeb280-805d-40ae-8fdb-d6e7d1b1f2a4", "value": "times.windowstimes.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Brute Ratel C&C Domain", "deleted": false, "disable_correlation": false, "timestamp": "1748383278", "to_ids": true, "type": "hostname", "uuid": "5884b47f-d8c8-4a51-8973-e788ef5c1f80", "value": "dxzdq7un7c7hs.cloudfront.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Brute Ratel C&C Domain", "deleted": false, "disable_correlation": false, "timestamp": "1748383299", "to_ids": true, "type": "hostname", "uuid": "8802443c-7576-477d-83c0-db8861186354", "value": "d3hg0xriyu9bjh.cloudfront.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041167", "to_ids": true, "type": "ip-dst", "uuid": "7b341e1a-0151-41f1-8e3e-7b6e8f3e93ad", "value": "103.30.76.206", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d97e45", "local": false, "name": "asn:asn=\"932\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041168", "to_ids": true, "type": "ip-dst", "uuid": "4eae8480-9f3a-4eb4-af83-e5b7b2a01f57", "value": "149.104.23.171", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d97e45", "local": false, "name": "asn:asn=\"932\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041170", "to_ids": true, "type": "ip-dst", "uuid": "531ae35a-afa3-4198-9ad4-944d99403a38", "value": "154.211.89.5", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383383", "to_ids": true, "type": "ip-dst", "uuid": "139fd0eb-e7d1-4117-bba5-346e7d56024a", "value": "164.155.231.64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383634", "to_ids": true, "type": "ip-dst", "uuid": "fad3a80a-a231-45d4-a940-dd0ff891f4fb", "value": "185.238.251.38", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#8e8779", "local": false, "name": "asn:asn=\"199959\"", "relationship_type": "" }, { "colour": "#d781fd", "local": false, "name": "asn:as-owner=\"CROWNCLOUD\"", "relationship_type": "" }, { "colour": "#7f61db", "local": false, "name": "asn:as-country=\"AU\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"australia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383636", "to_ids": true, "type": "ip-dst", "uuid": "24ba875c-bb19-4975-be26-85ca9a1bfa7a", "value": "185.238.251.46", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#8e8779", "local": false, "name": "asn:asn=\"199959\"", "relationship_type": "" }, { "colour": "#d781fd", "local": false, "name": "asn:as-owner=\"CROWNCLOUD\"", "relationship_type": "" }, { "colour": "#7f61db", "local": false, "name": "asn:as-country=\"AU\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"australia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383637", "to_ids": true, "type": "ip-dst", "uuid": "2bdfa407-da06-45e9-8340-162ef6f8c06d", "value": "206.237.0.251", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d97e45", "local": false, "name": "asn:asn=\"932\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383638", "to_ids": true, "type": "ip-dst", "uuid": "5a5b6e43-cfae-4d70-a854-7f01015aaee0", "value": "206.238.179.172", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383639", "to_ids": true, "type": "ip-dst", "uuid": "933a6d8a-8ec8-4e78-8e8c-895892950d38", "value": "206.238.76.121", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383641", "to_ids": true, "type": "ip-dst", "uuid": "17d12f1f-1827-4d9a-851a-d89aad84dcc2", "value": "206.238.196.155", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383642", "to_ids": true, "type": "ip-dst", "uuid": "10294048-dc19-441e-aa04-b42be9a1bdd6", "value": "206.238.199.21", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383554", "to_ids": true, "type": "hostname", "uuid": "91549029-fb44-4010-93fa-454961e9730b", "value": "api.xwphd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383575", "to_ids": true, "type": "hostname", "uuid": "511bc06f-3001-4dc6-a524-1ccadf1f8d38", "value": "bkp.windowstimes.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383596", "to_ids": true, "type": "hostname", "uuid": "6fe4518b-a16c-4e46-8ce9-bdb2940b81ba", "value": "times.windowstimes.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383617", "to_ids": true, "type": "hostname", "uuid": "2b211b87-0892-4daf-ab44-731829d08438", "value": "image.windowstimes.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vshell C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383639", "to_ids": true, "type": "hostname", "uuid": "96358880-2df8-4cfc-8157-0ada7092fb58", "value": "images.windowstimes.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "PULSEPACK C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383644", "to_ids": true, "type": "ip-dst", "uuid": "f0a57bf7-359b-4ef4-a656-93121434ea0f", "value": "104.233.140.135", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7b1b4", "local": false, "name": "asn:asn=\"54600\"", "relationship_type": "" }, { "colour": "#6fa6ce", "local": false, "name": "asn:as-owner=\"PEG-SV\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "PULSEPACK C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383645", "to_ids": true, "type": "ip-dst", "uuid": "5c7e5309-8264-4bf1-a362-511d1c370f9e", "value": "134.122.176.156", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "PULSEPACK C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1780383646", "to_ids": true, "type": "ip-dst", "uuid": "2cc407c8-a4f4-49b1-9e13-ff524e22d722", "value": "141.11.149.124", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#66166c", "local": false, "name": "asn:asn=\"61112\"", "relationship_type": "" }, { "colour": "#f32492", "local": false, "name": "asn:as-owner=\"AkileCloud Network\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "PULSEPACK C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383724", "to_ids": true, "type": "hostname", "uuid": "43ffe423-806a-46ca-b97d-373c5f5bea2a", "value": "0ac0568239f8978.ccega6r0yph8.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "PULSEPACK C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383745", "to_ids": true, "type": "hostname", "uuid": "59d32b8d-af2d-414f-b3e7-366e3e765d1b", "value": "784564141.ccega6r0yph8.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "PULSEPACK C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383766", "to_ids": true, "type": "hostname", "uuid": "c727cef9-cea7-46f1-b037-13426e2d9d56", "value": "c43f5d6e73a7eb.ccega6r0yph8.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "PULSEPACK C&C Server", "deleted": false, "disable_correlation": false, "timestamp": "1748383787", "to_ids": true, "type": "hostname", "uuid": "1fc47512-4ce4-4547-8e9b-32b30b6e450c", "value": "admin.668608.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Other", "comment": "We also noticed the threat actor used SQL injection vulnerabilities to execute the following commands. The commands create a new account \"sysadmin123\" with administrator permissions on the targeted SQL servers. It allows the actor to directly access and exfiltrate victim databases.", "deleted": false, "disable_correlation": false, "timestamp": "1748372256", "to_ids": false, "type": "other", "uuid": "d404faba-53fd-4b83-b2b0-03985cab0844", "value": "CREATE LOGIN sysadmin123 WITH PASSWORD = 'qwe123QWE';\r\nALTER SERVER ROLE sysadmin ADD MEMBER sysadmin123;" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748372250", "to_ids": false, "type": "text", "uuid": "23fe5138-ea11-4063-8673-3e5b9bc521cf", "value": "The username \u201chelpdesk\u201d and password \u201cP@ssw0rd\u201d pair created during the attack" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1748389604", "to_ids": false, "type": "link", "uuid": "0be5052d-519b-4aae-bbef-29adcc9f38e5", "value": "https://x.com/_rectifyq/status/1927511371467399505" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383808", "uuid": "89b1a64c-b659-4911-9f2d-f35841d289b2", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool Kscan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383808", "to_ids": true, "type": "md5", "uuid": "2736cbbb-5be8-4b55-b524-980f6e0b0b9e", "value": "eba237f4049ee3ef374e25ad59093622", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Kscan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379213", "to_ids": true, "type": "sha1", "uuid": "389387b2-2947-4295-8027-24d7e5f43f34", "value": "57a26be3e175fe41fd2581cb7d9c95c7f0b14cf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Kscan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379213", "to_ids": true, "type": "sha256", "uuid": "1bd7c031-b948-4fc9-aca1-bb8db91c2629", "value": "2fd5b4d1cb318b8cbd9c3a5df0ee0c248e8261a20f33110b221ae9cb8b1071ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374525", "to_ids": true, "type": "ssdeep", "uuid": "82fee806-9e6b-47c4-b638-f0b25860ecf5", "value": "196608:MjaYVuWUqkFb65rSD0g9EpiHst2v9Hizu+q2tt:MjaYdUqkFuAACzHHv3J2tt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374525", "to_ids": false, "type": "size-in-bytes", "uuid": "cd233cf1-7ba0-42b0-9014-de6ac8201cb3", "value": "6992204" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374525", "to_ids": true, "type": "vhash", "uuid": "efefba9c-a159-4d66-9102-20a9ce1bac42", "value": "2a85fbef90580a5a9f23c0c917daa086" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374525", "to_ids": true, "type": "filename", "uuid": "cf660443-9e04-429f-89d8-0c547c69a676", "value": "kscan_linux_amd64.octet-stream" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374525", "to_ids": false, "type": "text", "uuid": "a04c59dd-15b8-4ef2-ba56-02d3ea27d9df", "value": "Hacktool Kscan\r\nType Description: ELF\nMicrosoft: None\nVT Total Detection:24/65\nFirst Submission:2022-12-30T21:26:46.000000+00:00\nLast Submission:2024-11-07T02:31:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383829", "uuid": "50aaebc8-949a-4b08-887b-8fee1528ad2a", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383829", "to_ids": true, "type": "md5", "uuid": "5fc3545f-ae3b-40da-aee0-1decf21cede1", "value": "f3981a6a520ee8fb9832ef51b2f1c7d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379213", "to_ids": true, "type": "sha1", "uuid": "2b1fa63d-ac11-4094-9874-348ca6a16ade", "value": "41656e98a22c53cf19c87e6acc21b9af8e07902f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379213", "to_ids": true, "type": "sha256", "uuid": "8fb2bd49-dd29-40ab-ac56-c46fb022192d", "value": "5c74a6e283b679c9a2e1e8dc74b0ac301f5fa4bd2b37a6c3af2ba4015b34a780", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374547", "to_ids": true, "type": "ssdeep", "uuid": "20d5ea3c-4305-449a-b805-c97023a2407d", "value": "98304:D1Ywyf6u/An7Z385weFMYgEwnM1sKSvqPvd3s:D190Kx853FMEwnM1sKEq3d8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374547", "to_ids": false, "type": "size-in-bytes", "uuid": "c6bf44df-383e-4e4f-8aa0-1de619f0a36f", "value": "24422400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374547", "to_ids": true, "type": "vhash", "uuid": "1c7a682e-0cc7-403f-80c8-b09307133ef1", "value": "027066655d5d15541az27!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374547", "to_ids": true, "type": "filename", "uuid": "664a93f4-9579-4ca9-a356-be86eedd30b3", "value": "2024-12-13_f3981a6a520ee8fb9832ef51b2f1c7d4_frostygoop_luca-stealer_poet-rat_rex_snatch" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374547", "to_ids": false, "type": "text", "uuid": "6c2dd12c-795f-479c-93f5-326a4677348c", "value": "Hacktool Fscan\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/ExploitBot\nVT Total Detection:49/72\nFirst Submission:2024-09-14T10:34:41.000000+00:00\nLast Submission:2024-12-13T05:26:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383851", "uuid": "55694979-06cb-448a-a5da-77910d76bb95", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383851", "to_ids": true, "type": "md5", "uuid": "df7f54d0-6606-411b-a8bc-9a12696432e7", "value": "8c5efc95e762b66aff18f31ee9c8d51d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379214", "to_ids": true, "type": "sha1", "uuid": "450ab660-8ef4-4e13-aa9b-56ec7fd6b9ae", "value": "5b0053f30a6572b422fd723997edd8bbc6210386", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379214", "to_ids": true, "type": "sha256", "uuid": "625c3527-4dea-4a07-bc54-5798e57b2bc3", "value": "62ba281147ceeefca5bd15f58ac52125bc42b0e134a6fcb4bd90efdae0fce318", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374569", "to_ids": true, "type": "ssdeep", "uuid": "12c66986-08c5-4e84-a5d8-cc513882ef3e", "value": "98304:EzCqI0kYRP6NxjFX9Llu/MjEW+K+GCFIaUV+kT87fhCuXUgh:wCHYNs1skj/vj3T8zhCIrh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374569", "to_ids": false, "type": "size-in-bytes", "uuid": "668bf36b-378a-4cec-a7aa-43af379dd45d", "value": "5771644" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374569", "to_ids": true, "type": "vhash", "uuid": "50b91d88-f0ab-471a-aaca-c07300ed5594", "value": "9662668bfe8235a44603cac0b335f1aa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374569", "to_ids": true, "type": "filename", "uuid": "05225c50-6195-4aba-8e62-8c02d0900ee7", "value": "fscan32" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374569", "to_ids": false, "type": "text", "uuid": "f0597782-5976-478a-8715-c99dc7253c5d", "value": "Hacktool Fscan\r\nType Description: ELF\nMicrosoft: HackTool:Linux/Fscan.A!MTB\nVT Total Detection:30/65\nFirst Submission:2023-11-30T10:17:28.000000+00:00\nLast Submission:2024-09-08T05:00:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383871", "uuid": "e39a7f22-d7ad-4eb1-80fb-8ff165a5fc86", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383871", "to_ids": true, "type": "md5", "uuid": "c6b17a7d-a294-46ae-af6f-1ac89f9ef34f", "value": "8f7dfbec116017d632ca77be578795fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379215", "to_ids": true, "type": "sha1", "uuid": "127cfde0-633e-4a67-bdae-9cd652d43ef7", "value": "5a341a41bb909bf577465491420e3fce6001c5cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379215", "to_ids": true, "type": "sha256", "uuid": "e058361b-52c9-4901-a7d9-1df683f25714", "value": "78eed41cec221edd4ffed223f2fd2271a96224fd1173ed685c8c0b274fe93029", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374590", "to_ids": true, "type": "ssdeep", "uuid": "c3ffbce6-847a-4e8d-8839-406c118fce6d", "value": "196608:3Y2UaraSExxzSDpDIrC+wnI54QXTW0sHyIl:qHzShIO+wnSDs5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374590", "to_ids": false, "type": "size-in-bytes", "uuid": "cc16057e-4e27-4960-b2d8-30dab693a691", "value": "6427136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374590", "to_ids": true, "type": "vhash", "uuid": "5304e3a4-7645-431e-b1d0-499eab4a0cc0", "value": "06603e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374590", "to_ids": true, "type": "filename", "uuid": "b8f79e8e-5439-4054-aa32-96ad603f7e74", "value": "test.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 03/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374590", "to_ids": false, "type": "text", "uuid": "c06df2a6-104c-4539-8098-164ef712ae53", "value": "Hacktool Fscan\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:56/72\nFirst Submission:2023-11-16T00:41:46.000000+00:00\nLast Submission:2024-11-05T09:04:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383893", "uuid": "ec84482b-5161-4ced-bd81-9af0d9abcca8", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383893", "to_ids": true, "type": "md5", "uuid": "e9a4cbec-6bbf-4b4d-97b5-c9343a844e8b", "value": "1facdcd05c43ba4d37274dffc90b6d4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379215", "to_ids": true, "type": "sha1", "uuid": "a58b3a7b-aa1d-4533-a079-93cb790ca96c", "value": "dc26aa1f01a3cb7c2ad487982efbcfe378d9acc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379215", "to_ids": true, "type": "sha256", "uuid": "07f7b20f-7e0f-44d4-a08d-c56f701953d5", "value": "b26458a0b60f4af597433fb7eff7b949ca96e59330f4e4bb85005e8bbcfa4f59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374612", "to_ids": true, "type": "ssdeep", "uuid": "e57af4a2-98eb-4ff2-bbcd-267f9023c879", "value": "98304:hgf3hTppKtRv6yVWbvhXymp6e+spQRlPuyBL6Nvqk3BVY1MHuo9lcTP:hwhT/KjvZVWbv4mseilkNSaKala" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374612", "to_ids": false, "type": "size-in-bytes", "uuid": "90920688-a177-4261-8cf1-81e36b84f691", "value": "6266348" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374612", "to_ids": true, "type": "vhash", "uuid": "16586a9c-b950-4690-aa43-8973d8877a45", "value": "8188af59d9cb84a352ccad89166a5c15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374612", "to_ids": true, "type": "filename", "uuid": "085c5dd7-de0f-460c-aef8-41476e6e88f8", "value": "fscan" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374612", "to_ids": false, "type": "text", "uuid": "ca77085e-5a14-49a6-99dc-70899892bb18", "value": "Hacktool Fscan\r\nType Description: ELF\nMicrosoft: Trojan:Linux/Casdet!rfn\nVT Total Detection:35/65\nFirst Submission:2023-11-21T01:48:54.000000+00:00\nLast Submission:2025-05-15T00:33:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383914", "uuid": "cdb006cb-915a-4087-85c7-230878363227", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383914", "to_ids": true, "type": "md5", "uuid": "f86a3196-04f3-4ac2-8bf3-4fde58804f4b", "value": "b8053bcd04ce9d7d19c7f36830a9f26b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379216", "to_ids": true, "type": "sha1", "uuid": "fe904d30-67b5-4e30-a73e-28174d2a71ab", "value": "3ba9a74f8faeff3de03e4c834f266582e2eb46a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Fscan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379216", "to_ids": true, "type": "sha256", "uuid": "49e56931-97e1-4143-a756-b816d151a186", "value": "e82ecbe3823046a27d8c39cc0a4acb498f415549946c9ff0e241838b34ed5a21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374634", "to_ids": true, "type": "ssdeep", "uuid": "c8e05b1c-8809-4176-ac0c-07ebb674a922", "value": "196608:dqv3cY5ebJz2aVxkrbUX5iqJ2nWeOCsi5IdVnBI:kv3cQeVzb8bUoasKI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374634", "to_ids": false, "type": "size-in-bytes", "uuid": "f270d715-d421-47a8-ab02-7db83efd9690", "value": "7100304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374634", "to_ids": true, "type": "vhash", "uuid": "3a6c8384-2b12-4f85-af63-5509147198f8", "value": "db91bbecde9c9c8c3cf7a86acc0cad06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374634", "to_ids": true, "type": "filename", "uuid": "c29c41d8-ce8e-4bad-a747-33cb341c2edd", "value": "fscan" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 26/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374634", "to_ids": false, "type": "text", "uuid": "5e41c407-76cb-4922-ab66-7bfd6c76e0a5", "value": "Hacktool Fscan\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt!MTB\nVT Total Detection:37/65\nFirst Submission:2024-05-15T04:50:09.000000+00:00\nLast Submission:2025-05-26T03:48:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383935", "uuid": "60fdfccb-35cc-4a79-a0b1-809fe4b30e66", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool GodPotato", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383935", "to_ids": true, "type": "md5", "uuid": "240d70ca-f771-49ed-8ef3-c1839e2251e6", "value": "5f3dd0514c98bab7172a4ccb2f7a152d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool GodPotato", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379217", "to_ids": true, "type": "sha1", "uuid": "d97ee26d-9275-4032-ab44-51fea3eb9554", "value": "232a0585a7cb6c54e15d5410c96aac5913038e7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool GodPotato", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379217", "to_ids": true, "type": "sha256", "uuid": "deedb063-0d8c-4b36-9620-87adc973d937", "value": "3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374655", "to_ids": true, "type": "ssdeep", "uuid": "7f30213b-fd33-409f-8875-71a44a5e7214", "value": "1536:av9ftLc1usS6EiQqEmw6Q2maY63AZhw8l1kdUgaTO:4Lc1FIaY6wLw86UgyO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374655", "to_ids": false, "type": "size-in-bytes", "uuid": "5fdc732e-c84c-4281-a7ac-439f93e6453b", "value": "57344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374655", "to_ids": true, "type": "vhash", "uuid": "1d7c07c8-7501-45f5-a2c9-22615c236713", "value": "25403655151f0883a2100720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374655", "to_ids": true, "type": "filename", "uuid": "f29dce0d-30e9-4f96-8aa8-6d12cc5ce0d0", "value": "GodPotato.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374655", "to_ids": false, "type": "text", "uuid": "bb965349-d82b-461c-9db1-002666219f2e", "value": "Hacktool GodPotato\r\nType Description: Win32 EXE\nMicrosoft: VirTool:MSIL/Gopotesez.A\nVT Total Detection:59/72\nFirst Submission:2023-04-11T17:40:20.000000+00:00\nLast Submission:2025-05-02T14:04:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383956", "uuid": "aad6f508-945c-45c4-8edb-dd6ec4c364b3", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383956", "to_ids": true, "type": "md5", "uuid": "4c7dfbd6-4161-42bc-a26b-972fa9cc87f0", "value": "808502752ca0492aca995e9b620d507b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379217", "to_ids": true, "type": "sha1", "uuid": "27dbfed5-d37b-4a75-a37a-477e4dd25bca", "value": "668c40bb6c792b3502b4eefd0916febc8dbd5182", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379217", "to_ids": true, "type": "sha256", "uuid": "1423bf67-56c9-4767-888b-7194da48c6b6", "value": "0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374699", "to_ids": true, "type": "ssdeep", "uuid": "5d917c36-b022-4baf-9719-234b1edcd106", "value": "6144:1fuJYaRk/qxEuUPAVHKZxgHb95dL2f552yxhMsxEc8d7:1fGFRw3+P/PuiX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374699", "to_ids": false, "type": "size-in-bytes", "uuid": "d542e22c-db6d-4812-8b82-2428d701535b", "value": "347648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374699", "to_ids": true, "type": "vhash", "uuid": "eb327b75-ad48-4fac-9cc2-406bb781de16", "value": "035076655d1555155550a8z6c7z65z3cz117z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374699", "to_ids": true, "type": "filename", "uuid": "8693210a-e143-47ff-865d-e3e09eb30784", "value": "JuicyPotato.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 23/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374699", "to_ids": false, "type": "text", "uuid": "497b7032-b8d1-4028-98ca-5360872216f6", "value": "Hacktool JuicyPotato\r\nType Description: Win32 EXE\nMicrosoft: HackTool:Win64/Juicypotato\nVT Total Detection:59/72\nFirst Submission:2018-08-15T09:33:26.000000+00:00\nLast Submission:2025-05-27T12:36:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383977", "uuid": "35357400-c8c5-436b-b91b-e05ed920f6f5", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383977", "to_ids": true, "type": "md5", "uuid": "18179753-b1b4-4e15-abf2-46e36ea6f1c2", "value": "d7c60f2aaefc8cdbe430cdc7694e99d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379218", "to_ids": true, "type": "sha1", "uuid": "c6085152-1bf3-4425-a910-6eda79350588", "value": "a5fd70e471318f10b0342ad36b2a3fcc8e1613a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379218", "to_ids": true, "type": "sha256", "uuid": "a1cfd410-37dc-40ac-bb3d-5ec901fa1c59", "value": "1d0b246f8d43442ea0eaecde5cfa7fcd8139a9ba93496cd82a8ac056f7393bcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374721", "to_ids": true, "type": "ssdeep", "uuid": "bfe52255-3147-49c5-a261-20789d718ab1", "value": "12288:Idy9NoIBsXKuHTMPGXtEbNIZGk2pEN0FLog7iHsERlGuruKPfuiXhCQ+I/zTssGQ:IenkTSGXCZIZ1MERgurZQZI0Vv/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374721", "to_ids": false, "type": "size-in-bytes", "uuid": "d07b8975-7890-4e71-85bf-d5775c1ab56c", "value": "2420224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374721", "to_ids": true, "type": "vhash", "uuid": "5bdb8b9b-8d46-4e5e-814a-41dd68ab9619", "value": "1260ae06551d55551d151az6b?z3" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374721", "to_ids": false, "type": "text", "uuid": "c10e0ee5-9654-43d8-a093-982f6177817d", "value": "Hacktool JuicyPotato\r\nType Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:30/72\nFirst Submission:2025-05-18T12:48:30.000000+00:00\nLast Submission:2025-05-18T12:48:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748383998", "uuid": "bcb809d5-58f1-4da2-b643-4178582749da", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748383998", "to_ids": true, "type": "md5", "uuid": "80201822-855c-4128-99ad-acbd85a8889a", "value": "4811ea6284f12970cf292c9844e326ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379219", "to_ids": true, "type": "sha1", "uuid": "82c46663-62ae-4d31-a380-01dc4b2a939c", "value": "2f4e56d6b65b58da7af32897035c26317561b648", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool JuicyPotato", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379219", "to_ids": true, "type": "sha256", "uuid": "5d657555-0417-4e99-92b5-b7f19e80f90d", "value": "c04860e0ecce7d3a91c5358aecbafc495b2a9f0936dabf99db5f46457776687a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374806", "to_ids": true, "type": "ssdeep", "uuid": "58713d7d-b2b5-4314-b683-8f87d24f26f5", "value": "196608:WrdQRyYri0oYIlRg9ws4Iex6KriPqmFieKdZGYtYwd17/BaYlYS:WravpoT3Cw5DIKrIqmFKG5wd17Jvx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374806", "to_ids": false, "type": "size-in-bytes", "uuid": "111dcc9e-14b4-404c-93ed-95ce772f5a63", "value": "12516352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374806", "to_ids": true, "type": "vhash", "uuid": "d1ed0eed-da07-4a07-ad5d-be66951832a5", "value": "0170a6050d0505060d177013z13z17z13z101nz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374806", "to_ids": true, "type": "filename", "uuid": "75c36b76-12d7-4b84-928a-fc5a8691db6c", "value": "jp.txt" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374806", "to_ids": false, "type": "text", "uuid": "99ce9bf8-40a0-4464-a2f3-7949b0c465bf", "value": "Hacktool JuicyPotato\r\nType Description: Win32 EXE\nMicrosoft: HackTool:Win64/JuicyPotato!rfn\nVT Total Detection:31/72\nFirst Submission:2024-11-06T14:35:33.000000+00:00\nLast Submission:2024-11-06T14:35:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384020", "uuid": "2f481b2a-0a22-4de6-af60-65b835c415a3", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384020", "to_ids": true, "type": "md5", "uuid": "f2846163-e4ff-4f62-9404-66af7529370b", "value": "1f48ad109b4449fdc0d6f7d3ec51131b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379219", "to_ids": true, "type": "sha1", "uuid": "e7b07d80-f405-4f7f-bf0b-bf69d835e023", "value": "65e980c6f4d42199b1369ee0414665c856d3aa03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379219", "to_ids": true, "type": "sha256", "uuid": "be9f8b8f-bbe6-4b14-ba33-c19417b68fd8", "value": "a134f4f4a8d5efd1529dfe83ba1084083da36fd3e78963e1d5d127f7649acb24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374827", "to_ids": true, "type": "ssdeep", "uuid": "81af1d54-9833-454c-87ad-3019a96817b2", "value": "49152:BDp/pxStdD3zlpOZQyZGAnDr6+y3ufsTegFpWO4+fBXwTp:BDpjClaMQ6+y+kTFj4+fhwd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374828", "to_ids": false, "type": "size-in-bytes", "uuid": "d0bb1dde-c9a3-4f26-b20f-bce139fe3184", "value": "2493780" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374828", "to_ids": true, "type": "vhash", "uuid": "0916a99a-cf27-4625-8124-ca1a1a9f2350", "value": "2a85fbef90580a5a9f23c0c917daa086" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374828", "to_ids": true, "type": "filename", "uuid": "19111ab7-e04a-4976-a7e4-771b4371622e", "value": "linux_x64_admin." }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374828", "to_ids": false, "type": "text", "uuid": "6e785c62-4975-4629-bbea-469ccb0ede85", "value": "Hacktool Stowaway\r\nType Description: ELF\nMicrosoft: HackTool:Linux/Stowaway.A!MTB\nVT Total Detection:32/65\nFirst Submission:2024-09-03T15:53:14.000000+00:00\nLast Submission:2024-09-11T00:30:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384041", "uuid": "ac4a1cbe-ccb5-43cd-868b-974c57aaedfb", "Attribute": [ { "category": "Payload delivery", "comment": "Hacktool Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384041", "to_ids": true, "type": "md5", "uuid": "33b4e450-829b-4136-b72d-4010eeba47ea", "value": "2ba8aa89d3b9d1c93083ed1108073115", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379220", "to_ids": true, "type": "sha1", "uuid": "a8d73887-f86c-438a-abb9-3f5c0de59336", "value": "ba5f9e8bd9b62836a2acfa7c384574a47434c403", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hacktool Stowaway", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379220", "to_ids": true, "type": "sha256", "uuid": "e45935f3-534e-4763-8023-6afdea4681d3", "value": "ad7848c78cfb589190a1363ee25c6db47dd04a577300a4fbe829ce5b71f0ff39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374849", "to_ids": true, "type": "ssdeep", "uuid": "118cc1ce-3e35-4797-804b-99bc874f7bda", "value": "24576:NKg6257i3fmiZyuYXK3uLvZwMH8bTeageiPGr24qmHLi2kwl:Mgb7xiZTYa31q83esbHLlka" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374849", "to_ids": false, "type": "size-in-bytes", "uuid": "409c353a-e11c-4902-a47a-af215f68ae75", "value": "1443840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374849", "to_ids": true, "type": "vhash", "uuid": "4c5e5032-73d8-4eb1-abf5-ae2f748b88c8", "value": "01603e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374849", "to_ids": true, "type": "filename", "uuid": "2430d890-b757-4952-82ba-9e78f57c3eb2", "value": "windows_x86_agent.