{ "Event": { "analysis": "0", "date": "2014-11-10", "extends_uuid": "", "info": "[Threat Intel] The Darkhotel APT", "protected": false, "publish_timestamp": "1780039724", "published": true, "threat_level_id": "1", "timestamp": "1780039724", "uuid": "6f34d0d4-d39c-42d9-b7d0-ad7c36a49c7e", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"DarkHotel\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#4e41fc", "local": false, "name": "misp-galaxy:target-information=\"Ireland\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Nemim\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Tapaoux\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740320058", "to_ids": false, "type": "link", "uuid": "cc412252-fe6c-4a13-bdfe-2a987321293d", "value": "https://securelist.com/the-darkhotel-apt/66779/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740320089", "to_ids": false, "type": "link", "uuid": "dea65b1a-3358-4a78-9ad2-0e000b8530a5", "value": "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740320110", "to_ids": false, "type": "link", "uuid": "fc0c76d6-c6e1-4d2c-9835-8c13c8e4a3bb", "value": "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070901/darkhotelappendixindicators_kl.pdf" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829197", "to_ids": true, "type": "md5", "uuid": "51f058c9-7a9e-4ff0-8e19-03e2ffa6b4dd", "value": "08e08522066a8cd7b494ca64de46d4f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829198", "to_ids": true, "type": "md5", "uuid": "833966a1-7187-4a0b-81a8-3792fd44c12c", "value": "091e4364f50addd6c849f4399a771409", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829199", "to_ids": true, "type": "md5", "uuid": "5a43e3a6-1be2-455a-b120-51efc1ab85a6", "value": "0cbd04c5432b6bfb29921177749f3015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829200", "to_ids": true, "type": "md5", "uuid": "267591f6-2844-49b2-babb-8e85c4830870", "value": "1a2e52e5ac18cfe091bb3ac1cb38f050", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829201", "to_ids": true, "type": "md5", "uuid": "a45a9612-140e-4596-ab6c-05f1fef123eb", "value": "21792583ab4a7080ceaf2c31731b883e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829202", "to_ids": true, "type": "md5", "uuid": "aad752cc-8b60-4230-a193-a468611461e9", "value": "26b34d3df337407c7618f74e9a82eb9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829202", "to_ids": true, "type": "md5", "uuid": "fb00ac14-c766-45b3-bcd9-062892196469", "value": "31e0788c9c2e16db1ae1002f0dbc837e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829203", "to_ids": true, "type": "md5", "uuid": "d00922f0-7cf8-4ff7-a297-fae71f5f2f53", "value": "50ac685d25033962e04adc92c8e70785", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829204", "to_ids": true, "type": "md5", "uuid": "49cd37cb-0026-4194-aacc-0ac18153e72e", "value": "6ce73a81f0e4a41ffcf669e6ace29db6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829205", "to_ids": true, "type": "md5", "uuid": "13989af0-c043-4d09-93d8-4904d7d8be77", "value": "9ccc7ce97f8ee0cd44d607e688b99eca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829206", "to_ids": true, "type": "md5", "uuid": "584b62bb-0282-4a42-9f58-46141e684a32", "value": "a44577e8c77ef3c30749fe6ec2bb55a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829207", "to_ids": true, "type": "md5", "uuid": "cb664eb3-cc01-4718-b4fe-e37dc8cc8f22", "value": "c6cbb4ea6aabf4a58659cd13fa0b024f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829208", "to_ids": true, "type": "md5", "uuid": "ac023f0f-baba-47e9-b462-f7e14f532c59", "value": "c9f95fc8219750b7c47325a0b84e9373", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829209", "to_ids": true, "type": "md5", "uuid": "c21e6635-5ebc-4f83-88d7-03a827cadc02", "value": "d96babbde694df227a9af4b4b61483b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829210", "to_ids": true, "type": "md5", "uuid": "6420fd93-f1ee-4c66-b0d5-bfaefe3e6b70", "value": "e070293d03cd3524e5db9fa4770589a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829211", "to_ids": true, "type": "md5", "uuid": "a0d062ad-048d-44ab-b830-575a0aa09394", "value": "e62af1303ed81f1ae69a1c3b1f215d88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829212", "to_ids": true, "type": "md5", "uuid": "8cb80b54-19ec-4994-b1b1-d704ecfc6779", "value": "cbbfa76cd5ed22a8c53f7f7d117923e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829213", "to_ids": true, "type": "md5", "uuid": "e5d10832-9471-4b5c-ad8c-8b18a2fe54d3", "value": "4ce790e8438ed3a644984eb24452dd42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829214", "to_ids": true, "type": "md5", "uuid": "a2c3bd76-a60e-424d-be14-91d31ea716db", "value": "9cdbd5955fc3bf6da5c00e0804b6d6a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829215", "to_ids": true, "type": "md5", "uuid": "dca186ee-5688-4ce8-8821-0e03b4e324c1", "value": "e8bfb82b0dd5cef46116d61f62c25060", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829216", "to_ids": true, "type": "md5", "uuid": "23f62e95-8d8b-41f4-9b1f-7a225158088e", "value": "397e492f1f65ed9a3c3edc9c7a938f01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970081", "to_ids": true, "type": "domain", "uuid": "58562c64-baf5-46e7-a5b6-bcdbcf0ac226", "value": "163pics.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970102", "to_ids": true, "type": "domain", "uuid": "e86ab494-b245-426a-8851-3ae7aa8ae9b1", "value": "163services.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1780039720", "to_ids": true, "type": "ip-dst", "uuid": "133ef2e7-c2dc-4f9f-945f-aaf5645d9099", "value": "180.235.132.99", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#8fce47", "local": false, "name": "asn:asn=\"55639\"", "relationship_type": "" }, { "colour": "#07d460", "local": false, "name": "asn:as-owner=\"ASIAWEB-SERVICE-HK Asia Web Service Ltd\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1780039722", "to_ids": true, "type": "ip-dst", "uuid": "1f2769f1-0fa5-4f59-a4c8-aacb9f59ce11", "value": "203.146.249.178", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#3932a0", "local": false, "name": "asn:asn=\"9891\"", "relationship_type": "" }, { "colour": "#b3a628", "local": false, "name": "asn:as-owner=\"CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited.\"", "relationship_type": "" }, { "colour": "#588581", "local": false, "name": "asn:as-country=\"TH\"", "relationship_type": "" }, { "colour": "#fa21fa", "local": false, "name": "misp-galaxy:country=\"thailand\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970165", "to_ids": true, "type": "hostname", "uuid": "d22393e8-9025-488d-8020-c458907b763c", "value": "22283.bodis.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970186", "to_ids": true, "type": "domain", "uuid": "d44207d4-5c9c-464b-8f91-352b90831927", "value": "42world.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1780039724", "to_ids": true, "type": "ip-dst", "uuid": "ab14762a-8252-4f42-be2f-594f5bc5a958", "value": "59.188.31.24", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d993cc", "local": false, "name": "asn:asn=\"17444\"", "relationship_type": "" }, { "colour": "#40db64", "local": false, "name": "asn:as-owner=\"HKBNESL-AS-AP HKBN Enterprise Solutions Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970229", "to_ids": true, "type": "domain", "uuid": "903d6170-dfe3-4a4b-bfaf-5ac63cf341cf", "value": "88dafa.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970250", "to_ids": true, "type": "domain", "uuid": "9c98eab1-6c9b-4b65-839e-351360c3f881", "value": "academyhouse.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970271", "to_ids": true, "type": "hostname", "uuid": "7e962fa3-c405-4450-9d00-cf19cf4b3002", "value": "ackr.myvnc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970292", "to_ids": true, "type": "domain", "uuid": "3d5c4575-4f55-4746-8bd5-c61dba278a59", "value": "acrobatup.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970313", "to_ids": true, "type": "domain", "uuid": "b41930fc-357a-4cf3-aaa6-34efa8c0e53a", "value": "adobearm.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970334", "to_ids": true, "type": "domain", "uuid": "2ff7d5aa-2fd3-4e36-9e75-cd7f93b2b44f", "value": "adobeplugs.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970355", "to_ids": true, "type": "hostname", "uuid": "873aa6b7-aaa7-45cc-9b79-15e8c40ed95d", "value": "adoberegister.flashserv.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970376", "to_ids": true, "type": "domain", "uuid": "5155a4e9-d343-4c3e-83b3-ebd61a0c2d31", "value": "adobeupdates.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970398", "to_ids": true, "type": "domain", "uuid": "fb0d2c08-87cc-4d9d-8d39-9d62c7ee8f86", "value": "albasrostga.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740320558", "to_ids": true, "type": "filename", "uuid": "ba944666-aac3-411a-9666-e528a802e1d5", "value": "alexa97.com0" }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970419", "to_ids": true, "type": "domain", "uuid": "f78872b0-6766-46b9-9555-6cabf64f9848", "value": "alphacranes.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970440", "to_ids": true, "type": "domain", "uuid": "a6245836-9cef-4db5-9dd1-47444aa8e6f2", "value": "alphastros.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970461", "to_ids": true, "type": "domain", "uuid": "86a775f5-3da7-4aaa-a1d2-b147bec7ee2b", "value": "amanity50.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970482", "to_ids": true, "type": "domain", "uuid": "9dfdca7b-e5a1-4749-ade1-d3a6ddcd9367", "value": "anti-wars.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970503", "to_ids": true, "type": "domain", "uuid": "bca8c361-2437-4dc2-8d48-ce152e04e712", "value": "applyinfo.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970524", "to_ids": true, "type": "hostname", "uuid": "afa439d5-1398-46cb-86a5-e15154e111ee", "value": "auto2115.icr38.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970545", "to_ids": true, "type": "hostname", "uuid": "ae2151c7-e723-43e4-ab07-3c4c38eee31c", "value": "auto2116.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970567", "to_ids": true, "type": "domain", "uuid": "6f28fbb1-e9f1-4efb-b187-a964d495928e", "value": "auto24col.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970588", "to_ids": true, "type": "hostname", "uuid": "06f67d04-c11e-48de-ad37-4abccb74840b", "value": "autobaba.net84.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970609", "to_ids": true, "type": "hostname", "uuid": "952b43d9-7586-4f27-9ca7-5f2d1ded2870", "value": "autoban.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970630", "to_ids": true, "type": "hostname", "uuid": "31341d42-2c7b-47aa-bf25-49904383e1eb", "value": "autobicy.yaahosting.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970651", "to_ids": true, "type": "hostname", "uuid": "124089af-e999-427f-a984-1a45806e7317", "value": "autobicycle.20x.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970672", "to_ids": true, "type": "hostname", "uuid": "fc3ab707-b92d-49d0-ab82-62f16f60c6d6", "value": "autobicycle.freehostking.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970694", "to_ids": true, "type": "hostname", "uuid": "0333a3f2-f793-47b0-abb8-aee041021a0c", "value": "autobicyyyyyy.50gigs.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970715", "to_ids": true, "type": "hostname", "uuid": "8ae6e90e-2df8-4a12-bc45-e7b6dc741d29", "value": "autoblank.oni.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970736", "to_ids": true, "type": "hostname", "uuid": "b6344eb8-49c2-48cb-841f-26a57ba3d081", "value": "autobrown.gofreeserve.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970757", "to_ids": true, "type": "hostname", "uuid": "df8fcf00-dc85-4718-b460-2a67e9c21268", "value": "autocargo.100gbfreehost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970778", "to_ids": true, "type": "hostname", "uuid": "09462e82-37fb-45d7-a39a-e3285001ca64", "value": "autocash.000php.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970799", "to_ids": true, "type": "hostname", "uuid": "3e5ddb77-e726-4b8c-a762-c65c376134f8", "value": "autocashhh.hostmefree.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970820", "to_ids": true, "type": "hostname", "uuid": "fa603c85-c92f-42fb-b010-602ef3801a0a", "value": "autocaze.crabdance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970841", "to_ids": true, "type": "hostname", "uuid": "5fbe125b-22f6-4c88-baef-754f6f25f71b", "value": "autocheck.000page.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970863", "to_ids": true, "type": "hostname", "uuid": "75cbad25-3298-4fa8-a64f-b218bf0e8e5a", "value": "autochecker.myftp.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970884", "to_ids": true, "type": "hostname", "uuid": "418abb1c-2445-45c1-a160-22607089a1a1", "value": "autocracy.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970905", "to_ids": true, "type": "hostname", "uuid": "2b6d9c2c-6a37-420a-a1f6-99f5e8406ef3", "value": "autocrat.comuf.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970926", "to_ids": true, "type": "hostname", "uuid": "79b68a41-c67e-4fbe-bed4-25b000f9707c", "value": "autodoor.freebyte.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970948", "to_ids": true, "type": "hostname", "uuid": "94c00dd3-7f11-4055-a4d3-bb99efc035ff", "value": "autof888com.20x.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970969", "to_ids": true, "type": "hostname", "uuid": "e1fd26d6-297d-4836-a18d-ab5dbe903683", "value": "autofseven.freei.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740970990", "to_ids": true, "type": "domain", "uuid": "b7bff19a-04c1-4825-a859-2d1b17edc74a", "value": "autogeremys.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971011", "to_ids": true, "type": "hostname", "uuid": "ce026106-2be2-4cae-ad09-3edce6fc20f6", "value": "autoinsurance.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971032", "to_ids": true, "type": "hostname", "uuid": "632a9a15-b9dd-47c3-b4a1-4a38affc6ad8", "value": "autojob.whostas.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971054", "to_ids": true, "type": "hostname", "uuid": "7da06a51-c4e2-49ba-9bc3-ae8b048ef8dd", "value": "autoken.scienceontheweb.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971075", "to_ids": true, "type": "hostname", "uuid": "95370da5-e864-4d63-b862-b638968c6036", "value": "autolace.twilightparadox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971096", "to_ids": true, "type": "hostname", "uuid": "21fad3a0-0b7b-41ad-86fa-198a8204e918", "value": "automachine.servequake.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971117", "to_ids": true, "type": "hostname", "uuid": "06683826-b33b-438b-b836-d3e3c8fb7c1d", "value": "automatic.waldennetworks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971138", "to_ids": true, "type": "hostname", "uuid": "6c81518c-ac97-4eb7-882a-024eee317199", "value": "automation.000a.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971159", "to_ids": true, "type": "hostname", "uuid": "45c3c4d0-e763-428d-8e2f-1d42d1594307", "value": "automation.icr38.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971180", "to_ids": true, "type": "hostname", "uuid": "e42b21a8-c832-4b06-8a93-90458511e055", "value": "automobile.000a.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971201", "to_ids": true, "type": "hostname", "uuid": "45586709-4a78-4676-945a-f5b7053bba88", "value": "automobile.200gigs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971223", "to_ids": true, "type": "hostname", "uuid": "f5174905-d328-4720-af6b-d2c18d7f734d", "value": "automobile.freei.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971244", "to_ids": true, "type": "hostname", "uuid": "aea8e9c0-ce22-46cf-9c28-65722f846ecb", "value": "automobile.it.cx", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971265", "to_ids": true, "type": "hostname", "uuid": "26b477ff-6f69-4507-a557-31d41c12c67f", "value": "automobile.megabyet.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971286", "to_ids": true, "type": "hostname", "uuid": "97512e1d-1c93-452e-bdf7-07fcb570a276", "value": "automobile.x4host.eu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971308", "to_ids": true, "type": "hostname", "uuid": "c0e9160d-d989-42fb-89bd-6a232d128ed6", "value": "automobiles.strangled.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971329", "to_ids": true, "type": "hostname", "uuid": "aefd84b0-75b2-464b-8bfd-afc197210f13", "value": "automotive.20x.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971350", "to_ids": true, "type": "hostname", "uuid": "7846559d-2d4e-431a-a49b-1b112a6ac9e5", "value": "autonomy.host22.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971371", "to_ids": true, "type": "hostname", "uuid": "8e22d528-2e98-406c-af66-688fb3d95d39", "value": "autopapa.noads.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971392", "to_ids": true, "type": "hostname", "uuid": "6a989d0a-b639-4e2a-bf8b-05d31cff872f", "value": "autopara.oliwy.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971414", "to_ids": true, "type": "hostname", "uuid": "6c52fac4-6cbe-41f1-a58d-8773a65048c2", "value": "autoparts.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971435", "to_ids": true, "type": "hostname", "uuid": "76c7ac1f-34e7-46b8-9a12-a169b10fe937", "value": "autopatch.createandhost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971456", "to_ids": true, "type": "hostname", "uuid": "d12b4911-f0cb-4391-a653-d0816babc870", "value": "autopatch.verwalten.ch", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971478", "to_ids": true, "type": "hostname", "uuid": "7f72eefc-2e54-47cd-916a-5ee4c3ce853e", "value": "autophile.00free.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971499", "to_ids": true, "type": "hostname", "uuid": "142b5b23-30d5-48b8-b2b3-570b03761b24", "value": "autopilot.verwalten.ch", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971520", "to_ids": true, "type": "hostname", "uuid": "d6f08df8-93cf-4a6c-a058-57aeeba82515", "value": "autoplant.byethost11.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971541", "to_ids": true, "type": "hostname", "uuid": "a21aef4c-74c0-4e51-a595-89d420925af9", "value": "autopsy.createandhost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971562", "to_ids": true, "type": "hostname", "uuid": "307d93d1-e602-4527-8f93-3f9be723ccc0", "value": "autoreviews.dyndns.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971583", "to_ids": true, "type": "hostname", "uuid": "06065663-0b3b-4507-9bc9-d08c128851d0", "value": "autorico.ignorelist.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971605", "to_ids": true, "type": "hostname", "uuid": "20aa3400-01f2-4688-a352-1f1f12e5fbb2", "value": "autosadeo.000php.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971626", "to_ids": true, "type": "hostname", "uuid": "279f0ff4-46e6-49ab-98ec-ce8e7abffc07", "value": "autosail.ns01.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971647", "to_ids": true, "type": "hostname", "uuid": "7ebb12c4-4812-4628-8854-66219b858a0a", "value": "autoshop.hostmefree.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971668", "to_ids": true, "type": "hostname", "uuid": "c05248c6-71b1-4386-a7fd-c67e35e4abf6", "value": "autostart.waldennetworks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971689", "to_ids": true, "type": "hostname", "uuid": "cb72c973-df45-4ce7-86cd-d9eb9df07415", "value": "autotest.byethost4.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971710", "to_ids": true, "type": "hostname", "uuid": "f3ed21b3-ca4e-41b5-b132-bc0694022a45", "value": "autotree.freebyte.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971731", "to_ids": true, "type": "hostname", "uuid": "ec510c4c-2ced-4276-9544-2b4ed9c35bb7", "value": "autoup.eu.pn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971752", "to_ids": true, "type": "hostname", "uuid": "057d260e-ec78-4686-911b-f352dcf86acf", "value": "autoupdafree.my5gigs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971774", "to_ids": true, "type": "hostname", "uuid": "83e14da9-1f5c-4588-9d5d-343a30782c0b", "value": "autoupdate.eg.vg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971795", "to_ids": true, "type": "hostname", "uuid": "d1c4511a-6a99-4330-9bc6-78fcae6a27e3", "value": "autoupdate.freehostia.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971816", "to_ids": true, "type": "hostname", "uuid": "20113a0a-e130-4d2d-bbf6-5ebcfa697986", "value": "autoupdate.megabyet.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971838", "to_ids": true, "type": "hostname", "uuid": "6b6b542d-c031-4e28-92b1-24aad27a77fd", "value": "autoupdate.zoka.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971859", "to_ids": true, "type": "hostname", "uuid": "458ecf52-14ad-4e2e-9354-2621675b7b12", "value": "autoupdatefree.freehostia.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971880", "to_ids": true, "type": "hostname", "uuid": "ef24e500-f9b6-4a1f-8015-2fabe1157864", "value": "autoupdatefree.verwalten.ch", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971901", "to_ids": true, "type": "hostname", "uuid": "7a4b84fd-e0a6-4dfc-bb86-a360f23d0ba2", "value": "autoupdatefree.waldennetworks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971923", "to_ids": true, "type": "hostname", "uuid": "216b7174-14e3-48ef-84f1-c53949269037", "value": "autoupdatefree.zoka.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971944", "to_ids": true, "type": "hostname", "uuid": "ac678e8f-8237-41f6-97c1-e44e36bc5a87", "value": "autoupdatefreee.my5gigs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971965", "to_ids": true, "type": "hostname", "uuid": "6302b808-a6bf-4a97-85fc-62e9a45fe77e", "value": "autoupdates.5gigs.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740971986", "to_ids": true, "type": "hostname", "uuid": "274f3f8e-9979-4d27-97f9-3850243afcd0", "value": "autoupdatfreeee.coolwwweb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972007", "to_ids": true, "type": "hostname", "uuid": "2f24428d-1425-46d7-9f6d-b98b46e649f3", "value": "autoupgrade.awardspace.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972028", "to_ids": true, "type": "hostname", "uuid": "ab0adb41-81ad-4ca3-acec-dcd3905bda27", "value": "autovita.xtreemhost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972049", "to_ids": true, "type": "hostname", "uuid": "80b2c694-5b8e-45ab-8d37-34bda7b7b88c", "value": "autovonmanstein.x10.mx", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972070", "to_ids": true, "type": "hostname", "uuid": "f8a46ef0-00ff-4f91-a017-0e1c0594863a", "value": "autoworld.serveblog.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972091", "to_ids": true, "type": "hostname", "uuid": "688e85d9-be8b-438b-8bcd-9c0ff303255f", "value": "autozone.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972112", "to_ids": true, "type": "domain", "uuid": "24358010-d0a8-43ec-902f-aa6e5d2f1b6b", "value": "begatrendsone.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972135", "to_ids": true, "type": "domain", "uuid": "49613b7d-d2e4-4834-b37b-78b3cdf338ae", "value": "begatrials.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972156", "to_ids": true, "type": "domain", "uuid": "7a2cfb5a-22bd-4450-9ec9-8e63fcd3a618", "value": "bizannounce.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972177", "to_ids": true, "type": "hostname", "uuid": "5f6e7231-4998-44a3-9093-c5e46a232484", "value": "blonze.createandhost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972198", "to_ids": true, "type": "hostname", "uuid": "3eabc38e-190d-47d6-ae4d-e3893acd458b", "value": "bluecat.biz.nf", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972219", "to_ids": true, "type": "hostname", "uuid": "c0d58a25-8696-44f7-af30-7600af30b61c", "value": "bluemagazines.servegame.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972240", "to_ids": true, "type": "hostname", "uuid": "0f7e2497-3bcf-4206-9047-8fd5140d95e1", "value": "bokselpa.dasfree.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972262", "to_ids": true, "type": "domain", "uuid": "beb2892f-1986-4cce-b5d2-44054b28b747", "value": "checkingvirusscan.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972283", "to_ids": true, "type": "hostname", "uuid": "5ad1b259-d351-4dd6-9e7c-75ace0b98d4f", "value": "clus89.crabdance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972304", "to_ids": true, "type": "hostname", "uuid": "3048d05a-631a-41f5-a3b1-5b7deb5113ff", "value": "codec.servepics.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972325", "to_ids": true, "type": "hostname", "uuid": "a3774b5c-240a-4bc2-98dd-e97325840380", "value": "control.wrizx.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972346", "to_ids": true, "type": "hostname", "uuid": "86a98b29-be9f-4f9a-b9a2-388dcce7c09c", "value": "cranseme.ignorelist.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972367", "to_ids": true, "type": "hostname", "uuid": "d80fb18b-5618-493b-8d93-a22166350b61", "value": "crazymand.twilightparadox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972388", "to_ids": true, "type": "hostname", "uuid": "16d1d07b-08d1-4aae-a74b-10b95411de61", "value": "crendesting.strangled.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972410", "to_ids": true, "type": "hostname", "uuid": "c8111abd-eedf-4f0f-88df-04e3237ee9a5", "value": "dailybread.waldennetworks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972431", "to_ids": true, "type": "domain", "uuid": "56160946-ef03-4a07-9542-6e6812ffd03b", "value": "dailyissue.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972452", "to_ids": true, "type": "hostname", "uuid": "b2634077-f8a3-41ee-bdd2-24dcbc8d85d4", "value": "dailynews.000page.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972473", "to_ids": true, "type": "domain", "uuid": "2d59018d-76c3-468a-9f7c-35409768d27a", "value": "dailypatch-rnr2008.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972494", "to_ids": true, "type": "domain", "uuid": "2f776d8f-f837-434f-bd14-90afac08b923", "value": "dailysummary.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972515", "to_ids": true, "type": "hostname", "uuid": "9b04dfb2-802f-46d3-9f09-c2589f53430d", "value": "dailyupdate.110mb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972536", "to_ids": true, "type": "domain", "uuid": "2e3c3218-c416-4ce7-8ad8-72aae46adc5f", "value": "domainmanagemenet.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972557", "to_ids": true, "type": "hostname", "uuid": "ebc27351-eb74-49c0-aaad-68a16e950d22", "value": "donatewa.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972579", "to_ids": true, "type": "hostname", "uuid": "6b8a73c0-9fb5-4c8d-9920-71e8c3fe4387", "value": "downsw.onlinewebshop.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972600", "to_ids": true, "type": "hostname", "uuid": "47557256-fa33-45b3-ae69-b7a79bddceee", "value": "dpc.servegame.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972621", "to_ids": true, "type": "domain", "uuid": "d935d79d-d4f0-4e07-88d3-959f10e20a69", "value": "ds505cam.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972642", "to_ids": true, "type": "domain", "uuid": "703f05ae-4400-4ccb-aa6b-38048dc32466", "value": "ebizcentres.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972663", "to_ids": true, "type": "domain", "uuid": "8d316499-074c-4984-b8da-02c58ddbf824", "value": "elibrarycentre.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972684", "to_ids": true, "type": "hostname", "uuid": "f5bac9ce-00d1-4519-9399-c5d2c2f641c9", "value": "err.cloins.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972705", "to_ids": true, "type": "domain", "uuid": "608ed797-4055-4325-868f-b02856f7ef9d", "value": "eztwt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972726", "to_ids": true, "type": "hostname", "uuid": "7bb4169c-6b8d-4ed4-a647-5ef76a19c7bc", "value": "fame.mooo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972748", "to_ids": true, "type": "hostname", "uuid": "39baf9ef-9b03-43a6-98ad-4c3b2964b795", "value": "fashions.0fees.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972769", "to_ids": true, "type": "hostname", "uuid": "676149d5-26ed-43d9-9dd4-7bac40dc52db", "value": "fenraw.northgeremy.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972790", "to_ids": true, "type": "hostname", "uuid": "21a6cd20-d4b2-4aa5-9f9e-06bb4fd9ecb2", "value": "fenrix.yaahosting.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972811", "to_ids": true, "type": "hostname", "uuid": "36b93fe2-ebb8-4b33-ae8d-645a69400afb", "value": "fenrmi.eu.pn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972832", "to_ids": true, "type": "domain", "uuid": "b2255cea-3435-4fbc-8582-85bd5436637b", "value": "foreignaffair.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972853", "to_ids": true, "type": "hostname", "uuid": "4bb66f74-4b8e-4141-b07a-1a0364d71eb3", "value": "gamepia008.my5gigs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972874", "to_ids": true, "type": "hostname", "uuid": "c068b921-06bc-4e6a-9ef4-81c98caf983f", "value": "genelousmanis.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972895", "to_ids": true, "type": "domain", "uuid": "38e6a09d-c6af-4666-acf8-35e9996e56d3", "value": "generalemountina.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972917", "to_ids": true, "type": "hostname", "uuid": "fb8fe3eb-ec84-48ed-a7ba-3e2f38a6a3a1", "value": "genuinsman.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972938", "to_ids": true, "type": "domain", "uuid": "e1227867-41be-48c4-a388-2c441e0abb33", "value": "gigahermes.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972959", "to_ids": true, "type": "hostname", "uuid": "72a46b75-8759-4b2e-b0af-dd8e3b5eea4b", "value": "gigamiros.zyns.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740972980", "to_ids": true, "type": "hostname", "uuid": "6e664606-f5fc-4937-842c-df5a3b8eb6a0", "value": "gigathread.itemdb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973001", "to_ids": true, "type": "domain", "uuid": "75708390-66fc-4be3-8b8b-fea19672f095", "value": "gigatrend.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973022", "to_ids": true, "type": "hostname", "uuid": "0c14676b-3b24-4a8f-aa53-20ccc2826e0f", "value": "giveaway.6te.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973043", "to_ids": true, "type": "domain", "uuid": "2f69f4ed-3dd5-4985-8475-9b7918ff4c4b", "value": "goathoney.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973065", "to_ids": true, "type": "hostname", "uuid": "e3a38c14-4fed-457a-8edd-842a57c020d0", "value": "goizmi.ignorelist.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973086", "to_ids": true, "type": "hostname", "uuid": "49465263-b872-4d5f-9852-64b37d706f70", "value": "goizmi.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973107", "to_ids": true, "type": "hostname", "uuid": "62df9530-fbd0-4aff-b96e-feec1433f852", "value": "goldblacktree.waldennetworks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973128", "to_ids": true, "type": "hostname", "uuid": "5cd248b1-4afb-426f-87ab-24a7b218d043", "value": "gphpnet.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973149", "to_ids": true, "type": "domain", "uuid": "89378f04-9395-478d-b3d6-958a667f1111", "value": "greatechangemind.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973170", "to_ids": true, "type": "hostname", "uuid": "2651c689-4f7f-482b-b62e-25020d88cad3", "value": "greenlabelstud.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973191", "to_ids": true, "type": "hostname", "uuid": "f245ccfd-347f-44e0-889e-e0b4f61e5b05", "value": "gurunichi.createandhost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973212", "to_ids": true, "type": "hostname", "uuid": "fb33a710-240f-4234-9d19-6f437d1f7ae4", "value": "halemdus.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973233", "to_ids": true, "type": "domain", "uuid": "9c21e8c3-0f5a-4105-a20b-3148d0dfc773", "value": "heinzmarket.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973255", "to_ids": true, "type": "hostname", "uuid": "8f0fc6e6-7db4-4c8e-8543-b47b570ba5a5", "value": "hotemup.icr38.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973280", "to_ids": true, "type": "domain", "uuid": "402239ac-fd28-4752-a7fa-eed677b7a4ff", "value": "humanforum.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973301", "to_ids": true, "type": "domain", "uuid": "c38e2ca1-5b53-435a-8115-62e756dfbd11", "value": "hummfoundation.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973323", "to_ids": true, "type": "hostname", "uuid": "ea09a0ba-124d-48c9-99b4-07efaf70c336", "value": "individuals.sytes.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973344", "to_ids": true, "type": "domain", "uuid": "ddee206a-9247-4c2e-8402-4bf3216fe43f", "value": "infonetworks.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973365", "to_ids": true, "type": "domain", "uuid": "aac4c9ac-be5c-4a4d-8e53-df00c2d302ea", "value": "innewsmessenger.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973386", "to_ids": true, "type": "hostname", "uuid": "3c1fa447-4a5c-4842-8feb-bbdfc022ac92", "value": "jackie311.byethost16.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973408", "to_ids": true, "type": "hostname", "uuid": "1faf6bdf-0738-47e6-8d2e-5f0a515e028a", "value": "jandas.byethost7.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973429", "to_ids": true, "type": "hostname", "uuid": "63171351-6a47-4250-95d0-af33c6cb1242", "value": "javaupdate.flashserv.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973450", "to_ids": true, "type": "hostname", "uuid": "a5bc5243-09f9-4f9c-9399-a56080be4bc1", "value": "jonejokoss.byethost6.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973471", "to_ids": true, "type": "hostname", "uuid": "a11c4761-b2d5-46b7-9c4b-0b103f00188c", "value": "jonemaccane1.byethost7.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973492", "to_ids": true, "type": "domain", "uuid": "632d6907-815d-4ffa-b3f8-9c74d9c9879f", "value": "jpnspts.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973513", "to_ids": true, "type": "domain", "uuid": "bbbe46ce-facf-43ec-a8a0-1ec16845212f", "value": "jpqueen.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973534", "to_ids": true, "type": "hostname", "uuid": "3cc4d964-4cab-4b35-bf0c-bda827cbff3b", "value": "kaoal.chickenkiller.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973555", "to_ids": true, "type": "domain", "uuid": "d397cce8-59d2-4606-a7f1-f615dc6a6cb0", "value": "laborsforum.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973577", "to_ids": true, "type": "hostname", "uuid": "12a6c20b-ebf6-4b54-bdc1-c40fe5213d76", "value": "lakers.jumpingcrab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973598", "to_ids": true, "type": "hostname", "uuid": "bfe433fe-60df-4b12-8bb8-d0a1fe879714", "value": "limited.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973619", "to_ids": true, "type": "hostname", "uuid": "da4df237-d629-47ce-b143-168ddae9925b", "value": "lookasjames.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973640", "to_ids": true, "type": "domain", "uuid": "3ccdf12a-eee3-4a88-bbf6-f4bc44443d05", "value": "mansgepitostraig.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973661", "to_ids": true, "type": "domain", "uuid": "d3654ba9-29d1-48bd-91bc-31b78b6bf579", "value": "mechanicalcomfort.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973682", "to_ids": true, "type": "hostname", "uuid": "b21d0df1-cb5f-4531-944c-a90880f9f7d2", "value": "microalba.serveftp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973703", "to_ids": true, "type": "hostname", "uuid": "49cacfc9-1811-4d97-a0d8-d6b82214d001", "value": "microblo5.mooo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973725", "to_ids": true, "type": "hostname", "uuid": "89e0fbdb-37a7-4a2c-8b78-9adb4e4bca76", "value": "microbrownys.strangled.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973746", "to_ids": true, "type": "hostname", "uuid": "506ad763-06c3-4635-8ec7-154d959f8d0c", "value": "microchiefs.twilightparadox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973767", "to_ids": true, "type": "hostname", "uuid": "32bf5faa-6503-4862-82d5-a318addc7833", "value": "microchisk.mooo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973788", "to_ids": true, "type": "hostname", "uuid": "2f123819-3395-4b38-9c2e-0e5d72db9087", "value": "microchsse.strangled.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973809", "to_ids": true, "type": "hostname", "uuid": "646aa3dc-8b22-480f-aead-c3652d979c50", "value": "microdelta.crabdance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973830", "to_ids": true, "type": "hostname", "uuid": "b7490e2d-65a7-49d6-ae2a-971b963790c4", "value": "microgenuinsman.servebeer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973851", "to_ids": true, "type": "hostname", "uuid": "86b915ce-562b-471a-a5d6-e011865d9a60", "value": "microjonjokoss.jumpingcrab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973872", "to_ids": true, "type": "hostname", "uuid": "835a6112-f50f-4fe5-bb8b-1d631e71a33c", "value": "microlilics.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973893", "to_ids": true, "type": "hostname", "uuid": "0a75e038-ad69-45ad-89d0-e13b74565263", "value": "microlilics.crabdance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973914", "to_ids": true, "type": "domain", "uuid": "68581c10-819b-47a8-a12d-1c1971951084", "value": "micromacrarusn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973935", "to_ids": true, "type": "domain", "uuid": "86023ade-7ddb-4256-99ed-9043882f1371", "value": "micromacs.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973957", "to_ids": true, "type": "hostname", "uuid": "e2b16a10-9fe4-4ec9-94a0-fcefa6377d5d", "value": "micromichi.ezua.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973977", "to_ids": true, "type": "domain", "uuid": "4694a9ff-0bd9-4165-aa78-3872b9f3bdfd", "value": "micromps1.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740973999", "to_ids": true, "type": "hostname", "uuid": "bcb6b5e2-3566-4572-b656-abf4c3908ee1", "value": "micronames.jumpingcrab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974020", "to_ids": true, "type": "hostname", "uuid": "2bfe0e21-d6e7-41e1-b83d-140a350906bd", "value": "micronao.hopto.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974041", "to_ids": true, "type": "hostname", "uuid": "5ef3813c-1a8e-4b88-9d80-ee739edd0f7c", "value": "micronaoko.jumpingcrab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974062", "to_ids": true, "type": "hostname", "uuid": "7d449ad0-0da6-480e-a5d3-5a424495dc3a", "value": "microos.jumpingcrab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974083", "to_ids": true, "type": "hostname", "uuid": "3ba77cab-7d9c-423c-a561-022f7835117e", "value": "microplants.strangled.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974104", "to_ids": true, "type": "domain", "uuid": "6dfa35c5-1b0e-4f06-8f79-de716c38e9a6", "value": "microsoft-xpupdate.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974125", "to_ids": true, "type": "hostname", "uuid": "e8889856-d703-46c4-9487-30963e00a7aa", "value": "microyours.ignorelist.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974146", "to_ids": true, "type": "domain", "uuid": "fae68124-3d57-4e18-a6d3-0994eef7dcb0", "value": "minshatopas12.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974167", "to_ids": true, "type": "domain", "uuid": "6fc202d5-6213-4d8c-a55c-81a2b0ceed10", "value": "msdn4updates.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974188", "to_ids": true, "type": "domain", "uuid": "efc0f1f3-0db2-41c7-9057-9dc75df4cf47", "value": "mshotfix.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974209", "to_ids": true, "type": "domain", "uuid": "db6edcc0-d201-4676-aad5-8d3a320fc04c", "value": "msupdates.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974231", "to_ids": true, "type": "hostname", "uuid": "a5049643-6905-4d03-ac81-c2245ae6d3c5", "value": "myhome.serveuser.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974252", "to_ids": true, "type": "hostname", "uuid": "bfb57ab0-27d3-48c4-8057-1ebfd85cc8d1", "value": "myphone.freei.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974273", "to_ids": true, "type": "domain", "uuid": "b4065782-5893-4753-921a-3336a5d10263", "value": "nanogalsman.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974294", "to_ids": true, "type": "domain", "uuid": "7d5ca4e6-795c-45b0-936e-18e2b35577f8", "value": "nanomicsoft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974316", "to_ids": true, "type": "domain", "uuid": "be340a48-5934-424a-972f-86b3072c9ed4", "value": "nanoocspos.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974337", "to_ids": true, "type": "domain", "uuid": "8a905910-eb2d-4d0c-9395-7323aee41ca8", "value": "nanosleepss.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974358", "to_ids": true, "type": "hostname", "uuid": "8dd0f42c-d392-4a9a-b7e4-bbc4b0e4080c", "value": "ncnbroadcasting.reportinside.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974380", "to_ids": true, "type": "domain", "uuid": "8ea47e3d-771a-41cf-9288-a78bb5f2bf0b", "value": "neao.