{ "Event": { "analysis": "1", "date": "2023-08-30", "extends_uuid": "", "info": "[Threat Intel] Earth Estries Targets Government, Tech for Cyberespionage", "protected": false, "publish_timestamp": "1780039413", "published": true, "threat_level_id": "1", "timestamp": "1780039413", "uuid": "6cf62c7f-1276-41bf-aabd-70eeb78f8c59", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Estries\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DracuLoader\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HemiGate\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": "" }, { "colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command Obfuscation - T1027.010\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": "" }, { "colour": "#90e419", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Downgrade Attack - T1562.010\"", "relationship_type": "" }, { "colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#44e07f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Token Impersonation/Theft - T1134.001\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736664563", "to_ids": false, "type": "link", "uuid": "b10f31ec-cdca-4317-836a-7b596291ae12", "value": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/h/earth-estries-targets-government-tech-for-cyberespionage/IOCs-earth-estries-targets-government-tech-for-cyberespionage.txt" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736664563", "to_ids": false, "type": "link", "uuid": "76b84df5-14ee-471f-a098-bca474457966", "value": "https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736664563", "to_ids": false, "type": "text", "uuid": "a26983a9-43b2-46b4-b885-8a3a5d7c0783", "value": "Earth Estries is working with high-level resources and functioning with sophisticated skills and experience in cyberespionage and illicit activities. The threat actors also use multiple backdoors and hacking tools to enhance intrusion vectors. To leave as little footprint as possible, they use PowerShell downgrade attacks to avoid detection from Windows Antimalware Scan Interface\u2019s (AMSI) logging mechanism. In addition, the actors abuse public services such as Github, Gmail, AnonFiles, and File.io to exchange or transfer commands and stolen data." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736664563", "to_ids": false, "type": "text", "uuid": "c4e9aab5-ec78-4b1b-8594-a199ea088ef6", "value": "Name: Earth Estries Targets Government, Tech for Cyberespionage\nAuthor: AlienVault\nAdversary: Earth Estries\nTags: [\"c server\", \"tech\", \"loader\", \"iocs domainip\", \"download site\", \"trojanspy\"]\nTgtd countries: [\"Taiwan\", \"Philippines\", \"South Africa\", \"United States of America\", \"Malaysia\", \"Germany\"]\nMlwr families: [\"TrojanSpy\"]\nAttack_ids: [\"T1087\", \"T1047\", \"T1482\", \"T1036.006\", \"T1134.001\", \"T1027.002\", \"T1059.002\", \"T1053.005\", \"T1071.004\", \"T1053.006\", \"T1036.004\", \"T1078\", \"T1021\", \"T1567.002\", \"T1027\", \"T1070\", \"T1574.002\", \"T1056.001\", \"T1543.003\", \"T1071.001\", \"T1113\", \"T1059.001\"]\nIndustries: [\"Technology\", \"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736664563", "to_ids": false, "type": "threat-actor", "uuid": "74ec9b92-db59-4048-afa1-7205930337fb", "value": "Earth Estries" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235542", "to_ids": true, "type": "sha256", "uuid": "35daacab-b912-4e82-8b7f-bf831eaac9f2", "value": "cd2b703e1b7cfd6c552406f44ec05480209003789ad4fbba4d4cffd4f104b0a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235543", "to_ids": true, "type": "sha256", "uuid": "f2cbdfad-9bc7-43d1-8f73-d57961616e57", "value": "0eaa67fe81cec0a41cd42866df1223cb7d2b5659ab295dffe64fe9c3b76720aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235544", "to_ids": true, "type": "sha256", "uuid": "1d5615e9-058c-4bca-8f64-71fed5e42d2c", "value": "e6f9756613345fd01bbcf28eba15d52705ef4d144c275b8cfe868a5d28c24140", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235545", "to_ids": true, "type": "sha256", "uuid": "a8cda187-0f9c-42b7-a8fc-4d406b7b5e11", "value": "c7023183e815b9aff68d3eba6c2ca105dbe0a9b05cd209908dcee907a64ce80b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235547", "to_ids": true, "type": "sha256", "uuid": "13d09e7b-12