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 19/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374849", "to_ids": false, "type": "text", "uuid": "82b1ec8a-4292-4d2a-b2e8-c2a2956014e0", "value": "Hacktool Stowaway\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:39/71\nFirst Submission:2023-08-16T05:43:17.000000+00:00\nLast Submission:2023-08-16T05:43:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384062", "uuid": "a6481e09-56eb-4489-86d6-a8e968c18d85", "Attribute": [ { "category": "Payload delivery", "comment": "BypassBoss", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384062", "to_ids": true, "type": "md5", "uuid": "dd079930-099c-4b7a-88cd-6c4580706f1f", "value": "fc63587e35ad00b9e601e1b544810ece", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BypassBoss", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379221", "to_ids": true, "type": "sha1", "uuid": "9712010a-9657-4cff-b77c-fe81e5a31851", "value": "6730df29944a9d4f08c296ff1581cc9e38a403c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BypassBoss", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379221", "to_ids": true, "type": "sha256", "uuid": "576fee92-5915-4ea1-ba71-8d7b65b15c2e", "value": "c87f7e0ae64e11ef755083bde6b756c695d07c6b89633f6fb66cd96214bcd502", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748374892", "to_ids": true, "type": "ssdeep", "uuid": "a95384d1-1ca9-4688-9afc-af18aa51fa5d", "value": "192:ocmu+x/U1oivg4XAMfrRHMPms3Qb93bxj43ZD4k4k2QQN:3mR9HiTzf9MPG93NKmk4kZQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748374892", "to_ids": false, "type": "size-in-bytes", "uuid": "fd1eb69b-cf94-4e7c-a6f7-a5178b637bed", "value": "10240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748374892", "to_ids": true, "type": "vhash", "uuid": "736a7e73-48cb-4d81-8f62-abda4234f78f", "value": "21403655151d083420020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748374892", "to_ids": true, "type": "filename", "uuid": "8c6e6058-9108-4273-854f-b0a6b3fdb466", "value": "BypassBoss.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 22/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748374892", "to_ids": false, "type": "text", "uuid": "bf1012d8-7574-4681-9c0f-8d64db41b5d0", "value": "BypassBoss\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:35/72\nFirst Submission:2025-01-15T13:39:05.000000+00:00\nLast Submission:2025-01-15T13:39:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384083", "uuid": "1eade9b7-22ba-45c4-a64d-4471188d7c6f", "Attribute": [ { "category": "Payload delivery", "comment": "Cobalt Strike", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384083", "to_ids": true, "type": "md5", "uuid": "bcef006c-e9f8-4bb4-ae4f-a46059fc79c2", "value": "eae9eed174de0c0301e29c4cedf3131d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379222", "to_ids": true, "type": "sha1", "uuid": "d069350a-b48a-4fb8-99b1-a677906364f0", "value": "ab713a0eb283828102035a0e293e62d0de444880", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379222", "to_ids": true, "type": "sha256", "uuid": "637bf5ef-6f99-4984-880e-7a4fa7ca73bc", "value": "8e53784a8600a6e6fcb61cf9a363a49c44fd97bf22cfec2948728ec622d817fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375040", "to_ids": true, "type": "ssdeep", "uuid": "e62d7666-0160-4554-a944-0f75f90c1079", "value": "6144:BCKoCKHVaa6VAxWJCkCFUd0kIUSwodLw/0DcTT:dtAIJCkoUbjS1dLw/hT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375040", "to_ids": false, "type": "size-in-bytes", "uuid": "1c5165d8-22a9-425d-9895-604e9ad6022d", "value": "288256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375040", "to_ids": true, "type": "vhash", "uuid": "19ac1fa1-29f7-4cf0-8b9a-7d3835eff45a", "value": "0250966d7515151c0d1d1az221d=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375040", "to_ids": true, "type": "filename", "uuid": "4d95d0b0-d87a-48f3-bcc5-80f826d03543", "value": "eae9eed174de0c0301e29c4cedf3131d.virus" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375040", "to_ids": false, "type": "text", "uuid": "7a6323b3-6839-40cc-978b-85de921e0c63", "value": "Cobalt Strike\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Bulz.SPVV!MTB\nVT Total Detection:63/72\nFirst Submission:2024-04-17T10:01:25.000000+00:00\nLast Submission:2024-04-17T10:01:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384104", "uuid": "6c00064a-8e39-48a4-854c-944dc120dc26", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384104", "to_ids": true, "type": "md5", "uuid": "f0cbe8d6-962d-458c-90ed-26108990f80b", "value": "1dd51961e61faac3c0a7a5e4d7910ac2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379222", "to_ids": true, "type": "sha1", "uuid": "590d8a68-8cb8-46b7-9f8a-8dffbeda38de", "value": "9c114c01d3aebaf7bdf5a7285585a21c109997f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379222", "to_ids": true, "type": "sha256", "uuid": "5d2db3aa-b9aa-4df7-8bd5-cc19d1cc73a3", "value": "7787eca1528144693930458282ee26c39508a9014152d36efa3b8645c188964c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375083", "to_ids": true, "type": "ssdeep", "uuid": "64071a17-d39f-4131-b653-7b731e1fb1a4", "value": "48:6IIF9BlQaexGyugZH7An0cF5uduvxRxUjbON9XM/ge93ahr0/:y9BOaMGy3M0cF50uDxUOvXeg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375083", "to_ids": false, "type": "size-in-bytes", "uuid": "3f144e9e-863e-4209-9f09-bebb05907fec", "value": "4608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375083", "to_ids": true, "type": "vhash", "uuid": "4a6f8980-d6a2-4ed1-96af-692e373894a6", "value": "04303655151bz1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375083", "to_ids": true, "type": "filename", "uuid": "589b6dd6-249f-4f46-9e83-545e890b3607", "value": "1dd51961e61faac3c0a7a5e4d7910ac2.virus" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375083", "to_ids": false, "type": "text", "uuid": "f78c73c6-7535-44a3-9e4c-67506f4017fe", "value": "Vshell stager\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mikey.HNC!MTB\nVT Total Detection:49/72\nFirst Submission:2024-05-18T07:33:05.000000+00:00\nLast Submission:2024-05-18T07:33:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384124", "uuid": "77bf9478-3871-49e3-9fe4-bf2ce3ee8a68", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384124", "to_ids": true, "type": "md5", "uuid": "f4193658-0082-4480-b6d9-c68fb251c584", "value": "ba180ccdcf7ae06fabe3a538ac2b9acf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379223", "to_ids": true, "type": "sha1", "uuid": "fc376e48-afe0-46c0-b13e-c03177cdaa7e", "value": "81571961b1756b1ba44403c294a2bf46e5615702", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379223", "to_ids": true, "type": "sha256", "uuid": "48d4c6c6-124d-42f3-b53e-2dc40752ce97", "value": "acbd2ed341e3dab5d7f258afc098ca86be9916bca6b9d2624557100164a4df2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375125", "to_ids": true, "type": "ssdeep", "uuid": "fe263d8e-0768-479c-915b-fda5f7369b21", "value": "96:GjOTpJ4WHbHf5jlTTej6TNJ9VoNddfs2oYJYoBSf7meaamBFBp8hBdZvZ4:G6z4WTjTTfTpVIdfs2So8f2Tr8h3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375125", "to_ids": false, "type": "size-in-bytes", "uuid": "2c40d9e7-8ff2-4df5-8d43-453e693e2644", "value": "9848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375125", "to_ids": true, "type": "vhash", "uuid": "cbec3b7c-559f-4b77-858e-4ccdd835e43e", "value": "b76f8127124fcb2099679131afa2df38" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375125", "to_ids": true, "type": "filename", "uuid": "4554a11d-51d6-45fe-bdd1-feddd8f049f5", "value": "linux_amd64" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 19/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375125", "to_ids": false, "type": "text", "uuid": "e8538d99-3fea-4927-a3a6-5584720103d5", "value": "Vshell stager\r\nType Description: ELF\nMicrosoft: Trojan:Linux/Multiverze\nVT Total Detection:34/64\nFirst Submission:2024-04-24T11:09:56.000000+00:00\nLast Submission:2024-04-24T11:44:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384145", "uuid": "41d84b79-c824-4302-922a-17e9aeea1e53", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384145", "to_ids": true, "type": "md5", "uuid": "dce39616-11c0-48f4-8efe-f0ff62c241eb", "value": "0668293c9f523f26babc09617063493b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379224", "to_ids": true, "type": "sha1", "uuid": "d9c080d4-2bfd-44ec-ac02-d7c3077e61b4", "value": "f8cf927cb2baf893b136bc5d90535d193fc73b75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379224", "to_ids": true, "type": "sha256", "uuid": "f9415f09-8cfb-4418-b505-e7236d761c06", "value": "bb6ab67ddbb74e7afb82bb063744a91f3fecf5fd0f453a179c0776727f6870c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375147", "to_ids": true, "type": "ssdeep", "uuid": "a2da7e10-2374-4c68-b83f-41923c0232f7", "value": "98304:ds16J/QNLNChxk1EnGpqUeSMBk7ig9nzGqk/UxrstHgC2:ds16eNLNek1VpqUesOYiqfxrstHv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375147", "to_ids": false, "type": "size-in-bytes", "uuid": "a28412e0-d3bd-41fc-9af7-9e73cc69028f", "value": "8341504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375147", "to_ids": true, "type": "vhash", "uuid": "632107f6-cf37-4be1-98eb-67950bc32c87", "value": "1860ae06551d65551d151az6b?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375147", "to_ids": true, "type": "filename", "uuid": "c44911e4-9051-4b2c-82b8-3c47add496bc", "value": "mscoree.dll" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375147", "to_ids": false, "type": "text", "uuid": "321c0bff-f50b-4a40-b39a-5f454c179448", "value": "Vshell stager\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:43/72\nFirst Submission:2025-04-21T12:50:36.000000+00:00\nLast Submission:2025-04-21T12:50:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384165", "uuid": "d1af5eaa-a5b8-4016-ab82-b9d36982cb74", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384165", "to_ids": true, "type": "md5", "uuid": "a1374890-e4ee-4d36-a872-7a629742fddc", "value": "d616be31e0c14cb3a83d941809885715", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379225", "to_ids": true, "type": "sha1", "uuid": "5f4165b0-e6f7-4a27-975e-b7640b3c83a7", "value": "b6593ddbcec483d604a534adb05fbf6db3b4d3cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell stager", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379225", "to_ids": true, "type": "sha256", "uuid": "eaac2fd4-d5af-47ff-bbe5-14065419407c", "value": "eb1df006c34463faf8325c52c2f132b62adaaff37afc0bd7ddf0274fa30e59d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375169", "to_ids": true, "type": "ssdeep", "uuid": "5086bdeb-5765-4356-86b8-135c2ed371d5", "value": "48:6I7lwe7i85c8SEJdSR1Ig9TPe1YpV1ZsSZIXxhxhwcRaK:Pl1Jc92q1Ig9T2Enwp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375169", "to_ids": false, "type": "size-in-bytes", "uuid": "1820f307-0327-470d-91aa-60239004d9d3", "value": "4608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375169", "to_ids": true, "type": "vhash", "uuid": "d63c4773-3a4e-43a6-a870-88d149a986c8", "value": "04303655151bz1!z" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 01/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375169", "to_ids": false, "type": "text", "uuid": "e8896d05-7590-44a8-b9a7-03c49135f633", "value": "Vshell stager\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mikey.HNC!MTB\nVT Total Detection:37/74\nFirst Submission:2024-06-01T15:06:35.000000+00:00\nLast Submission:2024-06-01T15:06:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384186", "uuid": "12882637-b36f-4c5e-a3bd-4549c0f44bcc", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384186", "to_ids": true, "type": "md5", "uuid": "5381f181-6200-4265-a2a1-42cc85cda59f", "value": "8626131e41e1168db3ee5011c6b7388e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379225", "to_ids": true, "type": "sha1", "uuid": "abdd628a-2ee7-483d-9364-fd9b0374731a", "value": "04bc115537cb0aaeb298052b64fe38ece65aee1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379225", "to_ids": true, "type": "sha256", "uuid": "a8dc4d2a-a236-4129-aa43-493bb001962d", "value": "1b4660133c2f2125b1013a3fa22de51d60176052d7c1487c09630fee5582298a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375253", "to_ids": true, "type": "ssdeep", "uuid": "b0be06ec-485a-4378-a5d4-b2358467d975", "value": "98304:WTdBmuQhhqYt56c0Su3+DvD0yyheBQaZXEj/61m/CPPuscZ1loElR:WTdBmr3y+DvvjBQaRmb1lVT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375253", "to_ids": false, "type": "size-in-bytes", "uuid": "d7072e30-af3d-4a9a-a779-19002f5d509a", "value": "5628484" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375253", "to_ids": true, "type": "vhash", "uuid": "82460844-3b30-42c1-a43e-6e6dfeab83bf", "value": "8188af59d9cb84a352ccad89166a5c15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375253", "to_ids": true, "type": "filename", "uuid": "fdf04929-ef13-4023-a274-4a33181a9864", "value": "y_eacmd" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375253", "to_ids": false, "type": "text", "uuid": "a8bcb36d-ed20-4f63-be74-0bb22b8ed970", "value": "Vshell\r\nType Description: ELF\nMicrosoft: Trojan:Linux/Multiverze\nVT Total Detection:35/63\nFirst Submission:2024-11-08T03:57:10.000000+00:00\nLast Submission:2024-11-20T16:20:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384207", "uuid": "88129231-833e-4a90-924f-134746a58e5d", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384207", "to_ids": true, "type": "md5", "uuid": "c717781f-4970-4698-a7e1-1bf0909c5707", "value": "249722da053044036b2381619d080bfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379226", "to_ids": true, "type": "sha1", "uuid": "64ff1030-9ad2-478f-95a4-8aef7e481694", "value": "1a90eba92624442ca70ea44d1641c1f81544cd3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379226", "to_ids": true, "type": "sha256", "uuid": "f62ea923-b414-4b1c-8ed3-ce6a4759a2fe", "value": "411005c29ff637fa65d20a1ffcb6877663e8c73c0ec67b09a9648df9647930a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375401", "to_ids": true, "type": "ssdeep", "uuid": "8763cdd5-8364-4313-af7d-bdb0e7d11b46", "value": "98304:8qpcL8zufkRuAlUjFOrrG6crEPI+xqm95OnE7sQio65IYxh3xxQcFvRncltc8huT:zpcLAwyFlURGTc8Xqmz77sQioaIYxVPt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375401", "to_ids": false, "type": "size-in-bytes", "uuid": "e0e59aea-e548-45cc-aa70-963910062dda", "value": "6161664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375401", "to_ids": true, "type": "vhash", "uuid": "daacd2cd-bd4f-4ec6-bfa7-06dccede8b86", "value": "06603e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375401", "to_ids": true, "type": "filename", "uuid": "135147bb-0878-4600-8803-f973d4a1476d", "value": "249722da053044036b2381619d080bfe.virus" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375401", "to_ids": false, "type": "text", "uuid": "5dbca9b8-fac0-410c-a929-0fd57d1650b3", "value": "Vshell\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Multiverze\nVT Total Detection:53/72\nFirst Submission:2024-01-29T10:48:16.000000+00:00\nLast Submission:2024-01-29T10:48:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384227", "uuid": "5a28989b-dab3-4b7c-9026-49d81422194f", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384227", "to_ids": true, "type": "md5", "uuid": "4de20fd2-0193-45a6-8b7b-14e9407187f9", "value": "d416f79514231cedb2d34514bc10b5c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379227", "to_ids": true, "type": "sha1", "uuid": "8340ce9f-207f-4d0d-8cab-7edb520397c5", "value": "97e85c03da1bbc14541116fb69bc94ad66e553a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379227", "to_ids": true, "type": "sha256", "uuid": "941f76fb-b377-4fb9-b3c6-a80ed63de5a5", "value": "538e5a536714c0db69b4bb1ea6df421299e75e8c0b2c4644992ebd022c98cd65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375423", "to_ids": true, "type": "ssdeep", "uuid": "0532eefd-685c-4d3a-a3d2-aef35d34c2fb", "value": "98304:QqpcL8zufkRuAlUjFOrrG6crEPI+xqm95OnE7sQio65IucE7Jd0ihf1aNWX49ADd:fpcLAwyFlURGTc8Xqmz77sQioaIucE7/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375423", "to_ids": false, "type": "size-in-bytes", "uuid": "4fd640f8-8555-48f1-927b-8b0091d496aa", "value": "6161664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375423", "to_ids": true, "type": "vhash", "uuid": "8f9a0b1c-5152-4452-92e7-d650250729bc", "value": "06603e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375423", "to_ids": true, "type": "filename", "uuid": "da8d5744-754b-45af-8811-27fdf3263bb2", "value": "d416f79514231cedb2d34514bc10b5c5.virus" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375423", "to_ids": false, "type": "text", "uuid": "44b8d333-f763-4a6e-8141-5c89382396ef", "value": "Vshell\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:51/72\nFirst Submission:2024-09-15T14:11:30.000000+00:00\nLast Submission:2024-09-15T14:11:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384248", "uuid": "485d5a07-fc72-4083-8692-b39a5fef4b2f", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384248", "to_ids": true, "type": "md5", "uuid": "3ff62f05-0223-442d-abc9-b9f3130262d9", "value": "3b61b7502b1e1772cce053b62815f465", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379227", "to_ids": true, "type": "sha1", "uuid": "077c7d99-8b0f-4116-9cdd-faa552730010", "value": "b411a017506ae352706b60ff3ad5b1419eb93304", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379227", "to_ids": true, "type": "sha256", "uuid": "bdaf8fac-694b-4319-b3da-cd5f2585f1ed", "value": "687ca3726ef5168cc4e27ebb560ba649ec4967e44d24806c620f5d1337afa46c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375508", "to_ids": true, "type": "ssdeep", "uuid": "4a3db6d4-afee-4a76-bec3-17bc67acb728", "value": "98304:CTdBmuQhhqYt56c0Su3+DvD0yyhRBQaXxssff9WaoZOreZELloEla:CTdBmr3y+DvvABQajf43lZ8lVE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375508", "to_ids": false, "type": "size-in-bytes", "uuid": "4b2b717b-1286-4ffd-927a-9ec44e22141f", "value": "5628480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375508", "to_ids": true, "type": "vhash", "uuid": "7015c0bd-835e-48d4-b9e8-f2b594cae07c", "value": "8188af59d9cb84a352ccad89166a5c15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375508", "to_ids": true, "type": "filename", "uuid": "4d41231d-a87c-4b15-8c36-d44512b60f5a", "value": "eacmd" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375508", "to_ids": false, "type": "text", "uuid": "988ceeae-0cb2-4d48-a354-044bb58520b7", "value": "Vshell\r\nType Description: ELF\nMicrosoft: Program:Linux/Multiverze!rfn\nVT Total Detection:35/65\nFirst Submission:2024-05-20T08:59:18.000000+00:00\nLast Submission:2024-05-20T08:59:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384269", "uuid": "bc2d4d79-7aac-4fe1-af06-364521b1806f", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384269", "to_ids": true, "type": "md5", "uuid": "6a64947d-b580-4a6e-9e3e-a75f15c168db", "value": "5b90fd1acec3f6251ff8627a42505e83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379228", "to_ids": true, "type": "sha1", "uuid": "8e5eed9e-48b9-44cb-9b32-4088640b6d09", "value": "6eaec5ead18912ece740f8b9704341bace5e30c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379228", "to_ids": true, "type": "sha256", "uuid": "252708c9-2c1e-4c7a-97c4-445ad9f84207", "value": "6ecd637ec715709a21ae05c3917e7b33cc35ce2b77700c938d16897fcd0cd8ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375551", "to_ids": true, "type": "ssdeep", "uuid": "7a77cc66-4408-4380-83ff-643fd4ac2025", "value": "98304:VXVQSir56LAGgFb/khmi1lpO/pvP4pRDnEW/5rOkXNxX7rFeVxIv7FNhr:v656LAGgFb/khn7410n1guNtdOxSxr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375551", "to_ids": false, "type": "size-in-bytes", "uuid": "0a4d0d8b-85e9-4cfc-b0d8-f600bfb6afe1", "value": "5351688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375551", "to_ids": true, "type": "vhash", "uuid": "208a5c2e-9307-4784-8b97-def49ae61c7e", "value": "9662668bfe8235a44603cac0b335f1aa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375551", "to_ids": true, "type": "filename", "uuid": "82db8799-a751-4c50-ae75-204e9590bf9e", "value": "li (1)" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375551", "to_ids": false, "type": "text", "uuid": "f0e59076-3fc1-44aa-8f95-6fea2c57d198", "value": "Vshell\r\nType Description: ELF\nMicrosoft: Program:Linux/Multiverze\nVT Total Detection:28/65\nFirst Submission:2024-12-01T20:45:37.000000+00:00\nLast Submission:2025-01-18T09:22:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384289", "uuid": "f96e5fbf-a8ce-4806-91fa-7f09e6da27f1", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384289", "to_ids": true, "type": "md5", "uuid": "460cf5f5-eb75-4397-8c12-7228a04572c5", "value": "0f68e438134c2781d26f6b2b255beec1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379228", "to_ids": true, "type": "sha1", "uuid": "a3c0ce44-39b4-401f-ba24-7f704fa29b6a", "value": "02fa713d3d28f01f697116cea3993014eaaec3df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379229", "to_ids": true, "type": "sha256", "uuid": "81c18dd6-1e3b-492b-9578-c1c1c7dae622", "value": "7ab4710efc9cee29c4c17c2d7b367ee528ca3070835bc961eb8481f4ef010ee8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375573", "to_ids": true, "type": "ssdeep", "uuid": "ef1518bf-ddcd-4249-8ceb-e01f03ce63c5", "value": "98304:ehYYOXaQEF7gx0oV+tT7P8vAUQzyjhpxHQK58SQpo225DAgHYLtyOZHzhMPjgaGy:e5as7gCXwjhpxwKRysD2LtyOTMPcm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375573", "to_ids": false, "type": "size-in-bytes", "uuid": "d5c434c0-f9db-4642-a78e-960d5e8dcc54", "value": "16625664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375573", "to_ids": true, "type": "vhash", "uuid": "ad86af53-0efb-43cc-9ff1-c40ae031b486", "value": "c9cb406017b455c727b936767e0c8bf7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375573", "to_ids": true, "type": "filename", "uuid": "46a55015-5500-4f34-b7f6-c1e54baf5e18", "value": "monitor" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375573", "to_ids": false, "type": "text", "uuid": "18d152d0-83f9-49f1-b7e0-8275dc5818f5", "value": "Vshell\r\nType Description: ELF\nMicrosoft: Program:Linux/Multiverze\nVT Total Detection:28/65\nFirst Submission:2025-01-17T06:38:25.000000+00:00\nLast Submission:2025-01-17T07:38:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384310", "uuid": "cd96dc0f-58bd-42a6-80e1-ac2a4bd9f6fa", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384310", "to_ids": true, "type": "md5", "uuid": "d669a2c8-fb31-4d37-9911-9133cf801555", "value": "c8a1828b11806d675abba3774409bad7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379229", "to_ids": true, "type": "sha1", "uuid": "1c2a859f-410d-46e7-8527-873f46e120ce", "value": "91269992e9a7623006b49c453eced2b943247969", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379229", "to_ids": true, "type": "sha256", "uuid": "44a8146a-f0c5-4aca-a862-9befa28d44c4", "value": "84f3b5432a437a8319d81556cceb857609d2c5c9a1e4eb8dab61f528db59e83c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375594", "to_ids": true, "type": "ssdeep", "uuid": "5c77f739-55ba-46ff-803e-d3350e21d7ba", "value": "196608:YKKKAUy9LDp16bLemtQLDQ7RjRur4A/Ccysehgy:gNw72D7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375594", "to_ids": false, "type": "size-in-bytes", "uuid": "b5574830-ce23-492d-bfb2-2ffe6bd769af", "value": "19969280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375594", "to_ids": true, "type": "vhash", "uuid": "c6139a13-1912-42a2-bfad-21141ee9e0e7", "value": "017066655d1d15541az2a!z" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 