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974401", "to_ids": true, "type": "domain", "uuid": "6a55c098-9740-4c26-8daa-e5817e94f3f6", "value": "neosilba.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974422", "to_ids": true, "type": "hostname", "uuid": "ce2b33b5-2a50-45eb-bc9e-b0ab199e2883", "value": "new.freecinemaworld.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974444", "to_ids": true, "type": "hostname", "uuid": "7cf16c4c-6f7e-4143-9a08-167de79ddc2b", "value": "new.islamicawaken.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974465", "to_ids": true, "type": "domain", "uuid": "d8635aab-b571-431d-bc4e-ceca9eac2d77", "value": "newsagencypool.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974486", "to_ids": true, "type": "domain", "uuid": "5709133c-de08-4a5e-9c4a-eea73f602cee", "value": "newsdailyinhk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974508", "to_ids": true, "type": "hostname", "uuid": "fd551c95-d957-4dcb-9929-fafe1644cdcb", "value": "newsups.000a.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974529", "to_ids": true, "type": "hostname", "uuid": "876ae2cf-79b3-4b89-b33e-83a6b676ccaa", "value": "nokasblog.agilityhoster.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974550", "to_ids": true, "type": "domain", "uuid": "91fdbcea-6811-428e-a936-0dd24f44d1a2", "value": "office-revision.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974571", "to_ids": true, "type": "hostname", "uuid": "66c31bc5-ba4d-475d-b36f-a320d32ff464", "value": "online.usean.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974593", "to_ids": true, "type": "domain", "uuid": "83e8713a-820d-48fe-b536-b60cf771cbc9", "value": "outlookz.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974614", "to_ids": true, "type": "hostname", "uuid": "7dcb868f-946b-43a1-b524-90f6edf64514", "value": "pb.enewslive.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974635", "to_ids": true, "type": "hostname", "uuid": "7975a4c7-0adb-40d3-b614-b8320cc14e7c", "value": "pb.qocp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974657", "to_ids": true, "type": "hostname", "uuid": "106f347c-4b27-404f-b87d-57bef32c011c", "value": "pb.upinfo.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974678", "to_ids": true, "type": "hostname", "uuid": "314c4ef0-d108-4e48-8d62-fe01d29893ff", "value": "photo.eonlineworld.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974699", "to_ids": true, "type": "hostname", "uuid": "af35ab76-e03e-4334-a887-6fb67569049e", "value": "popin.0fees.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974720", "to_ids": true, "type": "hostname", "uuid": "f82fd446-252c-4a9f-bf4d-39ba6c8df7db", "value": "private.neao.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974741", "to_ids": true, "type": "domain", "uuid": "115bb986-4d8d-4f6e-82a3-62378c2fc854", "value": "proteingainer.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974762", "to_ids": true, "type": "hostname", "uuid": "a02db4ee-bc86-4770-a36b-6d98bc2f3845", "value": "rainbowbbs.mywebcommunity.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974783", "to_ids": true, "type": "domain", "uuid": "445789c5-d1c0-4c4d-a38d-687ab07dc320", "value": "rayp.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974805", "to_ids": true, "type": "hostname", "uuid": "d50163e6-7870-47c9-90bd-1f69e37b647c", "value": "re.policyforums.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974827", "to_ids": true, "type": "hostname", "uuid": "08ac9b73-ca2d-477b-bd92-1c29ed5175cf", "value": "redblacksleep.createandhost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974848", "to_ids": true, "type": "hostname", "uuid": "304c5cb1-b72f-4a92-b5e8-e1e01a8b6480", "value": "redlooksman.servehttp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974869", "to_ids": true, "type": "domain", "uuid": "f5462923-57c2-4dc2-87c8-8978bf5b29f7", "value": "reportinshop.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974891", "to_ids": true, "type": "domain", "uuid": "58a1e8ee-3e9a-4a6f-8b65-6c96ff4187ac", "value": "reportinside.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974912", "to_ids": true, "type": "hostname", "uuid": "daf62886-9657-444d-acda-be4aaa81078d", "value": "rootca.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974934", "to_ids": true, "type": "hostname", "uuid": "7d1d497d-c926-4c19-8e8b-d9eaa0406de6", "value": "sales.eu5.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974955", "to_ids": true, "type": "domain", "uuid": "6003ccd4-ac1f-4f19-bc06-b7d252d3c339", "value": "secureonline.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974976", "to_ids": true, "type": "domain", "uuid": "ef179ba8-b683-44a2-8eee-d23766b02e45", "value": "self-makeups.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740974997", "to_ids": true, "type": "domain", "uuid": "0c300bc8-fdf7-44b0-bbc1-13c1a1ada4a6", "value": "self-makingups.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975018", "to_ids": true, "type": "domain", "uuid": "000b7207-07ab-42b5-85ba-15b7697545b1", "value": "sellingconnection.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975040", "to_ids": true, "type": "hostname", "uuid": "a4e7da74-90ec-4c7c-a10c-5c4367f2cdd9", "value": "sens.humanforum.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975061", "to_ids": true, "type": "domain", "uuid": "3ee6beb5-3403-4789-8207-77a2cfbe067a", "value": "shndia.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975083", "to_ids": true, "type": "hostname", "uuid": "49d3a7e5-7be1-40f6-8815-e3a37d88aa9b", "value": "silverbell.000space.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975104", "to_ids": true, "type": "hostname", "uuid": "06789b9a-4dbf-4cff-977a-a2bc67b5c180", "value": "sipapals.servehalflife.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975125", "to_ids": true, "type": "domain", "uuid": "cd2151b4-e1be-427e-a9c7-294141dd0d0d", "value": "smartappactiv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975146", "to_ids": true, "type": "hostname", "uuid": "8a74ca1b-5ba8-413b-b7d9-f4498d0d44c1", "value": "smartnewup.crabdance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975167", "to_ids": true, "type": "domain", "uuid": "22e00ddb-cea8-473f-ac57-1fb529d85f06", "value": "sourcecodecenter.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975188", "to_ids": true, "type": "domain", "uuid": "fd316680-0bab-43a4-a1ca-ac85e7150630", "value": "spotnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975210", "to_ids": true, "type": "hostname", "uuid": "6be03841-172d-4429-8fa0-95764fd2a122", "value": "st.cloins.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975231", "to_ids": true, "type": "hostname", "uuid": "84444892-e79c-4e9d-9683-dcad9a26a775", "value": "stloelementry.200gigs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975252", "to_ids": true, "type": "hostname", "uuid": "5f5b59e0-e48f-4452-ae9d-e2a963750453", "value": "students.serveblog.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740320563", "to_ids": true, "type": "filename", "uuid": "e3efab83-509a-4cf6-bbb3-1afc759da68a", "value": "support\u00acforum.org" }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975273", "to_ids": true, "type": "hostname", "uuid": "f5bf9371-0459-4250-8024-da0285a83eb3", "value": "terryblog.110mb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975294", "to_ids": true, "type": "hostname", "uuid": "443db4ef-1eed-4669-b695-c134b92ed07f", "value": "thenewesthta.mypressonline.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975316", "to_ids": true, "type": "hostname", "uuid": "77dec857-55a2-4545-85a2-0cce321d295a", "value": "thirdbase.bugs3.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975337", "to_ids": true, "type": "domain", "uuid": "8685302f-f6fd-4b95-8e85-a928e44b91ed", "value": "todaynewscentre.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975358", "to_ids": true, "type": "domain", "uuid": "1e948054-6028-4a78-9079-ba4169a7cce1", "value": "trade-inf.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975379", "to_ids": true, "type": "hostname", "uuid": "4e74ab46-14d2-489a-9be3-152b559b1501", "value": "unknown12.ignorelist.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975401", "to_ids": true, "type": "hostname", "uuid": "388784b4-5a07-44f3-b65c-8e57c0fd82a3", "value": "updaairpush.ignorelist.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975422", "to_ids": true, "type": "hostname", "uuid": "f94bea53-0ca8-45e9-af51-e323c68782d3", "value": "updaily.biz.nf", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975443", "to_ids": true, "type": "hostname", "uuid": "97f48d8a-bf02-4c26-b162-c1dcdaff4cf3", "value": "updaily.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975464", "to_ids": true, "type": "hostname", "uuid": "9689ccf4-b8a9-495c-b6ce-42b036243198", "value": "updaisin.net16.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975485", "to_ids": true, "type": "hostname", "uuid": "071a0551-3eac-448a-bc9f-a1eb504f3c60", "value": "updalsim.freehostee.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975507", "to_ids": true, "type": "hostname", "uuid": "9f6b751f-3469-40cd-9bd6-7132296dd8bb", "value": "updarling.000a.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975528", "to_ids": true, "type": "hostname", "uuid": "66e85554-1c5d-44af-822e-78532e7764e8", "value": "updatable.20x.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975549", "to_ids": true, "type": "hostname", "uuid": "f83c7d7d-7e52-4cba-b54d-013fcfafaea8", "value": "updateall.000a.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975571", "to_ids": true, "type": "domain", "uuid": "cb5c916d-f9d5-4248-b3f6-bafab46f0e6b", "value": "updatecache.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975593", "to_ids": true, "type": "hostname", "uuid": "9f8107a0-e780-4d19-85b9-48088bab5447", "value": "updatefast.000a.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975614", "to_ids": true, "type": "hostname", "uuid": "a9fa1aac-b3b6-402c-a2f5-3340f8a50e17", "value": "updateiphone.20x.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975635", "to_ids": true, "type": "hostname", "uuid": "e98cd7b2-4f51-46f1-8c8f-6bc529064092", "value": "updateitunes.waldennetworks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975656", "to_ids": true, "type": "hostname", "uuid": "d5c1953e-a440-47fe-a444-06219974b623", "value": "updatejava.megabyet.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975680", "to_ids": true, "type": "hostname", "uuid": "ed7b00ef-ad2e-43c1-9db1-83c69b522ebb", "value": "updatepatch.icr38.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975701", "to_ids": true, "type": "hostname", "uuid": "06fb87b0-48c7-4425-8940-6428c72eece8", "value": "updateschedule.verwalten.ch", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975722", "to_ids": true, "type": "hostname", "uuid": "b6cb1e93-606b-408a-b714-5be0712c0e6c", "value": "updatesw.110mb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975744", "to_ids": true, "type": "hostname", "uuid": "e7ce48f9-69c8-4108-a209-f08af630f1f4", "value": "updatesw.zoka.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975765", "to_ids": true, "type": "hostname", "uuid": "a67d2b50-dcb6-4bf2-b628-45400e2e0048", "value": "updatewell.freebyte.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975786", "to_ids": true, "type": "hostname", "uuid": "f8117fb1-ef6d-4278-b0ed-5e19314faeb6", "value": "updatewifis.dyndns-wiki.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975807", "to_ids": true, "type": "hostname", "uuid": "652a32cf-2bc0-4874-9875-cc1d5c4356c5", "value": "updauganda.waldennetworks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975828", "to_ids": true, "type": "hostname", "uuid": "d77538ca-aea0-47d0-b248-de8b3cfaa39c", "value": "updawn4you.net84.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975849", "to_ids": true, "type": "hostname", "uuid": "6334b7bf-f6ac-4871-ad34-053977ba45cb", "value": "upgrade77.steadywebs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975871", "to_ids": true, "type": "hostname", "uuid": "e5aca6a1-8906-4544-88ef-5c54a18343d0", "value": "video.humorme.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975892", "to_ids": true, "type": "domain", "uuid": "f0ab9ef1-4fd7-41dd-b566-4407ccd06783", "value": "voicemailz.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975913", "to_ids": true, "type": "hostname", "uuid": "5663f352-b0aa-4ed2-88c5-b7f3f749fa13", "value": "wein.isgreat.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975934", "to_ids": true, "type": "domain", "uuid": "58a8bd7d-520e-4fe4-b9ed-d868d6b4ea0e", "value": "windowservices.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975955", "to_ids": true, "type": "hostname", "uuid": "5ce92b47-a433-4075-9349-bf1ee9bbf42b", "value": "world.issuetoday.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975976", "to_ids": true, "type": "hostname", "uuid": "d8979ded-b1f6-4ef5-9496-9e8df326284d", "value": "world.uktimesnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740975997", "to_ids": true, "type": "hostname", "uuid": "b97e66ce-07cd-4f65-8c5a-e04f8c5b8189", "value": "wowhome.byethost8.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976019", "to_ids": true, "type": "hostname", "uuid": "4ed70c11-a711-4ba3-b6a5-4de3d7a047b1", "value": "ww42.200gigs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976040", "to_ids": true, "type": "hostname", "uuid": "f3d63153-1ac9-4eba-9b07-c1facbd43706", "value": "www.appfreetools.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976061", "to_ids": true, "type": "hostname", "uuid": "267b5a92-ff65-42cb-9693-a0253fbe9e70", "value": "www.digitalimagestudy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976082", "to_ids": true, "type": "hostname", "uuid": "8e183b5b-8b48-4a54-97f0-aeb3e5ff5ad0", "value": "www.imggoogle.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976104", "to_ids": true, "type": "hostname", "uuid": "98e88069-fde3-48e9-a99d-4587485a188a", "value": "www.info-cache.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976125", "to_ids": true, "type": "hostname", "uuid": "a1d5ac46-fb3f-4ac8-9d03-7b84622be657", "value": "www.mobilitysvc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976146", "to_ids": true, "type": "hostname", "uuid": "41315cf7-d2a7-4bcd-9036-8440f0c10c1f", "value": "www.neosilba.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976167", "to_ids": true, "type": "hostname", "uuid": "a6d01ae9-901d-423b-b80d-c58c6e032f05", "value": "www.newsupdates.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976188", "to_ids": true, "type": "hostname", "uuid": "3369271a-d09a-46e2-b55e-5a916ccd81c0", "value": "www.serveblog.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976209", "to_ids": true, "type": "hostname", "uuid": "af41b290-dfb5-478c-9624-ee9f9c76a74b", "value": "www.singlehost.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976231", "to_ids": true, "type": "hostname", "uuid": "bb9274f3-c3d1-4d4a-89e7-754a9b0035c9", "value": "www.smartnewup.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976252", "to_ids": true, "type": "hostname", "uuid": "40a9fe8f-7fef-41a3-840d-8c7a67db4f15", "value": "www.sqlengine.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976273", "to_ids": true, "type": "hostname", "uuid": "7aeb8faf-0b23-4a06-b3d7-d7dbc0bb37f4", "value": "www.strangled.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976294", "to_ids": true, "type": "hostname", "uuid": "f9b9ae71-e39d-48f3-929d-672ed6bc259f", "value": "www.universalonline.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976315", "to_ids": true, "type": "hostname", "uuid": "e8125fca-4e3a-4e69-aaf6-debf29205df9", "value": "www.win7smartupdate.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976337", "to_ids": true, "type": "domain", "uuid": "2fc4af81-dc07-401a-8602-1f36c786d563", "value": "yahooservice.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976358", "to_ids": true, "type": "hostname", "uuid": "186a56d6-aa13-4e26-bca7-360f35c31ecb", "value": "yellowleos.phpnet.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Command and Control", "deleted": false, "disable_correlation": false, "timestamp": "1740976379", "to_ids": true, "type": "domain", "uuid": "3eb315e1-7d80-4609-ad21-50ca6c43fe5b", "value": "ypiz.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Other", "comment": "Interesting Bank Negara Cert related to this intrusion report", "deleted": false, "disable_correlation": false, "timestamp": "1740320708", "to_ids": false, "type": "text", "uuid": "322ce064-6c1e-49b1-a232-c5977ffbffce", "value": "Certificate:\r\nData:\r\nVersion: 3 (0x2)\r\nSerial Number: 2674380 (0x28cecc)\r\nSignature Algorithm: sha1WithRSAEncryption\r\nIssuer: C=MY, O=Digicert Sdn. Bhd., OU=457608K,\r\nCN=Digisign Server ID (Enrich)\r\nValidity\r\nNot Before: Dec 7 08:02:08 2009 GMT\r\nNot After : Dec 7 08:02:08 2010 GMT\r\nSubject: C=MY, O=BANK NEGARA MALAYSIA, OU=BANK NEGARA\r\nMALAYSIA, CN=payments.bnm.gov.my\r\nSubject Public Key Info:\r\nPublic Key Algorithm: rsaEncryption\r\nPublicKey: (512 bit)\r\nModulus:\r\n00:a0:c6:99:f0:88:9a:1c:ee:f7:22:72:5e:bc:1f:\r\n02:40:68:f6:95:54:36:75:56:b3:31:0b:0c:54:c3:\r\n46:e9:39:ec:62:b4:83:61:2d:b1:ab:42:3b:a2:4f:\r\n4b:98:bb:6c:37:a8:3d:98:26:c8:2d:5f:75:86:3f:\r\nb4:39:be:41:53 \r\nExponent: 65537 (0x10001)\r\nX509v3 extensions:\r\nX509v3 Subject Key Identifier:\r\n42:65:56:13:70:34:D0:63\r\nX509v3 Certificate Policies:\r\nPolicy: 2.16.458.1.1\r\nCPS: http://www.digicert.com.my/cps.htm\r\nX509v3 Authority Key Identifier:\r\nkeyid:C6:16:93:4E:16:17:EC:16:AE:8C:94:76:F3:86:6D:C\r\n5:74:6E:84:77\r\nX509v3 Key Usage:\r\nDigital Signature, Non Repudiation, Key\r\nEncipherment, Data Encipherment\r\nSignature Algorithm: sha1WithRSAEncryption\r\naa:32:37:ce:26:23:14:3e:dc:33:77:a6:bb:df:8d:f1:27:b1:\r\n64:05:b3:9b:a3:5c:d7:63:e7:7b:bd:63:a4:a1:61:7c:d0:3c:\r\n1e:c5:e6:a2:a9:01:6f:36:4a:44:de:50:f3:a0:53:d0:39:56:\r\na8:b5:05:d0:24:42:b8:2e:d3:98:f3:0a:1a:94:29:73:eb:d2:\r\n38:9b:a0:9f:9e:39:2d:52:10:57:4e:12:8e:72:2a:e3:87:80:\r\nf8:f2:16:5d:56:15:cc:ea:74:96:f4:ef:d1:2e:1b:70:f9:bb:\r\nba:b9:2a:b1:4c:3d:38:51:10:e0:4e:8d:53:05:6b:88:a1:77:\r\nab:a0\r\nBEGIN CERTIFICATE\r\nMIICizCCAfSgAwIBAgIDKM7MMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAk1Z\r\nMRswGQYDVQQKExJEaWdpY2VydCBTZG4uIEJoZC4xETAPBgNVBAsTCDQ1NzYwOC1L\r\nMSQwIgYDVQQDExtEaWdpc2lnbiBTZXJ2ZXIgSUQgKEVucmljaCkwHhcNMDkxMjA3\r\nMDgwMjA4WhcNMTAxMjA3MDgwMjA4WjBpMQswCQYDVQQGEwJNWTEdMBsGA1UEChMU\r\nQkFOSyBORUdBUkEgTUFMQVlTSUExHTAbBgNVBAsTFEJBTksgTkVHQVJBIE1BTEFZ\r\nU0lBMRwwGgYDVQQDExNwYXltZW50cy5ibm0uZ292Lm15MFwwDQYJKoZIhvcNAQEB\r\nBQADSwAwSAJBAKDGmfCImhzu9yJyXrwfAkBo9pVUNnVWszELDFTDRuk57GK0g2Et\r\nsatCO6JPS5i7bDeoPZgmyC1fdYY/tDm+QVMCAwEAAaOBijCBhzARBgNVHQ4ECgQI\r\nQmVWE3A00GMwRAYDVR0gBD0wOzA5BgVgg0oBATAwMC4GCCsGAQUFBwIBFiJodHRw\r\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS5teS9jcHMuaHRtMB8GA1UdIwQYMBaAFMYWk04W\r\nF+wWroyUdvOGbcV0boR3MAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQCq\r\nMjfOJiMUPtwzd6a7343xJ7FkBbObo1zXY+d7vWOkoWF80DwexeaiqQFvNkpE3lDz\r\noFPQOVaotQXQJEK4LtOY8woalClz69I4m6CfnjktUhBXThKOcirjh4D48hZdVhXM\r\n6nSW9O/RLhtw+bu6uSqxTD04URDgTo1TBWuIoXeroA==\r\nEND CERTIFICATE" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976401", "uuid": "3d421138-160f-4ac2-bbef-055e50b3d93c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976401", "to_ids": true, "type": "md5", "uuid": "5a3ae687-a621-4d49-b75a-379a60619120", "value": "000c907d39924de62b5891f8d0e03116", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828802", "to_ids": true, "type": "sha1", "uuid": "aa7f15c7-9b7c-414b-9bbd-f1a3f870bca9", "value": "75a3cbc4f032fdacb958332acb4591712be907f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828802", "to_ids": true, "type": "sha256", "uuid": "f5a902fa-90b0-4bf9-9697-85958189d0c1", "value": "f37940a7b52fad1b54a96abc767cb329d9bcd4bafc7bfa9a5e07b0aaeb8ebff1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740820840", "to_ids": true, "type": "ssdeep", "uuid": "afc67917-6518-4aa8-9c48-24b4fcbc1608", "value": "49152:XQ7gjIa1730U9XaO+/gzUJz1uGejmcLnJxhc0vQLzLyjE+qeWXIzk5Hmbwh9ezMp:XQ7gjIa1730U9XaO+/gzUJz1uGejmcLc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740820840", "to_ids": false, "type": "size-in-bytes", "uuid": "46df18be-c06c-474e-945e-12f313f0c682", "value": "1869352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740820840", "to_ids": true, "type": "vhash", "uuid": "4e91fcea-542a-4d99-9296-7adbdda74891", "value": "016056655d151f5az3fnz8fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740820840", "to_ids": true, "type": "filename", "uuid": "09a02403-17ad-4492-b281-2886152a63d9", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740820840", "to_ids": false, "type": "text", "uuid": "212b3f4f-5286-42e3-8cbe-8e52edb691bd", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.D\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976423", "uuid": "6607d2fb-e47b-4624-a939-64451db9d503", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976423", "to_ids": true, "type": "md5", "uuid": "8a411437-aedb-4cbb-a7bd-e3e9b4682fc1", "value": "00ca5c0558dc9eba1a8a4dd639e74899", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828803", "to_ids": true, "type": "sha1", "uuid": "3747c6c3-9eda-44dc-b386-1bbe205b1ac2", "value": "442696cd1515fb8d5ba807c8fe07ba6bb0ca8571", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828803", "to_ids": true, "type": "sha256", "uuid": "48e23486-6721-4446-bd1f-5e7dfd02380b", "value": "111b2d2640987ed7e36d198f19db33d757e041bd47b76ea6a375f1c8aea50740", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740820862", "to_ids": true, "type": "ssdeep", "uuid": "33a17c44-3622-45f5-8330-cf3570c93a98", "value": "384:6ZrqxhJTZi2LyQC4u5lcqkHzVXml4oobydaa8TWppSIawBmp9Du5J6VU+oEglzlZ:sqxhJT/u5WqkHzrwp8Edajp9DyJwFglX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740820862", "to_ids": false, "type": "size-in-bytes", "uuid": "1cc921fd-fb08-4339-87eb-5e1fa80ac9e8", "value": "35112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740820862", "to_ids": true, "type": "vhash", "uuid": "1c3bf7a4-6e68-4574-9925-d03ef4f5b0b1", "value": "034036655d1038z39nzdfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740820862", "to_ids": true, "type": "filename", "uuid": "0bec445a-0d16-4f10-a014-a149eed95cff", "value": "KernelMode.info_111b2d2640987ed7e36d198f19db33d757e041bd47b76ea6a375f1c8aea50740.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740820862", "to_ids": false, "type": "text", "uuid": "c4b80614-b19f-4a0f-a9b0-0cd0ff4b9056", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.J\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976444", "uuid": "ec6f20c3-cccb-4d7f-a18d-1a5031f7752e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976444", "to_ids": true, "type": "md5", "uuid": "0a3fe6b1-abc1-4e6e-928d-7e979d953338", "value": "0183bac55ebfad2850a360d6cd93d941", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828804", "to_ids": true, "type": "sha1", "uuid": "de236657-4656-452d-9339-a417a57489bf", "value": "1305948cd5247793ab79d28c0be08fcc1b3978e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828804", "to_ids": true, "type": "sha256", "uuid": "30f284db-4238-4786-b26c-04d1d4c03e68", "value": "e9a09290906bfc57e81a367f3c25c65d86eec525e50eea5a06bce31068ba29d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740820883", "to_ids": true, "type": "ssdeep", "uuid": "c7b88214-a8b2-4454-8e67-204ac1357b55", "value": "1536:zt/U8w8wXDc3e5Dh6/kVkeoUv2W9UJ6zBh5WKEOw9nFsuUr7ukW538fRzgp:ztFw8wzBh6/WBUJ0T5mLUryk+8fWp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740820883", "to_ids": false, "type": "size-in-bytes", "uuid": "33ef21cc-33bc-4e46-9ba0-7682d9d59dc0", "value": "112184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740820883", "to_ids": true, "type": "vhash", "uuid": "fb2481da-8d70-4cf8-afa8-8d88cb261cd7", "value": "015056655d151510a02031z800487z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740820883", "to_ids": true, "type": "filename", "uuid": "ea0388cc-9fab-4398-9272-13131666ed08", "value": "KernelMode.info_e9a09290906bfc57e81a367f3c25c65d86eec525e50eea5a06bce31068ba29d6.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740820883", "to_ids": false, "type": "text", "uuid": "5c4db8da-a105-4d2c-990e-20eec4daaf89", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976465", "uuid": "fb3500c3-fc92-41e8-9e4e-439b0c926b6d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976465", "to_ids": true, "type": "md5", "uuid": "ea3e0ee6-52ae-47e3-8326-f152ff17fceb", "value": "0396f7af9842dc5c8c0df1a44c01068c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828805", "to_ids": true, "type": "sha1", "uuid": "508345b8-6ac5-47de-9587-8d287ca1235f", "value": "c45dafebb22401e438832a838d6c28adf489a0cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828805", "to_ids": true, "type": "sha256", "uuid": "ae330c96-ab33-4ad4-b642-2c3c727c6a73", "value": "9f7b81e8479c09024e29ce4683a70a1a3f448631e694426c9cb4900bd67913c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740820904", "to_ids": true, "type": "ssdeep", "uuid": "9c734412-d5e4-4746-99f3-5aca417735ce", "value": "1536:+t/U8w8wXDc3e5Dh6/kVkeoUv2W9UJ6zBh5WKEOw9nFsuUr7ukW538fZGK:+tFw8wzBh6/WBUJ0T5mLUryk+8fAK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740820904", "to_ids": false, "type": "size-in-bytes", "uuid": "24bb8c4b-80d0-477d-bd6b-f805b044c8f5", "value": "107190" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740820904", "to_ids": true, "type": "vhash", "uuid": "77b7032b-657f-41c2-a9bf-2c0d7e683c0a", "value": "015056655d151510a02031z800487z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740820904", "to_ids": true, "type": "filename", "uuid": "651cf5af-bf64-4373-bc10-dc47b5ada313", "value": "VirusShare_0396f7af9842dc5c8c0df1a44c01068c" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740820904", "to_ids": false, "type": "text", "uuid": "91e021f3-9586-41fc-b53f-67c110f74f82", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976487", "uuid": "45861dfc-605d-4489-ad96-e3402d5ce156", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976487", "to_ids": true, "type": "md5", "uuid": "0caaf7b2-6f63-4c86-81ef-7d0d21e4cbb0", "value": "03a611a8c2f84e26c7b089d3f1640687", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828806", "to_ids": true, "type": "sha1", "uuid": "bc1a246a-4105-4dfc-b054-7807b6a7852f", "value": "8c4d8bfb6940647ff03f990271eb1de86545e8ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828807", "to_ids": true, "type": "sha256", "uuid": "386ed10c-471b-43a7-bae6-d7430bff8439", "value": "e9820ccf83d85d5042b1769d1c1d73181894f432025cb683b10183c4751db115", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740820926", "to_ids": true, "type": "ssdeep", "uuid": "fbc0888a-e9eb-4361-b4c0-28bc6301f6d5", "value": "6144:EPWbIVKuWLQnvMt+pDBs2o3e9Pr2H3eETWO:EuNaUt+g2oOIBiO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740820926", "to_ids": false, "type": "size-in-bytes", "uuid": "6d1926ed-f8c4-47ec-b97c-2dd0d25370ab", "value": "315392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740820926", "to_ids": true, "type": "vhash", "uuid": "62314ead-d3dc-41da-9ccc-9226e72f6ac4", "value": "035046651d157az4iz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740820926", "to_ids": true, "type": "filename", "uuid": "4fb550c3-e7ea-4e14-8f54-0f39136c5502", "value": "~De302E.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740820926", "to_ids": false, "type": "text", "uuid": "79cc1db8-f815-44a3-8d14-77f2cd7bf5af", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:63/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976508", "uuid": "c747993c-c5c6-43a1-a003-b145b1d434e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976508", "to_ids": true, "type": "md5", "uuid": "f5d09763-3d8b-4e22-9731-2fcfede450e1", "value": "03d35ef3fdf353fe4dc65f3d11137172", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828808", "to_ids": true, "type": "sha1", "uuid": "7e22983c-c359-48aa-828d-c688b1e38fbc", "value": "ed083c37c38b5c5db789409ff083649ddc7cd998", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828808", "to_ids": true, "type": "sha256", "uuid": "9a604a82-6e5d-4e15-b5a4-0a2661f5a076", "value": "47a9bd47efbb3ae928f8dd43b567145b5b60f3513122f346ade42939f323b1c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740820948", "to_ids": true, "type": "ssdeep", "uuid": "e4ae4adf-0e79-4cf7-8c0a-8bd0e9ebafe5", "value": "384:Sdg2ntCgLxAD/rkGbpz/eVwwP1MKIYvXh19R:V2Fyjtbx/eVwwGZYv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740820948", "to_ids": false, "type": "size-in-bytes", "uuid": "a8c21678-82e8-4296-96f9-b16130c4dec9", "value": "24576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740820948", "to_ids": true, "type": "vhash", "uuid": "ef6d362c-71bb-4b56-ac42-dd0770f4aefa", "value": "024036651d1089zf24hz21z31z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740820948", "to_ids": true, "type": "filename", "uuid": "3c39d841-7ac7-4bb2-b4ea-98d9631de546", "value": "KernelMode.info_47a9bd47efbb3ae928f8dd43b567145b5b60f3513122f346ade42939f323b1c5.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740820948", "to_ids": false, "type": "text", "uuid": "cafe9247-01ef-44e7-baa0-a5c2189ed027", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976530", "uuid": "9e8411f9-cfa1-4762-9f4b-bd89f692544f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976530", "to_ids": true, "type": "md5", "uuid": "b40b1189-afd3-4efd-81bd-1b40c7aa7352", "value": "043d308bfda76e35122567cf933e1b2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828809", "to_ids": true, "type": "sha1", "uuid": "26e53410-2b66-4ac7-8846-98bee8e290e7", "value": "0d941f58d554a9970e50adb353193ea3525f9c8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828809", "to_ids": true, "type": "sha256", "uuid": "ecb92028-94e1-4867-ac7f-60c39e248400", "value": "2db8a9c401911c7317e8a89c35d979d0e8e9ba718ae13a0a0cfedd957654ec10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740820969", "to_ids": true, "type": "ssdeep", "uuid": "3b17647c-4cd7-4a23-8c7e-2d057f18547b", "value": "6144:iMIiwuHaiRm/pArfD31+JdQIsXnrgQyG57piAilu27Vgz8A:dwuH8eDEmjbgpGDizLuz8A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740820969", "to_ids": false, "type": "size-in-bytes", "uuid": "512c9bd5-c6e7-4ce4-a139-bd74f8c21a7d", "value": "357344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740820969", "to_ids": true, "type": "vhash", "uuid": "c1a8dc7b-5dba-4887-afc0-8996d6c3059e", "value": "035046655d1571001010018007d7z27z12z5gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740820969", "to_ids": true, "type": "filename", "uuid": "33227a77-9253-4945-9e80-32ba01b5da24", "value": "winint32.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740820969", "to_ids": false, "type": "text", "uuid": "434415c0-3eab-4dc6-b706-2b4d942d008f", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:39/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976551", "uuid": "05c19497-3a43-4a8a-8027-e12c775df825", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976551", "to_ids": true, "type": "md5", "uuid": "148e5bae-ec4e-4287-a9be-00bc3a4c22ed", "value": "04461ee7c724b6805820df79e343aa49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828810", "to_ids": true, "type": "sha1", "uuid": "7f6bcc67-62ef-44e7-a76c-13672eb8ad52", "value": "dd315a00a37dbad7465dafb6bd70dd34a389e908", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828810", "to_ids": true, "type": "sha256", "uuid": "55aa64b8-4033-4a8b-93bb-218540212e19", "value": "f47508db8224c783dc4b078a7c15ed1c9b46a0cde80314fd75ff07237597e313", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740820991", "to_ids": true, "type": "ssdeep", "uuid": "215a18fb-3864-49fd-90cc-c962e9024a62", "value": "768:zNLYon10FLTn6D6pSXq1rhPb0lns4vByEHzhHknIMAWV8:zNl0FLT6D+SoOltvByE5knI1WV8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740820991", "to_ids": false, "type": "size-in-bytes", "uuid": "31ea38eb-c028-4627-bd35-c4e11164cf76", "value": "57344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740820991", "to_ids": true, "type": "vhash", "uuid": "36f87694-ba49-4be6-9d12-62d09b87d46c", "value": "054036651d1az3bbz3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740820991", "to_ids": true, "type": "filename", "uuid": "97a6569e-6efd-48c1-8150-f21db0fdcd4b", "value": "igfxext.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740820991", "to_ids": false, "type": "text", "uuid": "2324558b-2773-4e9f-b506-2fbe2f6b36a8", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Vindor!pz\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976572", "uuid": "521422dd-819b-4232-a2ee-8baee1e3eb10", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976572", "to_ids": true, "type": "md5", "uuid": "46b79573-6c2f-4f97-b6be-d9669141694a", "value": "05059c5a5e388e36eed09a9f8093db92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828812", "to_ids": true, "type": "sha1", "uuid": "24262f34-de27-46a4-b646-a1223133087a", "value": "6886a65a0f7ac4072a151c20312fbe0707db5fc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828812", "to_ids": true, "type": "sha256", "uuid": "498b9039-194d-4896-84d9-1e9233b59cdf", "value": "e8aa2f98fe34a9be82fd0ac4c71eaefd42593d2d1491eb998c32b1da2eeb6ee1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821012", "to_ids": true, "type": "ssdeep", "uuid": "1d4bfc2d-4c41-4bef-a4f5-8f1664645ca6", "value": "384:+vsq2yRavaHISOSzaYK5hockyk+rE6QR+Lxto/xkPD8Yp:+vh2yRMRSOSz3K5hoPykD6QRG8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821012", "to_ids": false, "type": "size-in-bytes", "uuid": "85379a16-caf8-4d39-a90f-2448caa8624f", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821012", "to_ids": true, "type": "vhash", "uuid": "736c0d29-bc63-455b-98d3-4db28bafd28d", "value": "034046551d1510a8z12269z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821012", "to_ids": true, "type": "filename", "uuid": "4d8334aa-0607-4ddb-9348-d25b997791fb", "value": "KernelMode.info_e8aa2f98fe34a9be82fd0ac4c71eaefd42593d2d1491eb998c32b1da2eeb6ee1.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821012", "to_ids": false, "type": "text", "uuid": "452acb7c-a48d-465c-83ab-051e0657847f", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:67/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976593", "uuid": "7a86a475-bf1f-4d1c-ab3a-f3062077ea67", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976593", "to_ids": true, "type": "md5", "uuid": "d5d8b857-35b2-44e2-8852-68a520aea589", "value": "061e3d50125dc78c86302b7cfa7e4935", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828813", "to_ids": true, "type": "sha1", "uuid": "761c2935-c072-4fbd-9a41-1271e8ad46e9", "value": "9436162993833660daee892d1c1b419d44925b23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828813", "to_ids": true, "type": "sha256", "uuid": "30ca2ab1-3c0e-4c7b-a6fc-e1ec9ab924e2", "value": "88b900d76a02b8c72e806f090df7d9d8efaf19ff92075a4590ca7ee07c0d5d5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821033", "to_ids": true, "type": "ssdeep", "uuid": "d776d1df-4a29-49c3-b509-c171ea6015bc", "value": "6144:4bjn8+ARlNZxMVC6e6sZVdLH2OWCaYrdF27VTw4ozI1KHlp6DIYIcCZcQNs:4/8+ARlD6VhPsZVdLHFWCagdF27VTw4j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821033", "to_ids": false, "type": "size-in-bytes", "uuid": "47b0f867-f88e-43b1-bde6-6448bac35ef7", "value": "208896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821033", "to_ids": true, "type": "vhash", "uuid": "a239084d-8d04-4fbc-856f-53be7eb788e9", "value": "025046151d551059z912fz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821033", "to_ids": true, "type": "filename", "uuid": "e196ceb6-44c0-45e8-be32-adac5f93bea0", "value": "load.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821033", "to_ids": false, "type": "text", "uuid": "9e6f0ad6-7087-4f9b-a9f7-ef8d74710607", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Riberow.A\nVT Total Detection:63/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976614", "uuid": "64fe03e4-f771-4624-a394-a80b07a73fec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976614", "to_ids": true, "type": "md5", "uuid": "0356c057-5f55-42d5-8d90-0daa600705e2", "value": "06206fe97fed0f338fd02cb39ed63174", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828814", "to_ids": true, "type": "sha1", "uuid": "56e2d221-f210-4b99-9ecf-09a886e5dfd0", "value": "24620848450863c080a386d1fee2524b84cd6b46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828814", "to_ids": true, "type": "sha256", "uuid": "b2641f30-3167-406e-9ea6-7ebeb07b91f3", "value": "2e835c7496fb4fc1c53665ef89fffdcbcc8dc49bea0baecc5b8496006ea601bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821055", "to_ids": true, "type": "ssdeep", "uuid": "87b47423-19c7-4afd-b7e9-70b2c6f7d2fe", "value": "6144:7MiF7es10dzq+/VkBjUJhkl6FWBPQ0FwWVXRpdcJAP0tOQ+:7HF7T05HhJh+6uo0FDbmf+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821055", "to_ids": false, "type": "size-in-bytes", "uuid": "b799c80b-1b97-4e6c-97dd-5708080b17c9", "value": "322440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821055", "to_ids": true, "type": "vhash", "uuid": "23da1dd5-986f-46c1-83d9-7c3d7d12a193", "value": "135046655d1510f4z16003e499z43z1011ze1z802055zb7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821055", "to_ids": true, "type": "filename", "uuid": "063c68c3-a04f-4e13-9bea-e1ef6f4cd049", "value": "KernelMode.info_2e835c7496fb4fc1c53665ef89fffdcbcc8dc49bea0baecc5b8496006ea601bb.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821055", "to_ids": false, "type": "text", "uuid": "2d620105-8e4a-4e1b-9ee4-55226d3933ef", "value": "Type Description: Win32 DLL\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976635", "uuid": "68248c34-2263-41d8-a638-b2c0059ddc10", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976635", "to_ids": true, "type": "md5", "uuid": "d23ad457-768f-4061-8a2f-23c8719dad78", "value": "08a41624e624d8fb26eeed7a3b1f5009", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828815", "to_ids": true, "type": "sha1", "uuid": "956dc493-0298-40f9-b730-fc7bc8d2bd77", "value": "314e5545fce1fd1787367216e2ac51c38b24baeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828816", "to_ids": true, "type": "sha256", "uuid": "ba72511e-8f85-4827-9d60-6b56b4ab2fa5", "value": "43735fc143c20b157ea2a0854dc5a6acc5bb939ffe0281f2d95c26c1c0a2f8a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821076", "to_ids": true, "type": "ssdeep", "uuid": "cefd3eda-af04-4ba0-8929-784f0390a9ea", "value": "1536:wgYPhQXwIiPrrjThO+lUBrzCxry1ec7rUyj239aum1U3zs9ms:LYP2XerzhOUxu/XUtauE8zsks" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821076", "to_ids": false, "type": "size-in-bytes", "uuid": "5c38734f-3a2b-4b50-9caf-73507197ae88", "value": "97911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821076", "to_ids": true, "type": "vhash", "uuid": "2ac0bb4a-c712-49db-ba13-37495a9c4296", "value": "094056655d151550a01031z800497z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821076", "to_ids": true, "type": "filename", "uuid": "84282bc2-5a45-4684-bf48-a0b782a8bca0", "value": "KernelMode.info_43735fc143c20b157ea2a0854dc5a6acc5bb939ffe0281f2d95c26c1c0a2f8a7.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821076", "to_ids": false, "type": "text", "uuid": "83c7b1d6-d7bf-4e5e-9163-62f90a89ab8b", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:57/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976656", "uuid": "9109d1e9-59bb-4fe6-b63d-2624447020ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976656", "to_ids": true, "type": "md5", "uuid": "f3b45261-a556-4cd7-996e-23d9827500d9", "value": "08b04d6ef94d2764bfafd1457eb0d2a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828817", "to_ids": true, "type": "sha1", "uuid": "91037250-5042-4163-8ee4-8debbd9e119e", "value": "42973e51b315d0d40a76730d33b529385856d594", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828817", "to_ids": true, "type": "sha256", "uuid": "29512ce3-aa5a-4cd0-9255-99dc59b3b8c8", "value": "da7f9bab52597e36d5b90881a7acc4f2b92b5addff24bf0e350a446c51a600a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821097", "to_ids": true, "type": "ssdeep", "uuid": "27aafcb1-996a-4b52-a1ea-4d63fd7a7cd9", "value": "12288:SJ/ochxzdJTbrgrVg8AjRamsTodi+ZRE2CaclZ3zeLLIg:SJ/o8TTgrVgazEdi+ZWKSZ3Gp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821097", "to_ids": false, "type": "size-in-bytes", "uuid": "7bdcd116-57b7-4f4a-ae53-628d30e6363f", "value": "406984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821097", "to_ids": true, "type": "vhash", "uuid": "52f85416-d047-4424-a508-c61ff575d7ed", "value": "045056655d151510a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821097", "to_ids": true, "type": "filename", "uuid": "2d34076c-9239-4af6-a64c-10fea3e7a6d5", "value": "first.