af-4686-89c4-861b28725ad1", "value": "1a9e0c7c88e7a8b065ec88809187f67d920e7845350d94098645e592ec5534f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235548", "to_ids": true, "type": "sha256", "uuid": "91faf670-19fc-452f-aef0-cf6ba81f688a", "value": "efb98b8f882ac84332e7dfdc996a081d1c5e6189ad726f8f8afec5d36a20a730", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235549", "to_ids": true, "type": "sha256", "uuid": "62daf86a-ceea-4798-a472-39d632feb620", "value": "8476ad68ce54b458217ab165d66a899d764eae3ad30196f35d2ff20d3f398523", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235550", "to_ids": true, "type": "sha256", "uuid": "661a0521-db4e-4754-a5e9-9968a6cbe48b", "value": "dff1d282e754f378ef00fb6ebe9944fee6607d9ee24ec3ca643da27f27520ac3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235552", "to_ids": true, "type": "sha256", "uuid": "e0495e2e-7d57-40be-a17b-100f8387cae9", "value": "42d4eb7f04111631891379c5cce55480d2d9d2ef8feaf1075e1aed0c52df4bb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235553", "to_ids": true, "type": "sha256", "uuid": "59d4fa60-f103-41c2-a04e-ef3e31b64226", "value": "45b9204ccbad92e4e5fb9e31aab683eb5221eb5f5688b1aae98d9c0f1c920227", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235554", "to_ids": true, "type": "sha256", "uuid": "5c2fb4e3-49b9-4818-8a54-287aa1686790", "value": "49a0349dfa79b211fc2c5753a9b87f8cd2e9a42e55eca6f350f30c60de2866ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235555", "to_ids": true, "type": "sha256", "uuid": "b790bd73-3c5b-4c2e-a796-ed07d3c81e90", "value": "28109c650df5481c3997b720bf8ce09e7472d9cdb3f02dd844783fd2b1400c72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235556", "to_ids": true, "type": "sha256", "uuid": "c96b3073-67b2-45fb-acd7-c17aa3aba252", "value": "a8dd0ca6151000de33335f48a832d24412de13ce05ea6f279bf4aaaa2e5aaecb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235557", "to_ids": true, "type": "sha256", "uuid": "f6f8a254-2bf7-4bd9-ab33-26733585b8ab", "value": "deaa3143814c6fe9279e8bc0706df22d63ef197af980d8feae9a8468f441efec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235559", "to_ids": true, "type": "sha256", "uuid": "04d57f3d-5bee-466f-a403-9f5274b793f0", "value": "b6481e0edc36a0472ab0ce7d0817f1773c4af9307ae60890a667930558a762ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235560", "to_ids": true, "type": "sha256", "uuid": "549bfbb7-d473-4f9e-839b-00275addcbdf", "value": "f6223d956df81dcb6135c6ce00ee14d0efede9fb399b56d2ee95b7b0538fe12c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740236854", "to_ids": true, "type": "hostname", "uuid": "45c52f11-5727-4653-a44a-7e8d6f5c1e9e", "value": "cloudlibraries.global.ssl.fastly.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740236876", "to_ids": true, "type": "hostname", "uuid": "d6a394f2-e4ad-41fb-8df7-fd3cd4416c5e", "value": "shinas.global.ssl.fastly.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740236899", "to_ids": true, "type": "hostname", "uuid": "61fb48b3-fd9d-4b89-97d6-4442dddcfe9d", "value": "zmailssl3.global.ssl.fastly.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740236921", "to_ids": true, "type": "hostname", "uuid": "90bbc67a-1e55-4e3d-951c-a43d3d1f87aa", "value": "nx2.microware-help.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740236943", "to_ids": true, "type": "hostname", "uuid": "42d51eb3-07ee-4716-b2bb-f485c8ab62de", "value": "east.smartpisang.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740236965", "to_ids": true, "type": "hostname", "uuid": "8175aa86-88be-47bf-819d-fb8ad85453fb", "value": "cdn728a66b0.smartlinkcorp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740236987", "to_ids": true, "type": "hostname", "uuid": "b4f3fe25-5d00-489c-951f-2f035b0abfac", "value": "cdn-6dd0035.oxcdntech.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740237009", "to_ids": true, "type": "hostname", "uuid": "9a652319-1c9f-4b9f-8427-fb1b18c26311", "value": "cdn-7a3d.vultr-dns.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740237030", "to_ids": true, "type": "hostname", "uuid": "08b1c15c-afbc-4a75-928f-cbb346d39fc3", "value": "web9a78bc52.trhammer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740237052", "to_ids": true, "type": "hostname", "uuid": "b85627d0-83ff-48b3-a23c-4d54e31583c5", "value": "access.trhammer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740237076", "to_ids": true, "type": "hostname", "uuid": "9cb64035-56ad-4fce-b84f-c329eab55737", "value": "ms101.cloudshappen.