17/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375594", "to_ids": false, "type": "text", "uuid": "8e57abcc-5b6a-4b48-bf5b-6f77d11be2c4", "value": "Vshell\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:26/73\nFirst Submission:2024-03-01T10:03:15.000000+00:00\nLast Submission:2024-03-01T10:03:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384331", "uuid": "a5a502e2-83ed-4405-b0c1-bf35d7dfa471", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384331", "to_ids": true, "type": "md5", "uuid": "45e29077-2aec-4981-b6dd-a921912bd230", "value": "35d8b9782ecd9b3b109a5fd23cb8b12a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379230", "to_ids": true, "type": "sha1", "uuid": "4058234a-9f1d-4b8e-be62-59399cb3dc8d", "value": "d04a85bd45d7cac11468a0d85dfa70710a4e5f3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379230", "to_ids": true, "type": "sha256", "uuid": "e4685677-0944-4c20-a2ed-0108c7c1fe70", "value": "b2850795bd5be0e6556e20fa10160585def005c2a5cd8df2c345a662714bd815", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375679", "to_ids": true, "type": "ssdeep", "uuid": "a0a70b3b-7f32-4b65-8772-185788e20ffd", "value": "196608:m5YZIswIGJBWzl0ZHPSAGJQ8lm3tyn0ypInWHDCv5N3Ad7/TEldPZD:iswjJ8l0xPQdUtkKKCv5xA9ridPZD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375679", "to_ids": false, "type": "size-in-bytes", "uuid": "10b01ff1-c005-4d5b-8a1c-a44156c6a306", "value": "11416848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375679", "to_ids": true, "type": "vhash", "uuid": "898d2213-cfa6-40d5-9b05-3f0163f5586c", "value": "017096757d7d15745d1fcz1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375679", "to_ids": true, "type": "filename", "uuid": "d744ad82-439b-4bab-9c3e-a8cf1090e8ce", "value": "ti.dll" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375679", "to_ids": false, "type": "text", "uuid": "9cb295ee-1f37-4716-bbcd-08ab66159b9a", "value": "Vshell\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:34/72\nFirst Submission:2024-11-11T01:04:10.000000+00:00\nLast Submission:2024-11-11T01:04:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384351", "uuid": "1d62dc04-e0c7-43b0-b01f-5c6ec16f1ed0", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384351", "to_ids": true, "type": "md5", "uuid": "5e9bd236-3b20-45a0-8a74-342a5daf68d5", "value": "23dfefab675e7c735f36e5bbb19da2c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379230", "to_ids": true, "type": "sha1", "uuid": "c0a0e9bf-2118-46a4-a341-6ec6ef0d8225", "value": "8a559e3cefd9e5facccae672437c9ea8b2fa1883", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379230", "to_ids": true, "type": "sha256", "uuid": "47feecf2-be3c-4861-9f44-08aed6a445f4", "value": "ba114a9b775ccf8215f80094d353b06b3a9fd32e22167e4e06ba986a738ec518", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375700", "to_ids": true, "type": "ssdeep", "uuid": "bc88787e-f99d-4bd3-80fb-1e879b6dc4d5", "value": "196608:YKKKAUy9LDp16bLemtQLDQ7RjBur4A/Ccysehgy:gNwL2D7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375700", "to_ids": false, "type": "size-in-bytes", "uuid": "677574fd-f163-43e5-b5a6-94907a920808", "value": "19969280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375700", "to_ids": true, "type": "vhash", "uuid": "14483781-3318-45f3-80b4-78b3c267c90d", "value": "017066655d1d15541az2a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375700", "to_ids": true, "type": "filename", "uuid": "d6321e4e-0667-4e8c-b90e-848187b67204", "value": "2024-11-08_23dfefab675e7c735f36e5bbb19da2c0_frostygoop_luca-stealer_poet-rat_snatch" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 18/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375700", "to_ids": false, "type": "text", "uuid": "75da40eb-62ab-46b6-973b-c6c20defd247", "value": "Vshell\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.C!ml\nVT Total Detection:39/72\nFirst Submission:2024-11-08T08:35:51.000000+00:00\nLast Submission:2024-11-09T02:45:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384372", "uuid": "c63c7ca0-1a16-4e41-8f2b-561ed2d7d421", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384372", "to_ids": true, "type": "md5", "uuid": "9f0e89e0-d8a9-463e-959b-2cc41303922b", "value": "61bb551c3ab85d80b8e107019aee02b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379231", "to_ids": true, "type": "sha1", "uuid": "5aca1831-774b-4275-b0ba-c0df67c7a9e3", "value": "428887427aa631aa3bf8e38c487743a0dc156969", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379231", "to_ids": true, "type": "sha256", "uuid": "22e42757-744c-40ec-b558-5c831aa302e0", "value": "bce9616ed0d829a05ce7df6c1fb90895a93772eb438ed7b2cc35407c34031666", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375722", "to_ids": true, "type": "ssdeep", "uuid": "44830f50-b54e-4e00-90be-bbc8e5f9d70c", "value": "196608:B8DUKKKAUy9LDp16bLemtQLDQ7RjBur4A/Ccysehgy:U0NwL2D7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375722", "to_ids": false, "type": "size-in-bytes", "uuid": "4cbf4cf4-09b5-4403-b3dd-a4b6d5f9e907", "value": "26178560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375722", "to_ids": true, "type": "vhash", "uuid": "f6968ac7-5c36-4eb3-af9f-7b758e6a6d44", "value": "1270ae06551d55551d151az6b?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375722", "to_ids": true, "type": "filename", "uuid": "9d98b9fd-7fe5-4a08-8658-ddbb284e478f", "value": "mscoree.dll" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375722", "to_ids": false, "type": "text", "uuid": "ec41fd38-9c88-4695-841f-c663dfd9d731", "value": "Vshell\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:43/72\nFirst Submission:2025-04-17T17:12:41.000000+00:00\nLast Submission:2025-04-17T17:12:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384392", "uuid": "1a6fe31b-a8e5-4a5d-b058-44cac7117c11", "Attribute": [ { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384392", "to_ids": true, "type": "md5", "uuid": "c8cc3586-b812-402b-b0bc-b9eb999749cf", "value": "df85cc21029de10bd1170e8bc15c92e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379232", "to_ids": true, "type": "sha1", "uuid": "49eae755-3e1f-4378-9ce4-6a3ab0213a0e", "value": "5d657c760d3ef7a630e50d09f890cb3452649cd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vshell", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379232", "to_ids": true, "type": "sha256", "uuid": "26a29a2e-cc8c-46e3-b1d3-794e29da3ab2", "value": "ff724631dba8abe354c8742f09d88821237632e36c305ba4f1132a95880dde67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375765", "to_ids": true, "type": "ssdeep", "uuid": "04562a3d-e328-4dd7-8e08-17ff00763a8f", "value": "49152:em/tX1XVVeRUajxnDJXYTbkeo4Pi7nDWyUeme0h6G1G1RmlGaGsc40yaFerzHP:ftX1XVTsxg4XjmJnQ4jFcxp8zv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375765", "to_ids": false, "type": "size-in-bytes", "uuid": "2d29f6bd-5843-423a-8a69-2d640422ac10", "value": "2922700" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375765", "to_ids": true, "type": "vhash", "uuid": "ef61be7b-db5c-432c-a9d2-58c1befeb240", "value": "e22bd0edf7683fe6d9248aee4b1d6ccd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375765", "to_ids": true, "type": "filename", "uuid": "51a81f7a-8b5a-4e59-afa9-2ba6e67218a9", "value": "systemd-check" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375765", "to_ids": false, "type": "text", "uuid": "5eb2879a-8774-438e-bc44-2aabfdff5065", "value": "Vshell\r\nType Description: ELF\nMicrosoft: HackTool:Linux/MalPack.B\nVT Total Detection:31/65\nFirst Submission:2025-02-21T07:10:33.000000+00:00\nLast Submission:2025-04-22T06:01:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384413", "uuid": "ed0e11d8-2d86-4d3d-a7c7-3f96fa81230b", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384413", "to_ids": true, "type": "md5", "uuid": "4b3e7629-2da8-4a4b-8caf-509c06a62e61", "value": "7b296e1d15bad71e9d7a0bff3d5cb821", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379232", "to_ids": true, "type": "sha1", "uuid": "f2ed08e4-53d1-4f42-8dbe-afff7f80ed7a", "value": "08bba4ced57b8bc08209d0b6dc96e2b6654290c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379232", "to_ids": true, "type": "sha256", "uuid": "14a77f1a-f0d2-4686-82ba-9cbf9d1b078b", "value": "029c5914cedf8e79a647ab69ac08b7ea662c7608ea80cd8c42d07f1d9fe84c9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375787", "to_ids": true, "type": "ssdeep", "uuid": "74dfb515-74c6-4239-95ff-10227c52ad24", "value": "1536:y7m2NL/2Autwzu/8b4jTQHHya7eU0qSCQgeBU:FE/2Au1a78Pi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375787", "to_ids": false, "type": "size-in-bytes", "uuid": "7d3a9d21-62bc-44af-ae66-eaa2f321f8b4", "value": "252928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375787", "to_ids": true, "type": "vhash", "uuid": "a0a62243-6c38-4207-a82c-20ac36074b91", "value": "025026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375787", "to_ids": true, "type": "filename", "uuid": "372abfe3-862b-4fb3-8528-17cfed1e4241", "value": "windows.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375787", "to_ids": false, "type": "text", "uuid": "26edc825-244d-4bcc-b0f3-25406a611a24", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:48/72\nFirst Submission:2024-08-04T20:36:07.000000+00:00\nLast Submission:2024-08-04T20:36:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384434", "uuid": "da0e1ea1-eae9-4eb9-a8f6-d97222213cbc", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384434", "to_ids": true, "type": "md5", "uuid": "126c9696-b945-44ff-bd71-af76b6f7b436", "value": "45e230d2f171a6c77a0ea46d8f5b13cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379233", "to_ids": true, "type": "sha1", "uuid": "d0e9f5b6-e0d4-496f-ab86-6ca79ac037fb", "value": "dc55d2eb86779d14b7bdd1a0869d82c6d6544f65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379233", "to_ids": true, "type": "sha256", "uuid": "c92ecb40-724c-46f4-ba5e-4eb6ada88cf5", "value": "0323aca727e12cbb4c492e3339f64969e46b3d300465af8dcdaf0e881aae1d0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375809", "to_ids": true, "type": "ssdeep", "uuid": "42238dfa-a591-497f-8511-80d0023ed318", "value": "1536:ng0qki/v/OPWAIADRZDrHec4nWzAW00DuZz5ZwDySbaTjQZyrB5edZT7VdgUXh2k:ng0xi/Hzrm47ZUeyRMGo5I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375809", "to_ids": false, "type": "size-in-bytes", "uuid": "394758fc-de1d-4931-9401-6e533806354c", "value": "221184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375809", "to_ids": true, "type": "vhash", "uuid": "c4a82956-d52e-4677-92c3-c67abd3a9498", "value": "2250361515112083143105f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375809", "to_ids": true, "type": "filename", "uuid": "9420ab8f-8553-4283-abcc-1fb274f72810", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375809", "to_ids": false, "type": "text", "uuid": "f5a09903-6a43-4881-9976-65e781deddd0", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:27/72\nFirst Submission:2024-08-05T09:31:56.000000+00:00\nLast Submission:2024-08-05T09:33:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384454", "uuid": "f88b6459-1487-48a2-bcf4-5735dc07a87a", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384454", "to_ids": true, "type": "md5", "uuid": "43720ab5-e0e6-416d-9b4b-d37dbac0fa50", "value": "80335292e481b6da875c8b6b074e5043", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379234", "to_ids": true, "type": "sha1", "uuid": "72702bdd-e971-45d1-bf77-76025b0218db", "value": "8251cecf03d678ae60defcca8fcfa4a8a7887419", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379234", "to_ids": true, "type": "sha256", "uuid": "44484776-bb15-4df7-ae20-c6f1fd115db9", "value": "0bc2ac5aa152fe7ebb4225f09f691f456631845eab2d71d548bdffed681af3b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375830", "to_ids": true, "type": "ssdeep", "uuid": "92a7f9a8-f325-429d-acb5-9de9ab7c3532", "value": "384:M4v8SihAyptWodDdakUghGHecRFi5TSErdyVHZKv:vfi2mtxhd3TmvinxyVs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375830", "to_ids": false, "type": "size-in-bytes", "uuid": "c52c0646-ac9e-4cd3-89fd-47661d322d06", "value": "22528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375830", "to_ids": true, "type": "vhash", "uuid": "e77e9051-e435-4071-b40f-b83569228d46", "value": "2240365515112083153104f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375830", "to_ids": true, "type": "filename", "uuid": "05ef13af-9703-4503-9cb3-758148f74744", "value": "TestDemo1.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 29/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375830", "to_ids": false, "type": "text", "uuid": "6b5464c9-27b9-4ce4-b2c1-2dde41746e6f", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:44/72\nFirst Submission:2024-10-04T08:30:21.000000+00:00\nLast Submission:2024-10-04T08:30:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384475", "uuid": "b6d93656-94b9-4bcf-b38d-ca7221f7a007", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384475", "to_ids": true, "type": "md5", "uuid": "5e547e2e-58c6-437b-9c94-03418d142c6a", "value": "797bc95a085440c6055f84b55f330d26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379234", "to_ids": true, "type": "sha1", "uuid": "31a4d957-cb3a-4a1b-820e-53bbb6371c59", "value": "b51a5df4f7e0dd0566fa9e00efe3ea52858427a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379234", "to_ids": true, "type": "sha256", "uuid": "cb2b4daa-a4f9-4a79-a063-5475e43d8765", "value": "0f7148bd9e74527c9da1a5913a04ee1b4c1c4ea75cab57539e6781e617b9dab0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375852", "to_ids": true, "type": "ssdeep", "uuid": "0ff3cfaa-c040-43e9-8a0e-a4441f50034e", "value": "384:HLNQPUHBKGiLyMQosL2cWklZIbpEiNp6cnX:HL9hKGgF/Oaoe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375852", "to_ids": false, "type": "size-in-bytes", "uuid": "514401d6-eda5-41e8-a022-4a0c3dd6deac", "value": "19456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375852", "to_ids": true, "type": "vhash", "uuid": "6bf44730-bc1b-4039-8204-0e5df6d1b884", "value": "2140365515112083143105f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375852", "to_ids": true, "type": "filename", "uuid": "2bc80090-3443-4297-b059-2d2aaca8ea18", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375852", "to_ids": false, "type": "text", "uuid": "b6dd4b0f-4b6c-473d-95f5-17109123faa4", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:12/72\nFirst Submission:2024-08-05T06:05:52.000000+00:00\nLast Submission:2024-08-05T06:05:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384496", "uuid": "27bde4f7-60f6-4eb8-85a1-113453388881", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384496", "to_ids": true, "type": "md5", "uuid": "e4539121-6fcd-4c65-97e0-bc08c2a4ada9", "value": "741739c7a97d26067ee0c74bdc7bd070", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379235", "to_ids": true, "type": "sha1", "uuid": "e4cdc23a-2242-4d37-8a41-3bdcdac1373b", "value": "94d7d24a681ba4b4d93af1aa9ebe7bfb974d35d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379235", "to_ids": true, "type": "sha256", "uuid": "12e31028-05cb-4977-8993-079324dac0a2", "value": "0fda765ed7aba6aa92dca681ab7e93160fcc5caaa0afae815d34e33fa647673a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375874", "to_ids": true, "type": "ssdeep", "uuid": "cb927fd2-0b50-43ef-887e-1d665580bbb7", "value": "1536:9USIgTvDEstG4R49FiBBOirl7EqEpvbtvDX4VD5lfPXX:TIgTvD5tG4R4Y3rl7EXD4xPXX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375874", "to_ids": false, "type": "size-in-bytes", "uuid": "1fed3d03-0fa5-4ae1-8718-993f26b0c13f", "value": "225792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375874", "to_ids": true, "type": "vhash", "uuid": "a7bf303c-a13c-4350-897a-9da3a1c25ec3", "value": "025026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375874", "to_ids": true, "type": "filename", "uuid": "8b3327d8-ae71-405c-97e3-62a9193da9c0", "value": "COMConsoleTest.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375874", "to_ids": false, "type": "text", "uuid": "1a8cc5b9-bbe5-4168-922f-7f8c2472fb51", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:49/72\nFirst Submission:2024-10-04T08:35:29.000000+00:00\nLast Submission:2024-10-09T04:12:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384516", "uuid": "25ca8a6b-a786-4c36-b388-8f2f33925342", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384516", "to_ids": true, "type": "md5", "uuid": "f80b09ce-5ccf-4caf-bd13-3172e1f1c09e", "value": "cf76177e2b82731a3b766cd5a1f9294e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379235", "to_ids": true, "type": "sha1", "uuid": "2c42a68b-8778-4af5-912c-526170ef316e", "value": "a606e5c5f1bed30dc1915934777931d4fba82cda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379236", "to_ids": true, "type": "sha256", "uuid": "89d9349b-ae4a-4804-8287-6ced52d5bc53", "value": "160dd63c6c58bd2a958c6b9e01c873c4192b6a4533197d7b506e49a04c5aef1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375896", "to_ids": true, "type": "ssdeep", "uuid": "3898dfb5-e0a1-48aa-8549-43a4a76ec506", "value": "3072:p2IcpW+nh/N/WtL9BMthaJLRlCK9EssubM+tGn3qti7bp1qd4solPsA6Ni+p:5V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375896", "to_ids": false, "type": "size-in-bytes", "uuid": "0ce26f3f-aa21-43f3-9774-d6612b1d6e4f", "value": "218624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375896", "to_ids": true, "type": "vhash", "uuid": "7fd4ddf8-5058-4caa-9c61-96090314d3b6", "value": "025026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375896", "to_ids": true, "type": "filename", "uuid": "1da32197-97e6-4631-a137-c1bec5a334ec", "value": "COM_Surrogate.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375896", "to_ids": false, "type": "text", "uuid": "5633d239-2407-4440-b7a3-103f13521512", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:30/72\nFirst Submission:2024-07-30T05:59:33.000000+00:00\nLast Submission:2024-07-30T05:59:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384537", "uuid": "2cb7a4ee-0202-4ef7-aaa7-27b1908e86bc", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384537", "to_ids": true, "type": "md5", "uuid": "3b9b5d97-4730-4aa3-afaa-f8fdfa058d2b", "value": "d158d9cf274fa8292fe5024b3ba97864", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379236", "to_ids": true, "type": "sha1", "uuid": "1b3bd410-76d5-4f9a-98eb-65e5ac23bd3a", "value": "3ec3b8b3d5e7ca841750dd78e365ac9e1c7a1b94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379236", "to_ids": true, "type": "sha256", "uuid": "d5120708-3396-4b8b-b271-2b9c81cb3b33", "value": "21a832ac4c538652416124106b307026d9a8abb943501ff2ce3a14d5fdf2c08b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375918", "to_ids": true, "type": "ssdeep", "uuid": "dfb0ee44-d855-47cb-94b1-ebb8d1e76af7", "value": "384:wLNQPUHBKGiLyMQosL2cWklZIbpkiNp6cnZ:wL9hKGgF/OaI4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375918", "to_ids": false, "type": "size-in-bytes", "uuid": "196ea2ef-7c90-494f-bbae-9ea7a9e5f20e", "value": "19456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375918", "to_ids": true, "type": "vhash", "uuid": "f59b87f0-5851-4618-a028-945d96fc53d8", "value": "2140365515112083143105f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375918", "to_ids": true, "type": "filename", "uuid": "4f2900f1-aa6c-48cb-aa28-e878982224da", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375918", "to_ids": false, "type": "text", "uuid": "45ff658e-fc62-42dd-b96c-69c794bfdba4", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:18/72\nFirst Submission:2024-08-05T06:07:57.000000+00:00\nLast Submission:2025-05-10T14:38:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384557", "uuid": "18911623-48ed-43de-a559-7346ec5dc4df", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384557", "to_ids": true, "type": "md5", "uuid": "023507f9-5bd9-474b-8956-22da33f74f53", "value": "d17ea1cc673eb4943f181151ba728698", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379237", "to_ids": true, "type": "sha1", "uuid": "5ac313e6-24e1-485d-a24e-535f733a1835", "value": "b07863c0ca55819672f8824ef92e5cd9111dd258", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379237", "to_ids": true, "type": "sha256", "uuid": "860355e2-6056-4523-a4a4-130adb90d029", "value": "263ee8e9f8fbdb95ca8afb642e990f66c41e194110a70765f2abf7257e0790e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375939", "to_ids": true, "type": "ssdeep", "uuid": "a771a6cb-ef58-4c6d-9103-8a70da33611b", "value": "1536:GK/BrNZTpiDBOirl7EqEpvbtvDX4VD5lfPPDH:L/NNZTM3rl7EXD4xPT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375939", "to_ids": false, "type": "size-in-bytes", "uuid": "6696eada-e4b0-43ed-b4aa-62aafc0e17d8", "value": "223232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375939", "to_ids": true, "type": "vhash", "uuid": "fdaf11cb-82da-4fb8-81a1-d1c454061be7", "value": "2250361515112083153104f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375939", "to_ids": true, "type": "filename", "uuid": "e9100036-bdce-4028-bd9f-31b337c4e276", "value": "TestDemo1.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375939", "to_ids": false, "type": "text", "uuid": "d6b88c13-95fa-4316-9050-0d701bf7a340", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:45/72\nFirst Submission:2024-10-04T08:27:48.000000+00:00\nLast Submission:2024-10-04T08:27:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384578", "uuid": "bc8b06a7-abec-4d3c-bef0-162229b302cc", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384578", "to_ids": true, "type": "md5", "uuid": "4f3897aa-8aac-4708-b913-069eabc09c84", "value": "a286406d4a7bfe1cf9537daf48e550ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379237", "to_ids": true, "type": "sha1", "uuid": "a1b10bd2-2f28-47df-824f-663a0dc7e370", "value": "020976d68c51fc9fc7e20125cae0e05b4402480e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379238", "to_ids": true, "type": "sha256", "uuid": "5deecafa-f15d-4207-9815-ad7444689e22", "value": "268c2b3286bb079ec6b047fe17321c7a98b24bf36c16598998de4fc48b6bedf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375962", "to_ids": true, "type": "ssdeep", "uuid": "53049414-0aaa-41ad-a126-b3c0659840d8", "value": "384:7LNQPUHBKNNDb6kL2cWTlkIbdOgWcq1uL0Q:7L9hKq3iaUOL0Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375962", "to_ids": false, "type": "size-in-bytes", "uuid": "773c53f8-1a99-4299-a2c7-b4274d35494f", "value": "19456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375962", "to_ids": true, "type": "vhash", "uuid": "044f5cac-de73-4970-91f5-c02838764ef0", "value": "2140365515112083143106f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375962", "to_ids": true, "type": "filename", "uuid": "c2f84619-8213-4ff7-8874-a8dfc365ac61", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375962", "to_ids": false, "type": "text", "uuid": "2e710306-9a07-47e1-909d-b16dc3be7f3f", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:13/72\nFirst Submission:2024-08-05T06:03:03.000000+00:00\nLast Submission:2024-08-05T06:03:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384599", "uuid": "fe6313c7-6302-4860-ad25-2739d27554e9", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384599", "to_ids": true, "type": "md5", "uuid": "b127fe2f-4301-450e-95f4-2f83f7f23dc9", "value": "71adbc766b9952040656a8d2ba320616", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379238", "to_ids": true, "type": "sha1", "uuid": "7a4f9b07-d7b9-4241-85a9-8589204840cf", "value": "6b4ad70fbd9b92465477a454fd690d513a88c74a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379238", "to_ids": true, "type": "sha256", "uuid": "fed4cd69-3b25-416e-9c0a-fdfbc5b69a22", "value": "3b7b0b7dabe9fe77797ef944121f611d6eb69716a15942c6b58998fbfd6b13d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748375984", "to_ids": true, "type": "ssdeep", "uuid": "e98b2294-e75f-4613-98e4-2bfc37bec6e4", "value": "192:ZdTJ37NQP4RAcB6iCjop6c85XL2cNRWkRHj+Kepehu/bptZZ+9PfsqwsJvhmjcNQ:ZLLNQPUHBKjTRL2cWklZIbpAkdcZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748375984", "to_ids": false, "type": "size-in-bytes", "uuid": "77a3bcf3-9d05-4c63-a2a6-c48c5e936089", "value": "19456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748375984", "to_ids": true, "type": "vhash", "uuid": "7148dcd7-3841-42ef-9af1-134edf9a3aff", "value": "2140365515112083143105f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748375984", "to_ids": true, "type": "filename", "uuid": "dec1ee3a-a87b-4ac3-8f19-1efe798a1d80", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748375984", "to_ids": false, "type": "text", "uuid": "6d7c3f3f-95ac-4c44-a9cd-fba25874c18a", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:13/72\nFirst Submission:2024-08-05T06:18:13.000000+00:00\nLast Submission:2024-08-05T06:18:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384619", "uuid": "5d0509b5-e734-4806-a11f-f3cc3010642f", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384619", "to_ids": true, "type": "md5", "uuid": "2a4cb535-ae11-4015-9a70-2f54275fe074", "value": "ec24505b3587562bcb007a943b37c85f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379239", "to_ids": true, "type": "sha1", "uuid": "e5bae2d2-8641-4c6a-b76c-5c3f7d348bb3", "value": "6b07f77f9352963f0593cce930ef55237e20a5d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379239", "to_ids": true, "type": "sha256", "uuid": "73158abd-ac41-4300-8f74-d17a44c5c664", "value": "475e1a46141efb13bae2e935e61a8731d466a53c1268ca54cd7ba3815b002256", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376008", "to_ids": true, "type": "ssdeep", "uuid": "1b9f497c-cffc-4ed2-9b92-26688f4d0bfa", "value": "6144:v/ZWYvmmRM2DgBPGlzypCVc9Ns3jJEhN:v/ZWYvmmRM2DgBPGlzypCVc9Ns3jJEhN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376008", "to_ids": false, "type": "size-in-bytes", "uuid": "f22c8ae9-608a-4ade-8c5b-94c4399a6384", "value": "219136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376008", "to_ids": true, "type": "vhash", "uuid": "08d6a94a-dbd9-42dc-b083-87c9becac2d9", "value": "025026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376008", "to_ids": true, "type": "filename", "uuid": "a423465e-8bcf-4553-af9c-44849c51b2a1", "value": "COM_Surrogate.