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821097", "to_ids": false, "type": "text", "uuid": "bb806f29-252b-4e1a-ad09-426b4d70f340", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976677", "uuid": "812ef0b5-435e-48da-b288-79fd051e183c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976677", "to_ids": true, "type": "md5", "uuid": "23c14eb7-5e98-4e4e-ae36-88201b369943", "value": "09e7b0ecd5530b8e87190dee0f362e13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828818", "to_ids": true, "type": "sha1", "uuid": "d2ce1e87-a5c4-4b6e-97ce-384c850fcfb3", "value": "0e659a9755ce4a25a55d81d635f8ee99b8e2d7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828818", "to_ids": true, "type": "sha256", "uuid": "8d3a820e-64fb-49fc-bd4a-c9707a516d74", "value": "09d4d544930ba5e98e18f55d0cc36440d8b683ccac48884325e06fc22fa8be68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821160", "to_ids": true, "type": "ssdeep", "uuid": "257c4a22-a010-4119-835c-401e4d0ecd4a", "value": "384:YgTyfYbmzM377Nw/wrkGbpaSulVbP14xIYUtpLt9R:fyfYbd75w/wtbsSulVb2yYUt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821160", "to_ids": false, "type": "size-in-bytes", "uuid": "8b9f4ab4-4e5b-4b50-98f7-ccb390b88b21", "value": "24576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821160", "to_ids": true, "type": "vhash", "uuid": "5799650b-a88b-46a8-bb98-8311a70dc77a", "value": "024036551d1069zc249z35z11z31z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821160", "to_ids": true, "type": "filename", "uuid": "2a5c77ec-605e-421e-84eb-d178a404db87", "value": "igfxext.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821160", "to_ids": false, "type": "text", "uuid": "4b246210-fd1a-4eb2-8ba0-b285e7774ff2", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Nemim.gen!A\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976699", "uuid": "3c40f0e9-9530-4de3-a08f-56e8f79ffaf4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976699", "to_ids": true, "type": "md5", "uuid": "43225430-3fa9-4980-82bd-ae92d0c277d3", "value": "0bd1677c0691c8a3c7327bf93b0a9e59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828819", "to_ids": true, "type": "sha1", "uuid": "fe62b790-ec73-4055-9a6d-324556131968", "value": "5406aceadc3555cdb3e3760c94019189b32245b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828819", "to_ids": true, "type": "sha256", "uuid": "47d7e5d0-bd8b-427e-9595-77c7145fd839", "value": "94dfa93843f6ed3eab479de62d345cadfe2e99e7175dc065f5e57098dae2e792", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821182", "to_ids": true, "type": "ssdeep", "uuid": "fd01c509-bdf0-46d8-b4bf-18f1c5cb31e9", "value": "192:odpaY5I5K9OpF+fhR8gUNDou2s1sjvFI8iNUoyn6cMXBqy:8paYy5u+YiTNEaeFI8iaIcMX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821182", "to_ids": false, "type": "size-in-bytes", "uuid": "5a61b21f-af4b-433f-b039-9abe5aa66483", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821182", "to_ids": true, "type": "vhash", "uuid": "c0259a24-d0d9-4d25-99c4-c4637c168fe7", "value": "024036151d1058z11229z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821182", "to_ids": true, "type": "filename", "uuid": "c2394553-d045-4cdd-ac6e-4b4b716ac2ec", "value": "VirusShare_0bd1677c0691c8a3c7327bf93b0a9e59" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821182", "to_ids": false, "type": "text", "uuid": "0c2d8e4a-4377-49a1-9e29-67b136ba9c88", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976720", "uuid": "61db52de-ff43-47b9-a1d1-65cb053b1eeb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976720", "to_ids": true, "type": "md5", "uuid": "753389fa-789c-447b-b2c1-9873ca652337", "value": "0bfbd26a1a6e3349606d37a8ece04627", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828820", "to_ids": true, "type": "sha1", "uuid": "511c34d7-e794-4846-ba67-8e3d7b149e8e", "value": "8fb79e7a98be7e0f2ec3be773b60cd44e2db70e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828820", "to_ids": true, "type": "sha256", "uuid": "65afe969-f3a3-4488-bb46-95b5ea4627df", "value": "a72279889ad0e2c5754bd47ed58550c07543e2360e01dc8209476eaec031cf2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821203", "to_ids": true, "type": "ssdeep", "uuid": "91d456b7-64f9-4666-8c4a-a9bba72b7297", "value": "192:Fm2aN4JYW3L/V6RBNDNJWJP1oynsCNnWklmh4pjWM:04mKEDN61REm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821203", "to_ids": false, "type": "size-in-bytes", "uuid": "d7b395ea-7a27-4469-963a-f6997dd54666", "value": "19336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821203", "to_ids": true, "type": "vhash", "uuid": "2d1b0eeb-5d22-473d-a28a-97e348308e5b", "value": "014036551d1079z91a9z33z1011z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821203", "to_ids": true, "type": "filename", "uuid": "68090f51-1267-4291-8a3c-4c9fbe38c848", "value": "adobepatch.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821203", "to_ids": false, "type": "text", "uuid": "2a4b71c5-0799-4b02-baf5-102792af40b6", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.F\nVT Total Detection:59/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976741", "uuid": "30101100-3fbd-4f88-aa09-a9b3b5a24c35", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976741", "to_ids": true, "type": "md5", "uuid": "09524a1c-514b-492d-8f34-07377b571779", "value": "0bfc8e7fa0b026a8bf51bbea3d766890", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828821", "to_ids": true, "type": "sha1", "uuid": "799b4e63-ebc1-4521-9a31-80fd558649a0", "value": "80277aa12244d6c4d707f3ddfbcc34493cc9b428", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828822", "to_ids": true, "type": "sha256", "uuid": "e484f143-0a30-4113-9d9f-1395a7ee35cc", "value": "067a43ed319859460d531c7947018673ca6745ae376f1f2f2ca7e26a7acf821f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821224", "to_ids": true, "type": "ssdeep", "uuid": "4e413e18-6ae5-457a-9083-4ab33620d38b", "value": "192:sY8THfEO38ZzviiDg5XRDqbIljQuLtQmtJ+5p8OIebNnWOQwLdgrA4A6z:kw+CiH5lVljQktQmDKgYc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821224", "to_ids": false, "type": "size-in-bytes", "uuid": "3be3110b-ad4c-4ef4-bfea-1c0aeebf3bef", "value": "12056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821224", "to_ids": true, "type": "vhash", "uuid": "584bf8a7-d03c-4735-a527-e2fe50c6b478", "value": "01405e651d1e5559z26z27xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821224", "to_ids": true, "type": "filename", "uuid": "39fdc1a1-b116-417d-ae58-957b0b7d0c10", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821224", "to_ids": false, "type": "text", "uuid": "b251354f-c482-4604-89d2-ee5240721bff", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976762", "uuid": "43e18d5a-d0d7-4f5b-87e0-79c0bd574beb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976762", "to_ids": true, "type": "md5", "uuid": "e677566c-edfc-4827-818e-902f7c175323", "value": "0d75157d3f7fbf13264df3f8a18b3905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828823", "to_ids": true, "type": "sha1", "uuid": "ae594f4a-549a-4dcb-abf4-4551cb5c2446", "value": "9e0c524057c359a3e550da79dd4cda8d0d3f1d3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828823", "to_ids": true, "type": "sha256", "uuid": "6450ca4e-cdc2-4b88-877a-9c94566c4e74", "value": "8407c9d6116d300bea75eb15b7b20c9646b6372428f083ab0e6814ecd9a5deb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821267", "to_ids": true, "type": "ssdeep", "uuid": "767571af-e5ec-4fe6-bcb9-9ef1ab04df28", "value": "192:iZMAbFR+FcCMRUoIdd44WXaBXaxBFI8DNUoyn6cMXBvnZ:wM6odXqFI8DaIcMX9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821267", "to_ids": false, "type": "size-in-bytes", "uuid": "2c7aa46e-4187-4b76-9d80-f25db924298e", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821267", "to_ids": true, "type": "vhash", "uuid": "d0e76f67-9727-4ad1-8664-38c9f4639648", "value": "024036551d1058z111f9z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821267", "to_ids": true, "type": "filename", "uuid": "547c215c-3be5-46d7-9a5e-616e24f1ebfd", "value": "KernelMode.info_8407c9d6116d300bea75eb15b7b20c9646b6372428f083ab0e6814ecd9a5deb2.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821267", "to_ids": false, "type": "text", "uuid": "414fc160-490e-433c-8103-755ec94a1b80", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.H\nVT Total Detection:63/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976783", "uuid": "45dea919-785e-4696-abe1-6115c51b6e4c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976783", "to_ids": true, "type": "md5", "uuid": "f0278390-f02b-41db-b2f1-0beb2eb20f88", "value": "0fe3daf9e8b69255e592c8af97d24649", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828824", "to_ids": true, "type": "sha1", "uuid": "41224b00-a46b-4fdc-9933-5d7142036f41", "value": "b99e326aaa27d55b1433f816cdab975d4a4d38c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828824", "to_ids": true, "type": "sha256", "uuid": "a916b2df-444c-4553-b84b-e4e7019ca4ac", "value": "6d562c472bcef1217c3122f4e0930a23a8516b36940d25c999adfa8da80ebbf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821288", "to_ids": true, "type": "ssdeep", "uuid": "0c26d372-7b04-425f-822e-f8185379147d", "value": "3072:dUJcyuegO99AbAI0XCWWJDpaKwrukjaWBvctnTLD6PgPx7msJl/B57Ac:McBgAbZBDpZwS1Nx7mQB5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821288", "to_ids": false, "type": "size-in-bytes", "uuid": "6d54656e-3754-43f0-8e52-1e4c0c47b279", "value": "225280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821288", "to_ids": true, "type": "vhash", "uuid": "f69968d8-1d97-416e-baa8-ffdb16165500", "value": "025046655d1510601010027007a7zf095z102007d1z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821288", "to_ids": true, "type": "filename", "uuid": "6d3ab16f-d724-441e-acd2-681558f36837", "value": "acroedit.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821288", "to_ids": false, "type": "text", "uuid": "45e5f608-e81b-44dc-ae4e-3b48161667ee", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976805", "uuid": "67fde1a2-4195-4281-b294-b8fba544f55e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976805", "to_ids": true, "type": "md5", "uuid": "16bbfe5e-2c9f-49a6-a906-89a2e28205a7", "value": "101244381e0590adecf5f2b18d1b6042", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828825", "to_ids": true, "type": "sha1", "uuid": "04683876-9ff5-4f5b-aedc-ee0d80471822", "value": "6841881e4ce3e9cd7ea7fa81aa3b669c6192b3b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828825", "to_ids": true, "type": "sha256", "uuid": "9dce2d08-f817-4f8a-93b5-7280e43fdc33", "value": "d9a64222883854a0809cbabc2958f9522de1ce5230766e0710bdb09eb1b70770", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821310", "to_ids": true, "type": "ssdeep", "uuid": "df69ff63-55ce-4caa-9ba4-c09b367a5768", "value": "384:GrrMGbptbk6YoGendZY9yEE6YYGLxT/xkPD8Yp:GrFbLJYIndZWyv6YYy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821310", "to_ids": false, "type": "size-in-bytes", "uuid": "3f344230-e5a1-41ee-842e-7cb4c89f5ea5", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821310", "to_ids": true, "type": "vhash", "uuid": "27ff6cd8-1e13-4764-b707-05952a417463", "value": "034046651d151068z102az33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821310", "to_ids": true, "type": "filename", "uuid": "e6cdb84c-f5c3-4634-87f3-e97ca1df58c2", "value": "automngr.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821310", "to_ids": false, "type": "text", "uuid": "409686df-1bd2-45c2-b182-438774071596", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976826", "uuid": "61dc3b12-f912-48ca-9c52-10a2f26ef73c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976826", "to_ids": true, "type": "md5", "uuid": "6cd8e104-bf9d-462c-b2d6-22e0d6dd4034", "value": "11e85a6e127802204561b6996d4224b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828826", "to_ids": true, "type": "sha1", "uuid": "c35181ad-40b9-4608-a129-73212c5dc9c6", "value": "4f4bf011fd225484a7fb3f8aeec80753b853d898", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828827", "to_ids": true, "type": "sha256", "uuid": "6fedaa91-d436-4d88-83bf-956acd8bdac3", "value": "aa61c2e0420d4821aeb9a1288bc855c3d8c936e64e8c5e736debbba01e51a219", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821331", "to_ids": true, "type": "ssdeep", "uuid": "d595a9e0-c790-4508-9127-162088ee1519", "value": "384:hHzSsNxR+OMS/UgDQOPnxb9bY/oq3KDVg:hTSaxRN/Vlnx1rq3KDW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821331", "to_ids": false, "type": "size-in-bytes", "uuid": "b6c81109-6a65-431e-b932-022688fb447d", "value": "23432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821331", "to_ids": true, "type": "vhash", "uuid": "6adf27c5-e3b4-462d-b6af-a6d8282f4d55", "value": "024036551d1088z161d9z35z11z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821331", "to_ids": true, "type": "filename", "uuid": "b78e176d-f2d8-4341-a238-8256815cfda3", "value": "11E85A6E127802204561B6996D4224B6.sample" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821331", "to_ids": false, "type": "text", "uuid": "44d94cf8-7113-41a5-acbf-e1c941092f68", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Roficor.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976847", "uuid": "c1cb7872-7d95-4f10-968b-1ac64431f042", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976847", "to_ids": true, "type": "md5", "uuid": "d973c91e-7e80-4afa-973e-6e8de7197cb5", "value": "121a9ea93f3ed16a1b191187b16b7592", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828828", "to_ids": true, "type": "sha1", "uuid": "96f4d7f4-0ad6-49da-ac89-91745fbd1453", "value": "937a1c07e1c4c99ae1d0244360a9ce0db1da33db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828828", "to_ids": true, "type": "sha256", "uuid": "4e1def7c-b89d-43cb-acf3-8bff208a1df3", "value": "a754eec020d6561fd81387e4efe21a3085e972be64f8a9380cdf96a94952873a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821352", "to_ids": true, "type": "ssdeep", "uuid": "cc20cdc6-8f7a-4b58-bd96-7e7605911894", "value": "1536:Znr1gVja+m1NJ5RM0cmYW5B492P4iq2JX2:hr16um0PO2Jm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821352", "to_ids": false, "type": "size-in-bytes", "uuid": "4b40a823-8b45-4e9f-9c3c-c16005dddf23", "value": "60120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821352", "to_ids": true, "type": "vhash", "uuid": "9ec9c10d-e1ca-417f-963d-cdd6df81b0de", "value": "164046651d155az1d1csz150b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821352", "to_ids": true, "type": "filename", "uuid": "fb6d4647-f192-4929-8075-d31ea19d9d61", "value": "detect.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821352", "to_ids": false, "type": "text", "uuid": "d3d54383-f9fa-40d6-984b-3bbee2e0be36", "value": "Type Description: Win32 DLL\n\nMicrosoft: TrojanProxy:Win32/Roficor.A\nVT Total Detection:57/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976869", "uuid": "e9bc10d6-0463-48a1-9c13-9bdb8580e32c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976869", "to_ids": true, "type": "md5", "uuid": "5aa7c422-b629-4e6a-90fa-a7a6980eb74f", "value": "12b88e36170472413a49ae71b1ac9a33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828829", "to_ids": true, "type": "sha1", "uuid": "b7b6cb4a-5301-44c2-81b8-c4cc5ead3cb2", "value": "ec250d2fb7169496a6236e90a27cdaf5279bd594", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828830", "to_ids": true, "type": "sha256", "uuid": "4df8ed12-5094-4f61-a205-f57fa38642e0", "value": "f14fdcad36ae519139aef52e796ff1eacec38db30bbe93dd6b4bfa2d928d1738", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821373", "to_ids": true, "type": "ssdeep", "uuid": "297b7190-b669-49f0-993a-a6dfc7907514", "value": "49152:S0HWZ8gQf1bhGgLl5YTWtUcQY2ZgM303RhUST0ovaM86GXETMdwOyjz16:SJZ8gQf1bhnTYT/cQHZgM303RhjV86GM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821373", "to_ids": false, "type": "size-in-bytes", "uuid": "495f1a9e-3b32-4e62-b824-5549bd5667d2", "value": "2236416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821373", "to_ids": true, "type": "vhash", "uuid": "393d0698-26ac-471a-ba12-9a704b58c13a", "value": "026056655d656550c0201006100a7z210e5za0700e2z8019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821373", "to_ids": true, "type": "filename", "uuid": "9fbce35c-2b7a-4f16-af0b-cd25f978bb4c", "value": "Catch.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821373", "to_ids": false, "type": "text", "uuid": "08463fc3-6a89-4230-b4b7-636d87a3e551", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.D\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976890", "uuid": "c7bcc0fe-d3bc-4232-86fa-54681d17f7e5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976890", "to_ids": true, "type": "md5", "uuid": "3dd29c39-5985-48ad-a10a-706928c2df96", "value": "12df4869b3a885d71c8e871f1a1b0fde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828831", "to_ids": true, "type": "sha1", "uuid": "e06fde66-71ae-438d-8ce9-d75a42ae3e22", "value": "b0a354a1ab28710b278d9ba1c29119593f648166", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828831", "to_ids": true, "type": "sha256", "uuid": "c53dee8f-287e-492c-b9e5-813a12a476d4", "value": "39514ebac4feec4eab0a385c99ada3b52f7c460d87a8b990f01ac90506928fa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821395", "to_ids": true, "type": "ssdeep", "uuid": "0c8ddc6a-1761-4180-af78-e493a8bc96bf", "value": "6144:K2hRLsCTw+mYcDePGAxqN3Lx3X+ujfOPrkZB:K2hRYCMVYcyP1qNNxLODWB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821395", "to_ids": false, "type": "size-in-bytes", "uuid": "456ec8b6-cd03-4a60-b0ab-623c0a9141a9", "value": "241664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821395", "to_ids": true, "type": "vhash", "uuid": "8b2546e6-95f4-497c-bb0e-f7fb7184bf87", "value": "025046551d157az3ehz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821395", "to_ids": true, "type": "filename", "uuid": "03b724d7-ae40-411d-abd4-f7cee726cccd", "value": "~De2836.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821395", "to_ids": false, "type": "text", "uuid": "c526b251-e335-4998-951d-3736ef62416c", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976911", "uuid": "e23275a3-aaa7-4e67-b0e8-67c84d2017ef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976911", "to_ids": true, "type": "md5", "uuid": "4dc3c3da-f063-4e3d-a079-1b6cc7e7c6a3", "value": "1300244219cb756df01536692edebdbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828832", "to_ids": true, "type": "sha1", "uuid": "a97c7f05-75f5-463e-994f-d0e668870292", "value": "d59122c0b5ad7957509b7fe0dfe65853e407c809", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828833", "to_ids": true, "type": "sha256", "uuid": "92a7d4ad-ecdf-499b-8b2e-cddcefe1ba0e", "value": "70c91ab469092ba56bd050a1e1d3f03a76ee8273b43f96233ac5519f989eefad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821416", "to_ids": true, "type": "ssdeep", "uuid": "a641efeb-5af4-45ac-b7ff-d61199fcfa59", "value": "1536:rm/DkeWjbDEH+UTaTQO93dQ1/9lj3qKjRg:ykeWjCOHKFlj3qKdg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821416", "to_ids": false, "type": "size-in-bytes", "uuid": "3eba54c8-681e-4f38-9e33-23f56d445c28", "value": "59816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821416", "to_ids": true, "type": "vhash", "uuid": "753198f7-23b6-47b3-902d-c51a16835f4e", "value": "054036655d1078z48hz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821416", "to_ids": true, "type": "filename", "uuid": "03065471-70a5-4bf7-8d99-f8391b7f5c05", "value": "70c91ab469092ba56bd050a1e1d3f03a76ee8273b43f96233ac5519f989eefad.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821416", "to_ids": false, "type": "text", "uuid": "e631b23b-df77-478c-a375-1ecffcd17801", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.B\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976932", "uuid": "116165dd-7d43-47ab-b31a-5ebfda98b14c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976932", "to_ids": true, "type": "md5", "uuid": "ff7e351d-d312-4095-9a85-44ae9e71baad", "value": "131c5f8e98605f9d8074ca02fd1b9c34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828834", "to_ids": true, "type": "sha1", "uuid": "18438e37-04b9-4d4d-99a3-458da91a2ab9", "value": "1cff25bcd38b389436e66a357d90f27589ae21cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828834", "to_ids": true, "type": "sha256", "uuid": "f1115dfc-1743-484f-a7cc-680823385111", "value": "2381ef2fce6e8fa52e2f7717c893576f362c0cc54cc0ffa343a3902feead7784", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821437", "to_ids": true, "type": "ssdeep", "uuid": "0b8c7eaf-eb87-47ba-a9f5-0bea3881ca94", "value": "3072:RhHrC+oLYhOE/zdJTbrYpXUJ8/evPiJsW1K2N1mFQ17QL04:RNr/ochd/zdJTbrQUu/+6JV1zQ4QL04" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821437", "to_ids": false, "type": "size-in-bytes", "uuid": "12da6380-e34b-4559-892a-bb686ff21fa3", "value": "148608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821437", "to_ids": true, "type": "vhash", "uuid": "48ea6735-5f77-4bf2-b1ac-b46ef2c6f2c8", "value": "015056655d151550a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821437", "to_ids": true, "type": "filename", "uuid": "b8133bb5-99f1-49c1-b74e-13ba1f1642e5", "value": "KernelMode.info_2381ef2fce6e8fa52e2f7717c893576f362c0cc54cc0ffa343a3902feead7784.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821437", "to_ids": false, "type": "text", "uuid": "33851124-b761-4e3c-84ec-4b49c9362f50", "value": "Type Description: Win32 EXE\n\nMicrosoft: VirTool:Win32/Injector.DZ\nVT Total Detection:55/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976953", "uuid": "34592b99-b669-41ac-95bd-3d34d84f865d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976953", "to_ids": true, "type": "md5", "uuid": "30dcf355-3f47-4d53-8642-ab846b5abba5", "value": "131c625a92dc721c5d4dae3fb65591fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828835", "to_ids": true, "type": "sha1", "uuid": "13b36819-3eeb-44ce-90ba-05b5abce8bcd", "value": "4cd9a63ff7e50b7bb52cbcc1dc07115fef806c8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828835", "to_ids": true, "type": "sha256", "uuid": "2d6dd64c-4fef-498e-95a2-8127624ba2d3", "value": "d55f64be74e8ca9e775ddbc5553937f90473722319397359dd73d794cad284f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821458", "to_ids": true, "type": "ssdeep", "uuid": "8a234168-7716-4cda-83f9-463c46dea207", "value": "384:DE9yzDhYTpz6Qz8X8DBJvsaLICMi4IWm3cmWpUbs3sSshuXAEWpovAoBBeAy:DE9yWpv8MtJvXn7qo6s5dOoLV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821458", "to_ids": false, "type": "size-in-bytes", "uuid": "2b20fb18-45a6-4e3c-a994-d028ce1a8ec3", "value": "266240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821458", "to_ids": true, "type": "vhash", "uuid": "dd59c731-323c-498e-bfc0-8a6474302235", "value": "125056551d15151068z140cfz13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821458", "to_ids": true, "type": "filename", "uuid": "5250b476-21ef-4664-9fc8-70d6c379966c", "value": "DLL.DLL" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821458", "to_ids": false, "type": "text", "uuid": "b148ebe9-d855-4fd0-9c58-87b5d782fb1f", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Pabosp\nVT Total Detection:53/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976974", "uuid": "880a5525-618a-4983-9bbb-da2afaa39523", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976974", "to_ids": true, "type": "md5", "uuid": "502328a2-c0d1-442c-8b4a-f6e92f1e3b7a", "value": "140b27db7d156d6a63281e1f6fc6075d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828837", "to_ids": true, "type": "sha1", "uuid": "46893413-808b-462f-992c-5dc6e14c301a", "value": "1ccf74cbc164eab0f07da29e87cbb09dbcad7300", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828837", "to_ids": true, "type": "sha256", "uuid": "a3430d56-65f4-4bd4-b3a3-6f92c8f99de7", "value": "1ec2e4d02a89277afc0ee35d2d72009a5dbe96f88e1bc70bbfb3a9224478b7d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821480", "to_ids": true, "type": "ssdeep", "uuid": "c18af1d3-bf41-4ffb-a254-9d10257ea072", "value": "384:dtBq2VRavUo0eLLoL63rlcZyEE6QYOLxT/xkPD8Yp:dtQ2VRu6aK63rlmyv6QYa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821480", "to_ids": false, "type": "size-in-bytes", "uuid": "979806af-240b-4fd4-8cce-6bda5c3847eb", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821480", "to_ids": true, "type": "vhash", "uuid": "db029add-abcd-4f67-8613-7f7bf6409486", "value": "034046551d151068z10259z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821480", "to_ids": true, "type": "filename", "uuid": "ce4e78ac-eee2-4807-b211-be9a0592d5b0", "value": "KernelMode.info_1ec2e4d02a89277afc0ee35d2d72009a5dbe96f88e1bc70bbfb3a9224478b7d5.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821480", "to_ids": false, "type": "text", "uuid": "b24e14b1-debd-41c2-bd57-fc227cf8b84b", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740976995", "uuid": "988a5ce2-258d-4cf6-b9a6-1cbcdc33de08", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740976995", "to_ids": true, "type": "md5", "uuid": "50da9446-e794-401b-9545-58a4e08671d7", "value": "15097b11e3898cb0be995e44a79431f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828838", "to_ids": true, "type": "sha1", "uuid": "1c9b829e-b3e7-4cae-9499-8bd05dbe1b0c", "value": "a6c141c38b44644fa0bad0df169e00ef1e8b4162", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828838", "to_ids": true, "type": "sha256", "uuid": "cfc681d2-aa46-4dfd-be2c-312ea5ffe990", "value": "d94693192be45aef92ac2d729029312e1c2f5b2559df7c8ed21e2d794880045e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821501", "to_ids": true, "type": "ssdeep", "uuid": "886d98f5-69f4-4779-abd1-83cd8af3e5b6", "value": "192:nfmlYpP9bITpOL2doDW9lEOgyk2RG0UoynBAimP1yPyDKSNnWnSkyxA:nOlSMkLTDWsOgyk2RGxvAimdyAMSpO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821501", "to_ids": false, "type": "size-in-bytes", "uuid": "3c007936-4a1b-4142-bebf-c45a8a7def2c", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821501", "to_ids": true, "type": "vhash", "uuid": "82da9b5c-8b6f-420f-98de-6e581b0f6066", "value": "024036551d1058z111chz11z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821501", "to_ids": true, "type": "filename", "uuid": "34d9a967-02e6-40c2-aa80-92bc8b56a2c1", "value": "googletoolbar.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821501", "to_ids": false, "type": "text", "uuid": "6656e469-7c95-409d-aeca-408c51fd4a28", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Roficor.A\nVT Total Detection:57/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977016", "uuid": "e6b484e1-f86a-4271-9370-c5c230d65004", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977016", "to_ids": true, "type": "md5", "uuid": "c4e623e7-d693-4a3e-9105-ee1c02812f8f", "value": "151115ddf1cd4b474a9106cfebcb82e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828839", "to_ids": true, "type": "sha1", "uuid": "9984ac24-8cf3-4f48-83ee-73217b388914", "value": "4ce1a6de82a07b0b2ac21039e81cc0bc5b32e476", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828839", "to_ids": true, "type": "sha256", "uuid": "789d1911-3be0-4d26-abb1-6221a7fdb9de", "value": "72b03c78a4f95df6b63b9ee865b250225e95b7bc16bd079f2d9ce4ab4166b710", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821522", "to_ids": true, "type": "ssdeep", "uuid": "ffa421ed-ac4d-4ea7-85fb-f9c6e03ae501", "value": "6144:mFOfcBJMpQfaU7FE7PbVGJ+pujZGNyI99rRnD:U6cipkaHleoNyWvD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821522", "to_ids": false, "type": "size-in-bytes", "uuid": "6e114ab1-6990-4f4d-bfdd-546cd7330b75", "value": "197056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821522", "to_ids": true, "type": "vhash", "uuid": "bc512dc5-17f1-42ef-868f-210cd9e0e893", "value": "015056655d15751088z68hz1011zc1z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821522", "to_ids": true, "type": "filename", "uuid": "595bfb33-012a-498b-9471-a282cd9510af", "value": "Windows Service" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821523", "to_ids": false, "type": "text", "uuid": "48692f4d-e7a7-4a59-a55a-8cff380fcc06", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Ypdl.B\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977037", "uuid": "c7ce990b-1604-4a13-a191-a7dfd7191712", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977037", "to_ids": true, "type": "md5", "uuid": "e9c217d5-e25f-415c-840c-8f2ad1d8d768", "value": "16139ce9025274a388a4281fef65049e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828840", "to_ids": true, "type": "sha1", "uuid": "726fcf6d-9414-4cd0-8315-bed5819dbc9a", "value": "6fb4721fa96cd7604e85335a4373e7b52b572904", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828841", "to_ids": true, "type": "sha256", "uuid": "be20a530-77c0-4632-93f8-19b36fffd6be", "value": "38f1e3b2fa64fb1cead2e022521998a1fb89416973d60e5492e589a99d92a13e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821544", "to_ids": true, "type": "ssdeep", "uuid": "84ad1a17-e5de-4ec4-959b-20843f838899", "value": "3072:xhHrC+oLYhOE/zdJTbrYpXU1KPMS/AjjX2t1j0h:xNr/ochd/zdJTbrQU1+l4+6h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821544", "to_ids": false, "type": "size-in-bytes", "uuid": "a21365ba-1a68-43e6-9c98-209bc5e96a62", "value": "152328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821544", "to_ids": true, "type": "vhash", "uuid": "246a592f-6bdd-486a-9df7-172bc5f83109", "value": "015056655d151510a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821544", "to_ids": true, "type": "filename", "uuid": "d1a0b85b-71f6-49a5-b343-b8e6058532de", "value": "6fb4721fa96cd7604e85335a4373e7b52b572904.codex" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821544", "to_ids": false, "type": "text", "uuid": "6a804749-15df-4b35-a4a6-ebbf66433e44", "value": "Type Description: Win32 EXE\n\nMicrosoft: VirTool:Win32/Injector.DZ\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977058", "uuid": "d0ffa7f1-d4af-445d-b751-1f42f91547ac", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977058", "to_ids": true, "type": "md5", "uuid": "43ed3555-60f2-4b18-8c8a-40b8fc40aaea", "value": "16e378d5f0a15fbd521b087c0951a2ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828842", "to_ids": true, "type": "sha1", "uuid": "58520e92-cb8f-4768-8193-c2ea30f07bd1", "value": "09b3a1e9dd664496a2f81a1c894ad728a6914639", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828842", "to_ids": true, "type": "sha256", "uuid": "1e702f3d-a5a4-4d64-96ed-6129cb740631", "value": "7b3b2e430cc41ab9df9526009b246adb0f1de75a680753f79819e284d0e73f6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821565", "to_ids": true, "type": "ssdeep", "uuid": "0112c793-2234-45e1-9417-836a94588144", "value": "3072:HhHrC+oLYhOE/zdJTbrYpXUJ8/er7m7J7IzIo9d89R70hA:HNr/ochd/zdJTbrQUu/aiV7uIo9O/702" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821565", "to_ids": false, "type": "size-in-bytes", "uuid": "298256fe-e739-4f35-bd43-fa281478033e", "value": "159806" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821565", "to_ids": true, "type": "vhash", "uuid": "ee8d1286-e2b8-4646-860d-c8aea89d201f", "value": "015056655d151550a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821565", "to_ids": true, "type": "filename", "uuid": "dd385b4b-6759-4769-be4d-2e531c1554ef", "value": "0023" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821565", "to_ids": false, "type": "text", "uuid": "5267dfb4-f85f-4f44-8e0d-580736dd5f5a", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977079", "uuid": "b368d3be-f6ac-4bcd-9d13-c7f29f046cae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977079", "to_ids": true, "type": "md5", "uuid": "d03fccad-e9ca-4d24-aa38-8e03ee7f9481", "value": "173abb95e39f03415cd95b76e8a2f58f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828843", "to_ids": true, "type": "sha1", "uuid": "2f7c4919-20a3-4824-b807-6cea8920efc3", "value": "616dd8a5d7cf4d177c07e35350c283f319b94e46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828843", "to_ids": true, "type": "sha256", "uuid": "ad7ac5c6-36d3-4363-84e4-62358a1ff02f", "value": "5d68baec02a763560b033dac409a5265db018ec84524a8057a5b7fe5cba6244b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821586", "to_ids": true, "type": "ssdeep", "uuid": "9303e424-65df-4c81-b111-ac8afe0e6687", "value": "3072:HhHrC+oLYhOE/zdJTbrYpXU1KP3M9YR9VZjjX2tnZBL9:HNr/ochd/zdJTbrQU1+oYRd+nvh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821586", "to_ids": false, "type": "size-in-bytes", "uuid": "06da89c0-70a5-4ef2-b622-da9793e18976", "value": "152344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821586", "to_ids": true, "type": "vhash", "uuid": "a81a4d8e-e3b4-465f-83f9-256cc72d50bc", "value": "015056655d151510a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821586", "to_ids": true, "type": "filename", "uuid": "24530bd7-3993-48f5-b487-fb66ddb56c6a", "value": "KernelMode.info_5d68baec02a763560b033dac409a5265db018ec84524a8057a5b7fe5cba6244b.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821586", "to_ids": false, "type": "text", "uuid": "2339b878-70a7-40b7-b879-cea3060e2ba7", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanProxy:Win32/Roficor.A\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977100", "uuid": "16efa501-b4af-4285-89db-a103b182dd66", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977100", "to_ids": true, "type": "md5", "uuid": "e10cf62c-a55a-46f4-98d6-6065f3b91d04", "value": "1743dafa776677e232d20506858d9a4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828844", "to_ids": true, "type": "sha1", "uuid": "95ddbc8a-1f35-40c2-8b1b-e250bb3fd542", "value": "06b024fa4d9e3ceffae43893b2e10db68c5e1987", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828844", "to_ids": true, "type": "sha256", "uuid": "1833e52d-3b5b-47fb-983f-ddba1dc43709", "value": "95137f72b13f139e44c91df2173ea1b77db900d2721f3ba1e719ff6013e503ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821608", "to_ids": true, "type": "ssdeep", "uuid": "957cc33e-9a3f-466b-a725-ccc2b5a47290", "value": "384:m3Wq26RztqufiXC/hgudDOKckyC8rE6AGZLxto/xkPD8Yp:m3P26Rwyz/hgud6KPyCt6AGp8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821608", "to_ids": false, "type": "size-in-bytes", "uuid": "765f2eec-5634-46a1-8de8-4187dc5841eb", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821608", "to_ids": true, "type": "vhash", "uuid": "ae5e6edc-f87c-4f28-b81c-add8fd0af6a4", "value": "034046551d151098z11269z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821608", "to_ids": true, "type": "filename", "uuid": "2c8c1dda-b4a6-4709-bad0-35fc1ea750ad", "value": "0017" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821608", "to_ids": false, "type": "text", "uuid": "81c8b21d-90ae-4594-81ae-4def6818cbe1", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:61/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977121", "uuid": "3c34634b-b095-4198-8e0d-0fb367ff65d7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977121", "to_ids": true, "type": "md5", "uuid": "d4bab88e-0060-40da-8891-f0563534bfed", "value": "175aa0d1bdebfa60de29b90ab2c62189", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828845", "to_ids": true, "type": "sha1", "uuid": "8c3a01c0-e3fb-4475-b115-0c81844e9002", "value": "9ef1a2d168aa688a5106d5705db5253ac6db73f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828846", "to_ids": true, "type": "sha256", "uuid": "4b9032e8-6de4-4ba7-b772-165ec25088ee", "value": "0a812976b9412ed28aee3ac3de57873fafe1ddfa0e6b9026078017b810d1b24e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821629", "to_ids": true, "type": "ssdeep", "uuid": "74705c5e-d6ca-47e1-b2cb-ec860f6ae922", "value": "3072:f4FhHMuwtas6jXVzbT4dODB7/iNmQgUo5ake8K/LdE:gnsuwtasAlbkdIiXb8K/hE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821629", "to_ids": false, "type": "size-in-bytes", "uuid": "f099ada8-c842-4eaf-9c1d-b3e3070e4a78", "value": "160736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821629", "to_ids": true, "type": "vhash", "uuid": "dbf3917b-5e9c-4477-a444-296276c7c0d2", "value": "115056651d15155110101001800857z27z12z531zb1zb6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821629", "to_ids": true, "type": "filename", "uuid": "80108d74-1392-4103-aeec-385f27c0e435", "value": "0a812976b9412ed2_actmove.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821629", "to_ids": false, "type": "text", "uuid": "6b164cde-2378-4230-a8de-14ca8a545630", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977143", "uuid": "1c24bbbc-36eb-46c3-b607-6048aea077ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977143", "to_ids": true, "type": "md5", "uuid": "279baf53-e647-4547-ade9-b074428b79fe", "value": "178f7fe2d3a2bda46c0e78f679ca5a62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828847", "to_ids": true, "type": "sha1", "uuid": "493d4ca5-a264-4dcb-b2f5-618f8c10e60e", "value": "ea756f4971e5023419d715b46bd918844aea99d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828847", "to_ids": true, "type": "sha256", "uuid": "f153b879-6a0f-4a03-8d92-026debcf4cdf", "value": "07a5ab1f93de63752d63388251bfbfb747fc0886635968b7eb4b0e14c10f6a0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821650", "to_ids": true, "type": "ssdeep", "uuid": "5d24954c-4fcc-44b3-96db-5052fb25a996", "value": "384:A9YFObUEMZpSDZTcdq2xRNF4V07ugCIauQiLt:AimDZTc02xRNF4V071RauQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821650", "to_ids": false, "type": "size-in-bytes", "uuid": "bf56a9de-62cb-42d9-9766-111bbde40f19", "value": "24576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821650", "to_ids": true, "type": "vhash", "uuid": "243c18ee-d20e-4a98-a894-bf753782df96", "value": "024036551d1088z102a9z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821650", "to_ids": true, "type": "filename", "uuid": "ec66af3c-361f-4e03-bbcc-ae1bb9e51181", "value": "KernelMode.info_07a5ab1f93de63752d63388251bfbfb747fc0886635968b7eb4b0e14c10f6a0f.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821650", "to_ids": false, "type": "text", "uuid": "da287d13-f74b-4adb-b7ec-7784e13404a0", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977164", "uuid": "ae1fe3b4-13e8-46aa-965b-e6bc55080a50", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977164", "to_ids": true, "type": "md5", "uuid": "6737a313-7aa5-4dc0-8a0c-4d9c0371d9a1", "value": "18527b303c0afe91f5ae86d34b52eb29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828848", "to_ids": true, "type": "sha1", "uuid": "2d1b8218-0c7c-4009-82c0-e23300c196d7", "value": "5d724d2b0a92cdbccc06d568a9c6eacb2902b573", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828848", "to_ids": true, "type": "sha256", "uuid": "db6a3b8d-c7ab-45e4-aed3-40d82368a047", "value": "e804e7eb921ca09660da2d530125122f370d679f25b4e1e6b2224cd0a6d71f19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821672", "to_ids": true, "type": "ssdeep", "uuid": "2346d57b-d3d0-419e-a083-00d0822d1340", "value": "6144:vMiF7es10dzq+/VkBjUJhkl6FWBPQ0FVWVXRpscJAP0:vHF7T05HhJh+6uo0FCb1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821672", "to_ids": false, "type": "size-in-bytes", "uuid": "b1a5bc93-dc5f-4a89-bdf2-b72b0def2f83", "value": "319488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821672", "to_ids": true, "type": "vhash", "uuid": "1485be67-010b-499f-803a-fb9c8ff5302d", "value": "135046655d1510f4z16003e499z43z1011ze1z802055zb7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821672", "to_ids": true, "type": "filename", "uuid": "e000f52f-34d5-4046-b213-4493465b66d3", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821672", "to_ids": false, "type": "text", "uuid": "7bac8ef8-7d7b-49af-b195-3103fc7cd0df", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Agent.CAF\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977185", "uuid": "91b7a015-43e4-4602-a5c3-95e785a7bd49", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977185", "to_ids": true, "type": "md5", "uuid": "bd9c2497-20fb-48fa-ba24-35e5e07786c1", "value": "1971ee25847d246116835c7157cf7f89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828849", "to_ids": true, "type": "sha1", "uuid": "fe7f2f9c-a6f9-4176-b642-af23dea80619", "value": "b00fa08c86dba7d4065018e7234b850d2a541799", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828849", "to_ids": true, "type": "sha256", "uuid": "cf61e8fe-ca5f-46d5-a01b-b695ccbddd7a", "value": "de4ff8901766e8fc89e8443f8732394618bf925ce29b6a8aafe1d60f496e7f0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821693", "to_ids": true, "type": "ssdeep", "uuid": "acc20fe7-769e-4ab7-b784-732297742885", "value": "6144:2cXCTndBQb2kT3VMxkubkRjHG5IaXXgffqY67YzbbmGPXHlcbQX:4TndJkxMRkRiiaXXGSYqYDmGPIQX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821693", "to_ids": false, "type": "size-in-bytes", "uuid": "3ee199e3-da9d-4003-a74b-3ef9afd86ded", "value": "357344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821693", "to_ids": true, "type": "vhash", "uuid": "1e123148-cc1a-4e08-8da0-b7bc508dc64c", "value": "035046655d1570e0101001800817z17z12z5gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821693", "to_ids": true, "type": "filename", "uuid": "1d40c13d-e16d-4953-a480-8d2bfb81b893", "value": "wincfg.