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740237098", "to_ids": true, "type": "url", "uuid": "b257aa70-0590-4deb-aa42-127b43c0f81f", "value": "https://103.159.133.205/index.asp?id=432", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Download site", "deleted": false, "disable_correlation": false, "timestamp": "1780039413", "to_ids": true, "type": "ip-dst", "uuid": "fd2bf251-96f9-4e3d-935f-f0eae2efb9ac", "value": "96.44.160.181", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6a53a7", "local": false, "name": "asn:asn=\"36352\"", "relationship_type": "" }, { "colour": "#9daeac", "local": false, "name": "asn:as-owner=\"AS-COLOCROSSING\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Config file is decrypted using this RC4 encryption key", "deleted": false, "disable_correlation": false, "timestamp": "1746474410", "to_ids": false, "type": "text", "uuid": "90ca3dbe-0ae0-4897-a40e-9e81540d5a9a", "value": "4376dsygdYTFde3" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237144", "uuid": "eda9037f-e97a-478c-9369-e2a22a8877ee", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237144", "to_ids": true, "type": "md5", "uuid": "4d04b90b-a229-472e-8e1e-f8b849df819e", "value": "6c3045560465c27cd845b004dde11c5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235520", "to_ids": true, "type": "sha1", "uuid": "f90daaf5-6d92-4a3d-8c0c-0e256365a9b5", "value": "474ac609331dd098179fed0002af4374f850c5ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235521", "to_ids": true, "type": "sha256", "uuid": "4459c339-02af-41d0-ba06-576ad8cf145b", "value": "98e250bc06de38050fdeab9b1e2ef7e4d8c401b33fd5478f3b85197112858f4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235044", "to_ids": true, "type": "ssdeep", "uuid": "77d68620-a71f-4654-b389-757cea7f95fd", "value": "6144:GNceq6Y1GcGmajOcFQsYMGXog5pauqmWpo4/OUaBsfurz66/AOoS8KGSoKT:4ceqBG1OcY1Xog5pausBnurz6QKPKT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235044", "to_ids": false, "type": "size-in-bytes", "uuid": "e3148861-b795-4f58-aac0-3cd29f1d8b43", "value": "360664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235044", "to_ids": true, "type": "vhash", "uuid": "0b3faec4-9098-43e2-a30a-aec5eaf17c19", "value": "035056655d15156058z55hz13z43z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235044", "to_ids": true, "type": "filename", "uuid": "73a1cf44-273f-47ce-bb56-59650927e3d9", "value": "graphics-check" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 27/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235044", "to_ids": false, "type": "text", "uuid": "0bb2e294-933a-49de-8020-0ce31d78ecf0", "value": "Type Description: Win32 EXE\n\nMicrosoft: None\nVT Total Detection:4/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237166", "uuid": "1788b3a2-f909-409a-a9a9-611c2d7d2dea", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237166", "to_ids": true, "type": "md5", "uuid": "c46ab2f5-8287-459a-8915-ee41c645f50b", "value": "4a9b344c725cfc60a28957c13a836dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235522", "to_ids": true, "type": "sha1", "uuid": "95a7635c-9f13-4596-8fbe-4ff0f2f57256", "value": "a7175651cb5f075b5f2f6506b5891742e7830529", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235523", "to_ids": true, "type": "sha256", "uuid": "dcc9dd1d-b6ae-4dbf-9c2e-0397f9f43c14", "value": "b1bc10fa25a4fd5ae7948c6523eb975be8d0f52d1572c57a7ef736134b996586", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235067", "to_ids": true, "type": "ssdeep", "uuid": "807d2feb-77b5-475b-96d2-36b63d0c2603", "value": "1536:GaPLVT0PIiXX9tfnWxtxovQLkSKcO7tlV7Mqu8MUsW4dLNJVj:GMVT0giXX9RAtxovQKco5ULXV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235067", "to_ids": false, "type": "size-in-bytes", "uuid": "32da9881-985c-4155-a9b9-4e6f417dac5d", "value": "85504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235067", "to_ids": true, "type": "vhash", "uuid": "e39417d7-605d-48c2-9758-fd6b7ea87d38", "value": "184056651d15155az42=z50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235067", "to_ids": true, "type": "filename", "uuid": "1e99629a-de01-4013-9bf3-ac5a253f5999", "value": "imfsbDll.