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376008", "to_ids": false, "type": "text", "uuid": "fdc25686-eea9-4fe2-846b-740d921e4eab", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:38/72\nFirst Submission:2024-08-04T20:35:58.000000+00:00\nLast Submission:2024-08-04T20:35:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384640", "uuid": "588cfa6b-90f0-4a40-b562-61c2e3ccb67f", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384640", "to_ids": true, "type": "md5", "uuid": "0e639081-6130-4f12-8d07-8d1e656a63c6", "value": "a0d6e7ff48b2766a9863a822de8952c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379239", "to_ids": true, "type": "sha1", "uuid": "950a521b-0d79-4eb3-a5c0-f148ad90ceca", "value": "cf79c478ecd3a7d3c544a71fdd030b00487dded3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379239", "to_ids": true, "type": "sha256", "uuid": "6fd8ffbf-5663-41ad-94b6-d135dbb2a47a", "value": "4b49ec2d58a5a2726bd3f8aea4cb876fd24be3f0f44b2c2a5fed61424a7b5f05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376029", "to_ids": true, "type": "ssdeep", "uuid": "3cae97f2-ce3a-4fb9-b207-27b1bbf74cb7", "value": "3072:w3/yx/D0M6/ikdv4JSflt5g9hvF5vtx3DVaL5S:tx/D0M6/Ldv4Yflt5g9hvF5vtx3DVaN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376029", "to_ids": false, "type": "size-in-bytes", "uuid": "a0b66772-e5d5-4bdb-add5-d89b0cc64397", "value": "219136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376029", "to_ids": true, "type": "vhash", "uuid": "045dadb8-dbb1-460d-b2b7-d7577b0e48a9", "value": "2250361515112083143105f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376029", "to_ids": true, "type": "filename", "uuid": "95108d47-48c6-4eaa-9602-f63285eeb170", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376029", "to_ids": false, "type": "text", "uuid": "d690b023-cfe8-4287-9845-48034bbc7975", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:16/72\nFirst Submission:2024-08-05T06:10:00.000000+00:00\nLast Submission:2024-08-05T06:10:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384661", "uuid": "de9d23f8-0a33-462a-836b-522a471fc510", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384661", "to_ids": true, "type": "md5", "uuid": "a0a69dce-4b12-48e0-b42f-8bab6e34c7f9", "value": "b405f8145486d093dd0c394229fa8be4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379240", "to_ids": true, "type": "sha1", "uuid": "5ea08580-3b88-46d2-be64-c18bb0e3a721", "value": "0dd610da926b382f703495759caa4b260677d2be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379240", "to_ids": true, "type": "sha256", "uuid": "0a3a5234-e49d-4911-969a-2978fff8f951", "value": "4e1c1f94358a6402c69cca010fc2829514aeb77d11b33561469f0d0fdf64f989", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376051", "to_ids": true, "type": "ssdeep", "uuid": "fee64de8-912b-4b45-8700-db7ca68bb1f3", "value": "6144:1DaesCef3nQY4Kk4+FuLJX+MQtbyiKqp9Pjmx1uTX:1GgKK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376051", "to_ids": false, "type": "size-in-bytes", "uuid": "0344a2a0-a919-449f-b7c4-d0adefe321e0", "value": "220672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376051", "to_ids": true, "type": "vhash", "uuid": "176778ee-013a-448d-a044-346aa594ee26", "value": "025026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376051", "to_ids": true, "type": "filename", "uuid": "2ead7eba-da5e-4a06-b156-187aaf8285b3", "value": "windows.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376051", "to_ids": false, "type": "text", "uuid": "1d936abd-7be5-4a07-8cc8-eeff7e002035", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:48/72\nFirst Submission:2024-08-04T20:35:52.000000+00:00\nLast Submission:2024-08-04T20:35:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384681", "uuid": "466b026c-f665-4dbd-83e3-2ac7e3c5c902", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384681", "to_ids": true, "type": "md5", "uuid": "e3f7560c-ddf8-4232-9c24-de1d186a217c", "value": "c583c8e498de80e41202e4fa5c711a10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379241", "to_ids": true, "type": "sha1", "uuid": "6ad7c2ea-6e0f-4bca-a8d9-c01a063d5e8c", "value": "f52ddeebc6f9d77aeefa2978bbc440d2eb1766c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379241", "to_ids": true, "type": "sha256", "uuid": "a25778fb-6c7a-451e-9d5f-63bf7901a77b", "value": "6aa6250bf821907b7a2927086e0f5b8d759a81c620a3cc7cc45023f734dbac70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376073", "to_ids": true, "type": "ssdeep", "uuid": "af0d6353-88fa-4dcb-9bd2-078e5c1b84c5", "value": "3072:bleciOFdo2YS0w7Hj33GLiM9QXUNer80YuXuPv:xeFQB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376073", "to_ids": false, "type": "size-in-bytes", "uuid": "0de6b0e6-6c11-415c-b387-08cafd9ea860", "value": "225792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376073", "to_ids": true, "type": "vhash", "uuid": "e8622655-0514-4474-9efe-7bbc409a8439", "value": "2250361515112083153104f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376073", "to_ids": true, "type": "filename", "uuid": "a7f59682-63a1-49d9-9808-7801574e57db", "value": "ConsoleApp1.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376073", "to_ids": false, "type": "text", "uuid": "99a13e0d-f548-421c-beb6-46a599eb5442", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:46/72\nFirst Submission:2024-09-30T06:12:40.000000+00:00\nLast Submission:2024-09-30T06:12:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384702", "uuid": "41c92b72-2d2b-41d4-86f3-45c808119768", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384702", "to_ids": true, "type": "md5", "uuid": "95db901b-f97d-40bd-a37a-b124d9cf0433", "value": "8cf323a1e9bd706fabf850961a3de950", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379242", "to_ids": true, "type": "sha1", "uuid": "c23d08c9-c3d5-410f-aefa-e7cfb6d24e50", "value": "eb9a30e1f5caacfd02928201ce46394dcfdfd5d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379242", "to_ids": true, "type": "sha256", "uuid": "493cc377-6082-43fa-95ba-9b8ae480a943", "value": "900a9e65bab0c31cefb8e144e4d43052d1b0699d8df05b695bfe4b3275747d0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376094", "to_ids": true, "type": "ssdeep", "uuid": "1d27d430-05b4-46ee-bef8-6a898913f083", "value": "3072:E3yx/D0M6/ikdv4JSflt5g9hvF5vtx3DVaL59:Jx/D0M6/Ldv4Yflt5g9hvF5vtx3DVaN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376095", "to_ids": false, "type": "size-in-bytes", "uuid": "989a1427-4997-48b1-b16f-85291f3e457d", "value": "219136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376095", "to_ids": true, "type": "vhash", "uuid": "c2f522db-3573-438a-adc3-373abe820447", "value": "2250361515112083143105f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376095", "to_ids": true, "type": "filename", "uuid": "9793edd3-e52e-43b8-aa35-67f511eb3877", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376095", "to_ids": false, "type": "text", "uuid": "11e920c8-62c3-4d8e-8e2b-355a69112ceb", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:16/72\nFirst Submission:2024-08-05T06:09:18.000000+00:00\nLast Submission:2024-08-05T06:09:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384723", "uuid": "2a5034be-4524-46c1-86d8-274d263c6899", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384723", "to_ids": true, "type": "md5", "uuid": "673239f1-bfee-4c09-9fc3-147bf3886ee5", "value": "18b47a5fa2e2b77ea0e13cf79fdedbbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379243", "to_ids": true, "type": "sha1", "uuid": "769b7ac4-ddac-4ba9-a0d9-b7c2bb529587", "value": "cf25c135def55d3014300ff5f0343fd2cb303eeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379243", "to_ids": true, "type": "sha256", "uuid": "2ffaa8f6-2a0f-4a87-a302-8c3ffbe2523b", "value": "9144c7df6fbae476a8f288bbe002a5f83bbd58826dcea2e851f66c25ca568034", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376116", "to_ids": true, "type": "ssdeep", "uuid": "d0fd88f5-6462-4a09-9b4c-aa7f096d3231", "value": "384:yLNQPUHBK3Jd2C3X2kL2cWTl1Ibd5gWcq1uLm:yL9hKu33abOLm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376116", "to_ids": false, "type": "size-in-bytes", "uuid": "e593c295-f01f-49a7-b712-e601c5656689", "value": "19456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376116", "to_ids": true, "type": "vhash", "uuid": "8d888240-3d42-4406-b2c3-26caf98fdc24", "value": "2140365515112083143106f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376116", "to_ids": true, "type": "filename", "uuid": "20ec4b3a-66f1-42ee-9c03-c15c49bcd309", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376116", "to_ids": false, "type": "text", "uuid": "51637a25-0bae-4439-899b-250185748fea", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:15/72\nFirst Submission:2024-08-05T05:57:23.000000+00:00\nLast Submission:2024-08-05T05:57:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384743", "uuid": "7cc0f7df-ce06-442d-98ef-6389f2b8f6b3", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384743", "to_ids": true, "type": "md5", "uuid": "78416473-2cd9-4f8f-9d0d-3b68b8d4caee", "value": "0611908e9272994c2560b0488f370394", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379243", "to_ids": true, "type": "sha1", "uuid": "a3d0ff8a-8ded-49c7-a418-3019675d5dd9", "value": "edbb119724f78642fe9ac95f9b2f66d9582d8b1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379243", "to_ids": true, "type": "sha256", "uuid": "96df242a-439b-4077-a550-e8acac34e2bf", "value": "94ba2a1b5360a6799546999d8c528a064ddf76126b4478df8973ffdada2fdd62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376138", "to_ids": true, "type": "ssdeep", "uuid": "0e756351-f045-4950-8a11-04e90e944a9e", "value": "6144:6RJ5BTdQgNUz1PC3gUnlV7cRFtGLbx2IahzVXtN:+5BTdQgNUz1PC3gUnlV7cRFtGLbx2Ia/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376138", "to_ids": false, "type": "size-in-bytes", "uuid": "85f158f6-490e-44ff-929b-90e758650628", "value": "226816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376138", "to_ids": true, "type": "vhash", "uuid": "c6b959a9-c45c-49ac-a33d-cf3eb1501c73", "value": "025026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376138", "to_ids": true, "type": "filename", "uuid": "8d705f2f-c914-492f-b281-12ad8dc2c43f", "value": "1151561.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 31/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376138", "to_ids": false, "type": "text", "uuid": "2ede71b8-7f98-4640-afe6-37d630cbafad", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:50/72\nFirst Submission:2024-09-30T06:24:23.000000+00:00\nLast Submission:2024-09-30T06:24:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384764", "uuid": "e640d820-b286-452c-a851-372bc746c1ff", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384764", "to_ids": true, "type": "md5", "uuid": "770f9c8c-6f8f-4084-ae40-b655d802f721", "value": "f18042b4c6d8b9fd11a27da49b116769", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379244", "to_ids": true, "type": "sha1", "uuid": "5825a158-849d-445d-9eec-ca467d3a1434", "value": "cf51d95de415f5f21b7e8089b88915f462c3a95c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379244", "to_ids": true, "type": "sha256", "uuid": "bffee9c5-8c2e-484a-a5a9-4615ce647514", "value": "b905802b0e600f2988fb4d16eaa6eec65ed3c5b9735b79dd9a00dfa4d7abe65e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376160", "to_ids": true, "type": "ssdeep", "uuid": "8454ac98-2cd5-42f9-8b9a-c2d2a13dd201", "value": "6144:3zJcm+69ahO8YgSHnsCkQKGkhzUT6P8i+g764Re5EiVS:3xCvem" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376160", "to_ids": false, "type": "size-in-bytes", "uuid": "37a7ca88-2001-4037-a06f-dd2b610b660e", "value": "219648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376160", "to_ids": true, "type": "vhash", "uuid": "5a21f19a-2229-4484-ab07-680061de20e1", "value": "025026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376160", "to_ids": true, "type": "filename", "uuid": "78fe3193-494c-42da-98d0-c9982defa03e", "value": "windows.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376160", "to_ids": false, "type": "text", "uuid": "ad62fcad-32a0-43da-b52b-0f889c46a7da", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:47/72\nFirst Submission:2024-08-04T20:35:12.000000+00:00\nLast Submission:2024-08-04T20:35:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384785", "uuid": "0a198d9f-2e49-41b4-a3dd-bcd088202fc9", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384785", "to_ids": true, "type": "md5", "uuid": "5cace8e6-2d83-49ab-a6a6-3e07ef879638", "value": "6f24bcd0d33915adc01c81993ac203a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379245", "to_ids": true, "type": "sha1", "uuid": "b082fb63-2b6c-480d-b416-500d4e454e82", "value": "df49aa4923e4ecf9b7a1f5ec873c1e11eec412e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379245", "to_ids": true, "type": "sha256", "uuid": "7aaccebd-f52f-44b7-83ce-7ad519fe5919", "value": "ba65d71d06a8201d32edb98ca54149fb7662baac43d8ecd853c90d03f4320db0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376182", "to_ids": true, "type": "ssdeep", "uuid": "d27f1914-1ec8-470d-83d7-f74e3066ba6c", "value": "384:0bLoaOlzSHhQD/3dissAKyc7wtUBhXrecqtr7KRsGCZSV489:9nlzSBQj3+yciO7a57KRrgSO8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376182", "to_ids": false, "type": "size-in-bytes", "uuid": "5e77e533-149a-41e0-8a72-008b9715e4a1", "value": "25600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376182", "to_ids": true, "type": "vhash", "uuid": "47ca6214-5a10-47d5-9c26-65115b16290f", "value": "2240365515112083153104f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376182", "to_ids": true, "type": "filename", "uuid": "afc706f9-d9d8-4e8d-95ef-0cc33ae71bc3", "value": "ConsoleApp1.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376182", "to_ids": false, "type": "text", "uuid": "512fe9a2-0c4c-4fb7-a028-61634322b034", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:45/72\nFirst Submission:2024-09-30T06:15:14.000000+00:00\nLast Submission:2024-10-16T22:16:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384805", "uuid": "ef3f032b-dbad-43dd-849e-4c07b63c48b5", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384805", "to_ids": true, "type": "md5", "uuid": "fbeef6d3-7cab-4182-b42f-5b389f9e2e67", "value": "4b74f85a95b557c1c24d46f0a46277c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379245", "to_ids": true, "type": "sha1", "uuid": "7d9218d7-1842-4409-95ef-1d7f4b0ce97a", "value": "a9c50b98d17a4282a030e2df41b6513f56738deb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379245", "to_ids": true, "type": "sha256", "uuid": "9c26918c-79b9-498a-a57c-d2ed91574dda", "value": "c44d1a50eab5299fe20d742093df44a617eeee1e2e0a176bafd8ed95dd60c6c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376204", "to_ids": true, "type": "ssdeep", "uuid": "c426a8f9-00a9-49d1-9861-fc3c8fe1a4b1", "value": "384:U4v8Sih4kptWodDdakUghGHecRFi5TvGlrdyVH3Kv:3fiy4txhd3TmviRaxyVa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376204", "to_ids": false, "type": "size-in-bytes", "uuid": "a7723495-def7-4e8f-9826-17d12da4c2c2", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376204", "to_ids": true, "type": "vhash", "uuid": "5166f31c-772e-47a1-8b0e-187decf822cc", "value": "2240365515112083153104f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376204", "to_ids": true, "type": "filename", "uuid": "74d19cc6-f0ae-49b3-8757-5d913bf12609", "value": "TestDemo1.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376204", "to_ids": false, "type": "text", "uuid": "0ed2d452-1bd2-4f81-9c78-d9545f07ae4d", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:42/72\nFirst Submission:2024-10-04T08:33:16.000000+00:00\nLast Submission:2024-10-30T05:05:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384826", "uuid": "dc4eaea3-5636-45ee-9b72-d255c9a22358", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384826", "to_ids": true, "type": "md5", "uuid": "2089dd8d-8560-4366-b8ac-a2aaed61a599", "value": "d75da528b18f4fcf82bef45a41549691", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379246", "to_ids": true, "type": "sha1", "uuid": "951a7eca-0595-44a4-a559-cfccfe165351", "value": "a47c3966d48753a0e05a459ac2bb8b25b3792582", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379246", "to_ids": true, "type": "sha256", "uuid": "f07aa4f0-463e-4ef5-aa1c-183ce18d4b45", "value": "d3f0e0563269d23cfd1e54a16badd2e03d7826c364e2fb84ffe3d48b2a3738e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376225", "to_ids": true, "type": "ssdeep", "uuid": "b52ee5c3-6b30-4a66-ac56-4c1a18f491de", "value": "6144:SYon8DeZbC9sxvmSn8RovSiIXAn4wlWM/5X:SYg8DeZbC9sxvmSn8RovSiIXAn4wlWSd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376225", "to_ids": false, "type": "size-in-bytes", "uuid": "d10efff2-2400-491e-ad63-0684d41ba10c", "value": "219136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376225", "to_ids": true, "type": "vhash", "uuid": "af58be12-542e-4027-bada-ce5bf81011c7", "value": "025026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376225", "to_ids": true, "type": "filename", "uuid": "f4771a7e-1b44-45da-bb5f-86bb69ed181b", "value": "COM_Surrogate.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376225", "to_ids": false, "type": "text", "uuid": "3c6e1390-5461-4387-9291-8b6541c7a277", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:36/72\nFirst Submission:2024-08-04T20:35:11.000000+00:00\nLast Submission:2024-08-04T20:35:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384846", "uuid": "eaacc8c3-05b2-487a-8b22-6dad6fa4dc21", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384846", "to_ids": true, "type": "md5", "uuid": "823c0c95-aad6-4011-bad7-93a0aa11b671", "value": "0e95fd32ed14394c3455bba04e5ab97e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379247", "to_ids": true, "type": "sha1", "uuid": "7631e759-fbee-4724-813f-e82e91bd7e6a", "value": "05db2edd95316c8175952b803c9ae081c05dc406", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK HTTP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379247", "to_ids": true, "type": "sha256", "uuid": "eac6764a-2315-4469-9d63-118fec9fe0cd", "value": "e1e03d90eb8a65ed6d3b4ff16aed51443ecacba465ff1c96a6604c84b215fec8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376247", "to_ids": true, "type": "ssdeep", "uuid": "c9945611-aa1c-4a13-a92a-93da69bbf1d4", "value": "384:I11NQ1ZEyBTY4L2HNo2KbBHK6TFsQM4/m2cSXMO:I11L7PAhJsQM4/m2cSR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376247", "to_ids": false, "type": "size-in-bytes", "uuid": "0b248b14-e270-48f1-ba64-202956d02c0f", "value": "14848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376247", "to_ids": true, "type": "vhash", "uuid": "2aabc551-9216-4c18-8631-08318baa6655", "value": "2140365515112083142105f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376247", "to_ids": true, "type": "filename", "uuid": "2889a8c8-52d6-4143-863d-b2c5b6cfdfd9", "value": "test013.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376247", "to_ids": false, "type": "text", "uuid": "34d2a1b9-3ece-4577-be64-51e7cb3f797d", "value": "PULSEPACK HTTP\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:11/72\nFirst Submission:2024-08-05T05:53:53.000000+00:00\nLast Submission:2024-08-05T05:53:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384867", "uuid": "f6fa4833-9b14-4614-bf55-137bf2b57c99", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384867", "to_ids": true, "type": "md5", "uuid": "005da02c-51ee-49c2-93a8-dc7c7a0e8a15", "value": "e38511ed59195dd1d0735090cf77440a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379247", "to_ids": true, "type": "sha1", "uuid": "7bd57ab2-ad54-40ba-8ca7-ca36a233d01c", "value": "ef27dac55126a57b14866440ada29d29f9c69f7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379247", "to_ids": true, "type": "sha256", "uuid": "60d7f4b3-bcfb-45f3-a8b0-633c48e16ac7", "value": "026bda0dd43bb9b1fa988803837582abd3265b33a6932a82724312ecc550e7ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376269", "to_ids": true, "type": "ssdeep", "uuid": "1a7868c0-f935-4616-9c3e-26c229f933c6", "value": "384:J9VpuZz/h1OR85zswEeFxff+TN4utwo/mdKkd/rwm8uVb8+wgu6tFDpENP+Cx5uC:uRRJfnKN4OeT/rWqvzFSm05e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376269", "to_ids": false, "type": "size-in-bytes", "uuid": "b969c446-9513-4c14-b17a-d65c941cbcfe", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376269", "to_ids": true, "type": "vhash", "uuid": "0f4c69d0-1292-4acb-8f01-ce17fbd4c45b", "value": "22403665151f0d1e2102d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376269", "to_ids": true, "type": "filename", "uuid": "9c7f8225-beba-4b7b-a197-9237e431aba4", "value": "WebSocksClient.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 21/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376269", "to_ids": false, "type": "text", "uuid": "64477e2e-db24-441f-bd47-f27739c2ea57", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:34/72\nFirst Submission:2025-02-12T15:10:25.000000+00:00\nLast Submission:2025-02-12T15:10:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384887", "uuid": "51b2fbdd-ae6b-4177-9c63-211b64a9c74b", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384887", "to_ids": true, "type": "md5", "uuid": "139d8d12-f53a-4ebf-b02b-23a312ccbd8c", "value": "c78b4bfb6a62460b549cb462ab852496", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379248", "to_ids": true, "type": "sha1", "uuid": "0c13641c-f1a5-4658-8316-141893beead0", "value": "b0afd14dcac5c1cbb486a3a3363e21ae21f2636c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379248", "to_ids": true, "type": "sha256", "uuid": "2651bb3c-1924-4725-934c-bf010d46cafe", "value": "057782a338549fdb031b21b6cf4bccdfead95f0b97f439f18cef1485b2d17677", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376290", "to_ids": true, "type": "ssdeep", "uuid": "097070e5-c019-45cd-ad9a-a59caf3ee03f", "value": "3072:+YOtEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33Y:QExKucH+fOkEXRTrC6kpitmdD01WY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376290", "to_ids": false, "type": "size-in-bytes", "uuid": "86504f51-d67d-4a41-b649-fb21a0fe6c5f", "value": "298496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376290", "to_ids": true, "type": "vhash", "uuid": "cc82422c-7b6f-44fb-859d-507ceb264470", "value": "22503655551701041z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376290", "to_ids": true, "type": "filename", "uuid": "b73d62cc-c9a6-46a0-a785-8cc914884487", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376290", "to_ids": false, "type": "text", "uuid": "67be4968-91ff-4fe7-bbec-7e2916d6026d", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:26/72\nFirst Submission:2025-02-11T15:43:33.000000+00:00\nLast Submission:2025-02-11T15:43:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384908", "uuid": "b30fdc9c-72c4-4276-b4fd-5fcaaa6cbd21", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384908", "to_ids": true, "type": "md5", "uuid": "8c430d74-9144-4604-9ecc-15bdb95ff28f", "value": "a446d44b9b1f8073fa2551640b3397be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379248", "to_ids": true, "type": "sha1", "uuid": "fc1fdb35-3552-4d6e-8715-cfb447a5e64e", "value": "471fdc29302b6a187be6ce51e5606940678ce833", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379249", "to_ids": true, "type": "sha256", "uuid": "d36744db-6014-49b0-9e04-a24d7b8233eb", "value": "0cad360457a42c0408d4e7ed9f4f0faf3d96ec2320c2cdd11b53d82de85b5428", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376312", "to_ids": true, "type": "ssdeep", "uuid": "2d9ef343-5a81-4acc-b96b-511a90b6baa5", "value": "192:LquzuWB4aZ6VAUpf1nZfLSj930Jl6ScT2W+K6113x4Sy7EoM+9SN9YMjEUrpbHz5:LHzpYVAUpf1nZfU0j6S/13ZAEoTSNmaP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376312", "to_ids": false, "type": "size-in-bytes", "uuid": "2da92c4e-9cf0-4ba1-96ef-796be7adf86b", "value": "10752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376312", "to_ids": true, "type": "vhash", "uuid": "28d156b2-9cc3-4547-913e-a94a650567ad", "value": "21402655171z91z2d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376312", "to_ids": true, "type": "filename", "uuid": "85a72c01-601e-4a5a-aa9d-85d54e3bdf1a", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 08/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376312", "to_ids": false, "type": "text", "uuid": "e8a55971-fa32-4d45-ae5e-05def43c0028", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:41/72\nFirst Submission:2025-02-11T17:17:56.000000+00:00\nLast Submission:2025-02-11T17:17:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384929", "uuid": "273e6461-d8c3-42d6-b3ad-a0969cba3781", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384929", "to_ids": true, "type": "md5", "uuid": "4d6950ea-14ff-4359-a58d-0d3ec21b2077", "value": "be5546f256e7b112066886f5a3e11f56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379249", "to_ids": true, "type": "sha1", "uuid": "755b054d-78dc-49fc-a775-f5ecec571d82", "value": "8673e95eea6200489443bd15486f825616cc24d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379249", "to_ids": true, "type": "sha256", "uuid": "5bfaf8e3-7041-4596-a9ac-205caa3be3d9", "value": "114465c38e51d9cd15b84f5c57afd2ca5427ef71ece73d592c0f92f5bb69b237", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376334", "to_ids": true, "type": "ssdeep", "uuid": "18d6d39b-1640-48b2-9468-7824491c545a", "value": "12288:5CyFot2wH1wlCOoEcPaqmDrda7ERxp+NES:gyFoBH1wljPR/kA3eL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376334", "to_ids": false, "type": "size-in-bytes", "uuid": "d11b1a37-f5a1-4d79-99d9-303239ac2a84", "value": "423936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376334", "to_ids": true, "type": "vhash", "uuid": "422980d5-56f7-4cbc-92c3-7cf3c072adff", "value": "245036751511f0d1e2102f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376334", "to_ids": true, "type": "filename", "uuid": "86cee668-aa57-4d82-8618-31309f8108f9", "value": "WebSocksWorkClient.