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821693", "to_ids": false, "type": "text", "uuid": "52b52f43-1f53-4dd3-95ab-920a016bc989", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:MSIL/Cryptor\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977207", "uuid": "0f603c61-264d-4143-9d39-cd3f4812f25e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977207", "to_ids": true, "type": "md5", "uuid": "853745be-8082-4c0b-b69c-5997a331a216", "value": "1b0c2c6c19404112306a78ecf366f90b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828850", "to_ids": true, "type": "sha1", "uuid": "fc0116bd-a533-4fe4-944b-e38c47a5532a", "value": "a268e84f79d8f5477bf1fa4ffe851eca27d5984b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828851", "to_ids": true, "type": "sha256", "uuid": "f864c1e5-b977-435b-aa18-607be86b6306", "value": "ebef6368fa75b156e86a5f5d9b735535644cf2b0c654b5ea3c3d379d0d903fb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821736", "to_ids": true, "type": "ssdeep", "uuid": "7296b9db-274b-44e6-b7e9-ad4e0e463835", "value": "384:QCRhtPqQqVxSli1ikkiIeNrwGbpeG3kCFV3u6mI8ZsjLtA:T9CHVyiIeN5bgG3kCFV3T98Zs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821736", "to_ids": false, "type": "size-in-bytes", "uuid": "c8ce6ab9-c76c-4bd4-9a8e-0833ab5b933f", "value": "16384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821736", "to_ids": true, "type": "vhash", "uuid": "efc59e44-3ed2-442c-aa31-e060f7dd56dc", "value": "014036655d1069zf23hz11z31z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821736", "to_ids": true, "type": "filename", "uuid": "076a1531-6a95-4e1b-a2dc-701e6fe808b7", "value": "KernelMode.info_ebef6368fa75b156e86a5f5d9b735535644cf2b0c654b5ea3c3d379d0d903fb0.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821736", "to_ids": false, "type": "text", "uuid": "14657400-b283-498f-ae15-dc3dc96ee910", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977228", "uuid": "6f265e69-1a49-48cb-91aa-585c1c5bccde", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977228", "to_ids": true, "type": "md5", "uuid": "67255816-784a-4cf3-ba70-b1808d979e7c", "value": "1ec49ae6d535bfb3789d498f4fd0224f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828852", "to_ids": true, "type": "sha1", "uuid": "86784be8-c2c0-4b52-9bc8-f933efec38ef", "value": "80c609720d1c3696a5e3b7343d2722772a4bab51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828852", "to_ids": true, "type": "sha256", "uuid": "8d810472-4651-48dd-94a9-bcccd2ab9155", "value": "5f23a3442fa4515ebba8e24f2254b52b3e4b000f12843a4f612da65de38db1de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821757", "to_ids": true, "type": "ssdeep", "uuid": "5c8b6d21-f667-48cf-9310-f19bdee0f8f6", "value": "12288:cmq4hxhQQtqBotsyed7zfOoNhyG5yW9NN9dSf:cjO8BotsfVfxp1Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821757", "to_ids": false, "type": "size-in-bytes", "uuid": "01536127-e2b5-42fd-878b-08ebe512f93a", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821757", "to_ids": true, "type": "vhash", "uuid": "4de93458-e083-4e84-9d8d-a6d6634d82d0", "value": "045046655d157az56hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821757", "to_ids": true, "type": "filename", "uuid": "7d56077d-743d-4d01-8c57-f626953ab0b4", "value": "~DF450B.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821757", "to_ids": false, "type": "text", "uuid": "3df93572-e69e-4ac1-953f-ab7285ee6ce5", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:65/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977249", "uuid": "7de3821e-f5a4-483e-9649-5927800cfac0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977249", "to_ids": true, "type": "md5", "uuid": "dc9d646a-ed71-4774-a4c8-57b0005e1e29", "value": "1ee6676e122fcd22e80b6ae0dc40c979", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828853", "to_ids": true, "type": "sha1", "uuid": "d3209b31-c67a-46c3-9933-62ba150f3c68", "value": "f758ed50bd65f36d52f4552fc2581d55a1ed9a68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828853", "to_ids": true, "type": "sha256", "uuid": "29469d42-ae0d-4482-8fca-651b491b553c", "value": "6102993eb00bd97832b74fd802b486abb7cb43712eccfe14c904413483c6df7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821779", "to_ids": true, "type": "ssdeep", "uuid": "274a46be-f311-4010-9294-8d0bf8628527", "value": "6144:Ou2urzh9xu/XkauxCVXBvM0XwSSrHYTN0W6uqQAvA50sjOusmk7WJ3Dx/cr3I0I5:Outrzh9xOXkkBBvMwwrSMUlkY3dW3lQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821779", "to_ids": false, "type": "size-in-bytes", "uuid": "c8c33bad-cd48-43d8-a5e3-eac2cac71cc6", "value": "322664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821779", "to_ids": true, "type": "vhash", "uuid": "dfa92511-7727-49f4-851a-c7f03927f0f4", "value": "035056655d151510a01031z800497z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821779", "to_ids": true, "type": "filename", "uuid": "b2fc23d0-0dad-49a9-b8e1-d2c436540f01", "value": "KernelMode.info_6102993eb00bd97832b74fd802b486abb7cb43712eccfe14c904413483c6df7f.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821779", "to_ids": false, "type": "text", "uuid": "4c4f9764-64db-49e3-97f6-70d2f9569179", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Agent.CAF\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977270", "uuid": "0db01eba-e1d5-4792-8c63-591beca51696", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977270", "to_ids": true, "type": "md5", "uuid": "6d949c79-d38a-4e66-b941-1c37c2823ed4", "value": "1ef21e634f9779280710e87ff17a83af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828854", "to_ids": true, "type": "sha1", "uuid": "be350af2-c658-452f-b013-9e8a09182afd", "value": "5e868de3ba743865dae56d1949ff7decec495335", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828854", "to_ids": true, "type": "sha256", "uuid": "032f010a-fd81-4aba-b238-c35744eea846", "value": "2e373e199d2b6dea0241c672bbcbccedac86cba2ed2fdefc84a5d8187acb896f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821801", "to_ids": true, "type": "ssdeep", "uuid": "4b3e212e-f4a5-4621-b823-938a577c41c4", "value": "192:88DA4t0kiRl8rMlUpj9vKEkLEr/YpFwiXgiXyecSdmJSsBhEUoyn8IrY+TPpu7Y0:H1riv8rY54/64ecS0JSWhhTY+bpZMgYB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821801", "to_ids": false, "type": "size-in-bytes", "uuid": "0860aecc-6346-4c3d-99f9-660df8f4a71d", "value": "27416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821801", "to_ids": true, "type": "vhash", "uuid": "ce9ed294-8c8d-4b18-b3ef-f43cb23b035e", "value": "024046551d151079zd1efz10100141z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821801", "to_ids": true, "type": "filename", "uuid": "c9a2a1ae-02dc-4a04-8d27-cf2f4ae34984", "value": "5e868de3ba743865dae56d1949ff7decec495335.codex" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821801", "to_ids": false, "type": "text", "uuid": "d687acf7-3bc4-46e6-b731-524edad2f95a", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977292", "uuid": "17d97579-8cd9-4842-997b-601b106e3df5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977292", "to_ids": true, "type": "md5", "uuid": "048118f0-5114-4d59-bc32-7ea181759b0f", "value": "1f29ec5ab8a7c2ccda21576f29cbb13b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828855", "to_ids": true, "type": "sha1", "uuid": "828b5dc4-8e4a-44fc-bb25-ccb4f71c4996", "value": "0e82c33554a235f634375f007dd8b74d7e9f4c0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828855", "to_ids": true, "type": "sha256", "uuid": "c673221b-d510-4732-b9aa-7b8273b53a89", "value": "68a0d8cafae9f71e8829e7599ef322a9c591d76625d663cd79e7612c4865ab8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821822", "to_ids": true, "type": "ssdeep", "uuid": "15ab748e-31cf-4b02-b792-ff37637403ae", "value": "192:aXLInEEG5IlLEo9xaO47L7qvbA+NA1wUoynbmttw6uNnWHlmh4yWs:rR+IlLEo9xagb/NA1lVmttw1Vb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821822", "to_ids": false, "type": "size-in-bytes", "uuid": "f31e9ed2-1f14-402f-80ae-14faf3dd9fad", "value": "1051528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821822", "to_ids": true, "type": "vhash", "uuid": "be905a04-a1c2-4df8-8a14-607f36c2450f", "value": "016036551d1079zf22fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821822", "to_ids": true, "type": "filename", "uuid": "d94acc42-1d6a-48a9-a543-e34821a9d1a2", "value": "KernelMode.info_68a0d8cafae9f71e8829e7599ef322a9c591d76625d663cd79e7612c4865ab8a.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821822", "to_ids": false, "type": "text", "uuid": "bff14672-3fcb-4cc7-b03e-7e5f8af9266c", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977314", "uuid": "c2a9bca1-2496-4720-8c46-7c02505fe77b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977314", "to_ids": true, "type": "md5", "uuid": "c39820a2-3482-4d43-92ef-0b0c29dc1fa0", "value": "1fcaa239cf4d627078179f6de299f320", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828857", "to_ids": true, "type": "sha1", "uuid": "ebd1c813-c30b-4605-bdb9-febbdcc19e75", "value": "1dc00b14cc8eb714a3cc8ce52fda3956a72a0cdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828857", "to_ids": true, "type": "sha256", "uuid": "ca39aaa6-2b3c-48eb-9a40-4860c2dba0ab", "value": "f0c8f28e2daf82b080c80113243cb063c0512bce7d02a1977a399067618c4900", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821844", "to_ids": true, "type": "ssdeep", "uuid": "85153487-1581-480a-b555-a5994a88d59a", "value": "1536:E1ZcMoGLTjs3kPBBAV4hFAncy7bohQofcowf97jl68AGwC5sn2Nlcll:qZ2QsUPny7boGj97jlZUeowcll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821844", "to_ids": false, "type": "size-in-bytes", "uuid": "24238ee9-b78a-40f4-9b4a-042f1a5e5a56", "value": "117648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821844", "to_ids": true, "type": "vhash", "uuid": "047fef30-99aa-4b96-b646-a7d48b102014", "value": "015046651d15113012z18006ehz12z4dfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821844", "to_ids": true, "type": "filename", "uuid": "f12dc812-8e00-4b66-b3a9-399681381ac5", "value": "kbdbx2.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821844", "to_ids": false, "type": "text", "uuid": "a27639fd-4301-401d-969f-34ddf570f694", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:57/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977335", "uuid": "f1668e2a-645c-40af-9edc-84b7e5ad7f99", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977335", "to_ids": true, "type": "md5", "uuid": "4bacfe00-277d-4a17-8a50-86d1eb94e24c", "value": "2024679f61cf9ab60342eca58360737f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828858", "to_ids": true, "type": "sha1", "uuid": "5ccfd469-0912-4d26-a011-faf901dabdc6", "value": "5999ee59499e8df41c8d5a631bfd536b9152929c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828858", "to_ids": true, "type": "sha256", "uuid": "bae976dc-7470-4399-8d9d-d5f1ba62d08b", "value": "8582ad6a157bbd9e483a334ccf8e6c417db6b23587904549fbc89089979b395b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821866", "to_ids": true, "type": "ssdeep", "uuid": "f66b61ac-4a8a-4a18-90ed-82421929748a", "value": "3072:5AMyueYOd9XbYI0XCWWJDpaKwrukjaWBHctnTHDCXgPgsJl/BZCtC:+MBIXbRBDpZwS9BgUBZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821866", "to_ids": false, "type": "size-in-bytes", "uuid": "583c5b8a-5e74-43de-9448-4723ea5bd1f9", "value": "225280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821866", "to_ids": true, "type": "vhash", "uuid": "37ffe625-dc73-47bf-a99b-3540d61a7962", "value": "025046655d1510601010027007a7zf095z102007d1z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821866", "to_ids": true, "type": "filename", "uuid": "e31c8a70-d04d-468b-bc76-53475f82b6e9", "value": "Edown_mfc.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821866", "to_ids": false, "type": "text", "uuid": "d0c5e5f4-f2ec-48c6-85ce-f6ee52ed6c14", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977356", "uuid": "6487659b-f98a-4af6-baa0-1836b675506c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977356", "to_ids": true, "type": "md5", "uuid": "5812c43f-86bc-4fdf-b8c4-3d56b3d5bda6", "value": "216088053dac46fcd95938568c469fa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828859", "to_ids": true, "type": "sha1", "uuid": "4b7023f8-ee2c-4f71-9c97-d7aedd3e8a65", "value": "2102cc78f95f014cdee33a63a5f7b1d282ca397f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828859", "to_ids": true, "type": "sha256", "uuid": "94bf7e65-d1ed-4582-8df0-e7e094c947b2", "value": "2b6288bbd81bb9d666c3a0372f26ede47c8c9ff11c604307982d51654fb9e850", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821888", "to_ids": true, "type": "ssdeep", "uuid": "f1ceeb74-cb1b-480a-b3fc-603e28eeb441", "value": "192:uXhInmeASISw1cX34Q7q7qvbA+NA1wUoynbmttwS6:hVzjX34cb/NA1lVmttw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821888", "to_ids": false, "type": "size-in-bytes", "uuid": "42e0813b-3bce-40d2-ad6c-00875dd869e9", "value": "16384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821888", "to_ids": true, "type": "vhash", "uuid": "5092da59-43c1-4cfa-9938-1f510e77600b", "value": "014036551d1079zf22fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821888", "to_ids": true, "type": "filename", "uuid": "c7d855c6-99a2-4c72-a593-ece9a4555b11", "value": "uDfFOzOx.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821888", "to_ids": false, "type": "text", "uuid": "d4f0773a-72ec-4e04-b1c5-e5ccd0a0348e", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977377", "uuid": "61763db8-eb95-418b-ba99-7ea71c17f309", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977377", "to_ids": true, "type": "md5", "uuid": "01e83c5e-d978-49b6-9dd2-ed8fbac137df", "value": "21ba9d9d914d8140c1e34030e84213f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828860", "to_ids": true, "type": "sha1", "uuid": "775f33f5-3002-483f-92d0-c18a3b48f50b", "value": "f863d450f50369f58801bb98631dc7e533e121e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828860", "to_ids": true, "type": "sha256", "uuid": "c12fbaa6-bb66-4cfc-aa12-671b6812bb65", "value": "8651f7037d085ccdd3e184efc345c42d62c10ee691876582caeaf7f810ba29fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821930", "to_ids": true, "type": "ssdeep", "uuid": "87766071-9ac1-4796-82c6-6d8a85b90f7b", "value": "384:lihR3SgGYgZvxJdeWprAGbpeMgV3u6mIYg0lLtNRWMSpXW:MfGnJuWpJbgHV3T9YgfMn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821930", "to_ids": false, "type": "size-in-bytes", "uuid": "4c24adf4-ed3b-422e-b927-e4ba216d9318", "value": "27352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821930", "to_ids": true, "type": "vhash", "uuid": "31b1a2eb-cf31-48b4-83f4-3817fad19425", "value": "024036551d1069za23hz11z31z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821930", "to_ids": true, "type": "filename", "uuid": "aef3436c-cbbf-4551-a901-dbb967c795da", "value": "igfxext.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821930", "to_ids": false, "type": "text", "uuid": "6d57762e-1781-408c-9565-374e44dd7ad0", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977398", "uuid": "b52b4f94-d2bd-49cf-9775-d1967f9e4674", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977398", "to_ids": true, "type": "md5", "uuid": "f0f48c97-a5df-4af2-a284-4d47c81bd3f1", "value": "236df260f858f9a6ca056bcdec6f754f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828861", "to_ids": true, "type": "sha1", "uuid": "8b3be7e3-414a-4bd2-830f-fce210897e7d", "value": "cee422781de56f9a33d940c12d6716ac6d913f92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828862", "to_ids": true, "type": "sha256", "uuid": "2e29de26-5ecb-4220-ae09-0be105888bd5", "value": "54346d8a5228568b2acd14393bbbd8179ee85da8f816b71acf98d0e119b14b77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821951", "to_ids": true, "type": "ssdeep", "uuid": "e393d461-7a1e-4442-abc7-46343ecc0249", "value": "384:CpCq2sRSIwPYy8CBGDxjtgeciyk+rE6g6eLxto/xkPD8YpEEX:Cpj2sRSIkYyhGNjSepykD6gl8vO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821951", "to_ids": false, "type": "size-in-bytes", "uuid": "e9f58c3e-1276-448d-b6b3-e5aba572ed61", "value": "39816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821951", "to_ids": true, "type": "vhash", "uuid": "2a4abe2e-dcc4-4bbb-b839-7481db15e5ee", "value": "034046551d1510a8z11259z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821951", "to_ids": true, "type": "filename", "uuid": "a9935c9a-b143-4d75-a313-9f5c7a5bafc5", "value": "54346d8a5228568b2acd14393bbbd8179ee85da8f816b71acf98d0e119b14b77.vir" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821951", "to_ids": false, "type": "text", "uuid": "38906f3a-e68e-4391-b37a-f5318ea541d4", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977420", "uuid": "80398bd5-b5ea-411b-a322-bd2de13f4c5a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977420", "to_ids": true, "type": "md5", "uuid": "ff5817cb-3fb2-410b-92a9-a8330389372e", "value": "25102d64dbc9b6495c5713f3178dd7f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828863", "to_ids": true, "type": "sha1", "uuid": "ea942625-da0f-41db-895c-7967cec022fa", "value": "779c363d6bf580dba670e585a1e6a150697e7337", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828863", "to_ids": true, "type": "sha256", "uuid": "659dae81-fe9b-4f9b-8708-f1ea98c1eedf", "value": "4b44f3b2644278620283953593072306aa9e15693a3f2de5f38f61bfa46d1517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740821973", "to_ids": true, "type": "ssdeep", "uuid": "6c7c4ab3-39f5-4f04-9b15-fd12467fef99", "value": "6144:5Za/nunNqZwT3DCwce0o+aldM400qlVlu:7a/mNcwTbc9403lru" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740821973", "to_ids": false, "type": "size-in-bytes", "uuid": "839d60f0-8e9e-42bb-be84-0d4545675eb4", "value": "199096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740821973", "to_ids": true, "type": "vhash", "uuid": "8b1f2523-f378-46f8-8521-f14cc3440c61", "value": "015056655d75155068z5dhz13zb5z67z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740821973", "to_ids": true, "type": "filename", "uuid": "880bb328-0e60-407c-a9bd-16762ad13748", "value": "wmisvcctrl.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740821973", "to_ids": false, "type": "text", "uuid": "2923e075-bd2a-4398-8052-fbff07802ff5", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977441", "uuid": "f8767146-0f3d-4130-a8a5-eb26a91ca7c8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977441", "to_ids": true, "type": "md5", "uuid": "8316277e-0ee5-4f51-b442-3bb63e0d0555", "value": "26b7b5d019d7500efdb866f1d20d2000", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828864", "to_ids": true, "type": "sha1", "uuid": "c0e47fc4-18ca-4340-83e9-c9129eece6b1", "value": "8ee1b9a665b4c4a71f98dac6a0b14330314991ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828864", "to_ids": true, "type": "sha256", "uuid": "75e2b1d8-4cd4-4af3-99a3-ea6dc8d9e525", "value": "bba3dda3733567019a876b734556005b0d9b727dadc55d215461d7e47dab808a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822015", "to_ids": true, "type": "ssdeep", "uuid": "e44c5a59-7f3b-43d0-b1f4-d1821c4bbb87", "value": "12288:5J/ochxzdJTbrmNfMcapmsTodi+ZRE2CaclZ3zeLLI+:5J/o8TTmNkcUzEdi+ZWKSZ3Gf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822015", "to_ids": false, "type": "size-in-bytes", "uuid": "c3d69621-52ef-4443-ae67-0bd7a5804fc3", "value": "402280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822015", "to_ids": true, "type": "vhash", "uuid": "ff79082e-47fc-4325-a285-7d5c59b5a791", "value": "045056655d151550a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822015", "to_ids": true, "type": "filename", "uuid": "792cddb8-ed41-4325-a52d-291f88a451a7", "value": "KernelMode.info_bba3dda3733567019a876b734556005b0d9b727dadc55d215461d7e47dab808a.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822015", "to_ids": false, "type": "text", "uuid": "faa14d56-3317-492c-909d-eb57594b6c4a", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977462", "uuid": "77abddd8-2bf6-4838-b778-394dd2946736", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977462", "to_ids": true, "type": "md5", "uuid": "4b4e9404-f93d-4e2c-a43d-370c5469ca5d", "value": "275e0786b6294ffd05f45df435df842c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828865", "to_ids": true, "type": "sha1", "uuid": "29612713-1345-4f1d-9f7b-859b142c572d", "value": "4e6925bb509868a5d34fa2f3a1e14c8e754cdea0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828865", "to_ids": true, "type": "sha256", "uuid": "c7d11a7d-df08-478c-86e2-1850ee4dc8c9", "value": "64d47b28c1493d7592a5a0e58ec772f96054aca52203b4e7982daf12b86b4a85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822036", "to_ids": true, "type": "ssdeep", "uuid": "9110bbc6-5d65-4439-a825-5ec461812cd7", "value": "192:AC8DHLkt01xvLRZ5OTstkpf9FjOtGBFS8kEUoynuec7w7YONnWnSkyx2:IEmTzoTNjOiFS8kh0ec0YgMSp8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822036", "to_ids": false, "type": "size-in-bytes", "uuid": "ab76e72e-2601-41aa-9a73-994341a306ea", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822036", "to_ids": true, "type": "vhash", "uuid": "3c7e57c7-501a-4f2d-9689-dd4e63f179eb", "value": "024036551d1079zd1efz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822036", "to_ids": true, "type": "filename", "uuid": "026863b3-0a57-4876-9dcb-77ba7ec4d2e8", "value": "KernelMode.info_64d47b28c1493d7592a5a0e58ec772f96054aca52203b4e7982daf12b86b4a85.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822036", "to_ids": false, "type": "text", "uuid": "b4278847-95c4-4e3a-b0ff-8b2656615c3e", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.C\nVT Total Detection:65/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977483", "uuid": "edc4e0b6-2eac-4998-88ae-6d266649df53", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977483", "to_ids": true, "type": "md5", "uuid": "c0e6d785-82b1-4ced-8d31-29ffda6ef323", "value": "27db26077f849e26ba89fcafd2f0db92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828866", "to_ids": true, "type": "sha1", "uuid": "606395a9-d7f0-4cf5-82a7-55d3054a483d", "value": "3cf3c8d4d3af5eb16aa9ff19626d3516bb3ef2af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828866", "to_ids": true, "type": "sha256", "uuid": "e29d693f-834c-4372-bf7f-738b5a71a617", "value": "970fe47171c423f37676be913f0e3b759c083b69b14e5ee10f239c323aae5891", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822058", "to_ids": true, "type": "ssdeep", "uuid": "e88f4b06-5739-4537-9210-e9b4f88f5b5f", "value": "192:YlLSWNSnWkHp/sktsLWCsYBIJXNsVsjvbDNA+NUoynyh4tV:YluWaW0NMWf8IJdaebDNA+agh4t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822058", "to_ids": false, "type": "size-in-bytes", "uuid": "61b1bd8f-eb3c-4761-803d-9114b1e6c80a", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822058", "to_ids": true, "type": "vhash", "uuid": "3081012f-4452-402d-bad6-f6477c21e558", "value": "024036151d1058z11229z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822058", "to_ids": true, "type": "filename", "uuid": "1fa2eea0-9522-4c1b-bd4f-047122297376", "value": "KernelMode.info_970fe47171c423f37676be913f0e3b759c083b69b14e5ee10f239c323aae5891.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822058", "to_ids": false, "type": "text", "uuid": "d243799d-e44e-41a8-9b32-2d8186104aec", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977504", "uuid": "b55cc397-d69c-4a0e-a97f-e0abbdc0df54", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977504", "to_ids": true, "type": "md5", "uuid": "5f68d21e-3bce-464b-83aa-9a967734afa4", "value": "27f2f32ba938b1747f28ffdd2f56c691", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828867", "to_ids": true, "type": "sha1", "uuid": "4c76962d-8563-444c-9376-b05bbde770d0", "value": "8de3d9b2f382110feb3276c5a1bd22f472b9b59b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828868", "to_ids": true, "type": "sha256", "uuid": "4292b008-2d50-4dfa-ada5-18e1b5461b05", "value": "438622e117f001a23578f5f691e09cc98a1eabaa4fce827a5dc267ccce34e416", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822079", "to_ids": true, "type": "ssdeep", "uuid": "57fd2f68-9d9e-40fb-b547-49081a3bffe3", "value": "768:xq6/Th5n2lRKRpiF30h+unYVXopE921rUjmgm3Md:Y6/15nfW0hlrU/mO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822079", "to_ids": false, "type": "size-in-bytes", "uuid": "151c17eb-94af-41d1-a8a3-3ba23809cc61", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822079", "to_ids": true, "type": "vhash", "uuid": "d17eec7b-b038-4673-9ad6-bf696cbf60d1", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822079", "to_ids": true, "type": "filename", "uuid": "a7910acc-6e49-426c-8918-25fec8ec4392", "value": "27F2F32BA938B1747F28FFDD2F56C691.sample" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822079", "to_ids": false, "type": "text", "uuid": "48cef37b-c76d-4435-87d7-cd6d0de6a88d", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977525", "uuid": "f188d392-fb4e-4ceb-89ce-5e0cb35d8a2c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977525", "to_ids": true, "type": "md5", "uuid": "951122ac-4879-49c5-a6cc-05ce3902020d", "value": "2802c47b48cced7f1f027f3b278d6bb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828869", "to_ids": true, "type": "sha1", "uuid": "b96d81a8-7cf5-47d9-b37c-85ae917342a2", "value": "2f0620ea57b6fe36e85d8163f574d79ccc83056d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828869", "to_ids": true, "type": "sha256", "uuid": "eb5de8e4-f770-49c9-ad25-d5435baaede6", "value": "21090d03f70a632203c414d4fcb18ca144481a2c2ebba7ea3b3e95b5520d2b2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822100", "to_ids": true, "type": "ssdeep", "uuid": "007d8407-be27-4dd7-835a-a2bcf2a688b0", "value": "6144:LeSLwXRCDkzVm8ET813mSXT0aAGYTGqeSLwXRCDkzVm8ET813mSXT0aAGYTG8m9E:KSgEI13mS1AjMSgEI13mS1AjXm9AT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822100", "to_ids": false, "type": "size-in-bytes", "uuid": "85fa5ef1-6235-46fa-b8e2-1e4db3751f04", "value": "763188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822100", "to_ids": true, "type": "vhash", "uuid": "d1e4c83b-4d65-4f97-93f3-a9d52f193c6b", "value": "91505eafa2ae97fb4ff7506293a0b0b09" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822100", "to_ids": true, "type": "filename", "uuid": "1b735fb2-6ede-44c1-b1e3-c8cae78bff0a", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822100", "to_ids": false, "type": "text", "uuid": "3455b8ca-7fa2-44a5-96e9-b707043af1c5", "value": "Type Description: PDF\n\nMicrosoft: Exploit:Win32/Pdfjsc.HQ\nVT Total Detection:44/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977546", "uuid": "f41103fa-7f82-47dd-8959-f03faae9986f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977546", "to_ids": true, "type": "md5", "uuid": "c283e231-82e4-4ca8-8238-36d06bb2e72a", "value": "28b1569109fcae8cfcdcfbe9c4431b66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828870", "to_ids": true, "type": "sha1", "uuid": "de276297-fd3f-4c5a-90ff-207a97d06ccb", "value": "964c32a7223c8790b05ae94e59c8ca26a78eab67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828870", "to_ids": true, "type": "sha256", "uuid": "84bc2edb-f0dc-4caf-a7d8-766a0bb1e066", "value": "276b17244408e7e698e837a0a105c7c3857acfac37e2e837d4b10e6904fd9dc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822121", "to_ids": true, "type": "ssdeep", "uuid": "0601bd5d-be33-4c03-9358-e478639899fb", "value": "6144:SgnvYOdGwAcJaBbqxkalOnibOHcMUOeBlQGGN6cQ5WEYPLzT6nk5XSXpJq:SgnvjDAcJagxnt0eBNGmeLX6nk5Cvq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822121", "to_ids": false, "type": "size-in-bytes", "uuid": "9f71e094-1acb-4859-8abe-313d75743741", "value": "375080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822121", "to_ids": true, "type": "vhash", "uuid": "423afbc0-dd81-4e81-8096-8345f06cf1de", "value": "035046655d55713012z1800827z27z12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822122", "to_ids": true, "type": "filename", "uuid": "d35822d2-ed4f-4a31-ab57-8e3a1ee7fc7d", "value": "276b17244408e7e698e837a0a105c7c3857acfac37e2e837d4b10e6904fd9dc3.vir" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822122", "to_ids": false, "type": "text", "uuid": "54af4b10-914b-4ca8-9033-5d526f692ec8", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977567", "uuid": "2c7d7ee1-9824-46dc-a19d-fd7797bed582", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977567", "to_ids": true, "type": "md5", "uuid": "86d7d6f0-d398-42e5-9c4e-1d2e6e21406d", "value": "2aac9d340620da09d96929ba570978c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828871", "to_ids": true, "type": "sha1", "uuid": "fb105148-e90c-4cc3-a662-029b4642a73f", "value": "5853e59c476c585c05a7d6e74528fec9268e42f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828871", "to_ids": true, "type": "sha256", "uuid": "0bce5343-553e-49e8-9d00-f6855c2d0026", "value": "bce210b844380014281a661792da2f320a0520134e1b87c66594992c6eaa2ccb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822143", "to_ids": true, "type": "ssdeep", "uuid": "368e6cf6-ae17-422b-8906-7e445b2ce5d4", "value": "3072:CAMyueYOd9XbYI0XCWWJDpaKwrukjaWBHctnTHDCXgPgsJlUBZCtC:tMBIXbRBDpZwS9BgLBZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822143", "to_ids": false, "type": "size-in-bytes", "uuid": "a4cd5e23-eb86-40fb-b186-c362a6ef7881", "value": "225280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822143", "to_ids": true, "type": "vhash", "uuid": "10b26149-4ad9-40a3-9a41-e330d9bf7974", "value": "025046655d1510601010027007a7zf095z102007d1z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822143", "to_ids": true, "type": "filename", "uuid": "b6fd7e98-3b5d-4f4f-a4dc-8ce6d7abf51e", "value": "Edown_mfc.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822143", "to_ids": false, "type": "text", "uuid": "a660f5b3-1e08-4039-ad72-eaea0d0a1efb", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977588", "uuid": "da7d6300-3747-4cce-9c5a-121ed087296c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977588", "to_ids": true, "type": "md5", "uuid": "a87ecd82-3d23-432f-bc33-c7ccb78d1cd9", "value": "2b443cc331fec486a6ccbcfcd92e76a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828872", "to_ids": true, "type": "sha1", "uuid": "d2b1d63a-b868-4133-a981-e71dc1a6949b", "value": "b49aaad2c41734ea6c5ee838d32d1a73b2e8fb17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828872", "to_ids": true, "type": "sha256", "uuid": "442ba298-570c-434f-9d17-4dac124cbaad", "value": "5516a2346689045809a88b54c3923fb591fad02bbcb7a3ac62454060158296fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822165", "to_ids": true, "type": "ssdeep", "uuid": "ca8098c6-0f5a-4b6e-a2c6-0adad362ca24", "value": "192:D5fDpsralYt+b4EI3iasLv5q0hD69mD6qvmNDJGRXUoynMWMXrBfD:AOz4G5q0hDSmDhmNDJGRk2WMXr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822165", "to_ids": false, "type": "size-in-bytes", "uuid": "8478299b-da57-497f-abbb-f8d8a007e0f5", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822165", "to_ids": true, "type": "vhash", "uuid": "4bd94612-514e-4b63-a379-88803bb801c0", "value": "024036151d1059zf21fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822165", "to_ids": true, "type": "filename", "uuid": "c9406e96-db6f-466c-b504-0d56c9fc350a", "value": "KernelMode.info_5516a2346689045809a88b54c3923fb591fad02bbcb7a3ac62454060158296fa.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822165", "to_ids": false, "type": "text", "uuid": "cc9414c2-941c-4835-9253-9a6475a0cd75", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977609", "uuid": "2d10c548-054e-4e8f-90b7-62111050c922", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977609", "to_ids": true, "type": "md5", "uuid": "93b1f13d-8c4b-4d95-ad8e-abc657b76d88", "value": "2be3a8dd0059e291022ad32bbce0e5d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828873", "to_ids": true, "type": "sha1", "uuid": "5a2a64fb-54ca-4d22-b433-152bb4fc747c", "value": "7018c3adba00be8df05dd5c905c13a0e6dfac881", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828874", "to_ids": true, "type": "sha256", "uuid": "12cf10e5-aa50-4dd0-8ee2-ca896cd5955e", "value": "639dceafe6e1d4b8a8bd7be4bd54b2a8fe8602248904dd3df5e11bdbb7da8048", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822186", "to_ids": true, "type": "ssdeep", "uuid": "492c8f11-faec-420b-98d6-ebfe41de128c", "value": "192:gC8DHLkt01xvLRZ5OTstkpf9FjOtGBFS8kEUoynuec3ErYJNnWnSkyxV5:oEmTzoTNjOiFS8kh0ecUYjMSpZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822186", "to_ids": false, "type": "size-in-bytes", "uuid": "2429ee58-5ee5-43d6-8a21-82acaf372bd8", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822186", "to_ids": true, "type": "vhash", "uuid": "1539c84c-8677-47ab-b526-4cd48a6d94c3", "value": "024036551d1079zd1efz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822186", "to_ids": true, "type": "filename", "uuid": "01e1db23-03c2-4c4a-a8a0-02817e3441c0", "value": "KernelMode.info_639dceafe6e1d4b8a8bd7be4bd54b2a8fe8602248904dd3df5e11bdbb7da8048.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822186", "to_ids": false, "type": "text", "uuid": "f427f6a4-4cd2-4e75-b167-e5792dacbe20", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.C\nVT Total Detection:67/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977631", "uuid": "8f54a7b6-ac8c-4c1c-aaef-ea1c29512a9b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977631", "to_ids": true, "type": "md5", "uuid": "2802917b-5127-4318-9860-2369bccf1600", "value": "3260c9f881eb815b7ef3f5f295fc5174", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828875", "to_ids": true, "type": "sha1", "uuid": "48aff112-e45c-4cf6-b33e-f7c6a5475593", "value": "4ebfae946fbb6ca123a85880d027edb426baa54f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828875", "to_ids": true, "type": "sha256", "uuid": "4c122495-657d-4338-bf0b-e3885eab50a0", "value": "6227462f6b63a020b8b63a2cef17423badd7fd38dfa300d49028b3292c4efa65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822229", "to_ids": true, "type": "ssdeep", "uuid": "02cc11dc-2381-49bb-bab1-dec85424cae9", "value": "6144:SMiF7es10dzq+/VkBjUJhkl6FWBPQ0FwWVXRp3cJAP0tOQ0:SHF7T05HhJh+6uo0FDbgf0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822229", "to_ids": false, "type": "size-in-bytes", "uuid": "9342060a-38dc-48bf-a45c-fe665b52dd77", "value": "322440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822229", "to_ids": true, "type": "vhash", "uuid": "0bc6ff22-ed05-4438-8116-7be172c659c1", "value": "135046655d1510f4z16003e499z43z1011ze1z802055zb7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822229", "to_ids": true, "type": "filename", "uuid": "6d087cdb-c038-4714-b41a-b049b5f2649c", "value": "inspire.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822229", "to_ids": false, "type": "text", "uuid": "b64580c5-0b86-4187-bb80-1ed1be924a7b", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Agent.CAF\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977652", "uuid": "8b1f49cb-5ceb-45fd-8ad9-681406d5d60c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977652", "to_ids": true, "type": "md5", "uuid": "1d553574-adcc-418b-bd2e-559893e4f5a1", "value": "326b44e73fccece89326fd865da61f7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828876", "to_ids": true, "type": "sha1", "uuid": "64dcddac-02a6-4cb2-9568-d94aedf3a22d", "value": "9fd2e4e16a379b9364b25b486690abaa2f2475c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828876", "to_ids": true, "type": "sha256", "uuid": "ca5f528d-9247-47e7-9eb0-29f52a22b248", "value": "b2d9ca6d886cc64b206036b94241fd0d8599978ef43b9d48913e36ec3384a5c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822251", "to_ids": true, "type": "ssdeep", "uuid": "4b883be0-e1d0-405f-b132-0bfa3bccaeae", "value": "3072:IUy2VWS6/E95w/awOXBbopJyfeum6fWDawwsJtkklGjpI1exgU84IDu:ny20h/XhiMp6exYWGq20GjeexgUP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822251", "to_ids": false, "type": "size-in-bytes", "uuid": "5483b289-9aac-416a-b766-5af79655fc6e", "value": "195008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822251", "to_ids": true, "type": "vhash", "uuid": "3598b9f2-55b9-46d2-b7f5-ddc6a7f64f32", "value": "015056655d15751088z6ahz1011zc1z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822251", "to_ids": true, "type": "filename", "uuid": "badf888d-cb96-4d44-87e6-37ec58feb37d", "value": "Windows Service" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822251", "to_ids": false, "type": "text", "uuid": "b9f1455f-810d-4a25-b7e0-502bc282ad23", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Ypdl.B\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977673", "uuid": "d4da1482-4d59-4471-9552-2975bf9138eb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977673", "to_ids": true, "type": "md5", "uuid": "12cfe826-efa1-4365-8431-48e3b2f0c781", "value": "35a15355c96be225507ebed1ec434d57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828877", "to_ids": true, "type": "sha1", "uuid": "9a8623a5-2944-4e4e-a52b-b69c75150cd9", "value": "0f7acf49dafa8ee8be48e687c04c406ea38f3bc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828877", "to_ids": true, "type": "sha256", "uuid": "a0c4de1d-38cf-4d21-b821-04ee8a8a00d0", "value": "2e5a0550bccac2a818e339844b6f8d84def0ce54aeb8d5b75a666da8ee5cd953", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822273", "to_ids": true, "type": "ssdeep", "uuid": "27c7583c-a853-436e-b6b0-e4aa22e96b35", "value": "1536:bgYPhQXwIiPrrjThO+lUBrzCxry1ec7rUyj239aug53BXTiY:kYP2XerzhOUxu/XUtau4BXTiY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822273", "to_ids": false, "type": "size-in-bytes", "uuid": "d3eb5867-12f1-494a-8ff8-0558aa4db85e", "value": "102018" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822273", "to_ids": true, "type": "vhash", "uuid": "a5ed1d38-7803-4918-b582-1e77673f5885", "value": "015056655d151510a01031z800497z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822273", "to_ids": true, "type": "filename", "uuid": "c60b71ac-654e-4032-b608-18644e5bc038", "value": "KernelMode.info_2e5a0550bccac2a818e339844b6f8d84def0ce54aeb8d5b75a666da8ee5cd953.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822273", "to_ids": false, "type": "text", "uuid": "c6e7d954-902f-4317-b260-c71f8549b450", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977694", "uuid": "6f649c2d-29b3-4031-90c2-569b57b56806", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977694", "to_ids": true, "type": "md5", "uuid": "0afd5010-aead-4e81-93c6-247c474f6dd4", "value": "378177ddc1fd7d213b79c033da26327d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828878", "to_ids": true, "type": "sha1", "uuid": "fb32357c-a073-4b88-9c16-df82dd3d66b5", "value": "9cd87e827a8cdc132163f83e4c6b9bc9fb8c01d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828878", "to_ids": true, "type": "sha256", "uuid": "c93debad-d36e-4c93-b61c-48022eaf9109", "value": "076f69134533003015381c3ce22752a2d259e580f9b6747ad3fe896576a15131", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822294", "to_ids": true, "type": "ssdeep", "uuid": "0c2f82bf-cef4-4494-b231-705dfcff624b", "value": "49152:RYk3N0ElIXmRSZevfQ5x+ZWJizej3K8D3lIl5DdwkPamOrwP98171odwOyjz1R:RPN0ElIXmRSZewv+ohj3K8D3lIl5hUrd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822295", "to_ids": false, "type": "size-in-bytes", "uuid": "7cb12e9d-d825-4416-9a58-6a320c4478bb", "value": "2235904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822295", "to_ids": true, "type": "vhash", "uuid": "d019362d-7094-43f6-8365-a64887ca6c0a", "value": "026056655d656550c0201006100a7z210e5za0700e2z8019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822295", "to_ids": true, "type": "filename", "uuid": "bc0d108a-5a0b-41ec-869f-34578750b5f6", "value": "Catch.