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235067", "to_ids": false, "type": "text", "uuid": "931b4248-4fab-4f24-8979-6f2f3581aa57", "value": "Type Description: Win32 DLL\n\nMicrosoft: None\nVT Total Detection:36/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237188", "uuid": "51c3436f-a297-4372-ab10-8886d52a4f3a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237188", "to_ids": true, "type": "md5", "uuid": "96f606c1-8061-4a00-9031-e0a5f80436f7", "value": "ce8b4a492fbe77070288be1e550e476a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235524", "to_ids": true, "type": "sha1", "uuid": "4f801f2d-4824-472b-900e-01653b6b2e32", "value": "b325f224f0f3ceb21636da3ab9fc788791f47b6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235525", "to_ids": true, "type": "sha256", "uuid": "3841012e-4391-4e01-b879-302a84b6be40", "value": "71a503b5b6ec8321346bee3f6129af0b8ad490a36092488d085085cdc0fc6b9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235110", "to_ids": true, "type": "ssdeep", "uuid": "322d7b67-770a-4184-bc8f-881d7ecdaf01", "value": "1536:klKMY/TV9DyHIhm+LIWXN9t0PcIXsWjcdxPgDVLtZY:LMY/RlPPIbYpgDVLbY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235110", "to_ids": false, "type": "size-in-bytes", "uuid": "e4da28e1-3056-444d-b846-d3b7da0ec333", "value": "78848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235110", "to_ids": true, "type": "vhash", "uuid": "6af854f8-0e75-4455-8342-5f531dd9dba3", "value": "174046655d156az4?z7d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235110", "to_ids": true, "type": "filename", "uuid": "aa7c6fbc-2e11-438c-9a57-5d6a28d890bf", "value": "mscoree.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235110", "to_ids": false, "type": "text", "uuid": "f11a4880-9d09-44f3-a669-f55defc6084b", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:51/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237210", "uuid": "c6a2b79f-9531-4b41-b04c-97cbfb4dda5d", "Attribute": [ { "category": "Payload delivery", "comment": "Loader for HemiGate", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237210", "to_ids": true, "type": "md5", "uuid": "1ea0676d-7976-4f11-bd1f-fb73415eef12", "value": "3216eeb5b4881bce2e65ad51f395a4ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader for HemiGate", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235526", "to_ids": true, "type": "sha1", "uuid": "f19dba0b-8c7d-49f1-afaf-8b1f50034a1c", "value": "ecf06c8ec81ed8f5b5802f8a6e8f21ebe5676105", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader for HemiGate", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235526", "to_ids": true, "type": "sha256", "uuid": "2f14b715-a56e-41e1-959a-2d8fa46f1d48", "value": "eeb3d2e87d343b2acf6bc8e4e4122d76a9ad200ae52340c61e537a80666705ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235218", "to_ids": true, "type": "ssdeep", "uuid": "30c0e669-470e-4daa-895d-2ceec7c084a8", "value": "1536:tiyTTOcQuWsWC+gZg5u9R7UCwQ7sWjcdApUzYWwR:fOcRqCou9R7UHPApUzYWwR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235218", "to_ids": false, "type": "size-in-bytes", "uuid": "b81924e6-de5e-4dde-84f2-1cfacdc8b477", "value": "73216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235218", "to_ids": true, "type": "vhash", "uuid": "e36ef389-0efa-4e53-81b9-e181c8f0ea09", "value": "174056655d15156az45?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235218", "to_ids": true, "type": "filename", "uuid": "18ac658d-9092-4184-962a-a6171c05642a", "value": "K7AVWScn.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 06/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235218", "to_ids": false, "type": "text", "uuid": "02f6e30f-e11d-45e5-8d64-e531f3eca795", "value": "Loader for HemiGate\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tnega!MSR\nVT Total