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376334", "to_ids": false, "type": "text", "uuid": "ef142e4c-61f5-46ab-9c31-0e4150281a49", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:33/72\nFirst Submission:2025-04-24T04:49:02.000000+00:00\nLast Submission:2025-04-24T04:49:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384950", "uuid": "fe0ab1b0-94e9-4edb-a112-3e8acc8b574c", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384950", "to_ids": true, "type": "md5", "uuid": "3237f047-2d11-41b7-946b-b3cdae374a50", "value": "9bc40314a882f0a42366fb8976bc147b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379250", "to_ids": true, "type": "sha1", "uuid": "0a7395c7-3adb-4339-ba0a-c795559ef431", "value": "82afc734d368f440b4327602dca3052024758b3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379250", "to_ids": true, "type": "sha256", "uuid": "35f2f4ab-b3b9-4372-ab8c-2041dfbc9446", "value": "11bab07f4dd49504f15a0d7bd4c3d57bf93c67939a200fb34d70f18219984c38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376355", "to_ids": true, "type": "ssdeep", "uuid": "bcdb3a43-dc39-425b-9849-ab5749fd645c", "value": "192:Q2tYa7dVAXmbv9CrQTbORGqlGos+9VNzftjPbr+8uKN:Qla7duXmr8QnFEGozVNrtjl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376355", "to_ids": false, "type": "size-in-bytes", "uuid": "6bab29d5-0341-4b64-a8d5-6f7bf350860b", "value": "8704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376355", "to_ids": true, "type": "vhash", "uuid": "5ddee061-ede2-41c2-b9bb-9a6d255f2755", "value": "28302655171z91z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376355", "to_ids": true, "type": "filename", "uuid": "c1a29b77-5bd1-49f3-865f-812b2232a64e", "value": "ceshi.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 16/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376355", "to_ids": false, "type": "text", "uuid": "2564628a-88d7-4214-85db-97381234cbb1", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:42/71\nFirst Submission:2025-02-12T14:24:16.000000+00:00\nLast Submission:2025-02-12T14:24:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384971", "uuid": "6fd352a4-03bc-4f9e-9cd8-0efce8f1520d", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384971", "to_ids": true, "type": "md5", "uuid": "685dacc9-6dba-45a3-8a8f-c7aeeac59225", "value": "317d7b67041cea9b335b0eb1576e0150", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379250", "to_ids": true, "type": "sha1", "uuid": "29a7790f-5f3d-4b89-a0f6-2c3230f7e409", "value": "09b72243451001b656c3b837a2f6f9f4c3a9b42e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379251", "to_ids": true, "type": "sha256", "uuid": "6848a09a-9b5a-4222-b218-b820a1c9893e", "value": "160911c246a25cae17454901fb2d7fb31e20dd0f5c12cbf686ffe24510f22ede", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376377", "to_ids": true, "type": "ssdeep", "uuid": "ef1dc995-c7a4-4fc8-bf05-041adbaef541", "value": "3072:IEB3wtEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33Y:peExKucH+fOkEXRTrC6kpitmdD01WY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376377", "to_ids": false, "type": "size-in-bytes", "uuid": "fdbf3270-060c-4a70-96ab-c9933001bd1e", "value": "302080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376377", "to_ids": true, "type": "vhash", "uuid": "547a85ff-237d-4588-984a-ed994d25c91f", "value": "23503655551701091z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376377", "to_ids": true, "type": "filename", "uuid": "85767991-6cb7-4992-9518-7c8c70f504e4", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376377", "to_ids": false, "type": "text", "uuid": "e54bbed2-71ef-4226-8f0a-fca17f0ebd03", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:34/72\nFirst Submission:2025-02-11T15:38:47.000000+00:00\nLast Submission:2025-02-11T15:38:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748384992", "uuid": "d2ec30fa-2db1-4d52-8dc2-8bacda117017", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748384992", "to_ids": true, "type": "md5", "uuid": "f5d16e0f-ab31-4391-8307-142098d62a4a", "value": "62829e012ff442f801b4eb4203a91e01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379251", "to_ids": true, "type": "sha1", "uuid": "f16cbcc6-9208-4c4e-ad20-363ee3291068", "value": "5b84eabf6866e4595ee1ab19906648bea6a31138", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379251", "to_ids": true, "type": "sha256", "uuid": "021639ce-e0c2-4954-8a9c-9a1917534d3e", "value": "183fd2afead8af67f7b7e52c052a906aa089b76f3a734137a9fe3e71ebb56f06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376399", "to_ids": true, "type": "ssdeep", "uuid": "330a2e6d-d0e0-4ffe-aad4-deb44d5a2ca8", "value": "192:IMZB4a/yNcFgiy/2VyWekD34AU3iKx51MwkSq7EyM+9SN92EgMbHzs:I46NcZy/2AdkD+iKx51foEyTSNcwb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376399", "to_ids": false, "type": "size-in-bytes", "uuid": "7cca19ac-80c2-445e-b1ac-613b3a8c7e57", "value": "10240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376399", "to_ids": true, "type": "vhash", "uuid": "80563a42-3e5c-4c88-b337-5d5ca1c05480", "value": "21402655171z91z2d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376399", "to_ids": true, "type": "filename", "uuid": "dd6b1558-a1a1-4ab5-a4d4-bae2ca0f6b9f", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376399", "to_ids": false, "type": "text", "uuid": "76f3d486-c192-4c10-9f7d-a7abfee350b9", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:31/72\nFirst Submission:2025-02-11T17:21:40.000000+00:00\nLast Submission:2025-02-11T17:21:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385013", "uuid": "e422eb5d-92f2-46d5-a468-585272944bf2", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385013", "to_ids": true, "type": "md5", "uuid": "89ec33f6-6828-4c3d-b855-7093cb1988bb", "value": "21121d41bea2a1af21a23417f6c909e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379252", "to_ids": true, "type": "sha1", "uuid": "5376cb87-4d07-4f9b-a673-415ff82e0e62", "value": "16ee4fa0e8a6b6ff86c6e14890981e9d40e7b8ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379252", "to_ids": true, "type": "sha256", "uuid": "a0dafccb-11f3-4628-b552-3d4df3e9b592", "value": "2301d1efbe6f2cccabad1583fc2d9846b34117159c8576e550a799e91d80d176", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376442", "to_ids": true, "type": "ssdeep", "uuid": "007424bf-7876-4dc7-a3da-822f25628d79", "value": "192:DdqL7Ss5wLDVCDtlVcjrTAPuELueUQls1W72yM+9SN9hyMG7IbHzs:p65gZCDtlIrTObietaO2yTSNjyhMb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376442", "to_ids": false, "type": "size-in-bytes", "uuid": "db7a6950-7175-46d1-8b87-78640472429d", "value": "10752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376442", "to_ids": true, "type": "vhash", "uuid": "adcf6747-d22b-4287-87b8-70d6cd6fb3ab", "value": "2140265517010a1z2d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376442", "to_ids": true, "type": "filename", "uuid": "1e0fc1bf-b69b-449f-a506-08ad6ad7c3f9", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376442", "to_ids": false, "type": "text", "uuid": "b0fa9cf3-c7eb-4790-9b7e-3ac4b5955ab6", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:18/77\nFirst Submission:2025-02-11T17:29:51.000000+00:00\nLast Submission:2025-02-11T17:43:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385034", "uuid": "d180cdc4-17f5-4789-a4a6-421de12d6263", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385034", "to_ids": true, "type": "md5", "uuid": "e84b1b14-1dde-483e-bf1d-5568dfd6bade", "value": "bc6cdb02b86bbc05c87e8ee62f22a846", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379252", "to_ids": true, "type": "sha1", "uuid": "c5842ee1-765d-4303-a099-a251450278b3", "value": "c7d860b8767a5eb942cbd599fc909721520f6122", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379252", "to_ids": true, "type": "sha256", "uuid": "ac57ec04-b8f0-4a13-8282-b6c6a3ebcf6f", "value": "24a7ce118461c264bf797a4632e8b83b11c7f16c4c6836057284751bc33d20f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376464", "to_ids": true, "type": "ssdeep", "uuid": "86c03258-5814-471d-bde4-e960fa15911b", "value": "384:xohqq3IT+utwo/mdKkd/rwmoaoEV7A5DOpEA7UlogWxCaYeNVKmk+Ta5OBZFCP3:Ij3g+OeT/ri8wDK05WbY0FoKo3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376464", "to_ids": false, "type": "size-in-bytes", "uuid": "bfec6881-84a3-447f-94ff-34bcf5fb67a1", "value": "27136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376464", "to_ids": true, "type": "vhash", "uuid": "b372b7f9-b333-4bb6-a64b-cfd203640031", "value": "22403665751d0d1e2102b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376464", "to_ids": true, "type": "filename", "uuid": "d7ba4500-e281-43db-9c97-853a5a6b58e9", "value": "RunExe.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376464", "to_ids": false, "type": "text", "uuid": "960bc378-ea95-4f9a-8603-3f046c07d6b5", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:39/72\nFirst Submission:2025-02-13T07:26:45.000000+00:00\nLast Submission:2025-02-13T07:26:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385055", "uuid": "6e841961-4af1-49f5-b3e1-2a8132e9d98b", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385055", "to_ids": true, "type": "md5", "uuid": "8e70715e-6c64-4e95-b710-784f275c6815", "value": "aacb7af901f73ed5ff7ad32ff6b9f62d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379253", "to_ids": true, "type": "sha1", "uuid": "095e8203-25e3-48f9-bddb-5c5a05297d61", "value": "a48f4d8ddb8d6ec0be3e8313714ea4f2076fc38b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379253", "to_ids": true, "type": "sha256", "uuid": "8c7e3d2d-2f41-485c-9947-31bd049a5a83", "value": "266d2307216788fcf174735535193c77488435b3da5f9b3867e714d94ae1f4e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376485", "to_ids": true, "type": "ssdeep", "uuid": "d61efa95-4504-4baa-9717-13a1c90b1047", "value": "384:F/E6TOBVUl95RdcBizmkYyhwESpy3HExX:FwbI58mmkJAy0X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376485", "to_ids": false, "type": "size-in-bytes", "uuid": "c0315d4d-8735-4c1a-9d73-a0662f1a31a4", "value": "25600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376485", "to_ids": true, "type": "vhash", "uuid": "ba61eeb4-2d65-45e2-ac66-e68d6607da6f", "value": "22403655551c08191002e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376485", "to_ids": true, "type": "filename", "uuid": "2cc779eb-72c4-4022-b69b-a36305b1a8cc", "value": "smss.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376485", "to_ids": false, "type": "text", "uuid": "ccded251-ef92-4382-8b47-b68f27142797", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:24/72\nFirst Submission:2025-04-09T11:08:07.000000+00:00\nLast Submission:2025-04-09T11:08:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385076", "uuid": "e91b5dcd-592b-48cb-b009-6e15ec9aa43f", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385076", "to_ids": true, "type": "md5", "uuid": "4d300fc4-a993-468d-b03c-30eaa5e36bc1", "value": "e6ea459791a3594a7eb43e921920bf4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379254", "to_ids": true, "type": "sha1", "uuid": "63c59440-83cf-47fa-8c31-4b11b759a4f6", "value": "2a76dfb3f7b8c3967187867540127fac26f65028", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379254", "to_ids": true, "type": "sha256", "uuid": "1c3137c1-65df-44f6-9c00-53e2e7e7e736", "value": "2c067b470ab3802719ad65ef1e721a3850933c1a9ebf3e97303a3164effb6f63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376507", "to_ids": true, "type": "ssdeep", "uuid": "bde83771-45db-4a2d-803f-9704ef589b80", "value": "384:vHce3AiXqe+C/+9PFEuoqQLn3CaYeNVKmk+Ta5OBZFCP3:r3cA0Pwqin5Y0FoKo3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376507", "to_ids": false, "type": "size-in-bytes", "uuid": "efc57509-5136-4a62-86fc-b68f94473b82", "value": "17408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376507", "to_ids": true, "type": "vhash", "uuid": "de170ff1-58a3-4968-9990-9f362b5b269f", "value": "214036557519091a1z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376507", "to_ids": true, "type": "filename", "uuid": "2aa5ed3c-fe2e-4e5f-a6e1-d6200becc5a2", "value": "RunExe.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376507", "to_ids": false, "type": "text", "uuid": "83423043-2669-4266-ae50-95e679eedf71", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:39/72\nFirst Submission:2025-02-12T14:50:39.000000+00:00\nLast Submission:2025-02-12T14:50:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385097", "uuid": "fb25a8be-4ab1-45a8-994e-24d6441fc78b", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385097", "to_ids": true, "type": "md5", "uuid": "da37a802-abf0-4e76-9bdb-af5041f70d6e", "value": "fb44c8c43e437464aa7e6b827d16edb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379254", "to_ids": true, "type": "sha1", "uuid": "30684e14-4d51-4002-a929-a7d525140e24", "value": "051226073eefd17a9a59feaeec7b4317acb4cb8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379254", "to_ids": true, "type": "sha256", "uuid": "d9809b35-7789-4a56-b342-95bba8d4893a", "value": "2efd13442f109790bdd5e1b33f706e60501546eb06d15a2aa8226458bbbd315e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376529", "to_ids": true, "type": "ssdeep", "uuid": "f2941ec0-d6e9-472c-aab0-a7abab62c40d", "value": "192:SnJMK40GDBSH3fwaQQljDADGkc7Uu4CR3yl0FGCNMailQ9S3M:BK4wPdZjWcH3ymF5dtI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376529", "to_ids": false, "type": "size-in-bytes", "uuid": "a7feb661-8dd8-48c8-9616-892f359061b1", "value": "13824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376529", "to_ids": true, "type": "vhash", "uuid": "8f640e66-86c3-4cff-acb4-7a3eefef49d3", "value": "21403655151701091z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376529", "to_ids": true, "type": "filename", "uuid": "a1c01087-97af-44ad-90f6-5c207794ffb4", "value": "baktest.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 17/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376529", "to_ids": false, "type": "text", "uuid": "d4aa561c-cfe3-4c7b-96c7-a569ef34f36c", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:30/72\nFirst Submission:2025-02-11T16:18:52.000000+00:00\nLast Submission:2025-02-11T16:18:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385119", "uuid": "c5c0f3d9-92e9-4b13-917b-9a7d89edc5bb", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385119", "to_ids": true, "type": "md5", "uuid": "be90968d-6fc9-456e-8f65-61509c43de33", "value": "d16577af37e99f5fccb1ea4a2ca10037", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379255", "to_ids": true, "type": "sha1", "uuid": "110ce780-592c-4a3b-8955-bf6459b1ef35", "value": "56d80c016f5962c31499ee51a09af66eb63e4f4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379255", "to_ids": true, "type": "sha256", "uuid": "2d887d45-bbaa-4556-bf59-2554510075ad", "value": "3264a6fae4613963e5b559c956d7d0d48041b6e873a5162f6f0a5f942b1b6215", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376551", "to_ids": true, "type": "ssdeep", "uuid": "3617f7d4-c1b2-4ed4-8d65-e2b401fb54df", "value": "3072:I8tEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33Y:NExKucH+fOkEXRTrC6kpitmdD01WY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376551", "to_ids": false, "type": "size-in-bytes", "uuid": "84ff7d4a-f2c1-4c8a-a52d-3f0fb3fa91cd", "value": "297472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376551", "to_ids": true, "type": "vhash", "uuid": "b09ae724-8b57-45f5-b106-8722f9e7cae7", "value": "22503655551701041z38" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376551", "to_ids": true, "type": "filename", "uuid": "e662474d-cdb5-4451-80f1-5df2df5629c6", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 15/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376551", "to_ids": false, "type": "text", "uuid": "7a5c7a8f-5c1f-4166-bc4f-26cb537e750d", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:27/72\nFirst Submission:2025-02-11T15:45:04.000000+00:00\nLast Submission:2025-02-11T15:45:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385140", "uuid": "f17a3748-d9fb-4566-8b9a-75a6d76c30a9", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385140", "to_ids": true, "type": "md5", "uuid": "92282b5b-f698-4f13-930e-fa4e3b69d26c", "value": "c2d4e7b791280a53b001ddd12f2261e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379255", "to_ids": true, "type": "sha1", "uuid": "7df7f479-65f6-4b63-9041-b058c7f6d560", "value": "00dd15b2bf8396359dcceefc9c3dc51d9633091a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379256", "to_ids": true, "type": "sha256", "uuid": "41829bfe-38b1-44f1-a9e4-b418e22e7062", "value": "34903b66d9035ab84878b4a058f99b86852d55c4b69f8e3254f6097f3d0b674f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376572", "to_ids": true, "type": "ssdeep", "uuid": "ed6ed391-fe14-4b29-9818-da927bd32de7", "value": "192:a/4BfFqgJAFKmnsMUfFY/IM5KKvG5ws2geO5nyL+9LNBR/5+wU0EROe:aw5FqgcKMsMOYTxQwGhnyULNvDzEU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376572", "to_ids": false, "type": "size-in-bytes", "uuid": "904707ec-3a16-404f-90a5-ac6dee7031a7", "value": "12800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376572", "to_ids": true, "type": "vhash", "uuid": "e0f4824c-e1d3-4922-825d-aca2ce5537e4", "value": "214026551701091z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376572", "to_ids": true, "type": "filename", "uuid": "3227e1f4-0519-419a-89a5-9f5be731d741", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376572", "to_ids": false, "type": "text", "uuid": "95ce79ad-8bc5-488a-b8ee-6eb8f86a9e10", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:31/72\nFirst Submission:2025-02-11T16:15:15.000000+00:00\nLast Submission:2025-02-11T16:15:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385161", "uuid": "47ed2068-1821-4eca-b164-bd122073811d", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385161", "to_ids": true, "type": "md5", "uuid": "d6ad209e-5e27-470c-ada9-5e7971b2adf8", "value": "a22e5aea8ae9b7280f4fb43cef3a5e90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379256", "to_ids": true, "type": "sha1", "uuid": "a96a4462-4a64-4d9b-ba72-392ab8e836be", "value": "faeb1fdc96a40dcf9f386366946e11c436788c04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379256", "to_ids": true, "type": "sha256", "uuid": "c237ea5b-d685-4583-9044-ef7ae286e7ce", "value": "36aa5dc6c23669821204c7d18a714e360cf0ea2b6e48175ba89c7bbb01a3a1bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376594", "to_ids": true, "type": "ssdeep", "uuid": "962afd59-000a-406a-8a70-3bd75a5c689c", "value": "3072:GE2dydEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33YReR:GaExKucH+fOkEXRTrC6kpitmdD01WYR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376594", "to_ids": false, "type": "size-in-bytes", "uuid": "f0713df2-0840-49eb-8c9b-9d9130fd2853", "value": "323072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376594", "to_ids": true, "type": "vhash", "uuid": "17c3c065-2b29-4e6e-b336-74f492357f24", "value": "23503655151c08191002e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376594", "to_ids": true, "type": "filename", "uuid": "be8f7953-4ddb-4c7a-8ce0-9d1f954108e0", "value": "bak.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 17/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376594", "to_ids": false, "type": "text", "uuid": "17dadb1f-ca8d-4c0d-8463-adc95ee5b694", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:14/72\nFirst Submission:2025-04-08T05:57:17.000000+00:00\nLast Submission:2025-04-08T05:57:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385183", "uuid": "154fcf84-187a-4f67-aded-809d2227757e", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385183", "to_ids": true, "type": "md5", "uuid": "af4c1c96-bd82-4f8b-a574-f22c64ff6c97", "value": "8cfc2239e4eb79b010b62eda995a858f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379257", "to_ids": true, "type": "sha1", "uuid": "0df54718-bd90-4866-9f5e-6867c0b83a23", "value": "102670bc1de8ad4a36b984356759e3e6be83d0a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379257", "to_ids": true, "type": "sha256", "uuid": "416fd3a5-c45d-43bf-937d-06f41f666858", "value": "3b50605e11ff66a370a0a2f99ebc6df09d589d107735004862178f661e051ed8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376616", "to_ids": true, "type": "ssdeep", "uuid": "9b028ce1-32b0-403e-8e4b-0ec866197959", "value": "192:9G/CpbhVqXXb0GH9Hy1ETlays+9VNzsjPP2UuKN:46pbh8XXL9Hy1aayzVNojx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376616", "to_ids": false, "type": "size-in-bytes", "uuid": "f9b3b71e-e00b-4007-913d-bc4950f1659a", "value": "8704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376616", "to_ids": true, "type": "vhash", "uuid": "59dc3569-de32-4915-87d4-ae8f77f01991", "value": "28302655171z91z2b" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376616", "to_ids": false, "type": "text", "uuid": "dcd3fde0-b393-4792-bafc-4049e576a6b8", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:40/72\nFirst Submission:2025-02-12T14:31:23.000000+00:00\nLast Submission:2025-02-12T14:31:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385204", "uuid": "ca18bd9b-43ca-49f7-8576-d957430407da", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385204", "to_ids": true, "type": "md5", "uuid": "f552bc96-ede9-406b-acc7-9c0bdcccfd62", "value": "afa051174037a9af02f5d6afc17600ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379257", "to_ids": true, "type": "sha1", "uuid": "0d259b6a-ecea-4c8f-97da-88412f263536", "value": "c3789c4122d3a03b5b1dd497c3395dc0c74a3be6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379257", "to_ids": true, "type": "sha256", "uuid": "0087b06b-4ced-48b5-86cd-c603d9cee2fd", "value": "3bd969b1b078a20c5a43bb50e7fc035e9c4af41f0c735d07524f770c0fb0ed22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376658", "to_ids": true, "type": "ssdeep", "uuid": "3991e707-244f-46cc-8190-c873cd8d07af", "value": "192:z9NehDXMJvuuvB7MCc473w8qD4m/q6KVdwrHs6x/:86GWTZ3C4mS6K3CB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376658", "to_ids": false, "type": "size-in-bytes", "uuid": "675cf421-9060-408b-9a6f-ac243e2302ae", "value": "10752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376658", "to_ids": true, "type": "vhash", "uuid": "57a67bee-b9c8-4756-9985-0603591db24b", "value": "214036551517010a1z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376658", "to_ids": true, "type": "filename", "uuid": "2e9cf4a5-4729-4dba-9035-e91b5ad43169", "value": "Comp.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 16/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376658", "to_ids": false, "type": "text", "uuid": "9826719f-cd68-4013-bac1-ac757c349921", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:23/72\nFirst Submission:2025-02-12T15:00:26.000000+00:00\nLast Submission:2025-02-12T15:00:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385225", "uuid": "f1dd0fe7-1ee3-40d0-baf1-11294d49fb9e", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385225", "to_ids": true, "type": "md5", "uuid": "beade67e-7ff9-470d-ac51-b35a0c63fdc4", "value": "ec5abfdb518c00a5ca85ec45a79f0bf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379258", "to_ids": true, "type": "sha1", "uuid": "a68204ee-56c0-4af1-a5e2-fd72a0aba362", "value": "0f04b2ca0738c19066fe86d0c7d394f437d48199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379258", "to_ids": true, "type": "sha256", "uuid": "1124fd7e-1d5f-4963-ab3f-b6345d8e89e7", "value": "3c248c1fbc3a03da1acb32a7aa932b130db31251aaa5880b6b94dc7cc2423f8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376680", "to_ids": true, "type": "ssdeep", "uuid": "86a14609-b6c5-4fac-bc6a-0b78a48a0cf2", "value": "192:aVY3Vf56mEDZ/9zC2Kzgy+y/+99NzrPvXagyuzU:aS3D6mEDDC2dy+yI9NPnu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376680", "to_ids": false, "type": "size-in-bytes", "uuid": "6412b76b-1450-4213-b42e-a5a48d70b7db", "value": "9216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376680", "to_ids": true, "type": "vhash", "uuid": "dc07b86e-2300-4829-94f4-c1742a0f37e3", "value": "293026551a1z91002b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376680", "to_ids": true, "type": "filename", "uuid": "57f205ea-0497-4949-9e82-164067f3651b", "value": "ceshi.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376680", "to_ids": false, "type": "text", "uuid": "5a45c34d-04d4-4b23-9ac5-92bfb6ea7b80", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:40/72\nFirst Submission:2025-02-12T13:53:52.000000+00:00\nLast Submission:2025-02-12T13:53:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385246", "uuid": "9a67cc3c-cbad-4c9d-a7f2-0d2ba872370e", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385246", "to_ids": true, "type": "md5", "uuid": "3df5291d-a356-44b5-82a7-98e55f2af75a", "value": "41890ed9a007009c5c12c134b19642c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379259", "to_ids": true, "type": "sha1", "uuid": "1095fadf-aec8-47cc-b565-312ebb70f635", "value": "5b3bc1983c6d7ae48936ba229f65e57ba72ead6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379259", "to_ids": true, "type": "sha256", "uuid": "3743bbb0-b946-4eef-b2f5-4bedddf9437a", "value": "49c71b594ba808832900316af90ab7cac3e9af825d5b7a081244913c8fed849f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376702", "to_ids": true, "type": "ssdeep", "uuid": "64337169-227d-4422-ba48-769b0599ded5", "value": "192:HaP78kjdbS0jn31ot+99NAfk+3dgukQM:HEjBS0T1oi9NWFe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376702", "to_ids": false, "type": "size-in-bytes", "uuid": "06b4cd55-3e9f-43c9-b48e-64c9f6dea5de", "value": "7680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376702", "to_ids": true, "type": "vhash", "uuid": "0885b514-aa07-45a6-aa94-eb22530800fe", "value": "27302655171z81z29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376702", "to_ids": true, "type": "filename", "uuid": "f43fe355-c521-4121-8402-9650847bfa03", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376702", "to_ids": false, "type": "text", "uuid": "49aa2341-957e-478e-8910-c143d2bb075e", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:43/72\nFirst Submission:2025-02-11T16:49:35.000000+00:00\nLast Submission:2025-02-11T16:49:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385267", "uuid": "51998e96-379d-4cc6-8308-17d75be4d22c", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385267", "to_ids": true, "type": "md5", "uuid": "bb632c71-895b-43ac-9d29-ccfda13c930f", "value": "38111c1fb7ef4017f8a1402152baa9ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379259", "to_ids": true, "type": "sha1", "uuid": "32a70959-62fa-42fe-9048-9a4567a99781", "value": "aabcdd0ff8d22f957d7ec7c8fbba34cbaa8dad42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379259", "to_ids": true, "type": "sha256", "uuid": "b9984924-c611-4427-8002-7ec8a830023f", "value": "4e10dfd43a25bcf34c545371bbb579c1d7c14a5df6b0a0bf513e306f4a19f7e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376723", "to_ids": true, "type": "ssdeep", "uuid": "0766e596-a455-4c57-b73d-d7edd86a6e31", "value": "192:JeP7WuAhUQRiFCKPC93Fot+99N0PM2xYiukQM:J9zSCgcFoi9NUEi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376723", "to_ids": false, "type": "size-in-bytes", "uuid": "eaacb549-3025-4f22-b8fc-601865ffbef0", "value": "8192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376723", "to_ids": true, "type": "vhash", "uuid": "b72df76c-5746-4d35-ada7-b1334c81b039", "value": "28302655171z81z29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376723", "to_ids": true, "type": "filename", "uuid": "98d1a44a-1b12-4a2e-be0b-e091e8082f18", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 08/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376723", "to_ids": false, "type": "text", "uuid": "5fb105c5-230e-406c-8ee9-07ba306a6461", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:36/72\nFirst Submission:2025-02-11T16:57:50.000000+00:00\nLast Submission:2025-02-11T16:57:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385288", "uuid": "36c877ee-0420-4211-985d-c27a7e53cf2f", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385288", "to_ids": true, "type": "md5", "uuid": "e7c40a0b-2cbb-48c7-a4a1-0d3d207ed15d", "value": "3e44437b6d2e662268ac3de62acd7f54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379260", "to_ids": true, "type": "sha1", "uuid": "75919d8d-9f2e-43fe-8085-41baadc215b9", "value": "0cd8354892323df044baa33b5bbda085eef05958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379260", "to_ids": true, "type": "sha256", "uuid": "77c21731-4f9f-48a6-9f6e-f1f324933e7f", "value": "512ad96221ddc5bb90228b719ac2badb999e43c129aa759b3619ae6ffea49c73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376745", "to_ids": true, "type": "ssdeep", "uuid": "b4d7ba96-3fde-4686-847a-520b27c93c5d", "value": "192:Wxq+N0FWcJBMS39M1qi3gOxb+93D714QWrh5+9pE/oiJkrGCjoaX1+kbJunwZ2m:0cwvS3kPHw7hWrhepEvJkZoq+QD2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376745", "to_ids": false, "type": "size-in-bytes", "uuid": "1af6fc99-60f1-40a9-80c4-ce64438c81a6", "value": "17920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376745", "to_ids": true, "type": "vhash", "uuid": "cca7ea86-ca8b-4ff2-82d5-61bfd62d64dd", "value": "21403655151c08191002d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376745", "to_ids": true, "type": "filename", "uuid": "4df2b54c-86f3-4ac4-9a6d-214717f9287b", "value": "SystemStart.