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822295", "to_ids": false, "type": "text", "uuid": "0d6f6652-1531-43bb-9809-f38958d0f55f", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.D\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977715", "uuid": "6f6e5d54-173c-4acd-9922-c5589a8ec9b9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977715", "to_ids": true, "type": "md5", "uuid": "03c1f5f1-3f8b-4fc2-a96a-3b20494bad3e", "value": "38b919f37501fc3d54f8f1b956448a92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828879", "to_ids": true, "type": "sha1", "uuid": "6c1fb72d-3827-4c09-ac78-6ffc1074899a", "value": "1b6e078d66b7f649431e26cb89cad3a196de3bd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828880", "to_ids": true, "type": "sha256", "uuid": "f3acf6ce-e3ca-4e90-986b-2882d43e9599", "value": "7c2b9943f0464ef34be01c7d1998fceef92cd3d6ab288c2ce66d8d308a086a51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822316", "to_ids": true, "type": "ssdeep", "uuid": "19601b1e-6361-4f57-b21c-88fc6195fae4", "value": "192:qQ6OkulpBfxSxr0smdlpvmNDJGRBUoynRnWMr0:pDkuWxrudlNmNDJGRGPnWM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822316", "to_ids": false, "type": "size-in-bytes", "uuid": "60a944dd-3a35-445f-b240-4e2415e87722", "value": "16384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822316", "to_ids": true, "type": "vhash", "uuid": "a9e0970c-ff06-4174-a929-e00864693a61", "value": "014036651d1059ze1efz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822316", "to_ids": true, "type": "filename", "uuid": "b4e4cb7c-a9aa-48a0-a77e-43bf0edc407b", "value": "1b6e078d66b7f649431e26cb89cad3a196de3bd7.codex" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822316", "to_ids": false, "type": "text", "uuid": "a6772bf1-2eed-4b36-a060-aec3125f45fe", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977736", "uuid": "af18b6b9-abfd-4f5e-bc03-5e224ae63724", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977736", "to_ids": true, "type": "md5", "uuid": "3dbdf588-8ca8-4a61-aa32-86fbdb6721e9", "value": "3961cab50c32e8f32fe45836b9715ce5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828881", "to_ids": true, "type": "sha1", "uuid": "46f88628-fdda-4327-93ef-cbb26e2bff5f", "value": "05a8a7d700e69398512132063cc627c26ceedfee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828881", "to_ids": true, "type": "sha256", "uuid": "b208148a-45ac-457b-a411-1957ef9ea6ff", "value": "4b5a091903ef17224be6539568f13730b46ba30745cc647df0cce57144f00990", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822338", "to_ids": true, "type": "ssdeep", "uuid": "bc6b2005-0010-4665-81dd-d6b062e6eaaa", "value": "6144:ZXrIB3yW065rq7fS5hlUQFJBuQlF6NV6twcXAPrJog:ZXrIcWJ75hmQNzlFrNyog" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822338", "to_ids": false, "type": "size-in-bytes", "uuid": "8c7e11c8-ad18-4e99-8687-1a4e3497e1fc", "value": "326272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822338", "to_ids": true, "type": "vhash", "uuid": "00077112-6528-4e8a-a93c-66aeda51549f", "value": "135046655d1510f4z16003e499z43z1011ze1z802055zb7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822338", "to_ids": true, "type": "filename", "uuid": "6417bc38-21c8-4a32-83a0-dd15c19773a4", "value": "3961CAB50C32E8F32FE45836B9715CE5.9912C463" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822338", "to_ids": false, "type": "text", "uuid": "bb1df061-f7c0-421c-994d-107667577248", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Agent.CAF\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977758", "uuid": "d43ce844-666b-4288-af4b-de8a466dcf39", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977758", "to_ids": true, "type": "md5", "uuid": "08937c78-0b5c-4b3d-8f8f-4b792351a836", "value": "39fc4a3ea44ab9822ed5e77808803727", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828882", "to_ids": true, "type": "sha1", "uuid": "daede180-b0bf-4ebc-aea2-215d1e1f4545", "value": "70b303fb0d976f7ef98538a2c145e027dd985b6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828882", "to_ids": true, "type": "sha256", "uuid": "ec311040-dec7-469f-997d-805da16941a4", "value": "8712b5ea1f948ac77314da261fd5ac705c192364dd5ce4ab1edcf088d1c120b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822360", "to_ids": true, "type": "ssdeep", "uuid": "a5b71771-1540-4faf-babd-2c5b54664820", "value": "384:errMGbpNEd+hLjeWl8PunEYpAyC+dJOg4HnkRLxj/xkPD8Yp:erFbQd+hLqs8P5uAyC0OgInkP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822360", "to_ids": false, "type": "size-in-bytes", "uuid": "ec75457d-3692-4d28-9e7c-cbb51c4278a7", "value": "25088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822360", "to_ids": true, "type": "vhash", "uuid": "aadc765a-d058-47da-88f7-1abb91295511", "value": "024046651d151088z1021fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822360", "to_ids": true, "type": "filename", "uuid": "4dbfaebb-6f7f-4b31-bbba-cbeb8f510368", "value": "39fc4a3ea44ab9822ed5e77808803727_black" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822360", "to_ids": false, "type": "text", "uuid": "0a2caacd-1fbb-4ff5-b714-cf2aae1480d6", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:66/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977782", "uuid": "f1f2e1e6-52fe-4d6d-848a-1d8058986d79", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977782", "to_ids": true, "type": "md5", "uuid": "4f799e0d-130b-4390-bcdf-58704fa6db06", "value": "3f39c6dea5311167cc7ff62befd4ea7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828883", "to_ids": true, "type": "sha1", "uuid": "1e53bf75-bca8-4265-979c-875f4047a37c", "value": "3a0078d34029f2949d726ccffb429df300a49935", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828883", "to_ids": true, "type": "sha256", "uuid": "6886effa-4541-4e96-9e49-5e961885b53b", "value": "3b4febef59033c09e0f7136670d1bcb3874379b8fa8621ecd78e11da303a2585", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822381", "to_ids": true, "type": "ssdeep", "uuid": "55ffe760-3c38-42f3-a9a5-665004277de2", "value": "384:QuiMw6FjrUV+wOFq2ZRBnMmNAuZ8nWRtMLt:1dXq3OM2ZRBnMm248WRt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822381", "to_ids": false, "type": "size-in-bytes", "uuid": "eca60257-d19c-48fc-874e-86bf5aafe4e8", "value": "24576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822381", "to_ids": true, "type": "vhash", "uuid": "d487f3a4-c541-4d54-ad73-0cc2353b1e59", "value": "024036551d1068z10229z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822381", "to_ids": true, "type": "filename", "uuid": "22a8aba2-754e-4337-a779-dd218f5b677e", "value": "3a0078d34029f2949d726ccffb429df300a49935.codex" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822381", "to_ids": false, "type": "text", "uuid": "8f53775a-ead0-4d71-818f-1f033554b317", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977803", "uuid": "42ba0683-226b-4fed-b4b6-4b3720fe46ab", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977803", "to_ids": true, "type": "md5", "uuid": "1c290dce-be1d-4ea2-a3f0-acc5669308b2", "value": "41b816289a6a639f7f2a72b6c9e6a695", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828884", "to_ids": true, "type": "sha1", "uuid": "d666d248-751b-4eb0-a867-2581e84d1c9f", "value": "ffe339c52450583fd8494c7e5ed0f9680c9fca92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828885", "to_ids": true, "type": "sha256", "uuid": "074b27da-73ef-4857-9bb8-1c28f8bd402b", "value": "4b0722a9f5bb2515bb48c842d83184ecb4999a3e2e44a636de70c73db2a600f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822403", "to_ids": true, "type": "ssdeep", "uuid": "c644c4fb-0c2e-43cc-a390-911ad449cad7", "value": "192:g8DA4t0kiRl8rMlUpj9vKEkLEr/YpFwiXgiXyecSdmJSsBhEUoynxrY+TPpuzNN5:T1riv8rY54/64ecS0JSWhhvY+bpaEo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822403", "to_ids": false, "type": "size-in-bytes", "uuid": "9708822c-d266-4668-80e5-e15136f6edaa", "value": "27528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822403", "to_ids": true, "type": "vhash", "uuid": "923c61a6-0182-477f-9a7f-3d4afd2d945d", "value": "024046551d151079zd1efz10100141z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822403", "to_ids": true, "type": "filename", "uuid": "30ed6f4a-a06f-4901-91a2-6549e25a3993", "value": "msieckc.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822403", "to_ids": false, "type": "text", "uuid": "a52aeaf2-9a07-49c5-918e-7bcb80a0fc9f", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Roficor.A\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977824", "uuid": "64820914-5d28-4a7d-9edb-863ffc6bdcdc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977824", "to_ids": true, "type": "md5", "uuid": "0591ebf7-e7de-478d-8a33-0cbf24d37037", "value": "428eb3305d4d4c9a8831e1d54160ed65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828886", "to_ids": true, "type": "sha1", "uuid": "2cdb201f-af24-480f-afae-383f1f8c7dfe", "value": "a034527c2bee5ed485f42f2965471ce0eb8bcce9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828886", "to_ids": true, "type": "sha256", "uuid": "50a94598-435b-4df1-b435-5f34930a5629", "value": "3449b1d75b5cba3cc941a2cbaaf6d0e37d22f36a7f947721767e87c16f889e02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822426", "to_ids": true, "type": "ssdeep", "uuid": "00f57d62-854a-4a3a-ba32-03dcd01c3c88", "value": "96:5zO+gC5WeQmcsFW+DUOUzYCpOHUWYqny+F74VSXUoynMMN+BDwRza:1xvcsV2XpU3vF74VOUoynMMN+BcR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822426", "to_ids": false, "type": "size-in-bytes", "uuid": "b5e1fef2-d752-4077-aff0-bf4a943435cb", "value": "16384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822426", "to_ids": true, "type": "vhash", "uuid": "c0cd8ee3-bc85-436f-bb3d-0b7d05fc0852", "value": "014036551d1038z1121hz11z31z81z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822426", "to_ids": true, "type": "filename", "uuid": "0bf832b7-ec07-470d-974d-12b33ca13cf2", "value": "winnet32.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822426", "to_ids": false, "type": "text", "uuid": "31ba2593-ca43-4a68-a9fd-285400675dd6", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977845", "uuid": "2c2a37b7-0dae-48ae-a002-c05e3007c19a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977845", "to_ids": true, "type": "md5", "uuid": "6f8d0f37-f826-4f5b-841f-5d1e98735dfd", "value": "42a3bb917778454fa96034ad4fb17832", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828887", "to_ids": true, "type": "sha1", "uuid": "a288ec57-b94d-4d82-bc0e-3686a3b2296a", "value": "0afeef0006fcb815685c98d9bb8a6af8ad2db88d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828887", "to_ids": true, "type": "sha256", "uuid": "1b417a2d-07ef-4ba0-b45a-05404d349e42", "value": "1f7cc3f242a2e79ccf055b144551ef44b6ad9449222d950e9d9647fe27ee22fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822447", "to_ids": true, "type": "ssdeep", "uuid": "69bf7cdb-a7b1-4a03-94b1-b35662410a51", "value": "1536:rt/U8w8wXDc3e5Dh6/kVkeoUv2W9UJ6zBh5WKEOw9nFsuUr7ukW538fmthJj/:rtFw8wzBh6/WBUJ0T5mLUryk+8fOhJj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822447", "to_ids": false, "type": "size-in-bytes", "uuid": "1a1732ac-59c8-4eaf-832a-ff29e5a22508", "value": "112192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822447", "to_ids": true, "type": "vhash", "uuid": "bbb0ea36-9b76-48d1-9fa9-4d95b38f729b", "value": "015056655d151510a02031z800487z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822447", "to_ids": true, "type": "filename", "uuid": "7fd1b782-75e6-4d09-9068-ae6bc4834fa0", "value": "42A3BB917778454FA96034AD4FB17832.sample" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822447", "to_ids": false, "type": "text", "uuid": "2076613d-774a-4d23-8bc9-c396269aac3a", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977866", "uuid": "21905621-eccc-447e-a65d-894ad5ecd703", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977866", "to_ids": true, "type": "md5", "uuid": "5540a20b-4d73-4e78-b08e-e021e3165ac2", "value": "42b9fea2ec56a90cefeecee3c84aade0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828888", "to_ids": true, "type": "sha1", "uuid": "53285cc6-2346-43cc-9ef4-8859c8825dae", "value": "8d941454c00dcd5d030d10e85e19f22ddeaa2276", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828888", "to_ids": true, "type": "sha256", "uuid": "91d0f438-99fc-4b43-89a6-fbe38c13cd93", "value": "58cfecb2308cdabb356371649ac082a127879290b20edba05ab75561671b52c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822469", "to_ids": true, "type": "ssdeep", "uuid": "a9fec2ca-45fb-4f7c-a662-590fc39e2fa7", "value": "3072:HhHrC+oLYhOE/zdJTbrYpXUJ8/eun3AkSxj9MrOQUv8oVKI8e:HNr/ochd/zdJTbrQUu/d3RSZgMKe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822469", "to_ids": false, "type": "size-in-bytes", "uuid": "7ecc43b2-da3b-4657-bae7-6bad82b603a3", "value": "160036" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822469", "to_ids": true, "type": "vhash", "uuid": "271f76a6-6dad-4a35-b350-a39c70522779", "value": "015056655d151550a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822469", "to_ids": true, "type": "filename", "uuid": "2a5f8f29-136d-47c8-aa51-27965ef3efa8", "value": "KernelMode.info_58cfecb2308cdabb356371649ac082a127879290b20edba05ab75561671b52c5.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822469", "to_ids": false, "type": "text", "uuid": "0d6f5257-6d3a-4f4f-bf8f-c9029a76f1c1", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977888", "uuid": "a9752fb6-67b7-4b79-bb01-7b68da0cb799", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977888", "to_ids": true, "type": "md5", "uuid": "10a3f107-3ef6-468a-a738-38d96325be0a", "value": "436b853cbc87ba3a99131ce2d64a512d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828889", "to_ids": true, "type": "sha1", "uuid": "086f5ef3-57ed-43eb-a36f-0db4eb6e59a6", "value": "18f570706567f8c3b88a98e02962c4d73aea0902", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828889", "to_ids": true, "type": "sha256", "uuid": "0afa361f-e57f-472c-a46b-dee95409d919", "value": "f806fe83eecb5ca990c4fe4b344ec52367480faa12f99432743af32193d54c36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822490", "to_ids": true, "type": "ssdeep", "uuid": "741dfa49-aa0a-4179-85a6-bf2070ba4928", "value": "192:G8DA4t0kiRl8rMlUpj9vKEkLEr/YpFwiXgiXyecSdmJSsBhEUoynE7Y+TPpu79Nn:V1riv8rY54/64ecS0JSWhhSY+bp6gYT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822490", "to_ids": false, "type": "size-in-bytes", "uuid": "fb79161d-adc8-493c-bc9a-2ee166f5d27e", "value": "27416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822490", "to_ids": true, "type": "vhash", "uuid": "5ea1f539-d510-4d10-8742-2543bcbd32fd", "value": "024046551d151079zd1efz10100141z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822490", "to_ids": true, "type": "filename", "uuid": "b1f34bba-c618-4b00-a3a3-578a16d9c310", "value": "KernelMode.info_f806fe83eecb5ca990c4fe4b344ec52367480faa12f99432743af32193d54c36.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822490", "to_ids": false, "type": "text", "uuid": "6a7657e1-2708-47ac-8cbe-b19141821cd7", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977909", "uuid": "cd4de413-603b-4350-9dfe-6972d7a41022", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977909", "to_ids": true, "type": "md5", "uuid": "36187eca-4d17-4400-9d28-ca5f8fd99bd7", "value": "44300d48fccd5aaf27f4c863421c0d47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828890", "to_ids": true, "type": "sha1", "uuid": "fa429450-1773-4934-a997-ef26d0630596", "value": "cc3801104d050d34e37de1533304f3b9b5d18926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828891", "to_ids": true, "type": "sha256", "uuid": "31adf6eb-61e3-48c4-afd2-26706adc6ce3", "value": "7300569a4fbf4721a118455e1a16ab42a5bcd07c8be47ddce1f873c4d92f2f0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822512", "to_ids": true, "type": "ssdeep", "uuid": "4d42965f-a4ab-48e2-af0f-e49544c6858d", "value": "384:p+aFMnwekmJInDq2uRHzKbmNARK6yWQoLxME3:pjekqIne2uRHzKbm2pBQP2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822512", "to_ids": false, "type": "size-in-bytes", "uuid": "e6741fbc-da13-4f2e-900c-71fc81b00ba7", "value": "27528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822512", "to_ids": true, "type": "vhash", "uuid": "149756b2-9870-4b81-a360-d6eb8e5a4fde", "value": "024036551d1069ze249z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822512", "to_ids": true, "type": "filename", "uuid": "eca619a9-1086-46cd-9ed3-0aeb90ef00e7", "value": "7300569a4fbf4721a118455e1a16ab42a5bcd07c8be47ddce1f873c4d92f2f0e.vir" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822512", "to_ids": false, "type": "text", "uuid": "a25fd797-45f2-4c37-8b61-a3212b9b3ab8", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:69/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977930", "uuid": "d192f7ca-6757-485d-90be-a55f6cfcf587", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977930", "to_ids": true, "type": "md5", "uuid": "3db5ab72-9ada-4719-8818-4278b2a245a3", "value": "44e520bec8a3e35f6f6ad52e97911e14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828892", "to_ids": true, "type": "sha1", "uuid": "d7785c38-e657-4e9c-ac47-eba4a85e4529", "value": "19fcbda55be258705c51bf4bc549c3165c5fff2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828892", "to_ids": true, "type": "sha256", "uuid": "651bcf01-b173-49d4-8455-b23752d2b711", "value": "dc803bd8085a6ab0d552c3659b9aaf205a95928b00b6c3e13527ce089fad7408", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822534", "to_ids": true, "type": "ssdeep", "uuid": "82e23fd8-e554-44b7-8138-480eb3419a77", "value": "384:VUrrMGbp3hmTa/R8da7WN8SkqJ1FpdeT7ohPu+ypYLxs/xkPD8YpmVj4:6rFbX+apnK8NqJ1HdeT7+Pu+ILxp4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822534", "to_ids": false, "type": "size-in-bytes", "uuid": "1f0a1374-8ecf-4256-b2a7-9d669eb7dec3", "value": "29576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822534", "to_ids": true, "type": "vhash", "uuid": "1be36025-1fe6-41a1-91ac-3d5d00304045", "value": "024046651d151088z102gz1011z31z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822534", "to_ids": true, "type": "filename", "uuid": "caf1be66-e84f-4d18-af88-c873ab57efa1", "value": "PHIME2002A.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822534", "to_ids": false, "type": "text", "uuid": "719ba909-d467-4abe-953b-0ad4e0956cc8", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977952", "uuid": "d2df3ccc-7c13-4867-af44-046914f64c20", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977952", "to_ids": true, "type": "md5", "uuid": "78e75389-4caa-49c9-b4b8-0c882541a893", "value": "45a4c8c01ec94e1db83b86e05dc9e851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828893", "to_ids": true, "type": "sha1", "uuid": "6f1f3c9f-0536-40d0-9ee0-804d3fa99d41", "value": "2575540ad1d6a99b32387919d6e29a9337270672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828893", "to_ids": true, "type": "sha256", "uuid": "2b531469-bc01-496e-a6c4-fc760ae02579", "value": "3ed29cfd48f8f61080ab7046999299bbee5917acc7e5fc3d678967275aef7d05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822556", "to_ids": true, "type": "ssdeep", "uuid": "2ae966fb-ba7e-4145-8b6b-1ac13b89cbe5", "value": "384:8nJq2WRq5NiC/Tlmorgeciyk+rE6gkNmLxZo/xkPD8Yp:8nI2WRqPJTlmnepykD6gkk8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822556", "to_ids": false, "type": "size-in-bytes", "uuid": "60f1dc82-4891-4797-9406-a7fbd1b80208", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822556", "to_ids": true, "type": "vhash", "uuid": "fc6e050b-8494-4a87-ab43-7d7ce23c2c49", "value": "034046551d1510a8z11259z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822556", "to_ids": true, "type": "filename", "uuid": "6daac7c5-6083-4bbd-85d4-2fa6183a9091", "value": "KernelMode.info_3ed29cfd48f8f61080ab7046999299bbee5917acc7e5fc3d678967275aef7d05.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822556", "to_ids": false, "type": "text", "uuid": "c25a039d-2f72-415a-9e07-eaf6178143f9", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977974", "uuid": "d43b3254-c1ca-4da6-9d8e-d462ab519b66", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977974", "to_ids": true, "type": "md5", "uuid": "ab5648f5-167d-4883-8717-09a1f56efb89", "value": "45b94e90cab94d9f873478151a80703d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828894", "to_ids": true, "type": "sha1", "uuid": "dd85233c-9f35-4087-8376-8f829eeb236a", "value": "1afcf477db6534feeae4d346c067ed53482c4643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828894", "to_ids": true, "type": "sha256", "uuid": "dd8c2a55-ad3f-4585-9f4c-aa28bb48e6c3", "value": "500157e76d8e7885385e4f52f3269adc5f68ec33ed04e850155f87884c384694", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822578", "to_ids": true, "type": "ssdeep", "uuid": "11a2c813-06b9-41af-beb2-8462515c6ba1", "value": "12288:zJ/ochxzdJTbrgouWeMFjjkprujh4VQnzc9ai8Mzrn8gcFGp:zJ/o8TTghWhuSjh4in6a4zrnxr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822578", "to_ids": false, "type": "size-in-bytes", "uuid": "fbe0634a-bb90-4538-ac21-62e63360fda8", "value": "567936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822578", "to_ids": true, "type": "vhash", "uuid": "acef45fa-dacb-45be-9360-6aa9ddbf006d", "value": "055056655d151510a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822578", "to_ids": true, "type": "filename", "uuid": "c13968c9-5dc9-47a7-aa07-2e47b2392386", "value": "1afcf477db6534feeae4d346c067ed53482c4643.codex" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822578", "to_ids": false, "type": "text", "uuid": "6bbfb173-e43a-41f6-a852-ec329ce1fe92", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740977995", "uuid": "f946329a-779a-4e90-be04-65e96d6f88cf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740977995", "to_ids": true, "type": "md5", "uuid": "003a185b-b6dd-4204-84a2-fc5c166bebcf", "value": "48888cca68db492c87892524146e8ae3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828895", "to_ids": true, "type": "sha1", "uuid": "7adb1dfc-05d0-4a9c-9237-946409109a0f", "value": "100ea95c200bdc119adfff36b153afce30573902", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828895", "to_ids": true, "type": "sha256", "uuid": "37eb418f-7404-40e2-9456-27d15dfcd2ea", "value": "b613f087019277b9f3bd8bb7acee553d926acfe6e209c9ad8b8cf98c7279fc13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822600", "to_ids": true, "type": "ssdeep", "uuid": "553dfdbc-9b3d-47d7-8d2b-708e316fee2b", "value": "192:Oxdqn/T5zD4pPUkKHXsLAYKnSCs1sjvbDNA+NUoynyh4tDu:OxC/WCXMA1LaebDNA+agh4tD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822600", "to_ids": false, "type": "size-in-bytes", "uuid": "0d667120-15d2-4b9d-b771-82a5c7ab0ec6", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822600", "to_ids": true, "type": "vhash", "uuid": "5135ca81-1764-4d70-a06b-197198ee1e72", "value": "024036151d1058z11229z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822600", "to_ids": true, "type": "filename", "uuid": "bb0707e5-0819-4ab1-9e3d-6a9901cf7893", "value": "KernelMode.info_b613f087019277b9f3bd8bb7acee553d926acfe6e209c9ad8b8cf98c7279fc13.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822600", "to_ids": false, "type": "text", "uuid": "c9168d33-ad2c-464a-8007-c15572ac3f1a", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740978016", "uuid": "ae676594-a175-4f2e-b292-a539de59d6bf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740978016", "to_ids": true, "type": "md5", "uuid": "e4810f8c-b990-41a9-a888-141dcf0896e8", "value": "4d275adbd318f182fa0ec0275cf217b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828896", "to_ids": true, "type": "sha1", "uuid": "9fd78c5e-c510-431b-8443-835ed72ad93f", "value": "01b4d310e510b3b77fc1a19be35d4f92afbffa76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828897", "to_ids": true, "type": "sha256", "uuid": "a5712c10-6edf-4b87-ae14-4740d46e8c27", "value": "5bb93bd97851c570c6654e64e7c23330e6ef03bd14b3aa4d055d230115a08247", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822622", "to_ids": true, "type": "ssdeep", "uuid": "b9f00987-fdae-477e-8bea-aeb444ca2e18", "value": "192:w+yHb+x4aIl/HVnxO4NJWOP1oyn9jTNnWklmh4pjWVby:zqHVxO4NT1rjZEzy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822622", "to_ids": false, "type": "size-in-bytes", "uuid": "8c0e359e-9ae2-4ca4-9327-f35242ddcfe5", "value": "19336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822622", "to_ids": true, "type": "vhash", "uuid": "e5e9b8e6-38f9-4899-8c2b-326460272c34", "value": "014036551d1029zc1afz1011z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822622", "to_ids": true, "type": "filename", "uuid": "0b6fffc2-5aaf-4956-9c60-8c95301aff15", "value": "prtshgrd.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822622", "to_ids": false, "type": "text", "uuid": "fc97b35d-9048-448c-9fc4-70e0573ac490", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.I\nVT Total Detection:61/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740978037", "uuid": "13286e38-1c79-4257-8a16-20f4243f034d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740978037", "to_ids": true, "type": "md5", "uuid": "1d84a93b-3595-4e9b-995f-0abbea7a9ae8", "value": "4d840625c5ca9a4f1cbd35d4b1ca2452", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828898", "to_ids": true, "type": "sha1", "uuid": "ebed3a1c-1dd8-4b7f-87ad-b876e5061c13", "value": "11da63eb6dd66c0829052db78598d6a71ecc554f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828898", "to_ids": true, "type": "sha256", "uuid": "44452801-0e8a-45bc-9b59-fab6d174d5ec", "value": "9bc2309d5e391dd14c2948c55551105572ec0ae5cfc1f31bbd767b171a0bc99f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822644", "to_ids": true, "type": "ssdeep", "uuid": "4e50c418-e8e1-426c-93b8-03a2cba213e9", "value": "768:pwH2KR2vtoiGFushykJfV68dbSzrt0ny0ceCekuNBrWN:pwH8vtojFCkTroz+iANdo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822644", "to_ids": false, "type": "size-in-bytes", "uuid": "5831b014-6012-4599-97d8-cc7c73291563", "value": "57344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822644", "to_ids": true, "type": "vhash", "uuid": "5e34fcd8-4c81-4fa1-afe7-e22a8483f338", "value": "054046551d1f50a8z1423fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822644", "to_ids": true, "type": "filename", "uuid": "8da4e2d0-0c9f-40b5-aa43-ed8888e64181", "value": "KernelMode.info_9bc2309d5e391dd14c2948c55551105572ec0ae5cfc1f31bbd767b171a0bc99f.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822644", "to_ids": false, "type": "text", "uuid": "c096605c-d713-485a-9997-a0f50c4a9199", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740978058", "uuid": "1eaea1f6-b6d0-42ac-a179-ef1e37ff2879", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740978058", "to_ids": true, "type": "md5", "uuid": "b82eef27-8938-4c05-8619-79adf17f009a", "value": "4f377a8344baa76afe9103ca843e315f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828899", "to_ids": true, "type": "sha1", "uuid": "6954754d-1b00-4302-9915-0f83f72f0c17", "value": "eb797766b7bb300537fa2d9121cf0dfe5f9784a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828899", "to_ids": true, "type": "sha256", "uuid": "9be13986-c729-44d6-800a-8574807fb5c2", "value": "02130a4f5f54c1594454aa0db262e5ae0a3136733459b078e9c536be6af2c293", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822666", "to_ids": true, "type": "ssdeep", "uuid": "1f5fff7d-3c1c-49b3-a8b0-2959fdd2a41e", "value": "192:gC8DHLkt01xvLRZ5OTstkpf9FjOtGBFS8kEUoynuecNrYJNnWnSkyxV5:oEmTzoTNjOiFS8kh0echYjMSpZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822666", "to_ids": false, "type": "size-in-bytes", "uuid": "268efe34-d731-458a-a083-b11c37e37061", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822666", "to_ids": true, "type": "vhash", "uuid": "705dfda3-4bd4-463b-9f3e-7bde29881e59", "value": "024036551d1079zd1efz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822666", "to_ids": true, "type": "filename", "uuid": "239678f6-b4fc-421a-bed9-178f60f04f37", "value": "KernelMode.info_02130a4f5f54c1594454aa0db262e5ae0a3136733459b078e9c536be6af2c293.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822666", "to_ids": false, "type": "text", "uuid": "caaa2839-ddf2-4bd0-b449-309fee270b15", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.C\nVT Total Detection:69/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505144", "uuid": "da6a71eb-f078-4db5-9720-b761b84c2237", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505144", "to_ids": true, "type": "md5", "uuid": "c4988162-2548-4d58-9591-a89042a32f58", "value": "4fc1b3dbf9dc44278f990d57913d96f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828900", "to_ids": true, "type": "sha1", "uuid": "41848a18-139f-4dcd-8387-91a074f03eb0", "value": "bba149dc13aee468a83b0376c61686a8df43729c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828900", "to_ids": true, "type": "sha256", "uuid": "1fbf65c7-b424-48ab-9175-72a43ad3430f", "value": "804d47631c16751f26af0c0f892d7036f628b314bf2322cd244686d4cb174509", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822687", "to_ids": true, "type": "ssdeep", "uuid": "7f68bc96-8676-4ef0-9712-f4717e4778db", "value": "384:m20MRCReKRq2ZRbzyUgmNcGuABWRMnuLt:vTqeKg2ZRbzyUgmeGtURMn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822687", "to_ids": false, "type": "size-in-bytes", "uuid": "1eb5aa2f-e1f2-421a-bda1-818b98763cd1", "value": "28672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822687", "to_ids": true, "type": "vhash", "uuid": "6e8b86ec-e051-445b-b20b-830aee7546dd", "value": "024036551d1088z102a9z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822687", "to_ids": true, "type": "filename", "uuid": "ba732035-a92d-4131-baf4-c32a4eb2bbbd", "value": "KernelMode.info_804d47631c16751f26af0c0f892d7036f628b314bf2322cd244686d4cb174509.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822687", "to_ids": false, "type": "text", "uuid": "5a2f2cb1-5095-4f27-a16a-c215ec34cf87", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:66/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505165", "uuid": "3d314e9a-a325-4d4b-bb12-c8d0d811cbb4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505165", "to_ids": true, "type": "md5", "uuid": "a5a6729d-05ae-4b94-81d1-ea077d947e93", "value": "51c1b9b3df00de5e08c4aa3a2b864a54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828901", "to_ids": true, "type": "sha1", "uuid": "235863b1-bafd-4a4c-8332-2ca77f4c4c11", "value": "e4d7dea8cd5d6776ac212125b86f708ffa558843", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828902", "to_ids": true, "type": "sha256", "uuid": "8ecd6002-5565-43ea-8f78-9b673baa6ad1", "value": "949b1c4b06399b3a392e59e798e73d8aa2f6b42a2088fdfa219b01b117f10dc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822730", "to_ids": true, "type": "ssdeep", "uuid": "9f356721-0479-436f-ab2d-6ae2112d8275", "value": "1536:/LUBZ37C+sASQIPdhf9VUk5LWuAxi8EcmrwfItmLZPnj53PaFs:zUBZ36A3AhfmuJewyPnNPaFs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822730", "to_ids": false, "type": "size-in-bytes", "uuid": "d079c9e1-a553-4e1c-9a5d-b60c9c505bbe", "value": "99463" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822730", "to_ids": true, "type": "vhash", "uuid": "553265f0-f313-424d-aaa8-ad90b3db2e7f", "value": "094056655d151550a01031z800457z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822730", "to_ids": true, "type": "filename", "uuid": "aed7af74-1976-49df-8548-4fd4a1aa393b", "value": "KernelMode.info_949b1c4b06399b3a392e59e798e73d8aa2f6b42a2088fdfa219b01b117f10dc5.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822730", "to_ids": false, "type": "text", "uuid": "9d5fa959-f811-4319-82ec-a3f7b932af8c", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:59/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519260", "uuid": "a50c1fc5-51c5-4052-8d58-d7e40ec0d301", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519260", "to_ids": true, "type": "md5", "uuid": "58de988b-58b4-450f-aea4-2ce3182d857c", "value": "51d3e2bd306495de50bfd0f2f4e19ae9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828903", "to_ids": true, "type": "sha1", "uuid": "b5da88ff-04b9-496f-bfd8-aef463f4c17c", "value": "7edd6beff619f86fae7f94a60ac4bcdb04473dfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828903", "to_ids": true, "type": "sha256", "uuid": "717c0555-030b-4a66-91fe-5b0b7ee77cd9", "value": "c73f01790f1b4353a1df823c50ce23233e54fc3535ce921587d194d02bc778c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822751", "to_ids": true, "type": "ssdeep", "uuid": "9b5e8863-0c6d-4290-a598-130193175972", "value": "6144:kMW/aDlNOkc3XntCBKyf6g7UixvYlz1M44Y6ivtvLRjLClbaC+UpayBylCHd9q0k:ySDlNOk0ITLBsVbj6baCxm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822751", "to_ids": false, "type": "size-in-bytes", "uuid": "23086e23-8917-4724-8a20-a1471bf9d30a", "value": "838144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822751", "to_ids": true, "type": "filename", "uuid": "1702bf9f-7c2b-4337-8450-f4050c07fde8", "value": "c73f01790f1b4353a1df823c50ce23233e54fc3535ce921587d194d02bc778c9.json" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822751", "to_ids": false, "type": "text", "uuid": "1a1e4a79-6e70-446c-b606-e7a83b6659f2", "value": "Type Description: MS PowerPoint Presentation\n\nMicrosoft: None\nVT Total Detection:37/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505797", "uuid": "b63b2a3d-0b5b-4297-bbc6-72cb3f761250", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505797", "to_ids": true, "type": "md5", "uuid": "7df92192-54d4-4f3b-940d-3d101800ab06", "value": "51eaec282b845bc54dbd4fbce5bb09d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828904", "to_ids": true, "type": "sha1", "uuid": "6825a1b6-6442-4731-a24f-98d258f8af9a", "value": "15d0d760857c3fe122e32b150acd80502c17bea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828904", "to_ids": true, "type": "sha256", "uuid": "94644e80-3ed2-43c7-8d1f-b531f295921a", "value": "090ecf1fe5c493ddb70ff1c62d0ac0df0ad64896c4bc7169e3537628e3d6856a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822773", "to_ids": true, "type": "ssdeep", "uuid": "7c9485d6-d472-4df0-8c9c-4405745cd8c8", "value": "1536:wgYPhQXwIiPrrjThO+lUBrzCxry1ec7rUyj239aum1U3zR/:LYP2XerzhOUxu/XUtauE8zJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822773", "to_ids": false, "type": "size-in-bytes", "uuid": "88ee0f0b-5da2-4057-bf03-5903e9318bc0", "value": "96712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822773", "to_ids": true, "type": "vhash", "uuid": "5dc992ce-b9cb-4060-9f05-2358870ddb11", "value": "094056655d151550a01031z800497z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822773", "to_ids": true, "type": "filename", "uuid": "e9c9b938-53fd-4324-909f-e99f14608cfc", "value": "KernelMode.info_090ecf1fe5c493ddb70ff1c62d0ac0df0ad64896c4bc7169e3537628e3d6856a.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822773", "to_ids": false, "type": "text", "uuid": "5102dcda-06f2-4a8d-a12a-d8a963ebc5c2", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505820", "uuid": "0ff683d9-3a95-4bf1-bf19-ea14ebb0109f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505820", "to_ids": true, "type": "md5", "uuid": "793b1871-44f8-4153-960b-40eca8d635a7", "value": "522cd120fa4b1517a60fcf8be3e71ff4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828905", "to_ids": true, "type": "sha1", "uuid": "858b8668-0054-44da-bf5d-dcc2eadebef4", "value": "a1690bf1f4b0920540805e918cb00a834b03db90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828905", "to_ids": true, "type": "sha256", "uuid": "8c38ea3b-6ba6-4e6d-8909-47f8f2ec19dd", "value": "729a8307c2783d4fdd1f33f7f3bf7d3cee3ee0532c2a5f2093bf4a4937627c6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822794", "to_ids": true, "type": "ssdeep", "uuid": "4e3982fe-d3a9-4fa5-9bc0-f25af683478f", "value": "6144:48YgEN84xefMHQbPmE4lhQTbcF2pvgjFkNVqPN4c5XzAPOlJG3:4HjNne/ElhQXc6YjFFLTU3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822794", "to_ids": false, "type": "size-in-bytes", "uuid": "35feade3-57b2-4dad-a94e-43053dcdc6ec", "value": "317832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822794", "to_ids": true, "type": "vhash", "uuid": "5ed9f3b0-7e14-4eab-b9ce-49b055f423d8", "value": "135046655d151114z16003d489z43z1011ze1z8027zb7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822794", "to_ids": true, "type": "filename", "uuid": "f9aaa05d-bbec-4fe5-8b3c-24115fdcf55d", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822794", "to_ids": false, "type": "text", "uuid": "d3952945-8059-4273-a6bf-5673c3c92a90", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Agent.CAF\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505843", "uuid": "a9e691aa-6afe-4bea-80b9-c4e68fcb0d83", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505843", "to_ids": true, "type": "md5", "uuid": "88ca2c5c-aeed-474e-a23b-49261a132141", "value": "53dc9866fd77fe4933eea3c08666c7bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828906", "to_ids": true, "type": "sha1", "uuid": "e7a95ced-3dd0-4247-9065-9237aa573e2d", "value": "847a83f361e459d6aaa892644ba1e71d9609b55b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828906", "to_ids": true, "type": "sha256", "uuid": "c56b64db-3ba0-45b5-8bc2-c95560ba2c76", "value": "18d268d11f7d1e80fc195737f34d104745db691768decb994d5ec5588b81d086", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822816", "to_ids": true, "type": "ssdeep", "uuid": "9f206ff4-34d7-42e3-84bd-04aed29ec901", "value": "3072:HhHrC+oLYhOE/zdJTbrYpXU1KPMS/AjjX2tFBLx:HNr/ochd/zdJTbrQU1+l4+Ld" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822816", "to_ids": false, "type": "size-in-bytes", "uuid": "2f0a5b05-5a8e-4daf-857e-09e97f0bfeac", "value": "152352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822816", "to_ids": true, "type": "vhash", "uuid": "6d86d420-7a1f-4757-b9ea-390bfd49a237", "value": "015056655d151510a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822816", "to_ids": true, "type": "filename", "uuid": "fbd4e65a-b996-4f2e-a0b7-c16230519255", "value": "KernelMode.info_18d268d11f7d1e80fc195737f34d104745db691768decb994d5ec5588b81d086.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822816", "to_ids": false, "type": "text", "uuid": "61b7d5d8-b68b-4d24-9def-e418ec4ba626", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505864", "uuid": "a0956f5b-477a-4821-ad6b-c264e383c4ed", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505864", "to_ids": true, "type": "md5", "uuid": "c289dcc1-86cf-406f-9f30-d13ea750156f", "value": "55b125da1310d2b37f18ea4e2ae8192b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828907", "to_ids": true, "type": "sha1", "uuid": "522c53a8-327b-4335-b9b5-7e997d07463f", "value": "8bec374759462597e4680b575a3e8241310b7535", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828908", "to_ids": true, "type": "sha256", "uuid": "079d42fb-eae6-4cab-aa8e-c14ca736d61a", "value": "f6982034b7ca7e535cc2b0af0bd081e131718d746dac82364ac0cd9702341d26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822838", "to_ids": true, "type": "ssdeep", "uuid": "5e2561e7-4c42-418a-b755-d61110b19625", "value": "3072:YOfl5CXn83NsJHHPfvEG6r8yNkFzV06jXP:Y65C383NsdPnEG6r8ckFzVFj/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822838", "to_ids": false, "type": "size-in-bytes", "uuid": "f7cfe64d-243f-4e1a-ba60-d2e28f094dc8", "value": "100945" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822838", "to_ids": true, "type": "vhash", "uuid": "4b48e37c-7d6e-4e0f-9800-5f0083929002", "value": "115056551d15151098z130cfz23z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822838", "to_ids": true, "type": "filename", "uuid": "490582ef-d053-4dd3-b95b-588c285620b5", "value": "KernelMode.info_f6982034b7ca7e535cc2b0af0bd081e131718d746dac82364ac0cd9702341d26.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822838", "to_ids": false, "type": "text", "uuid": "40d662c2-9138-4021-b6d8-3be0104bd3cd", "value": "Type Description: Win32 DLL\n\nMicrosoft: TrojanDownloader:Win32/Seadido.A\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505885", "uuid": "1b3615af-4d06-4550-a788-a7377c42b1b5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505885", "to_ids": true, "type": "md5", "uuid": "b3d75ef0-e3ce-4db3-97bb-fd7ed399d49f", "value": "5607a3ccdaf748fd5cd2d1bec4a771bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828909", "to_ids": true, "type": "sha1", "uuid": "cb09cbf6-c602-4b12-85d6-6b4dfedeb476", "value": "ad2aa30fb9a9b098b83764ddce67e6ba8286defb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828909", "to_ids": true, "type": "sha256", "uuid": "72d8af97-ea86-4087-be0d-c79fc0eef238", "value": "8ccfd254277b451df5011669be99302761f224fe282a05c450e5320b3c77f2d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822860", "to_ids": true, "type": "ssdeep", "uuid": "da8e3fd3-4abc-40e8-9614-f5af59bbf157", "value": "1536:kvqUTe7giX4Bl0kmUnIXyqUitjeIh+kyBDhM89pRUZo8SB/y8skP8gDL4:kvZialnHIJ4QunVOo8Uy5NgDs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822860", "to_ids": false, "type": "size-in-bytes", "uuid": "c1b5d801-c984-4067-9d78-2d6d54e228a4", "value": "115680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822860", "to_ids": true, "type": "vhash", "uuid": "7ac3721e-3cb4-4d7d-9b3d-6c998abf81db", "value": "015046655d15116012z1800757z27z12z4efz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822860", "to_ids": true, "type": "filename", "uuid": "efb4fd06-74a6-4d1f-96a2-71503e8c3d58", "value": "lnetcpl.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822860", "to_ids": false, "type": "text", "uuid": "c0256759-b6b6-4fdc-a911-768af31d0f5c", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505907", "uuid": "446fc724-d648-4654-93a0-e7e56089c4d5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505907", "to_ids": true, "type": "md5", "uuid": "6b59a9ee-7bb3-4516-903f-f0ca6e827d6d", "value": "57099403f28d2ce79cba11469c8be971", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828910", "to_ids": true, "type": "sha1", "uuid": "68cc45e2-10e4-4063-8274-6f51f2e888d4", "value": "7621169d99676b433860a212e0e5cdad7952bc93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828910", "to_ids": true, "type": "sha256", "uuid": "7b0d66f3-7911-49d0-9502-c42a38a83d69", "value": "d0509be2158114c596997d3cd946bd12c4a066b1108564d421547f562bbcc089", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822882", "to_ids": true, "type": "ssdeep", "uuid": "ccdec3ab-cc1d-4335-8db3-a083e023ffea", "value": "768:oq6/Th5n2lRKRpiF30h+unYVXopE921rU9mgmzMv:X6/15nfW0hlrUpms" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822882", "to_ids": false, "type": "size-in-bytes", "uuid": "cb0d88bc-9c84-444f-8133-d8e6ce8c2dff", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822882", "to_ids": true, "type": "vhash", "uuid": "f1e48ba7-0301-4b16-9bda-823812d97038", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822882", "to_ids": true, "type": "filename", "uuid": "b76d1513-b4ac-4104-bbe1-c402192b932d", "value": "KernelMode.info_d0509be2158114c596997d3cd946bd12c4a066b1108564d421547f562bbcc089.