Detection:53/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237232", "uuid": "43fac0e9-b26d-4450-aea4-e082a2230acd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237232", "to_ids": true, "type": "md5", "uuid": "725d08a4-4004-44e4-af83-19f301ef2694", "value": "fe6f07e1b833700562bcd48523e7595c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235528", "to_ids": true, "type": "sha1", "uuid": "9da0e224-e499-49d9-a9ba-5b8ae207b235", "value": "c043d69f9ab853472e7893411d3e31490f6571ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235528", "to_ids": true, "type": "sha256", "uuid": "9d3f8642-0839-4970-8b24-9cc6523f6e4a", "value": "4b014891df3348a76750563ae10b70721e028381f3964930d2dd49b9597ffac3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235241", "to_ids": true, "type": "ssdeep", "uuid": "27a31a9d-a2de-4020-82dd-f2fc7f36a237", "value": "6144:yhfQAuluwA5D4C7We3pzSlfCl5T9UXsCgQqJ/WM/6TjxHU:B9AJ4C6gpzjl5T9UH26TVHU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235241", "to_ids": false, "type": "size-in-bytes", "uuid": "bc419fe5-f6b4-4a53-8b56-a2ff00da1418", "value": "393488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235241", "to_ids": true, "type": "filename", "uuid": "c8a992e7-8f58-4eed-b505-c00515a46eb4", "value": "taskhask.doc" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235241", "to_ids": false, "type": "text", "uuid": "5c96ea73-2650-485e-8ecf-6df4ecce55ee", "value": "Type Description: DOS EXE\n\nMicrosoft: Trojan:Win32/Tnega!MSR\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237254", "uuid": "43a2d526-847b-4694-8353-b74aee0fecf6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237254", "to_ids": true, "type": "md5", "uuid": "37ee40f4-7198-4038-984f-097673be19bf", "value": "a05fbf72be2e4e7777ac1ae966642164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235530", "to_ids": true, "type": "sha1", "uuid": "248c0418-e283-475a-8c3e-20552e664c8f", "value": "62670bd17f6f665efad5aa39cd202caaf48c92b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235530", "to_ids": true, "type": "sha256", "uuid": "cb3cc190-6ce7-4f2d-987a-f9abda9cc260", "value": "2531891691ef674345f098ef18b274091acdf3f2808cca753674599c043ccd7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235263", "to_ids": true, "type": "ssdeep", "uuid": "6cc74c5d-5d9c-4e7d-af5c-269820d904c5", "value": "1536:vtOCVv2ZHxsoLcj3kilgWP8kWOUuXBz5ZTTsW6ocdGE6u7/Y/PE:vtsH3LcgilgWP/cuXBz5RUpGE37/Y/PE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235263", "to_ids": false, "type": "size-in-bytes", "uuid": "c2e13200-732c-485c-b559-07ac59efa084", "value": "84992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235263", "to_ids": true, "type": "vhash", "uuid": "475ff4b0-caa2-4a3f-a4bc-2e0c1ac82703", "value": "184056655d15156az45?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235263", "to_ids": true, "type": "filename", "uuid": "884bbe3f-c148-4a12-84bc-755cbb377983", "value": "2531891691ef674345f098ef18b274091acdf3f2808cca753674599c043ccd7d.bin.sample" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235263", "to_ids": false, "type": "text", "uuid": "571c79f4-a0f5-4427-a78b-bdb340dcdc6f", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tnega!MSR\nVT Total Detection:56/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237276", "uuid": "99c97713-984c-4bef-b96c-8f2885163f4e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237276", "to_ids": true, "type": "md5", "uuid": "72974de1-6941-4ff4-80e1-3cc5f920a8b3", "value": "f7366a26fcc403fa60c2c69c6255e85c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235531", "to_ids": true, "type": "sha1", "uuid": "c351a539-1557-4dec-8024-96f6f63beaf7", "value": "cf897c6c7bcd4a468db3499d966cff0303842d93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235532", "to_ids": true, "type": "sha256", "uuid": "84d3af7a-bca2-467d-907b-d10cef0716d1", "value": "c59e17806e3a58792f07662b4985119252c8221688084d20b599699bfdb272d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235285", "to_ids": true, "type": "ssdeep", "uuid": "54a2bafc-f40d-4efc-8921-36089706b685", "value": "1536:U+ZUvcVEyvzw3sxnv5jdduaoLZ4FbsW1HcdlabEf34:UncxvUsxnvtuaoLSF2labEf34" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235285", "to_ids": false, "type": "size-in-bytes", "uuid": "d76d4ef5-68aa-47a2-9e5a-67fb48bf1a7e", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235285", "to_ids": true, "type": "vhash", "uuid": "7282e5ad-2071-4d90-8673-944e8f2ceaf2", "value": "174056655d15156az45?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235285", "to_ids": true, "type": "filename", "uuid": "b718476a-aa20-4dbc-be8d-567ed0de080d", "value": "K7UI.