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376745", "to_ids": false, "type": "text", "uuid": "7c8332f8-3bf7-4b46-acf0-5c0622a37a52", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:18/72\nFirst Submission:2025-03-07T05:40:38.000000+00:00\nLast Submission:2025-03-07T05:40:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385309", "uuid": "850d563e-78c9-40b5-bb9e-fb5e73f2d604", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385309", "to_ids": true, "type": "md5", "uuid": "9b69d82b-d13b-49cc-b1e3-85c0286c1d92", "value": "505bfa2807abd9ee35996777aaf6996c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379260", "to_ids": true, "type": "sha1", "uuid": "6b9c9eb4-0a73-4dcf-9219-03d1b6c8ddc6", "value": "35a8b0768dc198fff7bc911fb4235e82a972ac7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379261", "to_ids": true, "type": "sha256", "uuid": "5bc0b82c-4c2e-4b3c-904c-418cfb31199b", "value": "52af32ab127d9956c598e926e20abfddeff28cf8f6271bc60ea21cc074def08f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376767", "to_ids": true, "type": "ssdeep", "uuid": "37c33888-c70f-47c0-b2ab-c95de2fca650", "value": "384:I/E6TOBVP8eu0HMc6izmkY3hVENoirVW:IwbPsmmkOlirs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376767", "to_ids": false, "type": "size-in-bytes", "uuid": "7f7d5853-6e56-48ba-a664-78f122e8b6b2", "value": "15872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376767", "to_ids": true, "type": "vhash", "uuid": "fdfcc0af-e94a-42de-a18b-75dc679c6036", "value": "21403655151c08191002e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376767", "to_ids": true, "type": "filename", "uuid": "cc0a019c-c0bc-41f8-b936-258fe044e33c", "value": "testdemo.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376767", "to_ids": false, "type": "text", "uuid": "3a058b6b-4f46-4020-abc1-64872984d5c9", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:24/72\nFirst Submission:2025-04-09T11:28:08.000000+00:00\nLast Submission:2025-04-09T11:28:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385330", "uuid": "96f5d924-c0dc-4d9c-af93-e9f77126152f", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385330", "to_ids": true, "type": "md5", "uuid": "0e5416c2-47dc-4db7-bfa7-a3892e667fef", "value": "66d0137451c1b999b1ad0793df0f667b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379261", "to_ids": true, "type": "sha1", "uuid": "2c5c9ef4-3726-4e20-916e-c7f0768edac7", "value": "841cf5b2a492c07e67e1ed5f5568936eb5994302", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379261", "to_ids": true, "type": "sha256", "uuid": "281e8a3b-348b-404e-93e0-ce8a0656c30e", "value": "53a26d5e2b1ee5d2a8261843c1fe0c68632d6686222f11177bee9c572c485005", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376789", "to_ids": true, "type": "ssdeep", "uuid": "8c8774bc-b311-419e-84a1-2be77d9b10cf", "value": "3072:zEDfrtEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33Y:4tExKucH+fOkEXRTrC6kpitmdD01WY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376789", "to_ids": false, "type": "size-in-bytes", "uuid": "545bbf8f-7485-4545-a2f1-33068a5a21b0", "value": "303616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376789", "to_ids": true, "type": "vhash", "uuid": "7f4465cd-f249-4dcc-bb7d-a21082d23f79", "value": "23503655551801091z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376789", "to_ids": true, "type": "filename", "uuid": "d741b09c-a75e-47c9-b459-c24802deeb0d", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376789", "to_ids": false, "type": "text", "uuid": "fdf654ad-12b9-4956-996a-a0231fc224fd", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:23/72\nFirst Submission:2025-02-11T15:33:51.000000+00:00\nLast Submission:2025-02-11T15:33:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385351", "uuid": "963dde80-1d9d-4604-8a76-8dbd149773b0", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385351", "to_ids": true, "type": "md5", "uuid": "a2033462-baa8-491b-ab60-fc92887c6070", "value": "22245fcef2f2505af5a9977044636336", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379262", "to_ids": true, "type": "sha1", "uuid": "6ae5c946-c869-4222-b7c0-1dee803867cf", "value": "3bcce545e3fa76111ec6f6b99d92084390d83016", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379262", "to_ids": true, "type": "sha256", "uuid": "f02617df-6ea9-4873-8ae0-eb0926517c59", "value": "57fe3bc7b7d4e2f8b10869d735c95f53d6a85bd59dacd26292c2d6a089fc36b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376810", "to_ids": true, "type": "ssdeep", "uuid": "30e841cc-ce1f-416b-9306-004d0b784bd2", "value": "3072:qN9tEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33Y:+ExKucH+fOkEXRTrC6kpitmdD01WY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376810", "to_ids": false, "type": "size-in-bytes", "uuid": "698e00c1-e3e0-49fe-b38a-f4dc763fd3d8", "value": "299008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376810", "to_ids": true, "type": "vhash", "uuid": "9ebb2651-88cb-4c65-96c0-0792616fba5d", "value": "22503655551701051z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376810", "to_ids": true, "type": "filename", "uuid": "c717668e-9d37-4b85-a629-c40b1645a0f2", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376810", "to_ids": false, "type": "text", "uuid": "4a49ff6e-204f-4ef3-bff2-dc9920774e6d", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:35/72\nFirst Submission:2025-02-11T15:41:49.000000+00:00\nLast Submission:2025-02-11T15:41:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385373", "uuid": "cce50462-5449-4b09-97eb-11a00743ddb8", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385373", "to_ids": true, "type": "md5", "uuid": "badb0cbd-8600-4216-8476-eabd1fa8fa43", "value": "8f8a7f7e80390241d3d5645b4c1e43b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379262", "to_ids": true, "type": "sha1", "uuid": "0f5bf744-6553-4c68-bc80-4f9105f94662", "value": "2347aa8baa6a5932cf8bf4c1af6b4178b9e00787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379263", "to_ids": true, "type": "sha256", "uuid": "d02486d0-7ad6-4a71-b431-7ccf39949916", "value": "62f734b99e5b690c12f339562c08e6a9168ad91c00bf4efc6c3f2d6c7a9677bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376853", "to_ids": true, "type": "ssdeep", "uuid": "23463d75-7027-4914-9f18-14c153dc13a6", "value": "192:H8H+70v2D+PNEAZ7Fcqkf78AuQJSr0CBFof+9SN95PfQNUHks:H8k+PGAZ7FTkf78AuWc0iFooSNfx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376853", "to_ids": false, "type": "size-in-bytes", "uuid": "b7f52dfa-f135-4e97-8552-51c3c946ad7c", "value": "9728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376853", "to_ids": true, "type": "vhash", "uuid": "6366aea8-0f63-4967-b614-73d1e443e6a8", "value": "29302655171z81z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376853", "to_ids": true, "type": "filename", "uuid": "b4b487d7-b8a7-43c7-af1b-12f9e6d28b11", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376853", "to_ids": false, "type": "text", "uuid": "e59ce4b7-083f-463d-9935-7c22a0539fb0", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:42/72\nFirst Submission:2025-02-11T17:08:13.000000+00:00\nLast Submission:2025-02-11T17:08:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385395", "uuid": "56eca2bd-f0f7-4075-b15d-637b9e8881c3", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385395", "to_ids": true, "type": "md5", "uuid": "e03807cb-a21d-4365-85b7-790a55360faa", "value": "d769d5accd02960f6ee682b4a910aa69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379263", "to_ids": true, "type": "sha1", "uuid": "5b80fc04-06fb-4be8-80b4-6f1b108590c5", "value": "ce8062f5c830e61e30778fdb4d24673cb42ec3ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379263", "to_ids": true, "type": "sha256", "uuid": "de048cee-ed81-4129-be54-0f9dc9c52b39", "value": "67e5fe71333949e664d9fb1d9ac0081c106fabb9b8e141af9874b58c132ab9e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376875", "to_ids": true, "type": "ssdeep", "uuid": "8ea4eb2d-256c-42c5-a518-867a9c3aa3eb", "value": "768:8yvWcBOeT/rYjB8RKKKKK43XIvhzGmA7Y0FoKo3:8cTOq/34JzFKFg3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376875", "to_ids": false, "type": "size-in-bytes", "uuid": "c95af8ae-ff2a-4711-af3b-cbcf39e5301e", "value": "29184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376875", "to_ids": true, "type": "vhash", "uuid": "a02ee750-c2bc-4d82-bd51-8ae74a6dba63", "value": "22403665751d0d1e2102d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376875", "to_ids": true, "type": "filename", "uuid": "f8c556d5-77bf-4d37-ba71-11a842c14f86", "value": "RunExe.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376875", "to_ids": false, "type": "text", "uuid": "77962441-ded2-4e82-8590-96273ab90b24", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:32/72\nFirst Submission:2025-02-13T07:32:57.000000+00:00\nLast Submission:2025-02-13T07:32:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385416", "uuid": "a4e283a5-1148-4d47-b66c-70ef3a986b0c", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385416", "to_ids": true, "type": "md5", "uuid": "e2c832aa-a10b-4bc8-a73c-43149523f1e3", "value": "d6c75d890562b4faf98e5f8877ce4928", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379264", "to_ids": true, "type": "sha1", "uuid": "90550df8-1a04-466f-bbe2-32e17e42853c", "value": "edbd52be133c66c5c9fcb4a9d2cb387a06df1ab2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379264", "to_ids": true, "type": "sha256", "uuid": "8e3bfdd8-75e8-4e8b-ae67-dfdf1ec8c02f", "value": "6ddf5c9c790a3a4a536b75d46e6ff10edee2012c625d10fbb69a119b68643cef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376897", "to_ids": true, "type": "ssdeep", "uuid": "b6edcffd-a0fd-4610-830a-abebd7f2aaed", "value": "768:LCkb5Ptm8V8ESMLj3nEsplqxGtxeG5qga8qLx/6CxAq77Dvv1QvFBOd6J2Fi0XKL:mmIe/RA4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376897", "to_ids": false, "type": "size-in-bytes", "uuid": "04d9fd35-9a9e-4ecf-9a00-e39a99f77a77", "value": "41472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376897", "to_ids": true, "type": "vhash", "uuid": "1b5f7042-9463-4e15-bd8b-8ccdff241fb9", "value": "24403655151c08191002c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376897", "to_ids": true, "type": "filename", "uuid": "8e60e6a1-2c60-46f1-816b-829b471782fd", "value": "smss.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 12/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376897", "to_ids": false, "type": "text", "uuid": "0e476ac2-ed3b-47b1-aa9a-9168a90d26d1", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:30/72\nFirst Submission:2025-04-09T11:16:54.000000+00:00\nLast Submission:2025-04-09T11:16:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385437", "uuid": "c6ac1571-9d01-46d2-b0df-e8a96c420871", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385437", "to_ids": true, "type": "md5", "uuid": "a0f4a604-7887-466a-b146-7c5495759891", "value": "d6b0b8b9ea626ee396f3a9e18054b89a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379264", "to_ids": true, "type": "sha1", "uuid": "64857334-cfb4-4473-beb2-d748fe7ec5f5", "value": "fbd7d79e7587a469724cdeaef4ae24a2e30d2f37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379264", "to_ids": true, "type": "sha256", "uuid": "b09bbdcd-591d-4cc4-a18b-f7ac395dc19a", "value": "70da3b1b49c0d6c660501a803026e5a5390bbea749b25b8b2ddffef8bb211ff6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376918", "to_ids": true, "type": "ssdeep", "uuid": "f5d1f2a9-2607-478a-93a7-e27c0426da09", "value": "384:ml5uSWZa9FoCWz1i4ozVN8bIjyfuQCaYeNVKmk+Ta5OBZFCP:do3zzcIjK3Y0FoKo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376918", "to_ids": false, "type": "size-in-bytes", "uuid": "0098e2c1-ba62-4cff-a593-3f957f8779d5", "value": "15872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376918", "to_ids": true, "type": "vhash", "uuid": "0a2248fc-db15-4c17-a788-73ad1440a7e0", "value": "214036557517010a1z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376918", "to_ids": true, "type": "filename", "uuid": "370e4148-b975-4b0c-bd49-05fce1e4baf8", "value": "ceshi.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376918", "to_ids": false, "type": "text", "uuid": "0bcc9294-595f-4b0c-8cc8-7de2f89154b6", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:27/72\nFirst Submission:2025-02-12T14:44:40.000000+00:00\nLast Submission:2025-02-12T14:44:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385458", "uuid": "2d6e3bee-9013-481d-8e75-c1c286f2fb6b", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385458", "to_ids": true, "type": "md5", "uuid": "da1febe6-678d-416f-ba25-adb8d2f15ec7", "value": "bf50d40a5ab20e8a6535c195b9c9ba77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379265", "to_ids": true, "type": "sha1", "uuid": "33195624-2e74-4c92-81c6-b4924d2c9f49", "value": "4f8c6b81c3255437c5e36ec5ae9b37c147cabfa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379265", "to_ids": true, "type": "sha256", "uuid": "ed75941e-ab53-4bfa-8064-35d9a17b4b97", "value": "7df588daaa053890cebfc0ac09b3c6b64bac4523719bc88323af6cc7e64377ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376961", "to_ids": true, "type": "ssdeep", "uuid": "bd426087-c507-44fc-8d31-1ea19eaf7b52", "value": "3072:zBnLCINSUjchEvHnBsFeKFnN0Who4IsaFwxo1Zug0nr:zBdN9HBsFeKpN/hoTwxo1Zug0n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376961", "to_ids": false, "type": "size-in-bytes", "uuid": "1beee973-8150-4d01-a626-e708b6abb117", "value": "421888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376961", "to_ids": true, "type": "vhash", "uuid": "4452ccd8-1297-4bfe-b563-1945a5bc05a8", "value": "24503655551ff082b10073f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376961", "to_ids": true, "type": "filename", "uuid": "0adc0bce-9df7-4e11-8640-0672f502463d", "value": "CheetahVPN.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376961", "to_ids": false, "type": "text", "uuid": "7a6d4e6b-9174-476d-b478-b84bb2a7b754", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:19/72\nFirst Submission:2025-04-27T11:21:48.000000+00:00\nLast Submission:2025-04-27T11:21:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385479", "uuid": "729584cd-7abf-4760-b0ae-a3fc659214de", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385479", "to_ids": true, "type": "md5", "uuid": "b69f827e-078e-4ecd-90cc-57184eef9981", "value": "22a93d95b87b08d718b05766aa5c4779", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379266", "to_ids": true, "type": "sha1", "uuid": "5a07d112-6bf4-4aa1-96d7-51e91ce350c7", "value": "d8207a1cc454ef6f66175bd526ef65c3aedd35bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379266", "to_ids": true, "type": "sha256", "uuid": "9ffff341-31a8-4d82-9105-2a1f3a4a9bd6", "value": "8019ea81df3933f933d94e2d7989b70f9aa8f4876d8103e79dc2fa9ae3cc87c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748376983", "to_ids": true, "type": "ssdeep", "uuid": "ee97006d-e67c-40b0-b01f-15c25895b6fb", "value": "192:nGaBV/0vF/Obaz+XnHW2oXWPXcwwbLpBOYRfr3D3yFkHL6GYinQFMePc:3BEObjxXaPNr3D3yO3Yh1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748376983", "to_ids": false, "type": "size-in-bytes", "uuid": "e3d79709-c64e-4acf-89ee-8b706fd84274", "value": "13824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748376983", "to_ids": true, "type": "vhash", "uuid": "7d3fc8b0-b6ed-41d7-84d2-1ec39f039759", "value": "21403655151801091z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748376983", "to_ids": true, "type": "filename", "uuid": "9ccc25de-dd97-4709-a847-fad35305b730", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748376983", "to_ids": false, "type": "text", "uuid": "55542170-85a6-448d-a4d4-af8c837d9c0c", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:23/72\nFirst Submission:2025-02-11T15:31:40.000000+00:00\nLast Submission:2025-02-11T15:31:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385501", "uuid": "47fb09bf-cc5c-4d43-81c2-b9ef89c2e015", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385501", "to_ids": true, "type": "md5", "uuid": "62a4dfa7-88b6-42c7-924b-32687e4df30a", "value": "c0d2131ccbef5cd905dc11ff210a7f4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379266", "to_ids": true, "type": "sha1", "uuid": "9253ddf6-8e78-4712-bc6c-1edcf2d115cc", "value": "69ecfbce3fd8e13cfead3e428584e76464e81c2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379266", "to_ids": true, "type": "sha256", "uuid": "c9fc516b-72ce-4bc6-8d36-4c1a5a83b120", "value": "8656a40ad826829fc90537ca0bbdbc2bb9d2e7d96e080f3fc4b5796e44c13881", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377026", "to_ids": true, "type": "ssdeep", "uuid": "f74a112d-e064-4365-b7f5-e0b5586bfd0c", "value": "96:kK17AjP7puqytlmDhb7TXdW5kuuYubrKZLsY2u9qOMyn+URnAnuNM2xYjmzkQdu:3aP7WydmKmZQSUyn+UNAiM2xYqkQM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377026", "to_ids": false, "type": "size-in-bytes", "uuid": "1a18c914-5d87-4907-a376-067fe9b051f4", "value": "7680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377026", "to_ids": true, "type": "vhash", "uuid": "516c84f5-8747-49cf-ae53-3836dd3fe697", "value": "27302655171z81z29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377026", "to_ids": true, "type": "filename", "uuid": "bcd746e3-c807-4ba0-9672-684a3ccc8500", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377026", "to_ids": false, "type": "text", "uuid": "b99cbce9-d496-49bf-8aaa-e2be391fa6e7", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:14/72\nFirst Submission:2025-02-11T16:41:16.000000+00:00\nLast Submission:2025-02-11T16:41:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385522", "uuid": "cc40e0ef-bc9f-4797-89d5-c582d7696b8f", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385522", "to_ids": true, "type": "md5", "uuid": "88f91595-155c-40f8-8240-60507bcec693", "value": "8253ea88418c8e00a3df534ec8a0b2aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379267", "to_ids": true, "type": "sha1", "uuid": "c0473bbd-2b4d-41ce-b415-c58ab590ecbe", "value": "88649a118e55832b2d4408a8703f481d6804c053", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379267", "to_ids": true, "type": "sha256", "uuid": "0d45cde4-71a2-449b-b904-82319530c3b6", "value": "8ce7e340773af5310bc851b5a9b848a72759fc33059a0d8cc5732a5f97766aa7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377048", "to_ids": true, "type": "ssdeep", "uuid": "a6c3e56a-2e7b-455d-b166-9547a9016bd5", "value": "3072:g6KuEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP5z3lYl:XExKucH+fOkEXRTrC6kpitmdD01/Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377048", "to_ids": false, "type": "size-in-bytes", "uuid": "1550b1db-43be-4bdd-901e-85f336ba33a4", "value": "304128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377048", "to_ids": true, "type": "vhash", "uuid": "019ec32e-e432-40d3-9688-cba37ad8f004", "value": "23503655551c08191002e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377048", "to_ids": true, "type": "filename", "uuid": "fa9cfdf1-3403-4dc0-ac7f-0919eaffe411", "value": "bak.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 23/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377048", "to_ids": false, "type": "text", "uuid": "f0b3c384-d9ad-4bd8-9d2f-e2468cd326f6", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:11/72\nFirst Submission:2025-04-07T12:21:50.000000+00:00\nLast Submission:2025-04-07T12:21:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385543", "uuid": "6363381f-5ef8-4cf0-9a57-5fb73c4483e8", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385543", "to_ids": true, "type": "md5", "uuid": "c06da956-2852-4c78-94e2-6553a47bd984", "value": "af08a6a0be4de4712aa2f89b61011744", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379268", "to_ids": true, "type": "sha1", "uuid": "aa36149e-f2a0-42f8-b346-701c7a1ea952", "value": "7dc08d5327cb1f7cbe1af3e67ee2ca62e09471d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379268", "to_ids": true, "type": "sha256", "uuid": "82e81d0c-0e04-4228-b53b-f44285fc3ff8", "value": "8e036e4c156fe5c51fbca42121b70dd77741b1ccdc1999867d5ca28fc4d57ae8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377070", "to_ids": true, "type": "ssdeep", "uuid": "3f0c4e38-4378-4f58-bb0c-4607e5e48d19", "value": "192:Cexh99g06NB/A17ySi/DLEMO/2xC5om+9+NzCjA2jXPuKN:Cebjg0CS1WO/QC5oZ+N2jAOP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377070", "to_ids": false, "type": "size-in-bytes", "uuid": "3544136d-1e04-4c02-a1d7-93614d3cb619", "value": "8704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377070", "to_ids": true, "type": "vhash", "uuid": "6c20e8e2-c0f4-4666-a69b-f8c70b93b2a6", "value": "283026551a01091z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377070", "to_ids": true, "type": "filename", "uuid": "da299dec-40bd-4bef-bf1c-b3b51046be5f", "value": "ceshi.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 16/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377070", "to_ids": false, "type": "text", "uuid": "3f269d1d-a550-4445-8c30-acb1d011bdbf", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:23/72\nFirst Submission:2025-02-12T14:09:26.000000+00:00\nLast Submission:2025-02-12T14:17:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385564", "uuid": "05b904b7-5556-4244-9ce2-0c891fc47e8e", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385564", "to_ids": true, "type": "md5", "uuid": "b069853e-3694-4398-887b-eae016b5803e", "value": "044ba28a98a7b50706be3915a3bb9bfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379268", "to_ids": true, "type": "sha1", "uuid": "630c7aaf-f722-45fe-b2ff-8fc4ffcc805e", "value": "dd0931cafb8658d9525ad488941a8df19626221b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379268", "to_ids": true, "type": "sha256", "uuid": "07b58f99-6168-46df-88f2-c5a72e17a1b0", "value": "93d6f9f0172206779c753a4c486dda1de4aa17a5147e84c31203c694655cd8ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377092", "to_ids": true, "type": "ssdeep", "uuid": "ce892f27-6227-4fad-87b6-ef3a4ee810af", "value": "768:HRRJfnKN4OeT/rWqvzFSm0504Y0FoKoP:HpVT9Mm0aoFgP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377092", "to_ids": false, "type": "size-in-bytes", "uuid": "5dc8c889-d311-4eca-ad50-5681c726d442", "value": "29696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377092", "to_ids": true, "type": "vhash", "uuid": "5023e64e-4c42-418a-98ee-df403f76f96c", "value": "22403665751f0d1e2102d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377092", "to_ids": true, "type": "filename", "uuid": "ee456334-9336-497a-bba1-17512a512f68", "value": "WebSocksClient.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377092", "to_ids": false, "type": "text", "uuid": "b09d8a26-9450-4b1d-95e5-470410048691", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:37/72\nFirst Submission:2025-02-12T15:12:09.000000+00:00\nLast Submission:2025-02-12T15:12:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385585", "uuid": "2cd19197-a878-4777-bc08-18b613e8cb39", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385585", "to_ids": true, "type": "md5", "uuid": "a7c7e0e0-1fb7-47f4-88db-d2eb84fa5df6", "value": "b7c8e30bcc6058cf8848ba104c95f0f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379269", "to_ids": true, "type": "sha1", "uuid": "3e063eb5-7569-4d8d-bf00-bd30eaf948c3", "value": "70da8e5e243809547c9654105d485d1fa21439e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379269", "to_ids": true, "type": "sha256", "uuid": "7e02b25b-2ba1-4c43-a7df-e10b1bfdfcc5", "value": "961afc40bd120d3715d2fa333de19a83ab4c712092e9289c28e271ec778f4ea0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377113", "to_ids": true, "type": "ssdeep", "uuid": "d7eee6b2-ec0e-4f0b-8042-5c2fd797dc82", "value": "12288:BCyFot2wH1wlCOoEcPaqmDrda7ERxp+NED:oyFoBH1wljPR/kA3e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377113", "to_ids": false, "type": "size-in-bytes", "uuid": "c24f2848-74e0-40b8-91f1-c0fb1f19d48e", "value": "427008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377113", "to_ids": true, "type": "vhash", "uuid": "a4af3166-6c3c-47a4-9425-37204f569725", "value": "245036751511f0d1e21022" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377113", "to_ids": true, "type": "filename", "uuid": "b878bac7-4535-43ed-9cfc-2ebceced85ab", "value": "WebSocksWorkClient.