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822882", "to_ids": false, "type": "text", "uuid": "db1d9540-0750-49f0-984c-55e651cf98ab", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505928", "uuid": "c5010229-bc15-4cb3-aeea-3d33e6abdf24", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505928", "to_ids": true, "type": "md5", "uuid": "2564bde4-b65e-45fa-a843-39470d998db9", "value": "57dfd2ec5401d9a3d68b4d125e1eb308", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828911", "to_ids": true, "type": "sha1", "uuid": "1e8727b9-4b67-4c9c-a838-fcbe326b5aa6", "value": "076a498a77c9cbad8bf1ce0a4d6d65bf27108e33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828911", "to_ids": true, "type": "sha256", "uuid": "48f7d578-c697-4707-9118-022ae7112aaa", "value": "9c1b6e78e61eff42724eb4d7b009636fea0fa69b830d94344019c0988ef2aebe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822903", "to_ids": true, "type": "ssdeep", "uuid": "83683c74-7821-46d6-b2fa-afb4957669cb", "value": "12288:gXoXeg6k1VJDQxo6eO68tN4+tr+zUleh2x6H03/:gXoX+aDSeetN4+tr+gG2xK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822903", "to_ids": false, "type": "size-in-bytes", "uuid": "9ede682a-19c7-4d41-b3d3-f3aa32b8a3d3", "value": "559104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822903", "to_ids": true, "type": "vhash", "uuid": "2aeaab5f-8e4b-4a96-88ec-61dc8eecb128", "value": "055046655d551173z12z7e7z3015z13z503dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822903", "to_ids": true, "type": "filename", "uuid": "a06108cb-ccf6-4865-9d47-47279d75be6b", "value": "IGFXSVC.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822903", "to_ids": false, "type": "text", "uuid": "fafd2d70-da18-4ca5-8dda-719b72aaa532", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505949", "uuid": "baac3614-c7e7-449c-b96a-50939147b394", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505949", "to_ids": true, "type": "md5", "uuid": "2be2cb2a-3ef3-4ec7-a121-3b43e8592e96", "value": "5b7b8d3b844b4dbc22875a2a6866a862", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828912", "to_ids": true, "type": "sha1", "uuid": "6cd24986-3ae8-4edf-9f76-6ed71a234f1a", "value": "1ab1008c28fa02f6682da618b9e43f0e784cddc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828912", "to_ids": true, "type": "sha256", "uuid": "de845ad2-6d5e-44c6-82c2-7cda84a974ad", "value": "a80522d3a11f95ff57c74d45f99c48aa7aeae2f0c8296a52541ca5e87f0ff45e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822925", "to_ids": true, "type": "ssdeep", "uuid": "c3463aa4-f089-43d3-aec7-876cd05eb2cb", "value": "1536:h5gMmW/THFzq/R2VhlIMmV4zNcwVaiJeZkKaTfGh00l/y0U7Wo8mBry88N6:h5kd/ylz44hemnTwJ9U7Wo8syL6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822925", "to_ids": false, "type": "size-in-bytes", "uuid": "0614320f-1e97-49b3-8c98-078b9843fc65", "value": "110592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822925", "to_ids": true, "type": "vhash", "uuid": "07c85c36-b1a4-4a5f-a08e-7ed07392a99a", "value": "015046651d15115012z180078z27z12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822925", "to_ids": true, "type": "filename", "uuid": "0dfd827a-c70d-4d95-8f0b-1cd06d720f59", "value": "secury.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822925", "to_ids": false, "type": "text", "uuid": "b24886e2-6466-460a-910d-a38e0203661d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505970", "uuid": "7796e878-8303-4287-a5f0-246fe86bcb46", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505970", "to_ids": true, "type": "md5", "uuid": "e8a8c1d5-8325-480e-a9fc-6ba3ef12d833", "value": "5bbdb09ec6ec333a20de74fd430b2bc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828913", "to_ids": true, "type": "sha1", "uuid": "b5f5d9c3-248f-4a13-a96b-625ae66cd60e", "value": "cb487fa944405833d44046e574e007bb1f40f663", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828914", "to_ids": true, "type": "sha256", "uuid": "5ad76dc9-f1e5-470c-a162-5d51223cf0bd", "value": "39e93d00538cdcf7cb429784b37b225eb3addde8e37d719249a0a7ad265bd0dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822947", "to_ids": true, "type": "ssdeep", "uuid": "5f1939c3-d64a-41df-bffd-961eae4a59bd", "value": "384:sFeFYq24RVCPkeBU/G6/527Z9cOyk+rEfJPoLx7Zo/xkPD8Yp:sFef24ROkqUD5OZ9hykDfJ8Z8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822947", "to_ids": false, "type": "size-in-bytes", "uuid": "1367b199-fb5e-489d-9a34-38aea76fe876", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822947", "to_ids": true, "type": "vhash", "uuid": "4fbe66dc-3e68-446f-b866-3e1ce64ef43a", "value": "034046551d1510a8z12239z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822947", "to_ids": true, "type": "filename", "uuid": "00400046-26ce-42a7-b469-7535ae5fceb9", "value": "KernelMode.info_39e93d00538cdcf7cb429784b37b225eb3addde8e37d719249a0a7ad265bd0dc.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822947", "to_ids": false, "type": "text", "uuid": "a2e0e99d-397c-42c0-a654-2833575f7e22", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505991", "uuid": "7559c076-cd71-4510-9b3a-27c22be21d52", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505991", "to_ids": true, "type": "md5", "uuid": "ff0ee1b9-c225-466f-a9d7-3a6ba1821c97", "value": "5dee5ad9f12f89fcf9fdcf07ebab3e5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828915", "to_ids": true, "type": "sha1", "uuid": "e25c0028-22e2-4539-86af-3e8e098fc807", "value": "87b7b3c0d35a35542ea4f60c3321752c7e950fcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828915", "to_ids": true, "type": "sha256", "uuid": "6ebed0b8-bbbd-4d9b-a83f-8aed61a03e34", "value": "0af925cd9d9a417f47882391555fa207398bfb87c3c6edc65f2ea42843cbdc3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822969", "to_ids": true, "type": "ssdeep", "uuid": "d7145d53-b639-4ab5-a0fa-131540673246", "value": "768:xq6/Th5n2lRKRpiF30h+unYVXopE921rUfmgm3Md:Y6/15nfW0hlrUTmO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822969", "to_ids": false, "type": "size-in-bytes", "uuid": "9989d254-d4ce-4d96-a53f-2c0de31874b9", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822969", "to_ids": true, "type": "vhash", "uuid": "dec91dbd-a6e6-475b-ac50-6853ad2e0125", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822969", "to_ids": true, "type": "filename", "uuid": "8725367c-4e8a-42bc-9ccf-5f11f39d181e", "value": "active.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822969", "to_ids": false, "type": "text", "uuid": "61538fe3-e563-4e47-9140-21fe747013b3", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506013", "uuid": "1a927a63-bf82-4dd0-9fbe-9353bef11374", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506013", "to_ids": true, "type": "md5", "uuid": "302be7fa-438e-40ff-bf73-30c73a74764f", "value": "5f05acd53cfd91fb4dba3660ad1e3add", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828916", "to_ids": true, "type": "sha1", "uuid": "7a81c33f-0abf-418d-ba5c-8894d50fc55f", "value": "e3b5561d3c4f88c09f818554f98cc107855a74c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828916", "to_ids": true, "type": "sha256", "uuid": "dc3d141b-7c5f-4c83-902c-84f8e682256f", "value": "962810f908daab4ed0796ff563433eb65a60507d23089ad4c9b25ccf2c8c7837", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740822991", "to_ids": true, "type": "ssdeep", "uuid": "59a9d5be-4294-4646-8bd8-c61682ec8c4d", "value": "3072:HhHrC+oLYhOE/zdJTbrYpXUJ8/eCn3AkSxj9MrOQUvH695L:HNr/ochd/zdJTbrQUu/v3RSZE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740822991", "to_ids": false, "type": "size-in-bytes", "uuid": "73a92265-7827-48e9-818a-1cb54616bc3f", "value": "160046" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740822991", "to_ids": true, "type": "vhash", "uuid": "8dafb3c6-e093-46ce-8d29-bda6fc143adf", "value": "015056655d151550a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740822991", "to_ids": true, "type": "filename", "uuid": "f4949180-69d1-4f43-a228-ee9820426c72", "value": "vt-upload-ynu9g" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740822991", "to_ids": false, "type": "text", "uuid": "937ff6cd-15f3-4136-af09-a1c52327b2d9", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740978369", "uuid": "51511ad1-531a-485a-835f-892f8f1a0d68", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740978369", "to_ids": true, "type": "md5", "uuid": "65c04dc9-018a-437f-8980-76a8b5184d80", "value": "60af79fb0bd2c9f33375035609c931cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828917", "to_ids": true, "type": "sha1", "uuid": "d6cb8b9d-13de-4fd5-87c2-6c10a71ba763", "value": "87cf389ba7fb27e40f7ef30a5c4b1bec342b8199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828917", "to_ids": true, "type": "sha256", "uuid": "4bdafca3-6d2d-4d83-8cff-3efb3b29a030", "value": "6619a4ff7f0478f8c15fc0391651a1694afe876d25ebd07e3da08167e4f0b3d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823013", "to_ids": true, "type": "ssdeep", "uuid": "cb2fb6d0-3b27-4a50-ab51-b2b7b2701655", "value": "6144:3Rt4HabxOYM3KLIuB/g49JktEAGbeSqnEbfH8pEjvy0hl6DmuQq/rbKMhweNle0:b4HySuT7MYqYjH690h2PQ+KmwezT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823013", "to_ids": false, "type": "size-in-bytes", "uuid": "5a4c91f8-c3ee-4ac0-bd62-2c81d9e4cd65", "value": "370872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823013", "to_ids": true, "type": "vhash", "uuid": "b1d15bf7-ebe3-4539-b8ec-79e5f765163a", "value": "035046655d15713012z1800837z27z12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823013", "to_ids": true, "type": "filename", "uuid": "c8ff9d40-2935-40f3-83ef-4d2a4c00861f", "value": "Tapaoux_60AF79FB0BD2C9F33375035609C931CB.exe_" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823013", "to_ids": false, "type": "text", "uuid": "cab5dd60-6b6f-4ae2-981b-12e7c011d6a8", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506035", "uuid": "c018248a-69b9-4648-b83e-80fcaa527c8f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506035", "to_ids": true, "type": "md5", "uuid": "bfa53d09-734e-4bb7-9505-c7fc32614824", "value": "63409ddbd5316bae8e956595c81121ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828918", "to_ids": true, "type": "sha1", "uuid": "32b6383e-9c01-4ae7-920b-6367f587a935", "value": "32862db830b05659f6f2926dd8f59c604010c720", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828919", "to_ids": true, "type": "sha256", "uuid": "3e57e767-5849-4d9c-be14-e2d9c07ad4fb", "value": "fba02f3d549d99980190ef48d65b8002640cc12a134241edbe38bc04d77c9c2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823034", "to_ids": true, "type": "ssdeep", "uuid": "405aec49-660e-4784-abe1-fa79f2a052ed", "value": "192:2D9Io5WZZfFSDhNDJDP1oynVmF3NnWklmh4pjWX:2Dk5FS9NDJL1HmDEN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823034", "to_ids": false, "type": "size-in-bytes", "uuid": "ffa9f1c0-25f7-411b-b3ed-4709afc97fe4", "value": "19336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823034", "to_ids": true, "type": "vhash", "uuid": "26590db1-2e17-4b7b-af11-4ed6663f65de", "value": "014036551d1069z919fz1011z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823034", "to_ids": true, "type": "filename", "uuid": "82a70f5f-0819-41e6-9969-29bfe140dd9a", "value": "AdobeARM.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823034", "to_ids": false, "type": "text", "uuid": "93fca551-7342-4d0d-a6df-f65df27c6315", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.I\nVT Total Detection:58/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506056", "uuid": "74411a63-993c-4ba2-8dfa-5fd2f9164dfd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506056", "to_ids": true, "type": "md5", "uuid": "7920135c-310c-4316-882a-9d120ecf3a72", "value": "65460ec31dce97c456991ba5215d9c43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828920", "to_ids": true, "type": "sha1", "uuid": "c167b22f-6a30-412a-b368-20d5c072a717", "value": "bafcaaafe7c127f770fa7d501fff755deee195e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828920", "to_ids": true, "type": "sha256", "uuid": "936fa26d-3eaf-4d7b-84c2-34a6d8424e5f", "value": "932b51bb91498ff339927a6a5a47d6b815ee73dcec40133e47b9b4c6e1bbfd30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823056", "to_ids": true, "type": "ssdeep", "uuid": "4715e811-204c-48d9-9b4d-493e74ed0d19", "value": "384:3cDA4/u4UyJu76KgYncDlCy3rkGbptzIXtoi8expuPpL99G99m96MSpy:Z4G4TJbK5cDlCy3tbzziiiTUPMMP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823056", "to_ids": false, "type": "size-in-bytes", "uuid": "a14efca4-b393-4023-bf43-41b3ad36d1ab", "value": "35544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823056", "to_ids": true, "type": "vhash", "uuid": "1a19d5db-3301-482e-9b4d-8060376eb9e9", "value": "034036551d1068z1325fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823056", "to_ids": true, "type": "filename", "uuid": "c342b87c-2500-46fd-9f25-07973bf9dbb9", "value": "65460EC31DCE97C456991BA5215D9C43.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823056", "to_ids": false, "type": "text", "uuid": "f38e97a2-558f-492d-a617-a0c397767cac", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:59/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506077", "uuid": "cdb2923f-eae5-48ed-b491-b9709b3c6829", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506077", "to_ids": true, "type": "md5", "uuid": "0f2e240a-d872-4b78-81d9-11f13b138a91", "value": "686738eb5bb8027c524303751117e8a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828921", "to_ids": true, "type": "sha1", "uuid": "fcd1d757-699c-40d9-8706-032f91719b2c", "value": "ad2ebe58b0ae2322b3ca6590f617c5a8ecc7b411", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828921", "to_ids": true, "type": "sha256", "uuid": "90f7a507-0eb4-4fe1-8918-eeb8b3c673fa", "value": "d6afb2a2e7f2afe6ca150c1fade0ea87d9b18a8e77edd7784986df55a93db985", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823078", "to_ids": true, "type": "ssdeep", "uuid": "bf8a6c50-4c13-4b37-844a-59c94a21c0e7", "value": "6144:53Gcbn2gnsuwtasAlbkdIiXb8K/hYcZVnHIbNwJBBp5:JbwtasAV+xffZ5X5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823078", "to_ids": false, "type": "size-in-bytes", "uuid": "b4d9c723-4a1b-416b-8b83-861c9d5d914e", "value": "386016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823078", "to_ids": true, "type": "vhash", "uuid": "42cffa12-8297-4ac7-aaf1-e459cb3251dd", "value": "035046655d651060101001800787z17z12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823078", "to_ids": true, "type": "filename", "uuid": "a358a4a4-f6bd-4582-a678-cb18dd7a1672", "value": "VirusShare_686738eb5bb8027c524303751117e8a9.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823078", "to_ids": false, "type": "text", "uuid": "1da4c1df-c883-415d-99c7-ff8525a90dce", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:63/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506098", "uuid": "70374119-818d-4516-93ee-abf43dc4e4bb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506098", "to_ids": true, "type": "md5", "uuid": "7c8fddfd-e9d1-46bd-9c1b-cfa30dcfdb68", "value": "687b8d2112f25e330820143ede7fedce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828922", "to_ids": true, "type": "sha1", "uuid": "b35232f1-c7a7-4f15-b4b6-6349c1e2d144", "value": "33256fbd9196402e5253357f243dc13f88473e23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828922", "to_ids": true, "type": "sha256", "uuid": "b2a4499a-2306-4893-af8b-067fdf7fed94", "value": "d6d089fcbd886363cfbc23c237cab8d99d5033eff9f6a4a3eeb95e32f5b80113", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823100", "to_ids": true, "type": "ssdeep", "uuid": "cd09bce0-dc22-49eb-9469-009aafebdef5", "value": "1536:wgYPhQXwIiPrrjThO+lUBrzCxry1ec7rUyj239aum1U3zBUS:LYP2XerzhOUxu/XUtauE8zr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823100", "to_ids": false, "type": "size-in-bytes", "uuid": "921f3588-0fc2-444b-bb2d-ef7583b0ec7d", "value": "95748" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823100", "to_ids": true, "type": "vhash", "uuid": "cdbceb5e-c15d-43c0-8c08-f3db49466d75", "value": "094056655d151550a01031z800497z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823100", "to_ids": true, "type": "filename", "uuid": "866340c5-594b-4962-8f75-e8cce8079ad8", "value": "unknown" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823100", "to_ids": false, "type": "text", "uuid": "ce31356c-4042-46d1-9b3a-0144bbde5b20", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506119", "uuid": "a5da87d8-d3a4-42bd-a121-dc28e8fec89d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506119", "to_ids": true, "type": "md5", "uuid": "7986b673-f3e8-4d07-a2b9-260a18a55098", "value": "68ca3d3fc4901d1af8d3adc3170af6ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828923", "to_ids": true, "type": "sha1", "uuid": "41bf65b7-0bac-4390-be30-1bd84b2801d1", "value": "619e2e48bd31c348dc569d84749805235baa6c52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828923", "to_ids": true, "type": "sha256", "uuid": "9507fe51-3aa2-4e64-99fa-765da0d8184a", "value": "3ef0261dda3dd70bee414e437391668876a2f938b9f1e4a0995319f098f905f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823124", "to_ids": true, "type": "ssdeep", "uuid": "18f01c44-2231-4bab-8017-a2ff52d336f3", "value": "768:1Dw2SRnguh73Y9ltzU5mVGBZKPyk86AO+:1DwtpJ36ltzU5csJksO+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823124", "to_ids": false, "type": "size-in-bytes", "uuid": "290da847-ac11-435f-8ea8-6734cca9a9a9", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823124", "to_ids": true, "type": "vhash", "uuid": "92972acc-b658-484b-99e8-8e528e989301", "value": "034046551d151098z11269z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823124", "to_ids": true, "type": "filename", "uuid": "9a3c3fc5-bcd7-48f7-9cd8-f2892504cb92", "value": "KernelMode.info_3ef0261dda3dd70bee414e437391668876a2f938b9f1e4a0995319f098f905f5.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823124", "to_ids": false, "type": "text", "uuid": "c9c91f04-64a2-40d4-a892-7b4c301f6ffa", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:66/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506140", "uuid": "3587dffc-3637-45c3-96d3-b16482282a5e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506140", "to_ids": true, "type": "md5", "uuid": "a48f10c6-3a13-44f2-bcb3-ea74a3bddf3a", "value": "697e77c5ef4cf91d5a84b0b3f0617887", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828925", "to_ids": true, "type": "sha1", "uuid": "ecffb1bd-9dd9-48dd-a221-8eec7f27b8b1", "value": "61945336a72c310424c8d747869ac8e87ce12db6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828925", "to_ids": true, "type": "sha256", "uuid": "72e4c4a5-f324-4d5c-9495-40b6c8ca8adb", "value": "f6d4536a93871f06586841397df7d819baf520f2ba026dcbe4a48be62763d65f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823147", "to_ids": true, "type": "ssdeep", "uuid": "fad58b44-e469-4080-8f58-cd4d094ecce8", "value": "768:Udvl5FCPZePNu7b0ByrnKhf7TLms4QiRejlyGlQG:ON5EgNu1kDTLmsbVlH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823147", "to_ids": false, "type": "size-in-bytes", "uuid": "52796907-41b8-49a8-8082-05e859c48df2", "value": "37256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823147", "to_ids": true, "type": "vhash", "uuid": "b21ce748-a615-4848-bb58-a7fc8bee920b", "value": "034046655d151038z39bz33z1011z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823147", "to_ids": true, "type": "filename", "uuid": "bdc92390-c469-46a1-bfea-ce8833de8214", "value": "697E77C5EF4CF91D5A84B0B3F0617887.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823147", "to_ids": false, "type": "text", "uuid": "0bb20559-6dc9-4ff6-be92-e5efe03d8584", "value": "Type Description: Win32 EXE\n\nMicrosoft: Worm:Win32/Autorun.AET\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506161", "uuid": "7ec4d4de-97d7-4f71-a7e4-787283c49413", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506161", "to_ids": true, "type": "md5", "uuid": "c104ef00-93d1-4c23-8d61-016d246ef928", "value": "6a37ba1bac5fb990fbd1c34effcb0b9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828926", "to_ids": true, "type": "sha1", "uuid": "224ae0c3-d5d4-4f35-80bc-d1de767d77c4", "value": "caff3dc964be354a21dffe1e99d1a6eb2c9e5a01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828926", "to_ids": true, "type": "sha256", "uuid": "0036a951-158e-45f3-8584-dec9e5312b99", "value": "3f449e019ea9c1f6f4824b677fd94d4ecc7b8777836c8b2afebdfb64f001e5d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823170", "to_ids": true, "type": "ssdeep", "uuid": "bbb7a503-be11-4a64-bf67-92a895e87225", "value": "192:iwC8DHLkt01xvLRZ5OTstkpf9FjOtGBFS8kEUoynuec5rYQNnWnSkyxM:ZEmTzoTNjOiFS8kh0ecVYOMSpC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823170", "to_ids": false, "type": "size-in-bytes", "uuid": "a8358aab-0537-4a9b-9609-f32caeffdffc", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823170", "to_ids": true, "type": "vhash", "uuid": "b9a93154-d4f9-4369-82f3-6b9e488bed71", "value": "024036551d1079zd1efz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823170", "to_ids": true, "type": "filename", "uuid": "ac4c4f96-e4dd-4625-9cb1-05c37494a3f2", "value": "msieckc.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823170", "to_ids": false, "type": "text", "uuid": "123c504c-4fd9-4ca8-b7c8-662a53444320", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.C\nVT Total Detection:66/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506182", "uuid": "269a0249-44c1-4d1a-80a1-bf7b9a51ca07", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506182", "to_ids": true, "type": "md5", "uuid": "f9e2dc80-b6d7-4d1c-b315-f821304bf209", "value": "6bb1a12416c92f5ef12947e2dc5748f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828927", "to_ids": true, "type": "sha1", "uuid": "26896c49-8d74-4b05-a550-e2c01a439355", "value": "0d55b66b0416ff1093187d9a68724b80c72ed88d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828927", "to_ids": true, "type": "sha256", "uuid": "dab3ce8a-b6d4-40f2-82ca-161405d79baf", "value": "f7d1ce7807bda75a7198f3e918e73fa984d7d309d4107740899d58840eedeb88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823192", "to_ids": true, "type": "ssdeep", "uuid": "16a9d0ed-eb9a-45ef-af65-4948b91b85bf", "value": "24576:k84C9qYueZJGPknSa9R3w+w2QUphaxibg:x4OxNbSazw+wH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823192", "to_ids": false, "type": "size-in-bytes", "uuid": "315744ea-55b9-44eb-b16e-58894925afdb", "value": "1032240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823192", "to_ids": true, "type": "vhash", "uuid": "587ece4a-fd14-48f6-875e-3b76ef519912", "value": "016056551d157f17z6002bhz12z1b3z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823192", "to_ids": true, "type": "filename", "uuid": "7d419793-0799-4f4a-b32e-e50f37b24c20", "value": "Intro,exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823192", "to_ids": false, "type": "text", "uuid": "59cd7f7b-04b7-45db-8539-915623fc864d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506203", "uuid": "decd010e-dee8-4db4-9475-e12144f3c9ce", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506203", "to_ids": true, "type": "md5", "uuid": "959433aa-f4c7-4898-a4fb-734bba1bf3de", "value": "6de1b481ae52fbacd7db84789a081b74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828928", "to_ids": true, "type": "sha1", "uuid": "ad9693b7-d92d-4977-884d-e8d5274edcc4", "value": "d5859d3f88287dab56b848acc0ec39a80922d40f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828929", "to_ids": true, "type": "sha256", "uuid": "393642d9-3cfd-4e7d-957e-a8981380f848", "value": "e551b11266a2734c8dba4d72224185ae728fa372b90a4e736bd49d2f0b52822b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823241", "to_ids": true, "type": "ssdeep", "uuid": "ffba9b03-d2a4-4afc-8a19-d37223c0e75d", "value": "3072:hto8w0TtUEa0druQHzV4cLdPqt5Qn50sEgZ/DiFmPqtQWN5i0:h6UtUENtTbn50sEaricPk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823241", "to_ids": false, "type": "size-in-bytes", "uuid": "be1c036d-f4d8-4894-8d24-0d8945f379f6", "value": "188576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823241", "to_ids": true, "type": "vhash", "uuid": "ecf1fac7-9dc5-428d-949a-adfc061c2125", "value": "015046655d157068z65hz13zc5z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823241", "to_ids": true, "type": "filename", "uuid": "48acc3c7-ac04-472a-b036-d240efad0a58", "value": "Explorer System Checker" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823241", "to_ids": false, "type": "text", "uuid": "a0207c64-18b9-414e-b3d3-2bf1295b39be", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Occamy.CE5\nVT Total Detection:56/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506224", "uuid": "40a6830a-5578-4173-be7c-f04f6c3b317d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506224", "to_ids": true, "type": "md5", "uuid": "6539c802-bfe4-476e-a3ea-7cea801ca9d0", "value": "6f1a828a2490099a3ce9f873823cce7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828930", "to_ids": true, "type": "sha1", "uuid": "43490750-6fb3-490d-88b0-26c9fec63056", "value": "430a44d58d7865e58ffad118ede1d9a27053cd02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828930", "to_ids": true, "type": "sha256", "uuid": "60dfeecc-7845-464d-86aa-708c6f86dc1f", "value": "6d6d550d6415fc64c4dc7c68655cced8ece6b911e3117646214ca3a2fdf6ca5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823263", "to_ids": true, "type": "ssdeep", "uuid": "883de161-c14f-41d0-93d2-94d9bacac3e8", "value": "384:CrrMGbp6ySJ6AJ0DD3w+gIyYByC+dJOw4qLxz/xkPD8Yp:CrFbidJ0DDhgIySyC0Owh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823263", "to_ids": false, "type": "size-in-bytes", "uuid": "78be02d4-9378-44a3-9a29-61498c7c1b3d", "value": "26112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823263", "to_ids": true, "type": "vhash", "uuid": "13227af4-9cf6-4137-9c76-c32fa18778fd", "value": "024046651d151088z102gz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823263", "to_ids": true, "type": "filename", "uuid": "b90f9e0b-5abf-4704-9447-d82ecea7911a", "value": "KernelMode.info_6d6d550d6415fc64c4dc7c68655cced8ece6b911e3117646214ca3a2fdf6ca5e.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823263", "to_ids": false, "type": "text", "uuid": "4597934e-d980-41f8-a272-1c4c0319d049", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506245", "uuid": "9779fe0f-cdeb-4a30-819a-b25197abfa92", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506245", "to_ids": true, "type": "md5", "uuid": "b98efcb8-65e8-4d58-a176-a0602b4c4573", "value": "70a0412d19d55bcab72e76c984694215", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828931", "to_ids": true, "type": "sha1", "uuid": "e15bb103-b0c7-4064-b258-6d31daa78ac5", "value": "e9e1e63efd8733c2aef3393cdfd1d56626518b59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828931", "to_ids": true, "type": "sha256", "uuid": "02c47dbf-fb88-40c8-bdf9-063fd18d58ff", "value": "bc4f8d16f065f3683ca9677247a1024f543596d9d555ce2e544447e5c0c15be2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823288", "to_ids": true, "type": "ssdeep", "uuid": "e6b4e7dc-1fae-4729-a699-f6915aa659b5", "value": "3072:tlwjWjc2cjAAeCF9dSFLK6ry34cC0IT+ydd1KTCqlDkT3uaNT7P37mCUhQsWyCUD:/wZ7AAeCFzQe6Z0IZdbqeT+YT7P3KhQu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823288", "to_ids": false, "type": "size-in-bytes", "uuid": "e6fb53c4-e8d0-4785-90ba-c587c3551f39", "value": "188064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823288", "to_ids": true, "type": "vhash", "uuid": "9cc5f76c-8379-4ecc-8a46-41a72c2ad2e0", "value": "015046655d157088z69hz1011zc1z11z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823288", "to_ids": true, "type": "filename", "uuid": "bf5a4cc1-8879-4c75-80f3-9b0cf174e7fd", "value": "Explorer System Checker" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823288", "to_ids": false, "type": "text", "uuid": "8c5082e2-9be9-444a-b676-384a6e026cf1", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506266", "uuid": "83746db9-7f49-47d5-9d2d-f9b837b8dc9d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506266", "to_ids": true, "type": "md5", "uuid": "e95934ab-3f8d-4096-a426-3542ff269b7d", "value": "72869fc63d0ba875dfc539d2bcd48e4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828932", "to_ids": true, "type": "sha1", "uuid": "4ca505c6-22ed-4e34-9413-41208a508586", "value": "674fadf885a56bb6aed2c68e1602eb9bd25b5fe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828932", "to_ids": true, "type": "sha256", "uuid": "0e0381ed-8a70-4b16-be3d-696a51615afa", "value": "094bf3f13ab27384b217aa2013cd555cfe297ffcc4fb2fec58016051cfa7dfaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823313", "to_ids": true, "type": "ssdeep", "uuid": "ac0666a1-e529-4b57-a713-7b4e1968fd51", "value": "1536:w5pAVo+hbpGzyP3Tkgyf6cdbkQu2+om7QlUI8FQ+r:o03R4zRlDTm7QlUI8FFr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823313", "to_ids": false, "type": "size-in-bytes", "uuid": "de4371b5-41c0-4a42-b924-b9c74881d0a1", "value": "88496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823313", "to_ids": true, "type": "vhash", "uuid": "dcea3a9c-e013-4ce0-8c86-fb6d456be5a4", "value": "084046651d151058z5fjz11z31z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823313", "to_ids": true, "type": "filename", "uuid": "cd20af80-aefc-4169-8710-6ebacb241ebe", "value": "FirstSp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823313", "to_ids": false, "type": "text", "uuid": "4c0f6b8c-1002-48ed-8b17-8453ea85b3e6", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Ypdl.B\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506287", "uuid": "704518b0-7b3a-4672-a401-d9b4c3727e73", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506287", "to_ids": true, "type": "md5", "uuid": "1b6096cb-de4c-4777-aa00-c41a796e4408", "value": "74d403244db05f7c294ca0777a9f7a9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828933", "to_ids": true, "type": "sha1", "uuid": "40fcb590-0c08-4a7d-8b22-595771a5f3b3", "value": "1a67d805ffb51c8bb1f86f8847fdbc7db5e09df2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828934", "to_ids": true, "type": "sha256", "uuid": "606add83-2ed1-4796-be54-da10e74377e1", "value": "4e0ff655fef261629efe30a79daf07c718f526b9e7cd23f9ba01f9c94f554064", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823343", "to_ids": true, "type": "ssdeep", "uuid": "497fd2f5-8d89-42d7-a6ee-ccfbfae22652", "value": "768:Tq6/Th5n2lRKRpiF30h+unYVXopE921rU+mgmqMN:O6/15nfW0hlrUWmB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823343", "to_ids": false, "type": "size-in-bytes", "uuid": "c682ddf5-ada7-44c1-89fa-9052bf95a7c3", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823343", "to_ids": true, "type": "vhash", "uuid": "615eefaf-d1c1-417e-bb9b-6166037374d3", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823343", "to_ids": true, "type": "filename", "uuid": "de331654-da8b-4d0f-86f7-975682805423", "value": "KernelMode.info_4e0ff655fef261629efe30a79daf07c718f526b9e7cd23f9ba01f9c94f554064.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823343", "to_ids": false, "type": "text", "uuid": "ff07c75e-9351-40de-be8f-c6244bf2c647", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506308", "uuid": "d7476752-e15f-40a5-82ea-9e6c72b25773", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506308", "to_ids": true, "type": "md5", "uuid": "2354ec5f-1050-4dae-a724-e64efcd4f397", "value": "76dd289fa3dd8f36972593a006b771cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828935", "to_ids": true, "type": "sha1", "uuid": "f7c78aaa-01c6-4a51-b893-be2999c2219c", "value": "0a0a50f2428f860b01c07af1a604f9887e650b69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828935", "to_ids": true, "type": "sha256", "uuid": "be475552-d5d4-4f83-a2c2-263632b6fd77", "value": "0b269bdd4c2d11ce0cd050bddf8f6ff618126c2b531e8ad3ab36ecc1a88d8162", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823366", "to_ids": true, "type": "ssdeep", "uuid": "565e2108-325c-40a5-8f24-5174328ba1ea", "value": "384:PpCq2sRSIwPYy8CBGDxjtgeciyk+rE6gReLxto/xkPD8YpjlfRlP:Ppj2sRSIkYyhGNjSepykD6gE8srd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823366", "to_ids": false, "type": "size-in-bytes", "uuid": "cdc24e9b-5f3e-4acf-8b90-9a75924f4163", "value": "39552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823366", "to_ids": true, "type": "vhash", "uuid": "c84f6827-95b9-4b2f-9c90-724bd45b2d3c", "value": "034046551d1510a8z11259z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823366", "to_ids": true, "type": "filename", "uuid": "6d729dec-be14-4555-bac2-8194a7af843e", "value": "KernelMode.info_0b269bdd4c2d11ce0cd050bddf8f6ff618126c2b531e8ad3ab36ecc1a88d8162.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823366", "to_ids": false, "type": "text", "uuid": "8737df54-bd1b-4f7e-b6a8-5af21f4b83bb", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506331", "uuid": "509d4bcb-5a2c-4134-849f-9150c46f1a37", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506331", "to_ids": true, "type": "md5", "uuid": "37954014-bd71-4ed2-a8f3-7fb150c28b1c", "value": "77669d11c3248a6553d3c15cd1d8a60e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828936", "to_ids": true, "type": "sha1", "uuid": "63c384a1-3e26-4b6d-9b24-5bc5efb722c0", "value": "880947995d46e5528c423153d8b644c41bd0ad6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828936", "to_ids": true, "type": "sha256", "uuid": "5a2a2742-ac02-422e-b4c7-95b2512657f5", "value": "3f7c3bd8619fcbf81d21b9cc259dcdf857c4570065315934de497b88bca06708", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823389", "to_ids": true, "type": "ssdeep", "uuid": "6a6f1972-fb2a-4b13-8ca1-f1717ed472b7", "value": "6144:xDPl2LAAvkKTirsQ41cHreVXIa7VDfb8uAu/I/:CbqsQN4XIa7VDfb8uAu/I/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823389", "to_ids": false, "type": "size-in-bytes", "uuid": "8fba78fd-d8c3-4da3-b4b9-50e835f33005", "value": "490376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823389", "to_ids": true, "type": "vhash", "uuid": "c5e425d9-921e-4caf-8c62-b8b932b1dc81", "value": "045046655d151081z1001700869z3015z40057fz" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823389", "to_ids": false, "type": "text", "uuid": "a2e73dcc-9747-4e23-b1f6-ee6517df5088", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:56/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506352", "uuid": "35b4dfbf-d337-4662-9f5e-0f0cb14dff2f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506352", "to_ids": true, "type": "md5", "uuid": "e653fa18-106b-4424-bd7e-9e4e9f4a8b5a", "value": "7bab3a69ab65b90e47d5cc0724531914", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828937", "to_ids": true, "type": "sha1", "uuid": "5f633699-beb7-4ac6-9c27-09c8c914a698", "value": "fde3ebd96c0a317b656404d1b5fe4d7c453eb49c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828937", "to_ids": true, "type": "sha256", "uuid": "5ab57856-73ae-4089-bd4e-9c057a3a9923", "value": "e921ab8160709c855161070ac6f2143d32893261ffae0f3b7bcbf52a0bc1fb32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823411", "to_ids": true, "type": "ssdeep", "uuid": "f891d9ab-0a76-4aa1-8def-1525a76c79f8", "value": "1536:/LUBZ37C+sASQIPdhf9VUk5LWuAxi8EcmrwfItmLZPnj53PA7/V:zUBZ36A3AhfmuJewyPnNPud" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823411", "to_ids": false, "type": "size-in-bytes", "uuid": "d495b535-2a44-49d3-92b9-85b9e45185c4", "value": "99152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823411", "to_ids": true, "type": "vhash", "uuid": "49a0ccea-1758-49e1-bbdd-53542ec389ca", "value": "094056655d151550a01031z800457z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823411", "to_ids": true, "type": "filename", "uuid": "8fc23dc0-4b09-4898-bd0c-20f050e6be8c", "value": "KernelMode.info_e921ab8160709c855161070ac6f2143d32893261ffae0f3b7bcbf52a0bc1fb32.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823411", "to_ids": false, "type": "text", "uuid": "ec401a79-cf8d-482c-9362-9a6106312256", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506373", "uuid": "348f66c6-1813-4d7c-8676-e150eacf0174", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506373", "to_ids": true, "type": "md5", "uuid": "24f31014-8553-4766-88f0-cd530fd3fff7", "value": "7c2eeda3bb66b2c29aa425ba74c780c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828938", "to_ids": true, "type": "sha1", "uuid": "f94765f8-0199-4439-bac2-00922422b239", "value": "2b48e88f23f8a29efe38454013ce8b6c991497db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828938", "to_ids": true, "type": "sha256", "uuid": "7268d7ec-cdf4-42e5-9f8e-ef7995309d07", "value": "ec48b5ff11d77e9358bd4d8a93f79e4cc333dd953846ee5b670c59d7405eddfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823433", "to_ids": true, "type": "ssdeep", "uuid": "a70bdcca-862f-4682-a18b-46f3f6bd1452", "value": "3:It1MbHwcy/9RT3UaJjZBOhI9dVLArv:e1MDETUaJzOhIJ0rv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823433", "to_ids": false, "type": "size-in-bytes", "uuid": "997855fa-eb73-4a45-b7d6-9c83a5e76819", "value": "119" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823433", "to_ids": true, "type": "vhash", "uuid": "f11cd78b-5f29-4952-bf0f-9e900855cf08", "value": "7596fdd04dba990373ab2f3da0c7dd3f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823433", "to_ids": true, "type": "filename", "uuid": "1ce975dc-c609-4729-b3b0-f343a2bc8d3a", "value": "rstimgr.inf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823433", "to_ids": false, "type": "text", "uuid": "4c584b47-1a26-46bd-9d8a-5d6a8faef416", "value": "Type Description: INI\n\nMicrosoft: None\nVT Total Detection:7/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506394", "uuid": "9aa10166-eed8-41b8-a25f-61cfd27d87dc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506394", "to_ids": true, "type": "md5", "uuid": "df21e1da-6c0d-40be-a9ef-8b404bb1850a", "value": "7d304a9cdcda75b1cb9537618f5ed398", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828939", "to_ids": true, "type": "sha1", "uuid": "4f57f9ad-acfa-44f2-914a-acbf7fd6d1e8", "value": "a0a5a1f66ae74444b83ea562849c875abe5e4c08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828940", "to_ids": true, "type": "sha256", "uuid": "fee7ac28-0dc4-40c6-bed9-da0ec404aa6a", "value": "1c474ab0817b7cd9dc1f4efa6cc7f32e513f6f47e29c5573b4f5633e20248710", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823458", "to_ids": true, "type": "ssdeep", "uuid": "33d06408-9101-4a63-88a6-680f5db93909", "value": "24576:imavPHbHV2j20MT44Z2dQLVhfJ+AcsOk6DZGrhZec5Yax+5dH8q2QbZAf:imoPHbHV2j20E4WuYR+AchzDZGlZec5p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823458", "to_ids": false, "type": "size-in-bytes", "uuid": "086cf011-85cc-4774-bfbd-ae8e7c8588e7", "value": "1071946" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823458", "to_ids": true, "type": "vhash", "uuid": "b4c2b90d-3da4-424c-8209-76d1eba31be6", "value": "016056651d155f10e070700520095hz62zb8fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823458", "to_ids": true, "type": "filename", "uuid": "ff89f4b5-f87d-4077-9838-0dfde5687646", "value": "STIRLING.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823458", "to_ids": false, "type": "text", "uuid": "82de8781-8cad-4932-a739-2419f3ebb047", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506415", "uuid": "f5b2a586-d6e6-4c0d-9d52-8a7e9a88cf28", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506415", "to_ids": true, "type": "md5", "uuid": "b842c51b-e88f-41fc-a43b-62bb6d8823cd", "value": "804dceb3fa2b9bcf65595109b9465bbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828941", "to_ids": true, "type": "sha1", "uuid": "94919a84-de12-4c2f-9bb5-6e1a1fccb625", "value": "6aad7b72fbf14b662d1717b0176bd11989f9fcd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828941", "to_ids": true, "type": "sha256", "uuid": "ba7de40f-caec-4702-bd4f-5f74f458f807", "value": "f33e87ebc24cf366b459daacba87b9dde9ea35c3c1fc83f30bdf98e1b7c647e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823480", "to_ids": true, "type": "ssdeep", "uuid": "4b8e50db-24ec-4f27-b88e-80c25fdbef7f", "value": "3072:/hHrC+oLYhOE/zdJTbrYpXUJ8/eVubxVDB:/Nr/ochd/zdJTbrQUu/TbN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823480", "to_ids": false, "type": "size-in-bytes", "uuid": "68e53fa2-2b04-4ac5-a90c-d203a91a3892", "value": "110600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823480", "to_ids": true, "type": "vhash", "uuid": "8abe3406-6c81-45ca-ad26-2bd5f1824dcc", "value": "015056655d151550a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823480", "to_ids": true, "type": "filename", "uuid": "a24ac0a3-5e4f-47bb-aa6e-12c6defd32b1", "value": "winmsgr.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823480", "to_ids": false, "type": "text", "uuid": "3a8b42e8-c1fc-4553-84b7-6b09dad6516a", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:57/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506436", "uuid": "0bf62562-2d34-4489-93f4-806b70ea862b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506436", "to_ids": true, "type": "md5", "uuid": "ddf91e5b-63f2-424d-9a44-77a9a56dd38f", "value": "82ab0b8246c6677f9866b17794b72e2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828942", "to_ids": true, "type": "sha1", "uuid": "004f807c-c8e5-4400-9868-2e3078c269e0", "value": "8789d9f98ecb9cf93e121c78bf84dd0f07b4de1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828942", "to_ids": true, "type": "sha256", "uuid": "c58a6a72-ef32-470b-bee7-fa099460e8e5", "value": "ab478166ea93e9dac3e37a9ad7457aa58249046003238e3b3bc5b9b45b09d7a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823502", "to_ids": true, "type": "ssdeep", "uuid": "562b82cf-69f8-4824-888e-8326c02eb2bc", "value": "98304:vP5j4ZqizgLr7GU7icN03jufRErFNphA1N6D4P7OkmIy5TN93U7cUfrOWixbving:vP58ZqiYX03TdcDqTNBU7LfrUVig" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823502", "to_ids": false, "type": "size-in-bytes", "uuid": "6d67ce17-f8f5-4479-991b-5dac45e1c318", "value": "6615040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823502", "to_ids": true, "type": "vhash", "uuid": "46d452e5-e8ee-4861-90ae-a778019bb691", "value": "066046651d157az3ehz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823502", "to_ids": true, "type": "filename", "uuid": "e5c073f7-f09c-48a5-a1a6-dc68216f47c9", "value": "KernelMode.info_ab478166ea93e9dac3e37a9ad7457aa58249046003238e3b3bc5b9b45b09d7a8.