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235285", "to_ids": false, "type": "text", "uuid": "7baa2ef2-50f7-4c0e-9a93-811d5f1a5ce5", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/CobaltStrike!MTB\nVT Total Detection:55/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237298", "uuid": "2dedfec7-1928-4e41-befe-7823f3e6b86f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237298", "to_ids": true, "type": "md5", "uuid": "26ef7c67-4b60-4cef-ab0a-17c7ef88e856", "value": "ac5aa40bf6483ec4bfc07a98f06df5f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235533", "to_ids": true, "type": "sha1", "uuid": "18d2ae3a-8900-472a-be94-380d5390380d", "value": "27a66670cc6025eabe0e0fc795c5ac9b118e809a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235533", "to_ids": true, "type": "sha256", "uuid": "30f78cc1-5d35-40a6-98fd-f0b9e71d504a", "value": "e1a7e5f27362aaf0d12b58b96a816ef61a2a498def9805297aa81f6f83729230", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235308", "to_ids": true, "type": "ssdeep", "uuid": "778f21c6-60d5-4565-bb7a-898eadd24e41", "value": "1536:oOVPKOgExHG6ZcEMwfdQ8TdE0QcDv5RQ1XsWdcdSP/0n0:omiOdHG6ZnZdQ8OgBRBSP/0n0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235308", "to_ids": false, "type": "size-in-bytes", "uuid": "e5669273-4ea5-40fc-9baa-7ec98121b9fc", "value": "75264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235308", "to_ids": true, "type": "vhash", "uuid": "5e24468c-ccf0-4aed-94c7-ddb463a3e5a6", "value": "174056655d15156az46?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235308", "to_ids": true, "type": "filename", "uuid": "d2858e3e-d89c-4fa5-9200-36360200d229", "value": "e1a7e5f27362aaf0d12b58b96a816ef61a2a498def9805297aa81f6f83729230.bin.sample" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 12/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235308", "to_ids": false, "type": "text", "uuid": "57951b9d-61b7-46e5-acd8-aebfe8e11537", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237320", "uuid": "624afd99-d311-4797-835f-f28b4cd7a524", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237320", "to_ids": true, "type": "md5", "uuid": "f2084af6-b6ca-441d-b66e-e84cb63770bf", "value": "c9166a880f6f92013e7714f20c2e357b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235535", "to_ids": true, "type": "sha1", "uuid": "8a3f5e80-f286-4994-b0f2-bb8bf07292a4", "value": "4f1dcc7c083c3bddb2fbef1f5e96311bcef0c490", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235535", "to_ids": true, "type": "sha256", "uuid": "ac381b97-77dc-4351-a7a9-2520121555a4", "value": "ca6713bedbd19c2ad560700b41774825615b0fe80bf61751177ffbc26c77aa30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235334", "to_ids": true, "type": "ssdeep", "uuid": "766951fa-945d-4ee7-9eff-98fe180060ed", "value": "6144:WBvitq92TI/+MHTRFAL3pYvKlUIM4895e+44se+1BgIOksx:W4TTI9VSL3pYvKlUIM4895F44f+1zOv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235334", "to_ids": false, "type": "size-in-bytes", "uuid": "dbdb2b46-65d5-4b34-8950-68a3b94f70d3", "value": "263193" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235334", "to_ids": true, "type": "filename", "uuid": "fd99298d-929b-4359-92df-4c97461a6d09", "value": "conhask.jnt" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 20/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235334", "to_ids": false, "type": "text", "uuid": "d86bfe5a-a653-4f07-bf9b-8e648801d171", "value": "Type Description: unknown\n\nMicrosoft: Trojan:Win32/Tnega!MSR\nVT Total Detection:26/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237342", "uuid": "225ba307-1b89-4d14-9183-7adf38e79e97", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237342", "to_ids": true, "type": "md5", "uuid": "0637a38b-bb3a-41af-99f5-e3a2a6554a39", "value": "1579ec612e222d16ea4491041d78531c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235537", "to_ids": true, "type": "sha1", "uuid": "4e50ca93-5d2f-4857-bf22-adc2970436a3", "value": "12c39258e0f1882284795da43bdf4495646379d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235537", "to_ids": true, "type": "sha256", "uuid": "1835f165-41af-4936-98b6-25d10ec2a83f", "value": "cdadad8d7ced1370baa5d1ffe435bed78c2d58ed4cda364b8a7484e3c7cdac98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235356", "to_ids": true, "type": "ssdeep", "uuid": "f08a5e4f-0b33-4e91-83f5-043181a509d5", "value": "1536:b4okd8ST5j7T9U7SzCV8VBJOD/iFJs7UsWe1Ed09dlZgvl6:bTkd8Sxm7mCyV7OD/ki7bcMjg9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235356", "to_ids": false, "type": "size-in-bytes", "uuid": "ad2556dc-e1b9-4fbc-a025-1e7c962a136e", "value": "92672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235356", "to_ids": true, "type": "vhash", "uuid": "bb997aa2-9dba-43dd-b821-e757c47c33a0", "value": "194076655d155515155az45?