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377113", "to_ids": false, "type": "text", "uuid": "fa7dbfd9-d1b9-4290-9bdc-00078a983e87", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:30/72\nFirst Submission:2025-04-24T04:37:14.000000+00:00\nLast Submission:2025-04-24T04:37:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385606", "uuid": "6e418c03-9f66-46d8-be24-d84281dbc018", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385606", "to_ids": true, "type": "md5", "uuid": "27607db4-b3b0-4a5d-8928-d9558aa7a317", "value": "c400dcb0caaa0fdb06eeee90f1e7fb93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379269", "to_ids": true, "type": "sha1", "uuid": "423eca38-c545-40d9-ba18-6af7a778b3f1", "value": "e70217917142ad835e99f9f7539b53691b1b6a1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379270", "to_ids": true, "type": "sha256", "uuid": "751d726a-79c3-4bc7-bba3-ba753df4f98a", "value": "9c50cdfed01bb15b584c8871d5cf4dc506705839020fd0626305bf675bd912fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377135", "to_ids": true, "type": "ssdeep", "uuid": "f75bcd22-f819-4185-8531-3f30e568868b", "value": "384:dLZXMmDcTBVuutwo/mdKkd/rwmHgR//k6XUy/aixTebBrXBgeM:V5MmDkB0OeT/rGpiyNgbBl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377135", "to_ids": false, "type": "size-in-bytes", "uuid": "682179cd-5a71-4b64-9a6c-7604b5d87ad7", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377135", "to_ids": true, "type": "vhash", "uuid": "d7383428-53b9-4476-ae89-8b553afe0c5f", "value": "22403665151e0d1d2102b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377135", "to_ids": true, "type": "filename", "uuid": "25163886-2a3e-4d9c-9eda-661ea7f20ab3", "value": "WebSocksClient.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 19/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377135", "to_ids": false, "type": "text", "uuid": "1704154c-c2ea-4ff7-8415-833c351cbc8b", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:22/72\nFirst Submission:2025-02-11T15:00:20.000000+00:00\nLast Submission:2025-02-11T15:00:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385627", "uuid": "9a41116c-07c6-4d79-b970-edac981664c5", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385627", "to_ids": true, "type": "md5", "uuid": "1e776051-6b72-48a6-a4c2-70a9ae65092b", "value": "06a6a9fe8372615fb3202fd85ef18282", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379270", "to_ids": true, "type": "sha1", "uuid": "d05a9330-71f0-42e4-9e5b-a79755c200c1", "value": "3709715b149928ab7ca0feb4cbe7e9b9b8a2fb35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379270", "to_ids": true, "type": "sha256", "uuid": "2ab17614-b8b6-43c6-a7d9-cdf8652dd54c", "value": "a8163c286a140dd67a8c97631d4ef5799f93de94a914c3ab1c3026e1688743fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377178", "to_ids": true, "type": "ssdeep", "uuid": "830db714-3bbb-4c9a-a0db-80a97e8ed396", "value": "6144:cmN9HBsFIExKucH+fOkEXRTrC6kpitmdD01fY:cQDucH+fOkEXRTrC6/mdD0e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377178", "to_ids": false, "type": "size-in-bytes", "uuid": "91756b5c-936d-403b-a892-1fa0e5cc0a41", "value": "569344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377178", "to_ids": true, "type": "vhash", "uuid": "77a1156c-3f52-468e-b1e6-03da2220c827", "value": "25503655551ff082910073f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377178", "to_ids": true, "type": "filename", "uuid": "ae4d8419-fc1f-4da0-bbd6-3c0e9e896062", "value": "mdkbak.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377178", "to_ids": false, "type": "text", "uuid": "9ca8fb4b-d2ad-4967-86ed-35567f313aaa", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:22/72\nFirst Submission:2025-04-12T12:16:13.000000+00:00\nLast Submission:2025-04-12T12:16:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385648", "uuid": "7baa4118-8c4d-4535-9a5a-121f176a4df9", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385648", "to_ids": true, "type": "md5", "uuid": "22ac057c-080f-46c0-a72a-2aa7a46657f6", "value": "52607f4aceb5ea084618d80a736690f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379271", "to_ids": true, "type": "sha1", "uuid": "7a9abf1c-fd38-4cf4-85fb-9d87b96b4b4f", "value": "4d38fccf99ab41e8931440776aef623e6ea923a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379271", "to_ids": true, "type": "sha256", "uuid": "33949e6c-7b40-4cc3-b0d0-4782b6745074", "value": "af2c6c59f98c5a172e071a38706255ee56e9e8f7b4a1c575593b862e60f8a2c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377200", "to_ids": true, "type": "ssdeep", "uuid": "f3839c7e-9e92-4159-bdbb-3917e4801d07", "value": "384:fFmGAuQKDXcuceExrhepEKgjB5kKdPOBfj:frAeXEeETe5glycPO5j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377200", "to_ids": false, "type": "size-in-bytes", "uuid": "139f0f04-4a00-4c07-a037-1e448d1606ed", "value": "23552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377200", "to_ids": true, "type": "vhash", "uuid": "25c7f6b9-f165-4228-9fa0-e63e09f5284a", "value": "22403655151c091a1002d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377200", "to_ids": true, "type": "filename", "uuid": "b6bca590-ab5b-42c8-aa4e-1dee9fb8399b", "value": "SystemStart.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 15/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377200", "to_ids": false, "type": "text", "uuid": "0651f4c7-5d93-4db9-a70e-c512f5cd9437", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:34/72\nFirst Submission:2025-04-07T19:09:25.000000+00:00\nLast Submission:2025-04-07T19:09:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385669", "uuid": "adadd0f4-68cd-4d53-9171-a77221d9f505", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385669", "to_ids": true, "type": "md5", "uuid": "cf4413dd-6afb-472f-a792-d9923ccc448d", "value": "31df1582d843982ae9a7985e7616575a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379271", "to_ids": true, "type": "sha1", "uuid": "39f584ad-de38-4b37-9d28-2c82b3390491", "value": "23c629a2d022761936970019e10a412c78b31d23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379271", "to_ids": true, "type": "sha256", "uuid": "a734371e-37af-49ec-b287-afc1a3615258", "value": "b0269634a1d295d170e58d6c3c2cb86cd91dea2acd5f3dea9449df8ed0c889c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377222", "to_ids": true, "type": "ssdeep", "uuid": "829ac602-264d-46a0-8c45-28e744e0d232", "value": "192:h/4BfFqgJAFKmnsMUfFY/IM5KKvG5ws2geO5nyL+9LNBRQ5+wU0EROe:hw5FqgcKMsMOYTxQwGhnyULNv0zEU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377222", "to_ids": false, "type": "size-in-bytes", "uuid": "d7225880-6eae-445c-b2a1-ea646ea0c046", "value": "12800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377222", "to_ids": true, "type": "vhash", "uuid": "18f7e540-8b9b-4fba-b418-abc248c95f3a", "value": "214026551701091z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377222", "to_ids": true, "type": "filename", "uuid": "09fdcf0d-0c6d-46f6-9a8e-e3ba84d88fc5", "value": "1111.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377222", "to_ids": false, "type": "text", "uuid": "938a8cc8-126f-4874-9b43-e65a77e6e8d5", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:42/72\nFirst Submission:2025-02-11T15:59:17.000000+00:00\nLast Submission:2025-02-11T15:59:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385690", "uuid": "41206e12-f196-4e06-bfdc-12550d324fcf", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385690", "to_ids": true, "type": "md5", "uuid": "62c18572-f2d7-4732-a87e-de63f6927666", "value": "f597d27d50f73b67882a20127976ee89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379272", "to_ids": true, "type": "sha1", "uuid": "fbe582ff-4dcd-4e87-93dc-764f7953e02f", "value": "75f2aa596ba26eb48435b685b7772c9494664709", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379272", "to_ids": true, "type": "sha256", "uuid": "a9b8a785-4bab-400c-8b46-faecd5ff8927", "value": "b4caf6949964f75e8dd281ae2ab9947248120c680415b5f5b307532c1dc99b58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377244", "to_ids": true, "type": "ssdeep", "uuid": "4712c9fd-a8a3-4d00-ba79-12dd835b1fec", "value": "192:iiP7WO+dgFLfQeBSAon+UNA5M2xYtkQM:io+dgFLf2AoBNOE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377244", "to_ids": false, "type": "size-in-bytes", "uuid": "4c3a3991-92b5-4276-8fc0-ae14f1c5f9e4", "value": "7680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377244", "to_ids": true, "type": "vhash", "uuid": "0407e2fe-ec5f-4767-b10d-ef53a60577d6", "value": "27302655171z81z29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377244", "to_ids": true, "type": "filename", "uuid": "834a9fea-7b93-435f-98f6-08b3e934cafe", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377244", "to_ids": false, "type": "text", "uuid": "43bf2ee9-68ee-4014-8f9b-0524066c414a", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:10/72\nFirst Submission:2025-02-11T16:44:53.000000+00:00\nLast Submission:2025-02-11T16:44:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385711", "uuid": "4fe751dc-9298-4ffb-87d9-6226ce7c90b5", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385711", "to_ids": true, "type": "md5", "uuid": "4ca592ee-9223-4741-ba45-e8a61d21f8b8", "value": "d8b61da25ec807cd2ff0bdb735ebc0e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379273", "to_ids": true, "type": "sha1", "uuid": "236a8c3c-33d7-45d2-b70f-d32afc75b555", "value": "6390a5e0d8e622355494dddcb7a2b069567a3de5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379273", "to_ids": true, "type": "sha256", "uuid": "5fa80913-f4fb-4513-a9ae-29ccae5e9a12", "value": "b61c22c6b74a546ee337b3a6cc2ee1fa9f3e92e93eced40fe7df27ffddc4c0fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377265", "to_ids": true, "type": "ssdeep", "uuid": "349d7f7e-9e27-4b56-ab03-4935ebfa8989", "value": "384:+ZtepY4tmD6K36ZWCCaYeNVKmk+Ta5OBZFCP:+2pHkx3fKY0FoKo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377266", "to_ids": false, "type": "size-in-bytes", "uuid": "060b7f47-8fee-4e5a-8a90-dd215e311f62", "value": "17408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377266", "to_ids": true, "type": "vhash", "uuid": "af996915-9f79-43fe-bdda-11448123743f", "value": "214036557517010a1z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377266", "to_ids": true, "type": "filename", "uuid": "bf5ee3f2-832b-4a97-a503-dff0cf5c2ee1", "value": "Program.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377266", "to_ids": false, "type": "text", "uuid": "0ca16335-3b15-4d43-a775-132c82287881", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:39/72\nFirst Submission:2025-02-12T14:54:38.000000+00:00\nLast Submission:2025-02-12T14:54:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385732", "uuid": "041f1037-950b-4f97-93f9-604076b35f59", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385732", "to_ids": true, "type": "md5", "uuid": "441fd300-dbde-46c0-8751-1e30cd58e72a", "value": "67a0f12a2a696a0a1709b50fec0b7b54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379273", "to_ids": true, "type": "sha1", "uuid": "056c8271-d253-47cf-a9f2-522c19b2eaf1", "value": "3e39c5f06660c9a65a780be8b36faa022f99c240", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379273", "to_ids": true, "type": "sha256", "uuid": "339c41a5-904a-4cef-b389-226a5539a4c6", "value": "b93632280602502b9480abc7c4acd5c7398004197c4a6013ccd2a4ee4c599591", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377287", "to_ids": true, "type": "ssdeep", "uuid": "43a0d693-4d86-439c-b657-036f6bdd4644", "value": "3072:zEnXltEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33Y:4vExKucH+fOkEXRTrC6kpitmdD01WY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377287", "to_ids": false, "type": "size-in-bytes", "uuid": "726feb6a-2bc6-43a3-9e9e-8b18c4a9ca3d", "value": "301056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377287", "to_ids": true, "type": "vhash", "uuid": "af62f336-b5fd-4de4-bc45-70b15063530a", "value": "23503655551701091z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377287", "to_ids": true, "type": "filename", "uuid": "bf8c0ff0-c3a0-492f-874f-8b0764276884", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377287", "to_ids": false, "type": "text", "uuid": "37c05319-2922-4c1a-b5e5-9c9b32fff72e", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.A!ml\nVT Total Detection:33/72\nFirst Submission:2025-02-11T15:40:17.000000+00:00\nLast Submission:2025-02-11T15:40:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385754", "uuid": "0be79a1b-346c-4010-b506-69bf85b637a8", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385754", "to_ids": true, "type": "md5", "uuid": "a7f79c3a-6390-4b68-98af-5d9cbac9fbe0", "value": "b6e5a22c7822637503ed3c07c191323b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379274", "to_ids": true, "type": "sha1", "uuid": "80bc90a9-0c58-467d-89d6-6d493023ddd6", "value": "432e802bcb5e0027b76b3025f55cb685360e1b63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379274", "to_ids": true, "type": "sha256", "uuid": "12ea3f3e-7c3f-41ee-b6da-5844dfb61ccd", "value": "bc246e2508013cb3d8df5c21bac16ab3584e40b16b31647db31006877bc13db3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377309", "to_ids": true, "type": "ssdeep", "uuid": "c63622b5-9dca-446d-bbca-e91165ef0026", "value": "192:BlfRuSVgZPy9FoCWz1+Vl4os+9VNzwbIjPTGfHuKN:Bl5uSWZa9FoCWz1i4ozVN8bIjyf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377309", "to_ids": false, "type": "size-in-bytes", "uuid": "7329376d-6b22-4742-83f0-583f367ca4a5", "value": "8704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377309", "to_ids": true, "type": "vhash", "uuid": "d62528c8-a1c9-44f3-98b5-b925641ef487", "value": "2830265517010a1z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377309", "to_ids": true, "type": "filename", "uuid": "2b2f423e-afc1-4358-9edf-1e81732a2b60", "value": "ceshi.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377309", "to_ids": false, "type": "text", "uuid": "735f6ec6-663c-482b-8790-a69769749cb4", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:39/72\nFirst Submission:2025-02-12T14:37:28.000000+00:00\nLast Submission:2025-02-12T14:37:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385775", "uuid": "2dda789d-1708-4b54-834d-94e42dec6be7", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385775", "to_ids": true, "type": "md5", "uuid": "177e5bf8-3fdd-4f17-9754-273f5f5f5a79", "value": "341997cb408abe151f5a96fb29c38295", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379274", "to_ids": true, "type": "sha1", "uuid": "4607f736-e00d-4df3-969a-675a8674a1d9", "value": "e4eeec82de26274c2b8cd717e06f52c23f72074b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379275", "to_ids": true, "type": "sha256", "uuid": "5eba1b7f-b72e-486f-ac79-01d7d51412f1", "value": "c2fdb76ec20047129d5f993917cae4a73b61204c531121a57a9121910910fbaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377330", "to_ids": true, "type": "ssdeep", "uuid": "9db06bd1-9796-4184-b481-fbf5a66487a3", "value": "6144:hxxteEu3MnTlCtgQERiwus1FxVvlevQo7cI58JY2iNPhjy59WEukD7dxqvkwJUih:XGCYhPzYISzi/ybE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377330", "to_ids": false, "type": "size-in-bytes", "uuid": "5ee5352a-4266-44b2-af1f-ba6026923065", "value": "1134592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377330", "to_ids": true, "type": "vhash", "uuid": "3ce57a28-bf43-4d31-b948-ad82d983ffea", "value": "016026151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377330", "to_ids": true, "type": "filename", "uuid": "745961a0-883b-4030-9f17-f88ed12beabe", "value": "COM_SurrogateByDll.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377330", "to_ids": false, "type": "text", "uuid": "dbc1aa8f-f014-49fe-aef9-5763c0f20c30", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:43/72\nFirst Submission:2024-07-30T06:06:45.000000+00:00\nLast Submission:2024-07-30T06:06:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385796", "uuid": "dfaf7c0c-5556-4ffe-ba79-c85e928fee3d", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385796", "to_ids": true, "type": "md5", "uuid": "936da0fd-bd16-420b-afc7-191a007d7be3", "value": "d1892e1765929bf971676a9538eed5c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379275", "to_ids": true, "type": "sha1", "uuid": "8720e5c4-fe8d-4c28-8036-10ddd49916cb", "value": "61f42421c2c946856cd956db999ac4bd6b8c64d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379275", "to_ids": true, "type": "sha256", "uuid": "ef42c67c-a6c5-4c0d-a1b0-5a52fdf9b7b3", "value": "c7137d350aaf2acc965763e380255e9fb63d6feefae4ed91c80b70ff022db855", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377352", "to_ids": true, "type": "ssdeep", "uuid": "7db5d395-0bcd-4b8d-9689-9bbae1609413", "value": "384:5+9wu3DNl8PTgutwo/mdKkd/rwmxKDByL4WtDHpEtjieWYRCaYeNVKmk+Ta5OBZO:E9wCT8LgOeT/rmnID4ieWY7Y0FoKo3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377352", "to_ids": false, "type": "size-in-bytes", "uuid": "7755b432-ef20-4446-bbb7-04014bd9c474", "value": "27648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377352", "to_ids": true, "type": "vhash", "uuid": "e01e94eb-467b-4ce7-a97c-febc7c662bc0", "value": "22403665751d0d1e2102b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377352", "to_ids": true, "type": "filename", "uuid": "2e8cc011-a6b7-47dd-819d-2b44882b7c52", "value": "RunExe.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377352", "to_ids": false, "type": "text", "uuid": "3a5ae14a-635b-4817-bc24-18e3fcf37ade", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:35/72\nFirst Submission:2025-02-13T07:38:10.000000+00:00\nLast Submission:2025-02-13T07:38:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385817", "uuid": "82248c87-aea3-438d-b766-a011a780696e", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385817", "to_ids": true, "type": "md5", "uuid": "0b94ec6a-44a2-4758-ac72-321dbacca60d", "value": "4b26cb83f8853fd772f4972628586d63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379276", "to_ids": true, "type": "sha1", "uuid": "28cef621-bd53-4782-818f-73ef28550e0f", "value": "3860ca86f3e0a30d345866f4b4d761bb419803b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379276", "to_ids": true, "type": "sha256", "uuid": "0227c4ce-8793-4b9f-ac81-2db296e280bd", "value": "cbb512c427297c2b67b83e459887b59e3171ad47a22a62d89f03a1eacab1ac42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377395", "to_ids": true, "type": "ssdeep", "uuid": "66ad72d3-bd48-404e-a563-75728f2e3c72", "value": "3072:/E4uutEx9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33Y:8qExKucH+fOkEXRTrC6kpitmdD01WY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377395", "to_ids": false, "type": "size-in-bytes", "uuid": "4510c27c-159a-480f-8ec7-f1ea3db2fd2e", "value": "303104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377395", "to_ids": true, "type": "vhash", "uuid": "89b98daf-fd2a-4b27-8642-4ac7554406d2", "value": "23503655551701091z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377395", "to_ids": true, "type": "filename", "uuid": "d605deb0-18e7-4048-904c-85d4fa4a715c", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377395", "to_ids": false, "type": "text", "uuid": "134b258e-7107-4ea9-83c8-67381161f7e7", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:46/72\nFirst Submission:2025-02-11T15:36:25.000000+00:00\nLast Submission:2025-02-11T15:36:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385838", "uuid": "b3087f60-aa7c-4d31-adbc-7faab886817d", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385838", "to_ids": true, "type": "md5", "uuid": "3b985234-4848-4631-bf09-e5c81e6cc1f5", "value": "7f0682cdccad57248692a2b5311e3229", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379276", "to_ids": true, "type": "sha1", "uuid": "4295bbe1-f136-4ba6-beb7-0d97a5cb2a08", "value": "d2eff3f8b35299b60f6e798cf1e8ba0139675423", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379277", "to_ids": true, "type": "sha256", "uuid": "070d6985-44b8-4e86-a706-5fe01a694e0e", "value": "ce98feac673b63a3c030c976c0dd4a0fba0cd5e124373b390b0f3c7fa761f95e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377417", "to_ids": true, "type": "ssdeep", "uuid": "89f369bf-441d-489a-aa17-c27b23276423", "value": "192:0MZB4ariNZLDpy/2VyWekDj4AU+iihxp1aeBRBWSc7EyM+9SN96EmMbHzs:04+Nxdy/2AdkDIihxp1VCEyTSNgyb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377417", "to_ids": false, "type": "size-in-bytes", "uuid": "91e55132-cb18-45df-836a-0695b777cf54", "value": "10240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377417", "to_ids": true, "type": "vhash", "uuid": "bca1aef5-22fd-4a8b-81e5-f6ab6d3f98d5", "value": "21402655171z91z2d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377417", "to_ids": true, "type": "filename", "uuid": "a986afde-fa6e-44ef-a34f-2cad70fa4186", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 26/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377417", "to_ids": false, "type": "text", "uuid": "47748159-0c96-4331-b06c-b2b3430ecd90", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:25/72\nFirst Submission:2025-02-11T17:25:38.000000+00:00\nLast Submission:2025-02-11T17:25:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385859", "uuid": "cdbd63d2-2c45-4546-bed7-12e52898f285", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385859", "to_ids": true, "type": "md5", "uuid": "142b2473-0f89-447d-a00e-abf24778f0a0", "value": "756ae9bf293a03a71aafc912495e18a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379277", "to_ids": true, "type": "sha1", "uuid": "da03130e-cc0b-4b28-b0aa-aa0f4855805c", "value": "3ad47c6cc22488bf0b2671896830ee9affe3303c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379277", "to_ids": true, "type": "sha256", "uuid": "5a82fca4-6e26-49cc-912c-6c959fe55e34", "value": "d1d957406e9177a1ab10bb5a4d2d4dfb3ac971c390f8383eeaa263bdf8038058", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377438", "to_ids": true, "type": "ssdeep", "uuid": "6618f489-ab3a-4c00-a3f4-637b987c1bb3", "value": "192:R8x/R27xVZYloFe+gBfK5UC0jKoB2y6+9+NWahPftbDuzU:R8x/RSxcoyBfy8L2yt+NWahRD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377438", "to_ids": false, "type": "size-in-bytes", "uuid": "27a747ec-6739-46c8-a97e-e543ab0600ce", "value": "8704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377438", "to_ids": true, "type": "vhash", "uuid": "5c2334b1-82f9-4ad9-9259-e098f5dcc586", "value": "28302655171z91z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377438", "to_ids": true, "type": "filename", "uuid": "b316494e-321e-4514-a0c2-41996f2aef46", "value": "ceshi.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377438", "to_ids": false, "type": "text", "uuid": "d838c8d5-7293-4e34-a396-a505d907a1ac", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:37/72\nFirst Submission:2025-02-12T13:36:59.000000+00:00\nLast Submission:2025-02-12T13:36:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385880", "uuid": "eda761ea-1299-4981-8877-f724542fa24d", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385880", "to_ids": true, "type": "md5", "uuid": "7006464c-6659-4912-b340-da1e1b1468ba", "value": "6a6288d00772a2baca67e54bb4f5bf29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379278", "to_ids": true, "type": "sha1", "uuid": "020fe016-a0bf-4529-97e0-ecfbd6c358f6", "value": "23342597289923e55f6f29130af66f4864a87d97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379278", "to_ids": true, "type": "sha256", "uuid": "0b6be7d3-ff57-4775-86ae-e72e0233f95d", "value": "d6c3c83d8549c691972e8fe91277c579efe83b731d5a1669d42692b0b3a17980", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377460", "to_ids": true, "type": "ssdeep", "uuid": "bf8b131f-6f78-492d-9b5a-8ab4fa4fbf43", "value": "192:XpZgHTcIOXVB4Wl0rlj7QD4BFkaioKgBdhCV2o++9VN92zET0HzsL:Xps7OX72N7QDQFkVgA2oRVN0zFo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377460", "to_ids": false, "type": "size-in-bytes", "uuid": "2a6dec35-e86d-44f6-bfdb-947261c1cfa4", "value": "10240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377460", "to_ids": true, "type": "vhash", "uuid": "adf58da1-4439-491c-a8ed-d1831addd8ea", "value": "21402655171z91z2d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377460", "to_ids": true, "type": "filename", "uuid": "ae0353bc-e32d-4d32-976f-e0d697b81941", "value": "not64.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377460", "to_ids": false, "type": "text", "uuid": "0b46ed19-1f7c-4a0d-b14f-2168e0a12874", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:38/72\nFirst Submission:2025-02-12T12:46:43.000000+00:00\nLast Submission:2025-02-12T12:46:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385901", "uuid": "3dd9babe-2b8f-40ed-bd73-de25f0e72ca5", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385901", "to_ids": true, "type": "md5", "uuid": "eaa68c78-195f-4805-a062-967d22be7825", "value": "ba8cf5954226424b725c43906b48d369", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379278", "to_ids": true, "type": "sha1", "uuid": "e3c0d293-f920-476c-97fb-6d07f1f6759f", "value": "1ec077649a3bf47ce1a5f6e79643c7baf630a39b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379278", "to_ids": true, "type": "sha256", "uuid": "c56875fe-a009-483c-8fb1-f11c5e244728", "value": "d8d1635a515fd3afb2ccfbd2a82feb2c2150161872f3a4babd90146626fe8355", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377482", "to_ids": true, "type": "ssdeep", "uuid": "a51a84df-4049-4a5d-9066-7ece706f2d56", "value": "192:taP78jZsLKLfn3VoI+99NAWk+3dgikQM:tDZsLuf3VoP9NzFe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377482", "to_ids": false, "type": "size-in-bytes", "uuid": "a42b99bc-1c0a-4f4f-b086-b7960dbf60ee", "value": "7680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377482", "to_ids": true, "type": "vhash", "uuid": "fa037587-d3f7-46e2-b817-b2b58d8656cf", "value": "27302655171z91z29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377482", "to_ids": true, "type": "filename", "uuid": "bd3589ee-4965-4289-8c81-c323b3cc4b7c", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 09/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377482", "to_ids": false, "type": "text", "uuid": "b8c7ef9d-f51c-4f30-92ed-60534295fd6a", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:15/72\nFirst Submission:2025-02-11T16:54:46.000000+00:00\nLast Submission:2025-02-11T16:54:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385923", "uuid": "aade2e7d-716c-41c4-95bc-d22bff912a9b", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385923", "to_ids": true, "type": "md5", "uuid": "4e3a5e5a-d058-46a2-a459-d63e62ff09d4", "value": "267b29c39a96167454fe2f14bc9dee1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379279", "to_ids": true, "type": "sha1", "uuid": "04c29d7c-0b26-4426-823c-473fa74e9de1", "value": "a2f28a5bbe904d3c78c9be7460fc8803447e2380", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379279", "to_ids": true, "type": "sha256", "uuid": "247cb480-89e6-4724-be4d-cf4311f00848", "value": "de9117872e6b32d01fe2e2ec54899641486a1ebb3439123aadea8d5388617eee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377504", "to_ids": true, "type": "ssdeep", "uuid": "4c33dca4-17e8-496c-baad-28c379d2ee12", "value": "3072:+Jdo3Ex9IucQu+o2OvsEXxMaTrC6nU7pitmD9Y3t0BaSKqF5CmNh0VP6z33Y4enR:+QExKucH+fOkEXRTrC6kpitmdD01WY4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377504", "to_ids": false, "type": "size-in-bytes", "uuid": "fd820477-a18e-48d5-9e83-89462f1c0a49", "value": "323072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377504", "to_ids": true, "type": "vhash", "uuid": "8b2442f6-9c4d-48b2-ad38-55389af17d72", "value": "23503655151c08191002e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377504", "to_ids": true, "type": "filename", "uuid": "e1d45776-1d75-4ea4-bc2e-7423eb107b7e", "value": "bak.