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823502", "to_ids": false, "type": "text", "uuid": "1e506a7c-d8d2-47d7-a21d-604f448a2d84", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506458", "uuid": "d5dfe716-cdb2-40fc-9be9-7e3cd7c18db0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506458", "to_ids": true, "type": "md5", "uuid": "31ee32ff-5a25-43c9-b970-8ee4842cc79a", "value": "864cd4a59215a7db2740dfbe4a648053", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828943", "to_ids": true, "type": "sha1", "uuid": "e65bc409-587f-46af-8fba-fc8757b83346", "value": "3670e86d024ccecc39c2a237d550b2ce7e7d95b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828943", "to_ids": true, "type": "sha256", "uuid": "920e68d1-1d7b-4945-a8bd-789df9b19d8b", "value": "a6dde34a97c90c12400c1db92ea43b291a4736670324067f7a0b0c5c6a77000b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823525", "to_ids": true, "type": "ssdeep", "uuid": "277393ad-8840-41b0-abce-9cf161ce36be", "value": "12288:InF7cdfklJ1GQ4FYe71Wb+zKaFGns43/K:InF7Yfkl2VYeZRzjFGnsd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823525", "to_ids": false, "type": "size-in-bytes", "uuid": "9be076ba-ba80-4300-a079-b409349acb4e", "value": "465624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823525", "to_ids": true, "type": "vhash", "uuid": "cd524d69-dd0d-4c99-969e-6cb6884f6b64", "value": "045036655d5163z12z747z301033z2011zb1z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823525", "to_ids": true, "type": "filename", "uuid": "34625651-c0dd-4c7e-a248-76ba9f1c9f93", "value": "DmaUp3.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823525", "to_ids": false, "type": "text", "uuid": "db645fd9-c218-4d84-a520-86b1e8b33b2f", "value": "Type Description: Win32 EXE\n\nMicrosoft: PWS:Win32/Nemim.A\nVT Total Detection:59/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506480", "uuid": "be014754-dd43-4a98-bf5b-fe2c47421be2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506480", "to_ids": true, "type": "md5", "uuid": "a10aabf5-1b41-44b1-9c00-b59819d93bee", "value": "86b18e99072ba72d5d36bce9a00fc052", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828944", "to_ids": true, "type": "sha1", "uuid": "ab3a1aef-68c4-4c7f-8400-dee110f1609f", "value": "8ddcccc4a6639d7df439084eca629ffedbaab223", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828944", "to_ids": true, "type": "sha256", "uuid": "663d6455-e205-4dc7-9800-3eca8e9c4811", "value": "35126db85bbd6a57eb4d2eb79ead123bb9057845af862ca63cfd5748b3eaeb64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823549", "to_ids": true, "type": "ssdeep", "uuid": "2b549519-0b76-410f-a9d6-d80ac0cfaaa2", "value": "768:7Pjr0nXIa7VDh4mO4Aa8uAu/fhtRyYrH8:z0nXIa7VDhm4b8uAu/fh/yY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823549", "to_ids": false, "type": "size-in-bytes", "uuid": "45c3ad4a-c907-4067-ba19-f2213eee47c8", "value": "301824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823549", "to_ids": true, "type": "vhash", "uuid": "5c5d1c3e-a697-4a9d-9360-0306a817ed5f", "value": "035056651d1e5559z56z28xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823549", "to_ids": true, "type": "filename", "uuid": "44e469f1-6a90-45f1-9d19-068454139ca4", "value": "ndiskpro.sys" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823549", "to_ids": false, "type": "text", "uuid": "c71acf44-f777-48d5-9fbd-50109192bc05", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Occamy.C35\nVT Total Detection:53/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506500", "uuid": "a59ddcea-a2ad-46dd-a3e3-a9c83329e3bc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506500", "to_ids": true, "type": "md5", "uuid": "0dbdfc62-c696-4f42-850a-b0cc01a962cf", "value": "89de19ff50dd58eda2b136b65feb3fb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828946", "to_ids": true, "type": "sha1", "uuid": "cceb3b82-8a2c-41d7-84d9-6322fc1716de", "value": "ea451b1b254853c46c4fbbe9c12851860fe1b8f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828946", "to_ids": true, "type": "sha256", "uuid": "7a900e0c-ff15-4382-9093-492fb4bb6867", "value": "c0a775eaef0c520233e32ca6ff313d895c101d55a39298f38aaf239805b0a8a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823572", "to_ids": true, "type": "ssdeep", "uuid": "1ca5ce87-75a6-4929-8cbc-44fa6c8e86ce", "value": "384:rrrMGbp1uFvePckvWPEYpAyC+dJOg4HhLxz/xkPD8Yp:rrFbWFvCckvZuAyC0OgIP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823572", "to_ids": false, "type": "size-in-bytes", "uuid": "499fe3a6-d9b7-4ea6-ba79-51aa86a7c64b", "value": "26624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823572", "to_ids": true, "type": "vhash", "uuid": "1e3dd03a-99d3-4d52-9f76-4008ad79e5a9", "value": "024046651d151088z1021fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823572", "to_ids": true, "type": "filename", "uuid": "34f76382-7ef1-43aa-accd-e5f0aa01769d", "value": "PHIME2002A.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823572", "to_ids": false, "type": "text", "uuid": "2f49f6bf-890d-4abe-87e0-8f3799806b15", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:66/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506521", "uuid": "30212b27-5f4a-4b25-a7be-c58a1eb9fd08", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506521", "to_ids": true, "type": "md5", "uuid": "b67863c1-8da7-4c7c-8119-6a593e3ac387", "value": "8c01d9a2c13ebc8dc32956336a6bc4f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828947", "to_ids": true, "type": "sha1", "uuid": "adb0f131-0890-41be-8c50-a6d462e3b52d", "value": "881838df769f3573c4420e9dfc9276310d8b8af1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828947", "to_ids": true, "type": "sha256", "uuid": "d9cfe059-11bf-45fa-b600-d9de43b35f34", "value": "20cf6a9af39ec4f9d3684e862c16495c161add34a3f224714b416dfa5b1968f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823595", "to_ids": true, "type": "ssdeep", "uuid": "7c41644e-8fa1-4188-a81f-78e775019891", "value": "768:Zq6/Th5n2lRKRpiF30h+unYVXopE921rUomgmIMD:g6/15nfW0hlrUwmJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823595", "to_ids": false, "type": "size-in-bytes", "uuid": "e42a2fd4-94c8-42e6-96df-0d1f1950a4fa", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823595", "to_ids": true, "type": "vhash", "uuid": "c13e3458-2479-40b6-84f8-026fa2151807", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823595", "to_ids": true, "type": "filename", "uuid": "b35e37b3-2ab4-477f-8fea-74242e12a32b", "value": "KernelMode.info_20cf6a9af39ec4f9d3684e862c16495c161add34a3f224714b416dfa5b1968f0.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823595", "to_ids": false, "type": "text", "uuid": "ffb9be72-47d4-4702-87cd-b8385d6e58f2", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506542", "uuid": "48caa0f3-db84-4433-a47b-ed7c2c725866", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506542", "to_ids": true, "type": "md5", "uuid": "27d5bb79-83bf-4357-89c6-6f262da2230f", "value": "8f7a7d003cafa56c63e9402f553f9521", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828948", "to_ids": true, "type": "sha1", "uuid": "e9ef6f27-01ee-4394-9936-105ebf03a129", "value": "3ba5d0d7cb62f822368c71e6eea8d4d134586532", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828948", "to_ids": true, "type": "sha256", "uuid": "85d257e2-bf6e-400d-b303-cab48d412d4c", "value": "69049aac5caba2e8b4adbb47bcb6c80887ddde702e2e51f181d79b3661ac2101", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823620", "to_ids": true, "type": "ssdeep", "uuid": "c239d91b-a68a-4130-a329-407d422ffa38", "value": "384:6+aFMnwekmJInDq2uRHzKbmNARK6yWQoLxpEZ:6jekqIne2uRHzKbm2pBQOM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823620", "to_ids": false, "type": "size-in-bytes", "uuid": "6f5b9935-98c1-4a6b-87f0-1f8d4c09746b", "value": "27528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823620", "to_ids": true, "type": "vhash", "uuid": "da3579d9-a977-4ff1-9b7e-0c6aed19a643", "value": "024036551d1069ze249z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823620", "to_ids": true, "type": "filename", "uuid": "3ebb9f8e-1753-4533-b217-73f3008a6e09", "value": "KernelMode.info_69049aac5caba2e8b4adbb47bcb6c80887ddde702e2e51f181d79b3661ac2101.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823620", "to_ids": false, "type": "text", "uuid": "82e219cf-0aa7-4a5f-b842-6053bbaa374e", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:67/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506563", "uuid": "db401921-f68f-40be-97b8-9a02dc6888f8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506563", "to_ids": true, "type": "md5", "uuid": "3d376bf6-8ab5-4c3b-beb5-71292a74cc04", "value": "90f26c5c4b3c592352fcbddf41dc18aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828949", "to_ids": true, "type": "sha1", "uuid": "47f6d2f4-6b47-45c4-a107-cc495614653e", "value": "609680740cfe8f6700a355f843d924a068ec0e64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828949", "to_ids": true, "type": "sha256", "uuid": "22a78c23-be5f-4508-80d1-906edfd43b6f", "value": "cde17a9c8fae629733fdcce5cfe8f228307fb43f166116d1d9ff1e5975130f64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823642", "to_ids": true, "type": "ssdeep", "uuid": "421676d1-da7c-45d2-80a0-d652be31586a", "value": "192:D8Dl4t0bAgu9zMFhpj9fK7lLhUcmemmecSdLSsBhEUoynP0rY+TPpu7yNnWOQwLk:ACWA/9zr7lLSQecSVSWhh6Y+bpNgYwZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823642", "to_ids": false, "type": "size-in-bytes", "uuid": "c096c0fc-ad5b-4176-b9f4-1df541ed0e9b", "value": "27416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823642", "to_ids": true, "type": "vhash", "uuid": "bb429e6f-dd66-44fe-9060-080bac432fad", "value": "024046551d151079zd1efz10100111z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823642", "to_ids": true, "type": "filename", "uuid": "d72168c0-c938-4a14-910b-e8649d3eef38", "value": "KernelMode.info_cde17a9c8fae629733fdcce5cfe8f228307fb43f166116d1d9ff1e5975130f64.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823642", "to_ids": false, "type": "text", "uuid": "f9483a46-e911-4437-920b-eb1351b4984b", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:62/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506584", "uuid": "94764cd2-9a85-4dea-8270-ab38a2b86c41", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506584", "to_ids": true, "type": "md5", "uuid": "a55d0b6e-12ed-4686-9c25-d1e56b4ef907", "value": "910a1f150a5de21f377cf771ed53261f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828950", "to_ids": true, "type": "sha1", "uuid": "da682c2f-1b25-41e5-ac2e-8a963154b84a", "value": "4de91af905e1fac223c3594f3fca6d67a985d777", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828951", "to_ids": true, "type": "sha256", "uuid": "a94fa3ff-6233-478c-b510-d02281e79b87", "value": "dfb116c2c4687fb27ec2c9252e9c5296708c0f201255b7abadaa68e488a60b2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823663", "to_ids": true, "type": "ssdeep", "uuid": "ef8e05c3-e899-4d93-84d1-95e8e1b6294c", "value": "3072:FOfllCXAg3NsJHHPfYfb6b8yNkXzVUej2lV:F6lCwg3NsdPQfb6b8ckXzVdjgV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823664", "to_ids": false, "type": "size-in-bytes", "uuid": "7fd9db5c-03c5-4885-8193-1ed8ba233d7c", "value": "266240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823664", "to_ids": true, "type": "vhash", "uuid": "5ce30f3b-956c-4a8a-8ff2-939e50a052af", "value": "125056551d15151098z130cfz23z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823664", "to_ids": true, "type": "filename", "uuid": "fb1e8076-8073-4225-81ab-a1e5c350b841", "value": "DLL.DLL" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823664", "to_ids": false, "type": "text", "uuid": "88732ffd-6295-443c-afc1-34b67d2cdf9a", "value": "Type Description: Win32 DLL\n\nMicrosoft: TrojanDownloader:Win32/Seadido.A\nVT Total Detection:57/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506605", "uuid": "36203a49-279f-4077-8b52-6241b55e44c4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506605", "to_ids": true, "type": "md5", "uuid": "04e802b5-c855-49d6-8b25-a2952aa5fa4d", "value": "912a8c7cf1ad78cd4543bfb594c7db58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828952", "to_ids": true, "type": "sha1", "uuid": "4ad56d43-c7af-4f4d-b870-2771dc306f1d", "value": "82e4e7fb85d4f98b4255749a0f25d26961329b46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828952", "to_ids": true, "type": "sha256", "uuid": "8f2729b3-4f2e-4bde-9f04-855fd00aa7b8", "value": "ff86b21e8cc5d6540a05226695f0c5fa17a8f32b684b2b3f56fd665e9d13d2d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823685", "to_ids": true, "type": "ssdeep", "uuid": "76bc1ac2-f99c-4bb7-9763-62ed9bfccf94", "value": "3072:BZpnuNykIO5I46YRheGKrcZOo6p0f1LXtPOodqEoOos6iQ:Bjsf6YHeVr02utoOG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823685", "to_ids": false, "type": "size-in-bytes", "uuid": "c980bad2-0e5e-43f9-8b4e-9b0ebd1701ec", "value": "224136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823685", "to_ids": true, "type": "vhash", "uuid": "1714bcd0-37b6-4097-a590-4b4ef979cdc5", "value": "025046651d15104012z18006dhz22z71fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823685", "to_ids": true, "type": "filename", "uuid": "3e16b81e-c69b-48ce-821d-594b8d22325c", "value": "rusb.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823685", "to_ids": false, "type": "text", "uuid": "ec97362c-c321-44fe-8587-83c9cae3e566", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:52/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506626", "uuid": "f6b3c34b-738d-4e09-877f-dbd7fa409bf1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506626", "to_ids": true, "type": "md5", "uuid": "9ea8aee8-9485-4457-8f0f-95452308909c", "value": "9a2f2291686080a29f4c68bdc530887f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828953", "to_ids": true, "type": "sha1", "uuid": "aba2d871-aee1-493c-995a-85c1f6203265", "value": "15556175e64b886b5e4147c303b81ac8556dfdf6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828953", "to_ids": true, "type": "sha256", "uuid": "57f7a361-7817-45fe-a66a-85f415a4e47d", "value": "5ceb1dc5c65ab300286b24856d976129e98cfd96d99138214614161c5ea7061b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823707", "to_ids": true, "type": "ssdeep", "uuid": "cd24e176-f609-4a1c-bd93-9799fe0adccf", "value": "768:oq6/Th5n2lRKRpiF30h+unYVXopE921rUBmgmzMv:X6/15nfW0hlrU1ms" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823707", "to_ids": false, "type": "size-in-bytes", "uuid": "a226f21e-fca8-4b9b-aa1c-5d6baa822b94", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823707", "to_ids": true, "type": "vhash", "uuid": "8472bdfa-9a05-40b8-9b23-68459a92d528", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823707", "to_ids": true, "type": "filename", "uuid": "8df40f5a-2814-4880-8cd2-9704a9461ed0", "value": "KernelMode.info_5ceb1dc5c65ab300286b24856d976129e98cfd96d99138214614161c5ea7061b.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823707", "to_ids": false, "type": "text", "uuid": "7255577e-27e8-4eaf-8e26-874f5a09e671", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506647", "uuid": "008f8015-fa28-4996-9218-f126630c556b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506647", "to_ids": true, "type": "md5", "uuid": "6734e2d7-677b-437c-9603-ba67c6c68e73", "value": "9bc355cbb5473f4f248f3e2be028ec0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828954", "to_ids": true, "type": "sha1", "uuid": "0b17614f-2996-40d8-9cd8-7e0d65c6f63a", "value": "561bcf75b693b2c2610533f6faabb6a063da61b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828954", "to_ids": true, "type": "sha256", "uuid": "94d0564a-f2fe-401c-9d48-92777fd4360c", "value": "e3cb14970160faf8181481af8c7d830f31b91d4a7ea95bb2891fbfccb6e43a87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823729", "to_ids": true, "type": "ssdeep", "uuid": "423ec7b9-a2ea-42e2-ba80-cfcf084b12b1", "value": "49152:Dqad8sRFiyRyBmN6+x4ECtCuof50dirzaA2avFSZck+ODCVoqcgdwOyjz1L:DF8sRFiyRyBmJeE+S50dirzaA2a9yDCI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823729", "to_ids": false, "type": "size-in-bytes", "uuid": "33d9be0d-10d3-46a4-a54c-9f62518f9654", "value": "2235904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823729", "to_ids": true, "type": "vhash", "uuid": "5971a0f5-fd28-4ed5-aeed-81a7370bd506", "value": "026056655d656550c0201006100a7z210e5za0700e2z8019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823729", "to_ids": true, "type": "filename", "uuid": "e6ba05f9-bab7-4031-a531-b7b681f8a7a7", "value": "Catch.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823729", "to_ids": false, "type": "text", "uuid": "576f4d2d-42c1-4a4b-a519-0bad8993f86e", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.D\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506668", "uuid": "aac9bb39-3fb1-45a9-97ba-d3c733b491f4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506668", "to_ids": true, "type": "md5", "uuid": "cb56721c-eed1-4ef6-932a-38174ffebede", "value": "9c5cd8f4a5988acae6c2e2dce563446a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828955", "to_ids": true, "type": "sha1", "uuid": "aa2da349-0857-46c5-9a0e-19cea5c08395", "value": "18272cf888d8779d466901864537b732f842c351", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828955", "to_ids": true, "type": "sha256", "uuid": "05e23ab2-af44-49f0-8e41-d4ac67f5be95", "value": "d55aa45223606db795d29ab9e341c1c703e5a2e26bd98402779f52b6c2e9da2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823750", "to_ids": true, "type": "ssdeep", "uuid": "9ac97cb2-2444-4040-b225-ee05f21bb02d", "value": "12288:KSgEI13mS1AjMSgEI13mS1Ajgm9hJrRiI9q:2BhBE9hKIA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823750", "to_ids": false, "type": "size-in-bytes", "uuid": "e572e0db-ed88-4a47-8149-ed3ff01da565", "value": "763188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823750", "to_ids": true, "type": "vhash", "uuid": "6f7134e3-6ea9-4f61-b69e-4455840839d0", "value": "91505eafa2ae97fb4ff7506293a0b0b09" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823750", "to_ids": true, "type": "filename", "uuid": "01ed3fe1-acad-4653-90fb-26f20a94f0cb", "value": "one.pdf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823750", "to_ids": false, "type": "text", "uuid": "4d37110a-5d0b-423b-8943-f4d64157b4cb", "value": "Type Description: PDF\n\nMicrosoft: Exploit:Win32/Pdfjsc.HQ\nVT Total Detection:43/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506690", "uuid": "ef9cb0fc-60bd-470d-904e-102f4bd401b0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506690", "to_ids": true, "type": "md5", "uuid": "4005821b-5e91-426f-bcb3-f08cdeca5bee", "value": "9eeae870f22350694eb2e7a4852dbb7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828956", "to_ids": true, "type": "sha1", "uuid": "cc50508c-2e96-4e10-80cb-42b66765892c", "value": "85ab7b97621037f52b8ec4bb583982a69c0ac965", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828957", "to_ids": true, "type": "sha256", "uuid": "1f3049f6-38cd-4354-b52d-d4660e7daf43", "value": "ecaa720616f3a2ebaa138c50e2ee086f1a6380b5bd87603c5af4c9f1666c70a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823792", "to_ids": true, "type": "ssdeep", "uuid": "e019baad-9710-43ed-bb42-c13db0fdf6b4", "value": "6144:gFOfcBJMpQQaU7FE7PbVGJ+pujZGNyI99rRng:a6cipnaHleoNyWvg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823792", "to_ids": false, "type": "size-in-bytes", "uuid": "07852058-9f3e-4882-9466-e2ba8bb9427a", "value": "197056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823792", "to_ids": true, "type": "vhash", "uuid": "0986d487-f6ee-4e30-b56a-cccef72ff9ca", "value": "015056655d15751088z68hz1011zc1z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823792", "to_ids": true, "type": "filename", "uuid": "fab9b51e-e3ed-4e9e-bbcb-86a368cab6c9", "value": "Windows Service" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823792", "to_ids": false, "type": "text", "uuid": "a550fc6d-6fb5-4ead-ab9f-213d4364812c", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Ypdl.B\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506710", "uuid": "a55889bd-dc59-4074-995d-1d46bc965c36", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506710", "to_ids": true, "type": "md5", "uuid": "763c13bb-ca6a-4666-b666-ed9faeb0c71b", "value": "9f08b8182c987181fe3f3906f7463eac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828958", "to_ids": true, "type": "sha1", "uuid": "b52df76d-a3e1-4130-b82e-865f138a6d5c", "value": "bb0d7c530c7d975e8f3e46b822bf69a4adde1330", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828958", "to_ids": true, "type": "sha256", "uuid": "75135b87-b64f-4f90-92cd-3b2e81e99645", "value": "0212dcdfedef5dcc18c5d1fee5eb8fb2f7d0a12343326c3bc87f159045b791e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823814", "to_ids": true, "type": "ssdeep", "uuid": "165a38b0-2085-42e7-ad46-641214db5fb2", "value": "3072:sdBGryL0ze0g7G8Yd+Qrpn34uQTkuyDItBunK8nFnmbDCnP16zX+1:aGryL0NgaZwkTIt6K84b2nP1GY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823814", "to_ids": false, "type": "size-in-bytes", "uuid": "9e450411-dbef-4857-9e7f-5aa52e1d4a04", "value": "198584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823814", "to_ids": true, "type": "vhash", "uuid": "58d1f854-af97-4f6d-8914-b9d49342c3c8", "value": "015056655d15755068z5dhz13zb5z67z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823814", "to_ids": true, "type": "filename", "uuid": "348626a4-8030-49dc-9a0c-c450031be4c3", "value": "wmisvcctrl.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823814", "to_ids": false, "type": "text", "uuid": "934d399f-ea78-4d29-9b71-3331a45aae75", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:57/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506732", "uuid": "f3d97184-f566-4a36-a081-0f914f79ab43", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506732", "to_ids": true, "type": "md5", "uuid": "ae3e7503-0446-4ee0-a720-78d99d228a2d", "value": "a49780f2da2067dd904135fad3af8a90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828959", "to_ids": true, "type": "sha1", "uuid": "cc2d84ea-53b1-42d7-9e50-4d8e1dcab5df", "value": "37f3fa6bd226838668b0ef7f34667865fb878d91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828959", "to_ids": true, "type": "sha256", "uuid": "753bbcae-1f04-4d2b-ba73-d84b99e1a971", "value": "64e0b32b094465d8c74b559a2f78254bef029dda03d9487e642febf521b580e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823856", "to_ids": true, "type": "ssdeep", "uuid": "48bcfc20-8e4a-4eb7-8119-7b40e8e7710b", "value": "192:g8DA4t0kiRl8rMlUpj9vKEkLEr/YpFwiXgiXyecSdmJSsBhEUoynP0rY+TPpuzNz:T1riv8rY54/64ecS0JSWhhaY+bpaEo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823856", "to_ids": false, "type": "size-in-bytes", "uuid": "98e69afe-bd90-44d4-abda-8e38c0cb1be1", "value": "27528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823856", "to_ids": true, "type": "vhash", "uuid": "f62c4d86-0c7c-4d73-9173-1d6e0db4d0a3", "value": "024046551d151079zd1efz10100141z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823856", "to_ids": true, "type": "filename", "uuid": "24c32607-cf65-4b54-be34-9d318fea9dc6", "value": "KernelMode.info_64e0b32b094465d8c74b559a2f78254bef029dda03d9487e642febf521b580e5.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823856", "to_ids": false, "type": "text", "uuid": "d673cba6-791b-4a75-97c4-20e65c337f20", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Roficor.A\nVT Total Detection:66/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506753", "uuid": "f3679a34-38f3-439e-9287-96464f86c2eb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506753", "to_ids": true, "type": "md5", "uuid": "e19ac55e-4f25-4ddc-87db-dfaa39c92ec9", "value": "a71f240abb41eb1e37ff240613d14277", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828960", "to_ids": true, "type": "sha1", "uuid": "1184ebd9-7c2a-46e2-82b9-180c20f393e4", "value": "bdb4c951c8189bb9096da0e9491abb0073c50e94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828960", "to_ids": true, "type": "sha256", "uuid": "50ad6756-41ef-477b-a653-07f45321c9d1", "value": "bc54012c61aeff939aeb4c0ab6024084bbfff8e882f31b21b897211f01a7a3d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823878", "to_ids": true, "type": "ssdeep", "uuid": "53bd3377-c7b4-48cf-bfe1-5bc9ba5f92b2", "value": "192:WnxDkyFOEMK4KTkKOjWOqvFI8RwUoynTeQBlL3mHmNnWHlmh4yWq:l7a4KTk6FI8RldeQzTVl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823878", "to_ids": false, "type": "size-in-bytes", "uuid": "9c6d6532-3edb-455e-86ea-609cd21f6115", "value": "1051528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823878", "to_ids": true, "type": "vhash", "uuid": "a6db1a64-81e6-4349-b3d8-7bfd38677642", "value": "016036551d1059zf22fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823878", "to_ids": true, "type": "filename", "uuid": "eb8ede11-a98b-4a43-b849-1d0120696ec9", "value": "msieckc.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823878", "to_ids": false, "type": "text", "uuid": "793032f6-d6c7-470b-bc0d-5bcae9bcd580", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506774", "uuid": "1715ff68-3b56-465c-bbf5-e18bbbce9155", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506774", "to_ids": true, "type": "md5", "uuid": "cf4a33b9-215a-4472-972d-82cce851c1c9", "value": "a7b226c220e1282320fca291a5100f93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828962", "to_ids": true, "type": "sha1", "uuid": "2608b8d8-225a-4b2c-ab47-f1eb8a1aca18", "value": "f274107ee34a09e08232ffbaa3fa4d6bf1e692e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828962", "to_ids": true, "type": "sha256", "uuid": "e2877680-962f-4d91-b8db-3861d278f61d", "value": "105016226d2f210bb569704b005c193ff7f26cd23744577090cd35dd34cc3372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823899", "to_ids": true, "type": "ssdeep", "uuid": "be8c101b-5d7d-4710-9597-6400a54ca0e5", "value": "24576:5Pejk8w6u0tROd/Bb9zURymb8Rna8A1Fg7VyOa+snixqDd42m0b31gSZUDj8IIrf:0CQr42eSrrQc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823899", "to_ids": false, "type": "size-in-bytes", "uuid": "4df70c36-5d40-46af-8fc8-f97bfeaf1d42", "value": "1006348" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823899", "to_ids": true, "type": "vhash", "uuid": "40fe44ca-8a5a-4d94-b7f0-997aa6b66373", "value": "016056655d151f1061005003600817za7zd0100883z70c7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823899", "to_ids": true, "type": "filename", "uuid": "02752b20-ad52-485e-9601-80c1332920e4", "value": "f274107ee34a09e08232ffbaa3fa4d6bf1e692e5_KernelMode.info_105016226d2f210bb569704b005c193ff7f26cd23744577090cd35dd34cc3372.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823899", "to_ids": false, "type": "text", "uuid": "85c7f457-da1a-4f1e-9077-26a2fcbfa1c9", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506795", "uuid": "a82ccca3-b7f4-470a-9b1f-5b7f0a96076c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506795", "to_ids": true, "type": "md5", "uuid": "a1c8e978-3adc-4cf0-849d-7a5e14e7bd95", "value": "a8151939085ce837b3a7deec58efa7b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828963", "to_ids": true, "type": "sha1", "uuid": "a389463a-0b1d-44a0-acfb-c31fecc32999", "value": "baab0383ca3b10d4b9348cf6fed7e8010ce62217", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828963", "to_ids": true, "type": "sha256", "uuid": "52fddb72-686e-4677-ae04-1fe9a7684839", "value": "2cab9946741fc4cddefcec2104d4fe6d76390868f60f3207e9cb0e210bbe8db0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823920", "to_ids": true, "type": "ssdeep", "uuid": "9fa5c249-1441-4743-a125-a137de33b313", "value": "6144:Oz1puZ9rSbebLUshObTFewW8dFlKVYkvcPAPQt:O2ZdFksh6Tz/dFRjh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823920", "to_ids": false, "type": "size-in-bytes", "uuid": "1f0f8534-9124-4115-9bd9-f101c84cf23b", "value": "285576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823920", "to_ids": true, "type": "vhash", "uuid": "6d642f53-2bc8-4cab-8a24-630179744bfd", "value": "025036655d10f4z16002e539z43z1011ze1z802055zb6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823920", "to_ids": true, "type": "filename", "uuid": "39d71749-9d99-40a8-83e1-86bc63dba4fb", "value": "A8151939085CE837B3A7DEEC58EFA7B4.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823921", "to_ids": false, "type": "text", "uuid": "434928bc-7581-499c-af56-0e91e1a0639c", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506816", "uuid": "2c327c4b-d14e-4009-bbec-203a1c0c1708", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506816", "to_ids": true, "type": "md5", "uuid": "0cf966aa-ebfc-4d6e-8602-0abc369faa90", "value": "a9faa01c7cf7150054600fc2ab63e4b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828964", "to_ids": true, "type": "sha1", "uuid": "c660dbea-8e04-4986-867c-722fede299d9", "value": "85abdb58a89ebec540343b79f042187f54b39e05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828964", "to_ids": true, "type": "sha256", "uuid": "ad9d6dc7-8a3e-4ed8-9a8a-9457bf516334", "value": "8e9183988d5e4ab96642b71861c3d1ca10769745ba0ec9fac64352e685fc18f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823942", "to_ids": true, "type": "ssdeep", "uuid": "1c7219c8-b8ea-4999-9207-1a21b521d90d", "value": "192:uXhInmeASISw1cX34Q7q7qvbA+NA1wUoynbmttwfG0:hVzjX34cb/NA1lVmttwf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823942", "to_ids": false, "type": "size-in-bytes", "uuid": "f34b1136-81d3-4842-82f4-496a567e7d4c", "value": "16384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823942", "to_ids": true, "type": "vhash", "uuid": "106675f3-405b-4170-936a-f76a978839a8", "value": "014036551d1079zf22fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823942", "to_ids": true, "type": "filename", "uuid": "92a21469-8d0d-49ed-b6d9-f6de30c24bc9", "value": "KernelMode.info_8e9183988d5e4ab96642b71861c3d1ca10769745ba0ec9fac64352e685fc18f6.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823942", "to_ids": false, "type": "text", "uuid": "ac1d4a6b-4610-4e5a-8fe2-deae78bf8a04", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506837", "uuid": "3e3d8525-0635-4609-9762-ab8fbf03f4b7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506837", "to_ids": true, "type": "md5", "uuid": "52d4b0da-d9b7-4445-9dfc-151d217b242e", "value": "aaeb3b0651720a3f37a0c2f57c92429c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828965", "to_ids": true, "type": "sha1", "uuid": "72cdaee1-f97e-4baf-b33a-f435e54f131b", "value": "60dc292d3fde4a5c0be2ef31081692e51c6dc23b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828965", "to_ids": true, "type": "sha256", "uuid": "25a2095d-3706-4f67-821f-305259f0edbc", "value": "883b99a236ceaeddc7cf30cb3a8cbdc7034fe977e5bf71cd98a23c12bdcca021", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823964", "to_ids": true, "type": "ssdeep", "uuid": "c8967b3e-71e5-4cc7-b8d9-567eba96ac4d", "value": "6144:+UmoLrTUGXDncBO9CRvpnWA2Q4qLpBZFQNmmN7Am1/oS7YEQr6aJAYxYxYO3:goNzcmEnv2QHTZFajhAmFoS7YELaJAYc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823964", "to_ids": false, "type": "size-in-bytes", "uuid": "812549e3-1998-4b1a-a1f3-a403100f97f0", "value": "335872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823964", "to_ids": true, "type": "vhash", "uuid": "f67491ea-7130-4867-a3e5-8594f772c6bf", "value": "035046651d157az3ehz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823964", "to_ids": true, "type": "filename", "uuid": "4ea5b4f8-a69b-4eb0-a775-88343212a821", "value": "KernelMode.info_883b99a236ceaeddc7cf30cb3a8cbdc7034fe977e5bf71cd98a23c12bdcca021.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823964", "to_ids": false, "type": "text", "uuid": "9d65de7e-7ca9-43d1-b814-99917684f4e7", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506858", "uuid": "cb69be32-aa73-4f1a-8841-36e12ff2b986", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506858", "to_ids": true, "type": "md5", "uuid": "e9b2ec36-6361-4418-9c2d-19ad4e41fc21", "value": "abdcde9cd1f9135e412f7bb0a9cafbc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828967", "to_ids": true, "type": "sha1", "uuid": "9cc3aafb-e760-473f-8566-715d72609d78", "value": "685da666f56ecbbe192ce0dc9e08477942b8ca72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828967", "to_ids": true, "type": "sha256", "uuid": "0d97666a-e68a-4177-b466-ed9fdb50c507", "value": "f8bad600e5586dc3a0c924db4923c6f8f7fefdfe47d2605a59379da8b8291fc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740823985", "to_ids": true, "type": "ssdeep", "uuid": "d90b0b52-815e-40c2-a4bc-6021dfdb357e", "value": "192:ohj4eYZgnI8ioMFpxAk1sL1xYWVs1sjvFI8iNUoyn6cMXBq6GO:44SIDHMLXaeFI8iaIcMXv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740823985", "to_ids": false, "type": "size-in-bytes", "uuid": "7350d553-a6fa-4a83-8457-b6bdc49f617a", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740823985", "to_ids": true, "type": "vhash", "uuid": "4a45a34e-fe3e-4416-80d8-7157402c219b", "value": "024036151d1058z11229z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740823985", "to_ids": true, "type": "filename", "uuid": "8526eee5-7ecf-46bb-afb2-f0869d5f63f9", "value": "msieckc.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740823985", "to_ids": false, "type": "text", "uuid": "d75f5df0-bd8a-4ccd-9726-63928a9d8ede", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506879", "uuid": "050bf1d1-c9c5-4f2e-b896-75662751b3f3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506879", "to_ids": true, "type": "md5", "uuid": "821cd8d7-e656-429f-9a2b-78799ae34226", "value": "ad0f9ba1a355c5e8048c476736c90217", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828968", "to_ids": true, "type": "sha1", "uuid": "2c9e38b1-b337-4673-ab0d-90630b560393", "value": "ea7ac0e9954fa908a0955073b59cdd668a311738", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828968", "to_ids": true, "type": "sha256", "uuid": "0d48c52c-8408-4aa0-abc3-4f25663b321f", "value": "b217cc0ab459e802c8a91ccee045eaf30bd3648a8cc1d4a6907319e2ce806ede", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824007", "to_ids": true, "type": "ssdeep", "uuid": "b8a9ff64-59aa-4953-9abe-4cb7dda68f37", "value": "3072:D4QWi7h160i3Y8Ll1fALB0HDQyvFXJSOl8Xj8jYmYgYE:D4QP7P6mj85x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824007", "to_ids": false, "type": "size-in-bytes", "uuid": "b7475045-abf1-4a29-8826-1dd076b42011", "value": "138008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824007", "to_ids": true, "type": "vhash", "uuid": "934efe6d-fd5a-45b3-8fc0-844f0c1e41bc", "value": "015046655d15104012z21z6dhz10100721z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824007", "to_ids": true, "type": "filename", "uuid": "981e9d83-2a4d-4c92-ab34-529079b05397", "value": "SDdown.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824007", "to_ids": false, "type": "text", "uuid": "d8f65950-3eae-49aa-bdcb-7169428cb13b", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506901", "uuid": "eec4f38d-87f2-474c-b91c-82c0be311bd5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506901", "to_ids": true, "type": "md5", "uuid": "c2c82f95-7b9e-4fe8-ac59-01acd8288dfc", "value": "af26f60a80171c4337117133f1c2ba5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828969", "to_ids": true, "type": "sha1", "uuid": "ee25a234-5439-4d78-b7aa-8c5b8df25bcf", "value": "914c9ed2b0d189bd88e6a833b7280393dd57a810", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828969", "to_ids": true, "type": "sha256", "uuid": "b0d467ae-26b6-4d4b-bd9f-a8e6e2045256", "value": "663f94c4dc81e91f9e44dc4fe26c3297769306ab606ff93fbd96964a37a42e29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824028", "to_ids": true, "type": "ssdeep", "uuid": "070ccc63-635f-44a4-8794-5d354927dff0", "value": "768:Zq6/Th5n2lRKRpiF30h+unYVXopE921rUomgmIMD:g6/15nfW0hlrUwmJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824028", "to_ids": false, "type": "size-in-bytes", "uuid": "e1c1a18f-3178-448d-870c-5e21426c93c1", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824028", "to_ids": true, "type": "vhash", "uuid": "9e7d358e-9fe2-4178-ad49-46c982caeac1", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824028", "to_ids": true, "type": "filename", "uuid": "75cf02d9-9c54-4398-b447-7a135beb1bc6", "value": "active.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824028", "to_ids": false, "type": "text", "uuid": "9446bcb0-b875-4003-b57a-5eb3581331a3", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506922", "uuid": "33730412-7766-4d60-bb66-f54fbcea7db0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506922", "to_ids": true, "type": "md5", "uuid": "218ef308-75ba-4c4a-a56c-0b507592bed6", "value": "b07f6065011621c569fc2decd27056df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828970", "to_ids": true, "type": "sha1", "uuid": "25161150-c454-401f-85d8-4ade961cf254", "value": "0264a5309c258efac049f92288dcc9adaa9ad343", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828970", "to_ids": true, "type": "sha256", "uuid": "a1416559-58dc-414d-b38c-d6ef26ffbea8", "value": "618171fc9bb0dba400e4e592299e7847e479d96ed19fd9875210aaf927f5e72a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824050", "to_ids": true, "type": "ssdeep", "uuid": "c1388e35-f4de-48b8-a247-1e523ae54487", "value": "24576:DJ/o8TTwQExUyyaQWerSzyxz5nkiKBm5QbTacdojePUFH9R/1:DSUlFgyPKBRa3jwMR/1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824050", "to_ids": false, "type": "size-in-bytes", "uuid": "2f208726-e8aa-4420-8ac4-9ef76a836248", "value": "1220844" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824050", "to_ids": true, "type": "vhash", "uuid": "de9daab2-bcbf-4a98-a05f-1875cee2f4a4", "value": "016056655d151570a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824050", "to_ids": true, "type": "filename", "uuid": "16e3cf03-a59f-4343-bb10-f65ab61ef53b", "value": "AxDecrypt.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824050", "to_ids": false, "type": "text", "uuid": "d2893f8d-3fed-4d58-b544-a57f926d437d", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.D\nVT Total Detection:60/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506943", "uuid": "6d5d0336-ccf2-4de2-8a27-12088be8d232", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506943", "to_ids": true, "type": "md5", "uuid": "1f82ae47-1ec5-4e33-886a-6b0b19c37a07", "value": "b1048d7d2464f27a19b2adbf310158b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828971", "to_ids": true, "type": "sha1", "uuid": "4c5f9b9f-b6e8-4049-8b7e-b6627517e758", "value": "d6cb1280b1817cdb09d56c37179107d388c7270f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828972", "to_ids": true, "type": "sha256", "uuid": "2c562ecb-c443-4c8c-9975-b8d647ebafdb", "value": "6a47ef472356a856084006049c38b7a298b6f038460f492ce832e7d7e7de7b96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824071", "to_ids": true, "type": "ssdeep", "uuid": "a262e540-f1fe-4f88-8801-64180ba1be73", "value": "49152:R0HWZ8gQf1bhGgLl5YTWtUcQY2ZgM303RhUST0ovaM86GXEhxdwOyjz16:RJZ8gQf1bhnTYT/cQHZgM303RhjV86G7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824071", "to_ids": false, "type": "size-in-bytes", "uuid": "2b21bd65-b5dd-4bc9-bc09-e193fbaf4b0d", "value": "2236416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824071", "to_ids": true, "type": "vhash", "uuid": "7b077999-1bfb-476b-8211-bb191b9f357e", "value": "026056655d656550c0201006100a7z210e5za0700e2z8019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824071", "to_ids": true, "type": "filename", "uuid": "e2a7a9e4-94ac-483b-80a1-3b3e17a32098", "value": "Catch.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824071", "to_ids": false, "type": "text", "uuid": "d8e8e963-f3e4-4046-8806-f7a3e85d9c86", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.D\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506964", "uuid": "1cc19913-7fbd-475e-a0ee-d8afd85a7c96", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506964", "to_ids": true, "type": "md5", "uuid": "bac445e2-159c-4bce-8c66-7203db3dc697", "value": "b2b29dcb1251c8b1c380f00834297857", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828973", "to_ids": true, "type": "sha1", "uuid": "63e1e49c-b6d1-477d-9a47-4a8ab2b4827f", "value": "368d2afd60b054bc51b48a0fc19a3abc7b4bb16a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828973", "to_ids": true, "type": "sha256", "uuid": "b1dc0552-9851-4ac6-b6f4-0c6a255d2218", "value": "e7d65f2e23e76e2378afe028bd091d98469aa36a3a1bb31bbfcaeb0f67a133f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824093", "to_ids": true, "type": "ssdeep", "uuid": "c52d9b67-48c6-4d18-87a5-6b7d8897e6de", "value": "384:e+aFMnwekmJInDq2uRHzKbmNARK6yWQvNLxkEC:ejekqIne2uRHzKbm2pBQsz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824093", "to_ids": false, "type": "size-in-bytes", "uuid": "1ae589fe-0985-4100-b464-477d5a8c7faa", "value": "27528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824093", "to_ids": true, "type": "vhash", "uuid": "efd33404-4a58-4f16-b818-0246c6c6f48e", "value": "024036551d1069ze249z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824093", "to_ids": true, "type": "filename", "uuid": "15b094fd-668d-426c-8559-c51691a2da2d", "value": "reader_sl.