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235356", "to_ids": true, "type": "filename", "uuid": "058c505a-c302-464b-ad16-2c09566dfd1c", "value": "SbieDl2.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235356", "to_ids": false, "type": "text", "uuid": "3cae18bc-be3e-43bd-a078-545c4f21af5e", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/CobaltStrike.SD!MTB\nVT Total Detection:51/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237364", "uuid": "4baa6132-5e2f-414f-a994-b62fe373fca8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237364", "to_ids": true, "type": "md5", "uuid": "5eee267b-59a4-4006-a766-6e69fa218617", "value": "99fb505deddd2d8b191d30f0e0db6d1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235538", "to_ids": true, "type": "sha1", "uuid": "8d2acd26-b836-4fbd-a16a-2be987bdc072", "value": "c5b28644be2b26c10de897bafe7a471e1ba0e645", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235539", "to_ids": true, "type": "sha256", "uuid": "f5d40b39-e484-4441-ae91-ce024dee5b4e", "value": "82f3384723b21f9a928029bb3ee116f9adbc4f7ec66d5a856e817c3dc16d149d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235378", "to_ids": true, "type": "ssdeep", "uuid": "88ee4795-2788-4f4c-b97a-e71cd164f8c8", "value": "1536:bJ/+Q79bKnHuzSO6EhAGlcqs3LFVJ+aNIuTJ1ExXDihMvE00sWhd09dlcXVoSYs4:bJ/+QcnOzb6s36qsbb7NIuTJ1ExXDih4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235378", "to_ids": false, "type": "size-in-bytes", "uuid": "ca07d6ea-d429-41d3-9fa6-4b82a4a26898", "value": "91648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740235378", "to_ids": true, "type": "vhash", "uuid": "c1655176-38c2-4e9f-8e90-abe8f09e8a2c", "value": "194076655d155515155az44?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235378", "to_ids": true, "type": "filename", "uuid": "d61a120f-4d5a-4d3a-8766-89b6ef104f95", "value": "SbieDll.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235378", "to_ids": false, "type": "text", "uuid": "247d609f-c5b2-4487-a430-e573bc34e8a8", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:51/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740237386", "uuid": "ecd10495-c61b-435a-bbd4-2e756d2fb27e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740237386", "to_ids": true, "type": "md5", "uuid": "8019b8fd-0f1a-423a-bfcd-0da5de9e0397", "value": "c0f9813502cec3c991f5e0d75d0ec06d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235540", "to_ids": true, "type": "sha1", "uuid": "82fb705f-179e-4314-bfb2-8c2d3f140b39", "value": "96cc45d35c9c827db2ef05354d7671ef1e5b2811", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235540", "to_ids": true, "type": "sha256", "uuid": "212c3d66-223a-4619-bc2b-458f7bf9db2f", "value": "415e0893ce227464fb29d76e0500c518935d11379d17fb14effaef82e962ff76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740235401", "to_ids": true, "type": "ssdeep", "uuid": "0ad5e790-70a4-4f31-bcaa-ff668b113718", "value": "1536:WLX0t/zAozVmhoBoUTpYoSzwFPcNYStbDK7InNIqUq79Dhto/TILuq:WLX06oxm+Bo8piYPObDKkNmithO8n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740235401", "to_ids": false, "type": "size-in-bytes", "uuid": "e159a552-7691-48c5-aa1d-dc5b4d62d6be", "value": "65541" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740235401", "to_ids": true, "type": "filename", "uuid": "5ad038a8-6214-46a6-8e73-726f3e55e292", "value": "conhask.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 20/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740235401", "to_ids": false, "type": "text", "uuid": "48b59244-155e-483e-8b16-dc77ab9bcdee", "value": "Type Description: unknown\n\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:26/61" } ] } ] } }