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377504", "to_ids": false, "type": "text", "uuid": "d4487cfe-8994-48ae-b242-31c1a84d8bf4", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:23/72\nFirst Submission:2025-04-08T06:11:08.000000+00:00\nLast Submission:2025-04-08T06:11:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385944", "uuid": "d34b7e9b-7b17-459e-a2bc-eaaa9f3b984b", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385944", "to_ids": true, "type": "md5", "uuid": "6d07964c-4d35-438e-a5c9-dd273cb43401", "value": "dbeb3ad89e75951a142123b54f47ae19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379279", "to_ids": true, "type": "sha1", "uuid": "54e31ffd-d1ba-488b-a467-801d382605b5", "value": "ec646f8259fddbd4913ec6be85c11a23ab835b9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379280", "to_ids": true, "type": "sha256", "uuid": "03a6d1ba-c9c2-4087-957b-acfd823d7069", "value": "e5d34a8a39ae067efe12336732f43775fa8eaf86e0d7668816780d1db9821e5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377526", "to_ids": true, "type": "ssdeep", "uuid": "3c318dfb-72d6-4f56-b749-a741e522b705", "value": "192:aCpZgK97iUBGrMiVcmI83qvlke3srXRe5+5jOBg7oWV2y++9VN9ZETwHzs:Lp57dBGrMi3r6vlktX05+5jOBQ2yRVNJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377526", "to_ids": false, "type": "size-in-bytes", "uuid": "72352ab0-300c-42e4-a9b6-051cd497e53f", "value": "10240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377526", "to_ids": true, "type": "vhash", "uuid": "75941f3c-3111-421b-8f67-c5a4f0e41572", "value": "21402655171z91z2d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377526", "to_ids": true, "type": "filename", "uuid": "628c9866-0dc9-4f0e-880b-d2fe79180f57", "value": "backtest.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377526", "to_ids": false, "type": "text", "uuid": "d394981b-d49d-4452-a115-4a8ac674ff7b", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:35/73\nFirst Submission:2025-02-12T12:34:29.000000+00:00\nLast Submission:2025-02-12T12:34:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385965", "uuid": "0e0c7a6a-d402-4393-9963-ee8c1a6a070d", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385965", "to_ids": true, "type": "md5", "uuid": "e543f80a-6c0e-49ea-bdf6-e835507b4346", "value": "66b5ea5e8984392aee74d4629df8aa99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379280", "to_ids": true, "type": "sha1", "uuid": "7106aaaf-ac00-4592-b938-cf7f7392ab0d", "value": "2d15cc134901648097fef982064216b9e5a5f121", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379280", "to_ids": true, "type": "sha256", "uuid": "96c76bae-2a66-45d0-9d18-83fdb8b57033", "value": "e9808c0e5ebba9aa2b2b5f856d1cb6965f6b5fa49e22dc423251786bb46ac2b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377548", "to_ids": true, "type": "ssdeep", "uuid": "efd91f82-93dc-4186-8edb-342f686896cd", "value": "384:2/E6TOBVP8eu0HMc6izmkY3hVESoirSHEx8W:2wbPsmmkOOirNb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377548", "to_ids": false, "type": "size-in-bytes", "uuid": "fd609011-da4d-4026-8b35-22b3a9b0bfb5", "value": "25600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377548", "to_ids": true, "type": "vhash", "uuid": "653c0188-c16b-4c33-8b93-bf41784adbe9", "value": "22403655551c08191002e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377548", "to_ids": true, "type": "filename", "uuid": "ebaee006-87a8-4cfa-8251-7d5a33ff2cae", "value": "testdemo.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 12/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377548", "to_ids": false, "type": "text", "uuid": "ff6f5404-45cb-4e64-a9c9-243df6fc40f3", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:20/72\nFirst Submission:2025-04-09T11:29:51.000000+00:00\nLast Submission:2025-04-09T11:29:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748385987", "uuid": "6cabdc21-2e0e-448b-a60c-65ef2d3682b9", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748385987", "to_ids": true, "type": "md5", "uuid": "bbfe83b0-fac6-473a-8382-31ef1f1844ff", "value": "caf9551d4b5e65f78e09ad72fc50b735", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379281", "to_ids": true, "type": "sha1", "uuid": "03bfbd8f-1b1a-42d2-ae60-5f47d11526d5", "value": "43924e11bb63fa4df21df88fac660b062002fe7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379281", "to_ids": true, "type": "sha256", "uuid": "da4db674-d9ff-44b0-a5d8-7399425d40a9", "value": "ed8684894015e74ff5cf217cbda2f2036e7c9f573f9b0aa46e29e7ff8c13f11b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377569", "to_ids": true, "type": "ssdeep", "uuid": "bf8aaa54-a49f-45c0-8cea-54164a4797a2", "value": "192:UsJLXUl7pAE2V+9QK2BE6N3VS31rAu1nyD+tN9osbXHzs:UQX4p12l0znyiN2Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377569", "to_ids": false, "type": "size-in-bytes", "uuid": "5b6c3d82-eda6-4180-955f-df04e1bb8667", "value": "9728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377569", "to_ids": true, "type": "vhash", "uuid": "27e6a3a7-34e3-4aff-b3f3-fa6123084674", "value": "29302655161z91z2d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377569", "to_ids": true, "type": "filename", "uuid": "a79f3625-c156-4665-be31-8dbddb9cab13", "value": "UserLoad.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377569", "to_ids": false, "type": "text", "uuid": "b71bd64a-3be2-4ced-9411-5b60ad20d22b", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:19/72\nFirst Submission:2025-02-12T12:28:00.000000+00:00\nLast Submission:2025-02-12T12:28:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386008", "uuid": "b5e438ea-f0c0-4ab7-9b78-d73f085e4613", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386008", "to_ids": true, "type": "md5", "uuid": "9f2804a7-0d12-44aa-845d-61616de920e1", "value": "82f17d454e56e0e02119a48d8fb56d4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379281", "to_ids": true, "type": "sha1", "uuid": "bc8a97cb-a1dc-4263-993a-041a0ffc0ee4", "value": "17e4317e6b5a3450e9645a6dc480e02fcb167401", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379282", "to_ids": true, "type": "sha256", "uuid": "9b1f9d36-05c3-43e4-9261-68cf362bfb6e", "value": "f29e98d60486472e80d2fac7afa7433bad74d69e25ba8b9533c3b23d6b6be9bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377591", "to_ids": true, "type": "ssdeep", "uuid": "05a2a939-596d-4a7c-aa31-d01580408ffe", "value": "192:CpDjfHK22LmGSFTgJt2ggnlaT20Lim8YyhR+AEI4Ll2hc25/EyPBLc7YAbvpExnp:ChGtHSFTkOnsT/im8Yyh/EH26BHExX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377591", "to_ids": false, "type": "size-in-bytes", "uuid": "b5725a9c-4ff1-47f0-a6f6-59d746fbbcf3", "value": "24064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377591", "to_ids": true, "type": "vhash", "uuid": "7cfb29bf-2386-440f-a75c-eadf4816ebd5", "value": "22403655551c08191002c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377591", "to_ids": true, "type": "filename", "uuid": "c70c6963-53d2-491b-a9e4-ce490b4f1caf", "value": "smss.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377591", "to_ids": false, "type": "text", "uuid": "9a2cde2a-7e8a-4d8c-88ba-02fde6275022", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:27/72\nFirst Submission:2025-04-09T11:11:07.000000+00:00\nLast Submission:2025-04-09T11:11:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386029", "uuid": "7b638e6c-a31e-4cbf-916b-78031f0dc117", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386029", "to_ids": true, "type": "md5", "uuid": "f7ff3f9e-60bc-49e1-86df-8bcdfcd56d94", "value": "a3aecd8627d617e2ddf4f6f36ac722dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379282", "to_ids": true, "type": "sha1", "uuid": "ff34d403-4a8a-455e-a8d5-fdab39f6183b", "value": "04fa5f4f1469f9ef3816c777ee984bb4b0a10811", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379282", "to_ids": true, "type": "sha256", "uuid": "354b0ada-30b5-45af-961e-dc24010db511", "value": "f3bd3637ad90eae0bfa31c0735fa3bb2e0d7061f63456f7479948ce7e8cd7310", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377613", "to_ids": true, "type": "ssdeep", "uuid": "b3c6fc4d-59c2-44f4-8972-eef95ffbf676", "value": "96:TG7AbP7puqytlmDHbMJD0Hq2N0uu++SVusY2u9qeMo3+URnAqWM2xYjmlkQdu:MiP7WMlKbYSAo3+UNANM2xYCkQM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377613", "to_ids": false, "type": "size-in-bytes", "uuid": "900565fa-2b7b-4b79-aeb8-5363fce0d241", "value": "7168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377613", "to_ids": true, "type": "vhash", "uuid": "e1401785-4280-456f-8613-1762050b3909", "value": "27302655161z81z29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377613", "to_ids": true, "type": "filename", "uuid": "a0bbdffc-01ea-4448-b04a-386fd5910dd3", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377613", "to_ids": false, "type": "text", "uuid": "717a302c-ff62-4a5c-b34c-eea73ddc5965", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:8/72\nFirst Submission:2025-02-11T16:42:47.000000+00:00\nLast Submission:2025-02-11T16:42:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386051", "uuid": "447af121-6c56-49d4-bce1-13cbf88ef9f3", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386051", "to_ids": true, "type": "md5", "uuid": "68bcea9b-e806-4c8c-a8a4-d1a41c33a96a", "value": "e58f66f9dbeef13c9e2ede327c0d83d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379283", "to_ids": true, "type": "sha1", "uuid": "67da0bf8-5732-44a2-b39f-958a06012be9", "value": "c440fd07be03fb6cc478c5644a1a51e67c08b8ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379283", "to_ids": true, "type": "sha256", "uuid": "ef5a764b-a2e1-4cfa-b174-ba5c4e31a06b", "value": "f3f1ac9e1739a840242c9c215080085af61500dbe7bfd01886fe972e0ca22a26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377634", "to_ids": true, "type": "ssdeep", "uuid": "4125100b-ccce-4d42-9527-e6f4d056c731", "value": "192:guL+7LLU11iMju7MfMZpFof+9SN9APfqN8Hks:gujLIMfMrFooSNqn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377634", "to_ids": false, "type": "size-in-bytes", "uuid": "aac59945-1492-4ce5-9547-daa49832244f", "value": "9216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377634", "to_ids": true, "type": "vhash", "uuid": "f96c23dc-0828-4f69-9061-4246a4a1bc03", "value": "29302655171z81z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377634", "to_ids": true, "type": "filename", "uuid": "8073792d-510b-484f-b6f8-51a946831102", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377634", "to_ids": false, "type": "text", "uuid": "8f7a466a-0c3d-4ff8-98e1-66f1539dd68f", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:28/72\nFirst Submission:2025-02-11T17:01:05.000000+00:00\nLast Submission:2025-02-11T17:01:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386072", "uuid": "66884aab-e7f9-426b-9b64-fcb40b25b774", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386072", "to_ids": true, "type": "md5", "uuid": "c8084af0-63b3-4030-9d5a-787b35bce274", "value": "7dc0b4a6773e804d31a910ac737f9467", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379283", "to_ids": true, "type": "sha1", "uuid": "190fee4b-0b72-4c59-ada2-6b572d925624", "value": "f19bed816683c4b405c42f483729f28da01301a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379283", "to_ids": true, "type": "sha256", "uuid": "48edda20-8d8f-45b1-aedf-716582dce2d4", "value": "f55bb674f524ea72d91dba894ea5448ecf92aab7bceb0cf0025383483e72cc1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377656", "to_ids": true, "type": "ssdeep", "uuid": "362acef3-ed8f-40c1-b16d-5090f5882e95", "value": "192:sJTxQ6FmunZaWGD2Kpo2CBlld0rpqyL+9ZBRVL75GD6NhKsY1BOl:Uu1uZ0D2Kpo2+llRyUZvR/XYy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377656", "to_ids": false, "type": "size-in-bytes", "uuid": "f71a434a-4246-4dbb-8831-5bf343b23f84", "value": "11264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377656", "to_ids": true, "type": "vhash", "uuid": "4c746e42-a269-4cf4-8b40-2260babef2e2", "value": "214026551701091z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377656", "to_ids": true, "type": "filename", "uuid": "f7cbde15-dcaf-42dd-8dba-be01ab63864c", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 28/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377656", "to_ids": false, "type": "text", "uuid": "64c5f1c2-6e5a-4d3b-a293-49451eb6ab70", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:38/72\nFirst Submission:2025-02-11T16:12:45.000000+00:00\nLast Submission:2025-02-11T16:12:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386093", "uuid": "94e80ec8-03e0-4b11-b589-0bd34c77b8f6", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386093", "to_ids": true, "type": "md5", "uuid": "fbea40e7-e494-4790-b627-1d93a502ee73", "value": "f089e8a3924f9337b91cb3911cecfa73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379284", "to_ids": true, "type": "sha1", "uuid": "48a9286f-3c93-46fb-a226-1a7e7adc3bc7", "value": "d0de7c8b39f69a19b56348dc68a3aa29c557d22e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379284", "to_ids": true, "type": "sha256", "uuid": "dca5abf5-25a0-43f0-86f8-45e3854c2e00", "value": "f80313b4e2d743c94571a98d1672ffc3bc003209c6315ce2a22a9989aae051c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377678", "to_ids": true, "type": "ssdeep", "uuid": "f0496ead-d086-4a86-ad56-9b16d71a8a85", "value": "192:H8YBmYyqDPP3zM4BmHFuQqNjxEoM+9SN9RPf5273Hks:H8HJqDPLM4QHFVqNFEoTSNTQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377678", "to_ids": false, "type": "size-in-bytes", "uuid": "468be759-14c1-4937-bb81-02dcc7c35e01", "value": "9728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377678", "to_ids": true, "type": "vhash", "uuid": "86197d6d-d59f-4fdf-bf2f-cb22d453cb70", "value": "29302655171z81z2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377678", "to_ids": true, "type": "filename", "uuid": "f6b718ca-22da-4b18-a4dc-63b0ae2aedce", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 02/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377678", "to_ids": false, "type": "text", "uuid": "1539900a-bce0-457f-ba5d-1151d888197c", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:32/73\nFirst Submission:2025-02-11T17:11:42.000000+00:00\nLast Submission:2025-02-11T17:11:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386114", "uuid": "2b404206-058c-48ca-b57d-4abd98ca32c3", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386114", "to_ids": true, "type": "md5", "uuid": "543fbe64-8cb0-4b21-bc34-877229ca5483", "value": "f1ea025a8454c4f6fe117718ded8c2f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379285", "to_ids": true, "type": "sha1", "uuid": "fd6db008-a8a7-4d07-b8ba-3a13a56246e8", "value": "715664b92f9cb7063d2a6615ae15365d2c92e958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379285", "to_ids": true, "type": "sha256", "uuid": "08517d41-02fa-4d0a-ad4a-dd34e2c54f33", "value": "f90e8f85f79cbff664ad3c4758f1bed8a6ebc2a712180d675ff560bea2b88c65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377699", "to_ids": true, "type": "ssdeep", "uuid": "dc1fc028-e047-452c-8164-8b970035bddd", "value": "192:+GaBV/0vF/Obaz+XnHW2oXWPXc8YqwbLpBOYRfr3B3yFkHL6G7inKzGeWc:eBEObjxX+pPNr3B3yO37jM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377700", "to_ids": false, "type": "size-in-bytes", "uuid": "ee16d65d-a4be-46ea-81b4-2fe224ea3c91", "value": "13312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377700", "to_ids": true, "type": "vhash", "uuid": "1e5ae2a1-19e9-400c-81f0-2d719bae3442", "value": "21403655151801091z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377700", "to_ids": true, "type": "filename", "uuid": "66cb9112-c8ae-4dc9-bea2-79586c52496c", "value": "1433223.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377700", "to_ids": false, "type": "text", "uuid": "6e6fe0a1-3d5a-4742-8ae7-0ff221ef200b", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:32/72\nFirst Submission:2025-02-11T15:27:08.000000+00:00\nLast Submission:2025-02-11T15:27:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386135", "uuid": "867e7327-38f7-40e9-b031-b97d9450552f", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386135", "to_ids": true, "type": "md5", "uuid": "d4e18b88-1551-4e7d-ac4e-e2a4fc29f840", "value": "d02a3238a131f52fedc8fc91b6de07ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379285", "to_ids": true, "type": "sha1", "uuid": "0c55ae49-0087-442c-9846-35d41bfd8294", "value": "d558c1d2e096afa83c2bd2c7e8c3d32f0a7c2e71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK WebSocket", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379285", "to_ids": true, "type": "sha256", "uuid": "4ace6142-715e-4d6b-9302-82c88638c017", "value": "fc56184a160c0fbb3d2a98e5955dfad4e09e3a8db99f162199d9c1f419460984", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377721", "to_ids": true, "type": "ssdeep", "uuid": "474b7418-293f-4f33-8270-2c7caae0f2a2", "value": "96:Qgj7ACP7puJytYMDEHVsRaJz6lfkbsY2uXx6iMya/+99RnAaKfk+3dgj1kQdu:QOzP78Vklf2ky4+99NARfk+3dghkQM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377721", "to_ids": false, "type": "size-in-bytes", "uuid": "018e1abe-f7ae-4284-8a8f-365681a48057", "value": "8192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377721", "to_ids": true, "type": "vhash", "uuid": "b499c7dc-c887-464b-9467-20752734c7e1", "value": "28302655171z81z29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377721", "to_ids": true, "type": "filename", "uuid": "b94d3431-2651-45c9-82c3-39b94426bdf6", "value": "66666666.exe" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 11/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377721", "to_ids": false, "type": "text", "uuid": "04222374-598c-41f7-9802-aa43b3441924", "value": "PULSEPACK WebSocket\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:25/72\nFirst Submission:2025-02-11T16:39:32.000000+00:00\nLast Submission:2025-05-11T12:50:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386156", "uuid": "a38efa28-4b8f-47b6-8d48-4bc23ff3f715", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386156", "to_ids": true, "type": "md5", "uuid": "aa7a44bd-1fb9-4500-940d-bc5d343009a0", "value": "1b375c3f206d694e0de6b33b61c50f91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379286", "to_ids": true, "type": "sha1", "uuid": "07fa6d1a-534a-4a97-b9f0-b55077a00403", "value": "1fc05703f4457e6af8b10778f4cde99c7f39b2a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379286", "to_ids": true, "type": "sha256", "uuid": "49e9edf2-580c-44dd-8df3-08bdd6c55025", "value": "09375c5edc56752d5b8d84cb433e6a2151a57b02938bb84e1e07deefbcede3aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377743", "to_ids": true, "type": "ssdeep", "uuid": "759812fb-1580-4dae-afbd-3c58b1bb7b72", "value": "192:8pJzmJeRUZ9X/4MONvWgAbyoCtFuiB16grIyG60ZXeJjnbs+wuzMg4:8pJcwU7X/qvWJKuiBMgrINZXeFbs+Df4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377743", "to_ids": false, "type": "size-in-bytes", "uuid": "0033e7a6-b205-4f85-8e40-b464105591de", "value": "11776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377743", "to_ids": true, "type": "vhash", "uuid": "9738e8b3-d454-4007-88f7-3f6853d81034", "value": "3140365515113081131z26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377743", "to_ids": true, "type": "filename", "uuid": "7dbb456f-d6c0-41a3-9e6d-e46eb87849ef", "value": "InitStart.dll" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377743", "to_ids": false, "type": "text", "uuid": "9c4a6909-9c8c-4a15-9b47-20b466189b15", "value": "PULSEPACK plugins\r\nType Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2025-04-07T12:29:02.000000+00:00\nLast Submission:2025-04-07T12:29:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386178", "uuid": "710d2be5-5aec-4b02-a21f-22013e37cc9f", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386178", "to_ids": true, "type": "md5", "uuid": "821c46bc-1574-4285-9eaf-9a0ba6ee46f7", "value": "ade14ae2b5b30a5b817a9c1d486b9554", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379286", "to_ids": true, "type": "sha1", "uuid": "76da7263-7f44-4ce6-9e60-71b41ade3d1f", "value": "68be145240fdf8afe83f449a0cf0af989df2666d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379287", "to_ids": true, "type": "sha256", "uuid": "8636aa89-311b-4f2e-9d4e-97106f42e7a4", "value": "0c4015083a3eefa815d0f5310b112e7aff27199d38d5605f88a79dcab85db2b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377765", "to_ids": true, "type": "ssdeep", "uuid": "ba5be567-708e-4c60-84d4-7fa8a5740cfb", "value": "6144:waaneOwYPqdIMcwyrjSPu/k7YtsBGY2vx7SYr:waMeu/MVyrjwu/k7UuEx7S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377765", "to_ids": false, "type": "size-in-bytes", "uuid": "d3de0502-e9f9-4c43-a8bc-060b2c3a91a0", "value": "208896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377765", "to_ids": true, "type": "vhash", "uuid": "0780def2-c78f-4d8d-ba3e-92742ff4a94d", "value": "32503675151e0d21261024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377765", "to_ids": true, "type": "filename", "uuid": "c29003d4-84d3-40ac-a969-d05e93d08409", "value": "TKRun.dll" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377765", "to_ids": false, "type": "text", "uuid": "6bc5126c-a597-4c32-bc28-abb915fa270b", "value": "PULSEPACK plugins\r\nType Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2025-04-07T12:29:02.000000+00:00\nLast Submission:2025-04-07T12:29:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386199", "uuid": "36c1db67-70f8-4709-ab1f-ffc09be0dbf1", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386199", "to_ids": true, "type": "md5", "uuid": "3b13912b-20b4-42c3-832e-63242aeae901", "value": "36c69711f6dd286a2bce0fe06cbe7c9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379287", "to_ids": true, "type": "sha1", "uuid": "2591f94e-41a5-4a0e-bc69-13cd0c14886b", "value": "565b91e1ce300a84372433b151449813047b3166", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379287", "to_ids": true, "type": "sha256", "uuid": "07cc6554-0295-403e-bed3-01630bb2f787", "value": "526610d0cf97982044b892731a7d47832893028c67e85c1ae04092c7e05dd827", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377787", "to_ids": true, "type": "ssdeep", "uuid": "ec04e7f1-3255-4eda-8d30-ede877b02681", "value": "384:bQJcwUT4QlS8mf+r2DpkirD7zXe+T9sKwPYJ4:VsJ8Tr2CiX0Ye" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377787", "to_ids": false, "type": "size-in-bytes", "uuid": "dfdc4aef-0c37-42fb-8b54-744e9e9ea5a0", "value": "12800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377787", "to_ids": true, "type": "vhash", "uuid": "b7e4f14d-5a0d-48b9-93be-28e689bcd6dd", "value": "3140365515115081131z26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377787", "to_ids": true, "type": "filename", "uuid": "56aa2512-e7ce-422f-a698-d270e8c897e2", "value": "InitStart.dll" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377787", "to_ids": false, "type": "text", "uuid": "f2f77de0-d0ec-4eba-91ce-8df846b76ba1", "value": "PULSEPACK plugins\r\nType Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2025-04-12T12:21:05.000000+00:00\nLast Submission:2025-04-12T12:21:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1748386220", "uuid": "23045b43-c4ab-4e9c-90f3-a1cad1391de1", "Attribute": [ { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1748386220", "to_ids": true, "type": "md5", "uuid": "c5292d6e-c22f-4e63-ac49-a42f3bf91658", "value": "03cd0807bf56b812b1964d676317fcc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1748379288", "to_ids": true, "type": "sha1", "uuid": "2e6d30a2-1764-4927-a769-c51d10b3c73b", "value": "7b960734d55d5360af09e29bd2ce93cfd9223000", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PULSEPACK plugins", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1748379288", "to_ids": true, "type": "sha256", "uuid": "fcd32b27-bdcc-45f5-9a83-521aa23ae47e", "value": "bc647e05eea89ea9b5ec3ce728e3c039dd2abd17441e7c39cf130f292edd6efc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1748377809", "to_ids": true, "type": "ssdeep", "uuid": "5bf28666-09d1-4c7a-825b-c981f7ca6f15", "value": "192:T/t8L+Los1sc2jJJ+vqwqqZAcTrbOWt/Xe+5I8sJzt8Mi4:T1o+LXe9c/TraKXe+68sJq/4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1748377809", "to_ids": false, "type": "size-in-bytes", "uuid": "b33cd774-a4d4-4ae9-81bd-2227beaeedc7", "value": "11264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1748377809", "to_ids": true, "type": "vhash", "uuid": "2eb3baa5-3a7f-4da1-a76a-a111f5fe7d64", "value": "314036551511308112z32" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1748377809", "to_ids": true, "type": "filename", "uuid": "71a79d3c-350e-460a-b972-67fcedc8f8c7", "value": "InitStart.dll" }, { "category": "Other", "comment": "Checked: 28/05/2025\nLast-scan\t: 27/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1748377809", "to_ids": false, "type": "text", "uuid": "3d8f3b51-09e7-48af-acd6-ba9ec5aebb07", "value": "PULSEPACK plugins\r\nType Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2025-04-27T11:27:18.000000+00:00\nLast Submission:2025-04-27T11:27:18.000000+00:00" } ] } ] } }