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824093", "to_ids": false, "type": "text", "uuid": "94899484-b55d-471d-ace7-8fa558581ffd", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:64/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747506985", "uuid": "28923ffd-1117-41ae-b0a6-8378c51c867a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747506985", "to_ids": true, "type": "md5", "uuid": "1f0f1754-6e61-4bed-9208-319f90330a9a", "value": "b4cbafc20d19b06a4ab670129a3ae5aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828974", "to_ids": true, "type": "sha1", "uuid": "428038a9-a914-4517-bd89-0790202856cd", "value": "a94087a37a0e224d7a1cfbbc94698838ed587dbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828974", "to_ids": true, "type": "sha256", "uuid": "fb3176de-bb0c-4db3-a0f1-c537f90d6061", "value": "12b55cf542c54eae7d5a220851135d2550b3149b627062bcdbfbbec97d0bf16b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824114", "to_ids": true, "type": "ssdeep", "uuid": "6e49199f-83fc-4e97-b5bb-aa7ad58f22e3", "value": "384:zWvamoTzsku+JI3y9Yq2eRPCaLjmNARoYyWQkLxxE5:zxPskVI3Ql2eRPCKjm2dBQ+c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824114", "to_ids": false, "type": "size-in-bytes", "uuid": "e293eb0f-3cab-4b69-a8ce-0d48603cb5f7", "value": "27528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824114", "to_ids": true, "type": "vhash", "uuid": "6848b336-f4d4-4211-a77e-c2540deb91fa", "value": "024036551d1069ze249z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824114", "to_ids": true, "type": "filename", "uuid": "27cf4c66-ba00-4390-8702-03f5357b8b41", "value": "B4CBAFC20D19B06A4AB670129A3AE5AA.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824114", "to_ids": false, "type": "text", "uuid": "7e08ef87-a90f-44f0-85b4-306a737e6034", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:60/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507006", "uuid": "1735acb5-e584-4fee-9de2-79bd1c5e220b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507006", "to_ids": true, "type": "md5", "uuid": "fcbe37ce-6774-4a75-8025-d86fd7aa3616", "value": "b6428851df75dc91bb46583b97d9a566", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828975", "to_ids": true, "type": "sha1", "uuid": "7da538e0-96a8-4453-8968-f918610dae02", "value": "d589836634848e97d3bf62ec77e3fc8b3e685b31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828975", "to_ids": true, "type": "sha256", "uuid": "e675dddb-ae8b-42dd-a92e-cb525b763d3b", "value": "90ab35c72748b39fb60b9652b7aaca89248b48f7e88707334e104fdb146bb978", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824136", "to_ids": true, "type": "ssdeep", "uuid": "244c5695-8b39-480f-966d-493ec188a4db", "value": "768:jcCVQC0Aa55QSciYBxXUTyVuNbuY+W1gaETkuZb1djLvZLcnFCaFnsOhFbDoxJmR:oYWzgNuuVugkgahudFPa5bYmvv0jjM1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824136", "to_ids": false, "type": "size-in-bytes", "uuid": "213e6a52-33d7-4054-bc82-d23d9af58e51", "value": "411944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824136", "to_ids": true, "type": "vhash", "uuid": "9d8e55b6-0b2b-4727-b7df-3b2aff27c613", "value": "045046151d151048z1013fz1dz45z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824136", "to_ids": true, "type": "filename", "uuid": "899a05a5-c461-4b64-b9e2-735986435cf9", "value": "file.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824136", "to_ids": false, "type": "text", "uuid": "c59c5b1c-59e1-4930-92f3-4ec050803210", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDropper:Win32/Apptom.D\nVT Total Detection:53/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507026", "uuid": "03555af7-382a-4d64-9ea0-0b5916635749", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507026", "to_ids": true, "type": "md5", "uuid": "0305d75e-d139-4340-b543-b14d4aad4984", "value": "b7d1c3a03e92b24e9052e75ea381ea4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828976", "to_ids": true, "type": "sha1", "uuid": "a28b9416-49af-48b3-b129-b5a483ca17fa", "value": "b14b6d57a54f34367f595833967a44176e20c3ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828976", "to_ids": true, "type": "sha256", "uuid": "641f7bb6-2649-434b-803f-a262a92c2400", "value": "4a6bc09f95104718232449d85f7442c954a0ad8821fea2e62d74a1dc3b53d535", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824157", "to_ids": true, "type": "ssdeep", "uuid": "8eeba4ab-eb53-4261-9122-1c44b8cd47e7", "value": "3072:ZUy2VWS6/E95w/awOXBbopJyeQum6fWDawwsJtkklGjpI1exgU8nIDD:Gy20h/XhiMpXQxYWGq20GjeexgU1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824157", "to_ids": false, "type": "size-in-bytes", "uuid": "c8c76bfa-d90f-4e50-b921-5bb03dcc530c", "value": "195008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824157", "to_ids": true, "type": "vhash", "uuid": "1362075e-d7d8-492a-98e3-73ba6c85b893", "value": "015056655d15751088z6ahz1011zc1z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824157", "to_ids": true, "type": "filename", "uuid": "6d1a4e6d-9722-4396-a121-40d2f79dbdb7", "value": "Windows Service" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824157", "to_ids": false, "type": "text", "uuid": "44919d31-ba57-45f6-831a-d158e941f22d", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Ypdl.B\nVT Total Detection:59/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507048", "uuid": "b6474abf-d084-479e-9e25-9a3c6f87331c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507048", "to_ids": true, "type": "md5", "uuid": "3c5a4c25-da3e-463c-9d50-ef7351737a97", "value": "ba87428a298f8acf258b2f4f814bd9b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828977", "to_ids": true, "type": "sha1", "uuid": "6609f336-d3c5-41b8-9ee3-6c68abd19ced", "value": "ef91ea31ce932a5cf667cda6344a28f496f0e8c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828978", "to_ids": true, "type": "sha256", "uuid": "4af7ed87-7950-4818-a28a-253d39fae8c2", "value": "cf08242264973b4048fe6b87c2f26564f5006fe76de442635fd4fb8836c5bf4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824178", "to_ids": true, "type": "ssdeep", "uuid": "c454c6f1-17a0-409d-800b-aaae5b30aa92", "value": "384:VTrrMGbp3hmTa/R8da7WN8SkqJ1FpdeT7ohPu+yp3Lxs/xkPD8Yp3Vr:trFbX+apnK8NqJ1HdeT7+Pu+Iqop" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824178", "to_ids": false, "type": "size-in-bytes", "uuid": "82f9e340-72f6-40c3-853d-d6320be5d832", "value": "29576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824178", "to_ids": true, "type": "vhash", "uuid": "8b468a6e-a903-46b5-ba38-91eca5f6808a", "value": "024046651d151088z102gz1011z31z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824178", "to_ids": true, "type": "filename", "uuid": "6bdbec32-5b10-45e4-8e0a-19da3614f9fd", "value": "PHIME2002A.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824179", "to_ids": false, "type": "text", "uuid": "1e3c129b-55fb-4c22-827c-92779f5445b4", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:61/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507069", "uuid": "c7c139b9-2a5a-41ca-98c0-c0b27bb2f05a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507069", "to_ids": true, "type": "md5", "uuid": "5203fa50-5195-4bb2-8105-565132b4bfb0", "value": "be7acfaf90c8fab44393345704dd2b69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828979", "to_ids": true, "type": "sha1", "uuid": "80201f55-3937-468a-8c0a-36c53ecad77f", "value": "a0523a4627d854cb4277aadd4c28107c9ec1e45f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828979", "to_ids": true, "type": "sha256", "uuid": "6255d08f-7b62-4bd1-ad32-beb1f8ef4e61", "value": "dfabb16cab6556a8f545ed8d5fb92746b214ee58d91a94c9736e3c53f19d0fac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824200", "to_ids": true, "type": "ssdeep", "uuid": "bb435781-0251-41a2-9b73-2e9cc85bd9f5", "value": "6144:CIkHV4r8jXILqO2gh8lFFgwt8DFVZVgUyc5APO1:9JrQWggh+FZ6DFGOn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824200", "to_ids": false, "type": "size-in-bytes", "uuid": "08f3cced-253c-4b60-99ba-e4e37e7848b3", "value": "285576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824200", "to_ids": true, "type": "vhash", "uuid": "fdcab9f0-35bf-469d-9692-aaacbcd3dbf6", "value": "025036655d10f4z16002e539z43z1011ze1z802055zb6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824200", "to_ids": true, "type": "filename", "uuid": "f412460e-0e70-4afc-be17-0d61388507c1", "value": "ssasv.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824200", "to_ids": false, "type": "text", "uuid": "bfed8b11-b861-42d2-96d2-f61610e233a7", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507091", "uuid": "021e5621-5648-45a7-aab0-a384998afde2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507091", "to_ids": true, "type": "md5", "uuid": "910e949b-9ebc-4d5d-b36e-5e65b840c7b4", "value": "bf700fa187cc22d591e1ec4e7442145a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828980", "to_ids": true, "type": "sha1", "uuid": "aa468eea-1acc-4875-bbdc-a2afb38f3a50", "value": "359aa26dc9427df7b1e8d962f639e721945ac772", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828980", "to_ids": true, "type": "sha256", "uuid": "12f576e9-54a0-4bd3-bb58-fb1d394f477d", "value": "99a95f35b5104db2de761b707492b113fad6383338d72b248c5b150d8cb90be9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824221", "to_ids": true, "type": "ssdeep", "uuid": "5ac23116-f0f1-4506-9322-f540a9f81535", "value": "192:o9pjgHg8tp/GnZpuEdsVsjvFI8iNUoyn6cMXBqwZ:EpEHFrew+aeFI8iaIcMXB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824221", "to_ids": false, "type": "size-in-bytes", "uuid": "400f0f8e-9e6e-4bc8-9493-e88193295d1e", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824221", "to_ids": true, "type": "vhash", "uuid": "0d178f1f-2598-49e7-a8d3-d4041ba343de", "value": "024036151d1058z11229z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824221", "to_ids": true, "type": "filename", "uuid": "82b151ba-3632-4eff-973e-d0a6af5525bc", "value": "KernelMode.info_99a95f35b5104db2de761b707492b113fad6383338d72b248c5b150d8cb90be9.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824221", "to_ids": false, "type": "text", "uuid": "0b1ed015-00f0-45c9-a146-267c2a19a98f", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507112", "uuid": "5484f58b-287e-4330-a3d0-d1ea3abdccba", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507112", "to_ids": true, "type": "md5", "uuid": "65205f4c-1eb3-420a-87af-40cd6bd69205", "value": "c12fe91f0c39c2460ea304ffc250918d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828982", "to_ids": true, "type": "sha1", "uuid": "cca2e194-df79-4c5c-adf9-3306a0057537", "value": "62b1340b64ef6ef9e500c249385f304d7ba20ba4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828982", "to_ids": true, "type": "sha256", "uuid": "72a83682-4344-45c4-aaf8-77c2876c1d96", "value": "b09d6ef6c8608adabf1c540407fef37e69da3d939daeaf7868e3802043ee7615", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824242", "to_ids": true, "type": "ssdeep", "uuid": "ba5dd970-986d-409e-bd4a-975d4ecf8c1e", "value": "6144:xI6M/MMuRFO1Py8fmE4+Y98Wbed9Z29+MTQg:xk/MzTOsdHc309+MTQg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824242", "to_ids": false, "type": "size-in-bytes", "uuid": "40db227d-8645-485c-8035-7449be0a4db4", "value": "279160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824242", "to_ids": true, "type": "vhash", "uuid": "f9c06913-2c58-4eb2-b82a-e4c3ebccca5f", "value": "025056655d1575619z87hz42z121z301077z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824242", "to_ids": true, "type": "filename", "uuid": "0c083e9d-2ebe-4be3-b347-31d3b52bc87e", "value": "wmisvcctrl.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824242", "to_ids": false, "type": "text", "uuid": "090ff16c-2fd1-4b24-b917-ca8b671ed0fd", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:60/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507133", "uuid": "1c175dd9-9b85-4bde-9712-f1f73e54c2b0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507133", "to_ids": true, "type": "md5", "uuid": "8f46254f-9a27-4c15-ad30-9d0c4027be7e", "value": "c322e499729291451437d46c6f05b920", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828983", "to_ids": true, "type": "sha1", "uuid": "99b33f99-12c6-42f9-9461-62c2f3f3c0c2", "value": "699f67831ff4fd4698cc23866ff6e164b6e8cbc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828983", "to_ids": true, "type": "sha256", "uuid": "f9f1f6f6-9d82-446f-952f-c6f00dc7dd01", "value": "96d98af88fcf36f00c3b9367e390461df1264602351fc3cf49d36f10e555641c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824264", "to_ids": true, "type": "ssdeep", "uuid": "33f3dba3-bdd6-405d-a902-291d7ed41796", "value": "192:8fmlYpP9bITpOL2doDW9lEOgyk2RG0UoynBAimv1yPyDK9ZNnWnSkyxy:8OlSMkLTDWsOgyk2RGxvAim9ypzMSp8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824264", "to_ids": false, "type": "size-in-bytes", "uuid": "6ce64acc-082f-46de-b455-4e91b630591d", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824264", "to_ids": true, "type": "vhash", "uuid": "7d37a44c-48f3-4951-91bf-81b29a1cc76b", "value": "024036551d1058z111chz11z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824264", "to_ids": true, "type": "filename", "uuid": "b6163c45-0110-46af-89a3-8ea0807eff9f", "value": "googletoolbar.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824264", "to_ids": false, "type": "text", "uuid": "00b764a2-5802-4f17-9ef8-0223657f7259", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Roficor.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507154", "uuid": "b6fb9705-3082-4f08-b182-71d30253666a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507154", "to_ids": true, "type": "md5", "uuid": "ade03005-d142-4237-a704-c1ba9edb55eb", "value": "c49e6114fa3de4f823010e852d891896", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828984", "to_ids": true, "type": "sha1", "uuid": "55313d8e-01a3-4a9e-9a72-5d0308e36fce", "value": "8e39c542a1788cba0d9a216955e2c7b186943274", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828984", "to_ids": true, "type": "sha256", "uuid": "e4199e78-d619-4c4a-8c95-22b4df6398af", "value": "9c837e3026dabe3ad114b4e7902ad3ac9d701c1476456c2a6904f6b5bc02dd55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824285", "to_ids": true, "type": "ssdeep", "uuid": "58e5d22d-a204-4b2c-9db8-2d423e3361a5", "value": "49152:CYzJe0iKbuxUfNWa1TgO2vnxfUxk5Ji+gCRYWqD2SBZcXzosn/dK0nDBO:C0e0iKbuxUEaBg35fUwJi+gCR6ezosnJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824285", "to_ids": false, "type": "size-in-bytes", "uuid": "a6d1f8ee-3e3f-4f8d-9e9d-cfa2e0bd016c", "value": "1774080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824285", "to_ids": true, "type": "vhash", "uuid": "d83361da-4bc4-432a-a515-dceba09599ca", "value": "016056655d556550c0201006100a36z210e5za0800e2z8019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824285", "to_ids": true, "type": "filename", "uuid": "e1a88f9e-f4cc-47f2-8167-8d942e7a6756", "value": "Catch.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824285", "to_ids": false, "type": "text", "uuid": "448d65ee-c360-4770-8192-83803854e190", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.D\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507175", "uuid": "19daebc9-48ed-49d5-b3fd-97b8e9cb9eec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507175", "to_ids": true, "type": "md5", "uuid": "961fbe05-94cd-49fe-86e7-9103b2d8a60e", "value": "c4ac4924544877cd100e53f1115c7df9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828985", "to_ids": true, "type": "sha1", "uuid": "4c2500df-6f7d-4852-828a-ea611d715f4a", "value": "33bb329902a97bcab9f96a275043bf22ce6a2f1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828986", "to_ids": true, "type": "sha256", "uuid": "841d4ae0-1bc0-4e4c-a190-6f6d40b51cbd", "value": "ccc4b5fd8736fe67f2a6e49fd73b7e7bbe82ed51669e47f67179147a79c68315", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824307", "to_ids": true, "type": "ssdeep", "uuid": "72951def-b0f2-45b0-a337-8d91c0e0f1d1", "value": "1536:3SaHFfBC+oLzshOECGm05sH7L0zdjdT50ET1AXMsBhpJlUL53KP/HzUYkz:3hHrC+oLYhOE/zdJTbrYpXU1KPvzUx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824307", "to_ids": false, "type": "size-in-bytes", "uuid": "bbc59693-927e-4363-bbc2-700b21b95858", "value": "115560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824307", "to_ids": true, "type": "vhash", "uuid": "c951cac6-1a29-4563-ac08-d0b57b60f9f6", "value": "015056655d151510a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824307", "to_ids": true, "type": "filename", "uuid": "a0703a9c-5ae9-462f-a434-b569328831fa", "value": "winmsgr.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824307", "to_ids": false, "type": "text", "uuid": "ee35488c-b655-419d-ae9d-0e3ab49913a9", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507196", "uuid": "63b2e422-e8c5-48f1-ab2a-2377f3f2bde5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507196", "to_ids": true, "type": "md5", "uuid": "a91923fc-cc7b-4aa2-a25e-6747040f3eb3", "value": "c5a9ec966196a03e53fd1869764d8507", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828987", "to_ids": true, "type": "sha1", "uuid": "2475c3aa-b774-4138-b7af-2b847b750022", "value": "b94613662a0bd98d389c34c0fad8e6536d755ce5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828987", "to_ids": true, "type": "sha256", "uuid": "2625b74d-d169-4cb2-9c19-4a2d5cd58de8", "value": "ab2db41bdca08f7f6997439a398a4042472045e8c376e3b848645b9813c59776", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824328", "to_ids": true, "type": "ssdeep", "uuid": "7d9b0c51-7646-4299-b4b2-b3af9b84cdde", "value": "384:ETnUTK0X6ONPzxodtrkGbpCuAjch1VQEmie5LtNRMMSp8:fKA6GxoLtbwuAjcN7mie8MB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824328", "to_ids": false, "type": "size-in-bytes", "uuid": "948d9eaa-a3d6-4ae5-a52b-074b7fe40cc8", "value": "27352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824328", "to_ids": true, "type": "vhash", "uuid": "4c09c7be-3a4d-4bee-9059-e09793ffec84", "value": "024036551d1069za23hz11z31z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824328", "to_ids": true, "type": "filename", "uuid": "0ed0554e-ced7-4309-9f3b-138281a58abe", "value": "KernelMode.info_ab2db41bdca08f7f6997439a398a4042472045e8c376e3b848645b9813c59776.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824328", "to_ids": false, "type": "text", "uuid": "1a7f8349-7500-4980-87eb-3da44df23888", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507217", "uuid": "9b6ead30-cc11-4300-8e8c-6c4b4a2993d9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507217", "to_ids": true, "type": "md5", "uuid": "8d3aef8e-5a61-4a0b-9c67-b51724abd712", "value": "c82ca00476d7e8532d055bf2cc2c9d59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828988", "to_ids": true, "type": "sha1", "uuid": "dfb3d3a5-cfd6-4ba4-a6a3-884f9c408a5e", "value": "d031194488892b3354b15edb244e75748751b451", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828988", "to_ids": true, "type": "sha256", "uuid": "540b79dd-3106-4682-8e80-27ef6c20bb79", "value": "d8c9aa2d28603e757e9b7b04bbba1c2c1784b904eaef2d90879da4213887cea0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824370", "to_ids": true, "type": "ssdeep", "uuid": "d09fe557-9f7a-4ada-a78d-de9893ee43f7", "value": "192:tQ6OkulpBfxSxr0smdlpvmNDJGRBUoynRnWMS0:CDkuWxrudlNmNDJGRGPnWM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824370", "to_ids": false, "type": "size-in-bytes", "uuid": "cec3b56a-77e9-461c-95f5-6bcb1dff14cc", "value": "16384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824370", "to_ids": true, "type": "vhash", "uuid": "dc733fba-b204-4b82-8d67-e6eeb912bf70", "value": "014036651d1059ze1efz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824370", "to_ids": true, "type": "filename", "uuid": "d8b8b637-e175-439c-a92e-02538d456872", "value": "DirectXchk.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824370", "to_ids": false, "type": "text", "uuid": "ec791adf-3dec-41bb-ae49-0cf9e6e80f4d", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507238", "uuid": "a2ae07da-a0ed-4f6a-a7b0-726205154ef2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507238", "to_ids": true, "type": "md5", "uuid": "216afa1c-86a4-45ba-97a8-e534a4ef7d47", "value": "cdd5afba31e91706412ba58fff2b4d31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828989", "to_ids": true, "type": "sha1", "uuid": "e51ee73b-fa8a-49ff-ba14-a3f6895f4c54", "value": "36651c2bc264f172111b6289d1ede766660a5709", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828989", "to_ids": true, "type": "sha256", "uuid": "4452f776-8d9f-4046-9a90-9da4cc4a2b2a", "value": "1915f9ccdfd317ea8676208892b801b14ac056c339892f80e4aa1b575f35db1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824413", "to_ids": true, "type": "ssdeep", "uuid": "fa63cfb6-5a4b-4bff-875e-2615f1148e79", "value": "768:Zq6/Th5n2lRKRpiF30h+unYVXopE921rUImgmIMD:g6/15nfW0hlrUQmJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824413", "to_ids": false, "type": "size-in-bytes", "uuid": "0481fdd8-1063-493c-9312-2912adbceee2", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824413", "to_ids": true, "type": "vhash", "uuid": "f1927e93-d308-4f7e-bba0-c8dd2a033f1a", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824413", "to_ids": true, "type": "filename", "uuid": "152902db-20df-4b48-9a01-0ba616e19c34", "value": "KernelMode.info_1915f9ccdfd317ea8676208892b801b14ac056c339892f80e4aa1b575f35db1a.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824413", "to_ids": false, "type": "text", "uuid": "6e0006e5-8236-46d8-98b9-12d0c0387604", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507260", "uuid": "9cedf3fb-0b4a-4aac-aee1-8cf652ae8342", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507260", "to_ids": true, "type": "md5", "uuid": "f20194f7-39e1-4179-9aa9-3b4aa61c67bb", "value": "cf95ab8c4cc222088de00dbb20374d69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828990", "to_ids": true, "type": "sha1", "uuid": "db903710-4110-4175-8b6f-76346d51db69", "value": "798dc83f908a253ef91787670984c2e60ddc27eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828990", "to_ids": true, "type": "sha256", "uuid": "ab6a8c47-3506-4a8c-8ffb-6e4a3c593c73", "value": "7cb5cb3cf15441dca410b80ea719979f9e18718c140abddb8468320d51e09d41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824435", "to_ids": true, "type": "ssdeep", "uuid": "4664c4ac-6e7a-4c80-9f49-344290b6e6ae", "value": "768:Zq6/Th5n2lRKRpiF30h+unYVXopE921rUJmgmIMD:g6/15nfW0hlrU9mJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824435", "to_ids": false, "type": "size-in-bytes", "uuid": "36960a91-8436-4f68-9bf0-6efbf952cd56", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824435", "to_ids": true, "type": "vhash", "uuid": "d4dce5d2-3b71-4255-9d2e-14deada1f64f", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824435", "to_ids": true, "type": "filename", "uuid": "6bd95bd3-b8c6-4dd0-86b7-24c6e685aa4e", "value": "KernelMode.info_7cb5cb3cf15441dca410b80ea719979f9e18718c140abddb8468320d51e09d41.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824435", "to_ids": false, "type": "text", "uuid": "a20c61c8-424b-4ba7-b498-bf792a7f4f45", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507281", "uuid": "6359bcfc-5deb-4207-bafe-f68dc466dcae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507281", "to_ids": true, "type": "md5", "uuid": "272c9671-8010-45eb-9cb5-c049c5991f4d", "value": "d580cab0c05dd78215fd6252934c240f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828991", "to_ids": true, "type": "sha1", "uuid": "82655090-a4d3-4b50-a05c-583f1d920195", "value": "83f22e93f4c0d1e7ef66f3de47c03905bbc55f6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828992", "to_ids": true, "type": "sha256", "uuid": "3f86a556-31de-4cd2-ac0b-6cefa5a5dab2", "value": "4c5b1304aa255bb334e22ebd368ab9261532fa3dab2bb032ba634c2ea6db8999", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824456", "to_ids": true, "type": "ssdeep", "uuid": "b4e66239-b17c-4c48-a964-a465b249b58f", "value": "12288:DJ/ochxzdJTbrwQMDQzj/cHcjnYFUePslFFH9aM/M:DJ/o8TTwQEQzj/c8TjePUFH9R/M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824456", "to_ids": false, "type": "size-in-bytes", "uuid": "a68aee57-f5e1-4d02-a1f3-26735ac90070", "value": "420964" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824456", "to_ids": true, "type": "vhash", "uuid": "93d1df54-4b3f-4cd1-b93e-c116c6dff960", "value": "045056655d151570a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824456", "to_ids": true, "type": "filename", "uuid": "9ea5dd84-24e5-490a-9216-c977116e8a55", "value": "KernelMode.info_4c5b1304aa255bb334e22ebd368ab9261532fa3dab2bb032ba634c2ea6db8999.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824456", "to_ids": false, "type": "text", "uuid": "74b5e31d-44f5-4c4d-bb79-8e0db6e0ecd6", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507302", "uuid": "e6e317a2-8334-4946-80fb-3230f4d4237d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507302", "to_ids": true, "type": "md5", "uuid": "efab9a3d-e1dc-4228-9485-5fe8f6239126", "value": "da608f216594653a1716edd5734cd6e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828993", "to_ids": true, "type": "sha1", "uuid": "a758ac8a-e1c5-4792-97a7-46e355540753", "value": "e2ac8bcca2170ac9d10efcb6d8405f5eda5c57eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828993", "to_ids": true, "type": "sha256", "uuid": "99857cfd-a444-44b8-8f49-690c1244eb67", "value": "ca0c58cd27bf3ece3233a9f79e63328e377f868dc916c9e1967ca0b880b080c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824498", "to_ids": true, "type": "ssdeep", "uuid": "51a62567-2b12-4e27-95e4-804130f9e70e", "value": "192:wOvG78JN8osoWIKp/KJtazxJwjMXItRi7in:w6GgJio8lPIjWIi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824498", "to_ids": false, "type": "size-in-bytes", "uuid": "c6b1ff09-89c7-4e6e-9b3e-0581ab52466f", "value": "10368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824498", "to_ids": true, "type": "vhash", "uuid": "dc3adfda-ba09-4f83-9b5c-ca4112259bf7", "value": "01405e651d1e5559z26z2dxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824498", "to_ids": true, "type": "filename", "uuid": "15b40bd5-a791-40bd-a313-72853af7b7cf", "value": "lnetcpl.sys" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824498", "to_ids": false, "type": "text", "uuid": "a112524a-0cb5-4052-b237-1854fd98e037", "value": "Type Description: Win32 EXE\n\nMicrosoft: VirTool:WinNT/Tapaoux.A\nVT Total Detection:60/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507323", "uuid": "d0b44ac7-de31-4691-83d3-3a2ff8852cc0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507323", "to_ids": true, "type": "md5", "uuid": "b277a8af-1158-48a2-b966-eed60195b1c2", "value": "da6c390915639c853612cb665ac635f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828994", "to_ids": true, "type": "sha1", "uuid": "3ff1ff72-0e3b-4d5c-9dfd-ec6e824ab493", "value": "c9289b7f458e3e1d469a2c8e4be8377a4f30d381", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828994", "to_ids": true, "type": "sha256", "uuid": "f689c0e3-6b5a-4639-9e20-6494e90105f5", "value": "a691ec9a236647a20825be6609a5bf1ceef5dc6f9c3fd9c30f2cc5f4e4fed2da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824519", "to_ids": true, "type": "ssdeep", "uuid": "bbc8d23f-5552-400d-9bd2-353e1a58e633", "value": "384:Lh6Ty4KyAwMS8jQbq2TRhgq8cV3uzQIWuz/LxVoRM:L4TygMS8jQm2TRhhFV3y3WuzLoM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824519", "to_ids": false, "type": "size-in-bytes", "uuid": "6f5ec770-8946-437e-b1f1-374f94caf21c", "value": "17800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824519", "to_ids": true, "type": "vhash", "uuid": "830005db-d263-44b9-bb9c-a6787bfcfa0f", "value": "014036655d1068z122ehz11z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824519", "to_ids": true, "type": "filename", "uuid": "16d95a30-37e8-405e-8ae3-ea9144e76c0b", "value": "KernelMode.info_a691ec9a236647a20825be6609a5bf1ceef5dc6f9c3fd9c30f2cc5f4e4fed2da.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824519", "to_ids": false, "type": "text", "uuid": "f6077ca0-f1d2-42df-8b1a-4178cb6c5939", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507344", "uuid": "49dc3b8f-8d22-4fd0-ad0e-c258c7d0e338", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507344", "to_ids": true, "type": "md5", "uuid": "acb46be7-7bd3-46e9-90fb-1a82010ccb66", "value": "da6ed3cc582b4424c96b8ca73aaeb8ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828995", "to_ids": true, "type": "sha1", "uuid": "88b293f4-3a02-45b8-8ed5-cd11d4811a12", "value": "f0f512b0ed625b9eddae9540e4d8e56750d79aca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828995", "to_ids": true, "type": "sha256", "uuid": "e6d9e6c9-bcad-4d0a-b899-f99aa03f1564", "value": "130f974e99c978df71abadec5658db90e6978c74a6b9ecf1fabce72f5057bdd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824541", "to_ids": true, "type": "ssdeep", "uuid": "2bf54874-5509-4a3c-ada3-0ff1dff1b2b7", "value": "192:B8Dl4t0bAgu9zMFhpj9fK7lLhUcmemmecSdLSsBhEUoynxrY+TPpuRNnWnSkyxcM:SCWA/9zr7lLSQecSVSWhhPY+bp+MSp2M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824541", "to_ids": false, "type": "size-in-bytes", "uuid": "c1e9ce3d-75b2-4c1e-873e-d3b04214e222", "value": "27352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824541", "to_ids": true, "type": "vhash", "uuid": "c68f928a-8a8e-480c-9291-82abdb8cd4a4", "value": "024046551d151079zd1efz10100111z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824541", "to_ids": true, "type": "filename", "uuid": "6b96cc24-b768-4909-b1d1-7727ef61f4d6", "value": "msieckc.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824541", "to_ids": false, "type": "text", "uuid": "62fb61d2-7dd3-4f58-9fc2-be89eae730d6", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.C\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507365", "uuid": "fc0efd80-8452-49a6-aff2-1add61f21382", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507365", "to_ids": true, "type": "md5", "uuid": "ce208e33-6813-42af-aa82-f33cb05cf460", "value": "dd555740dcabb3dab3ea1fc71273e493", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828996", "to_ids": true, "type": "sha1", "uuid": "5f54daba-042d-4d4d-a3f1-e18ce2c0e430", "value": "ca6f59319d07fef7a2795d00754e4b87bec08a2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828996", "to_ids": true, "type": "sha256", "uuid": "d5756c48-39ef-4552-af6b-f2dc3038c7ef", "value": "35d7e23eaf52269e31e8253328673a69a0a38a6d19d5ceb95081dea48e222d90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824562", "to_ids": true, "type": "ssdeep", "uuid": "82c31063-86d9-4a50-aafc-2586795d4418", "value": "192:4C8DHLkt01xvLRZ5OTstkpf9FjOtGBFS8kEUoynuec3w7YINnWnSkyxe:AEmTzoTNjOiFS8kh0ecIYWMSpE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824562", "to_ids": false, "type": "size-in-bytes", "uuid": "4f359d67-84bc-47f3-aff5-97b5e1bad025", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824562", "to_ids": true, "type": "vhash", "uuid": "b0b45e81-cbff-4531-97d3-2a9ea3908e4f", "value": "024036551d1079zd1efz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824562", "to_ids": true, "type": "filename", "uuid": "fa0a42ca-14b6-4097-8e7e-17d5f2d96b07", "value": "KernelMode.info_35d7e23eaf52269e31e8253328673a69a0a38a6d19d5ceb95081dea48e222d90.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824562", "to_ids": false, "type": "text", "uuid": "b492242e-ae02-4cd4-a965-84e06e51232d", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.C\nVT Total Detection:66/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507386", "uuid": "de2d3b92-0631-43ae-89e7-30988d84d8b2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507386", "to_ids": true, "type": "md5", "uuid": "b63f0d42-dc17-4567-9c6d-5259d25b5efe", "value": "e2ed43a6bbb72c927a4e083768e47254", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828997", "to_ids": true, "type": "sha1", "uuid": "a2d460a5-0499-4d70-9e80-b0ac0b248efb", "value": "1dc6cac574736388a73610c57a9ed5ce1567121d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828998", "to_ids": true, "type": "sha256", "uuid": "82a64433-3d8a-4ffe-8b5d-85460eb0e83f", "value": "9118767c897bd8a02e16a25e8d8d409a0d2d631886dbb64ed175d2a6294d01e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824604", "to_ids": true, "type": "ssdeep", "uuid": "3f200550-11e3-4305-b397-c6a0e755ca14", "value": "3072:hhrSMuimMtmhnacjwQ3Fy8Ny4ePLRW1lE95Y8xQ5P:hrcMtmhnzjwQ3kcy4OLCpP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824604", "to_ids": false, "type": "size-in-bytes", "uuid": "c249b15a-e89d-400f-8a68-64450881d0a7", "value": "172152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824604", "to_ids": true, "type": "vhash", "uuid": "df31ebec-2dd8-4807-80d3-1af26958a131", "value": "015046655d1516z1700739z35z12z5gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824604", "to_ids": true, "type": "filename", "uuid": "4ad4562b-32b1-4403-b840-ae4eb3e80096", "value": "KernelMode.info_9118767c897bd8a02e16a25e8d8d409a0d2d631886dbb64ed175d2a6294d01e1.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824604", "to_ids": false, "type": "text", "uuid": "eb251770-4160-41b1-84d3-5b81198a705f", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:57/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507407", "uuid": "e63353ef-502b-4842-80d7-4c61413e3ae2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507407", "to_ids": true, "type": "md5", "uuid": "0b0df7eb-6d29-4cfa-ac5e-69f8cdfe3350", "value": "e271ba345eada5f56471c5413acf52f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740828999", "to_ids": true, "type": "sha1", "uuid": "a9030fac-f377-4a93-acdc-9aa981bfcd96", "value": "21bed5bb1040aae19747df33a174657f5023d3b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740828999", "to_ids": true, "type": "sha256", "uuid": "a85c3ac4-f069-4573-9bcf-ff3b32f512ce", "value": "a4d6c323b26a53e57df12f4cbc7d4e7504f8feaf1fdfe5a58365cfeed485187a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824625", "to_ids": true, "type": "ssdeep", "uuid": "a70e4053-08df-48e7-a838-23f5ce70bb33", "value": "768:nFihdKb710PTyZncjBMHgWOuZhB3ZOlI5XRoG1VYNwSklpGI:FihdKb710PTMc1GgWOU3IqAk/DlpV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824625", "to_ids": false, "type": "size-in-bytes", "uuid": "6e36bb19-2eb2-4edd-9a5f-4f875bded26f", "value": "59504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824625", "to_ids": true, "type": "vhash", "uuid": "7fc58680-b502-4245-98d2-180b946c34f0", "value": "054046655d151058z43hz1011zdfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824625", "to_ids": true, "type": "filename", "uuid": "6c8d2045-99d2-4503-988f-01503e39610e", "value": "E271BA345EADA5F56471C5413ACF52F9.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824626", "to_ids": false, "type": "text", "uuid": "3ae80e47-47fd-4820-8aff-cee9b4e026d2", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.J\nVT Total Detection:56/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507429", "uuid": "3bb5aa0a-9cf6-411a-ac2b-8e43b5a40476", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507429", "to_ids": true, "type": "md5", "uuid": "f165bcf8-fbf2-44b6-86bd-066b897daff7", "value": "e2b5c47156508a31b74a1f48e814fbe7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829000", "to_ids": true, "type": "sha1", "uuid": "bc526f44-1816-4d99-a12e-7db5670f2b37", "value": "90e5d098937b5fa58c25882097c44cf2b4f5b06a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829000", "to_ids": true, "type": "sha256", "uuid": "0730a74e-6003-4bbe-9243-fa897081dc2d", "value": "4ec547e25818c9cc669a4281f9633196626d5d85b7c37a10aafdde8ff737b3a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824647", "to_ids": true, "type": "ssdeep", "uuid": "0eecad54-adc4-4f41-8894-710acf3b05ae", "value": "192:CZXpJW91MwZc1D7lLPsT0D3ksT0DmP1oyn1QAh07xbK5/rAqJpx852BRZIx/qiY8:05IMVbPxkG1nQFKls19QpWdto7+VWVK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824647", "to_ids": false, "type": "size-in-bytes", "uuid": "528893c0-1fcc-4f0d-91fd-4fe4be9974cf", "value": "34816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824647", "to_ids": true, "type": "vhash", "uuid": "a5a7ba7f-a3f5-4c60-a1be-2c06e370825b", "value": "034046551d151039zc12lz6fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824647", "to_ids": true, "type": "filename", "uuid": "b7d897ec-e5ef-47ff-93a2-2a4a60193a60", "value": "Microsoft Help" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824647", "to_ids": false, "type": "text", "uuid": "37565dac-1490-4554-b107-89449bc5f34d", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Tapaoux.A\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507450", "uuid": "f244ee4a-1b50-4c0e-a876-9847bd5ea185", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507450", "to_ids": true, "type": "md5", "uuid": "cec25bef-a4d5-4cbe-86f2-319c58cdf778", "value": "e579157fb503b5cbd59ce66f5381575c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829001", "to_ids": true, "type": "sha1", "uuid": "c7611e0e-6394-4793-b0f3-b306d75793ba", "value": "9fc73f3797cc8d4d122e1383720e4ff3060c772f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829001", "to_ids": true, "type": "sha256", "uuid": "b1ad976c-b2ae-4b1a-b65b-85049413ea7e", "value": "324834d2339d57e0e598baed98ecb543a54a59fe904a77be79c44430b42f33e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824668", "to_ids": true, "type": "ssdeep", "uuid": "547f621d-995b-4dff-a8d3-a74b56fee2e9", "value": "1536:qSaHFfBC+oLzshOECGm05sH7L0zdjdT50ET1AXMsBhpJlUT1U3/eahXNhSwg:qhHrC+oLYhOE/zdJTbrYpXUJ8/eah9Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824668", "to_ids": false, "type": "size-in-bytes", "uuid": "7e07a1af-c1cd-4ee4-9c61-929d166b4aea", "value": "109480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824668", "to_ids": true, "type": "vhash", "uuid": "1620a034-36fb-4675-a31f-e9e078b22f41", "value": "015056655d151550a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824668", "to_ids": true, "type": "filename", "uuid": "0c18746f-8b62-420b-8e78-1c83a12b6e8c", "value": "324834d2339d57e0e598baed98ecb543a54a59fe904a77be79c44430b42f33e2.bin.sample" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824668", "to_ids": false, "type": "text", "uuid": "f802d073-3938-432d-bb08-36dc2671de8b", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.C\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507472", "uuid": "9a9aed0a-f43e-48aa-bfa3-e5c337650f92", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507472", "to_ids": true, "type": "md5", "uuid": "a2f4c64a-b74e-4134-a740-51431e580528", "value": "e5a31be7717c12a3cf9a173428ac7c38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829002", "to_ids": true, "type": "sha1", "uuid": "3130483e-6525-4488-884b-ffd59e60f692", "value": "7c139aa046c49f763d7cfceada446f12520141be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829002", "to_ids": true, "type": "sha256", "uuid": "99c8f4f8-c797-4434-b256-736bf36f3b2c", "value": "f4ab6fe2bb30364f3762f325d08ae3c00724faedad72facdb078d681b5afd47f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824689", "to_ids": true, "type": "ssdeep", "uuid": "dc434beb-53cb-488a-97e4-93c4562d42a3", "value": "6144:Wv7bzBn6Xy/jS/qswid020PI8t9QQm9lKFmtiZ:Wv7b16Xy/jS/q0Z0nt9QHKWiZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824689", "to_ids": false, "type": "size-in-bytes", "uuid": "bfb21ffb-33be-43e8-9875-e3918ce09cab", "value": "397312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824689", "to_ids": true, "type": "vhash", "uuid": "d042973a-b662-4a57-905b-5bfcd6e3bbb7", "value": "035046651d157az4iz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824689", "to_ids": true, "type": "filename", "uuid": "065ecfd6-6635-4c08-8e7c-3555868700a4", "value": "Windows 7 Activator.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824689", "to_ids": false, "type": "text", "uuid": "d0a0ef74-2e4c-491f-ac22-ec23b4796541", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507492", "uuid": "ed1b410f-04b2-44b1-8831-e11476bb83a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507492", "to_ids": true, "type": "md5", "uuid": "c1e44701-7812-4cab-b6c5-51d33369bc1d", "value": "e65fddac2ada261adcdcde87b4dc5540", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829003", "to_ids": true, "type": "sha1", "uuid": "98bf8e61-bb73-411a-aaf4-5e940877ac8a", "value": "f650e52cba0dd53438a85a7a55df713b63a564c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829004", "to_ids": true, "type": "sha256", "uuid": "4477687d-6ae6-43ee-92a2-18e6a0821a3d", "value": "1101e39160abe027fcad28c9ee22b074c846c44f8d40c28c20e02fbd167d7716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824732", "to_ids": true, "type": "ssdeep", "uuid": "d8d62e0a-9324-4708-babd-4f5151f4305f", "value": "384:VGrrMGbp3hmTa/R8da7WN8SkqJ1FpdeT7ohPu+y61Lxs/xkPD8YpZVA7:grFbX+apnK8NqJ1HdeT7+Pu+CCc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824732", "to_ids": false, "type": "size-in-bytes", "uuid": "a85c3d8d-508a-4d37-9fc8-0b8191e3ae44", "value": "29576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824732", "to_ids": true, "type": "vhash", "uuid": "1ed89868-050d-4794-b1b4-088878093298", "value": "024046651d151088z102gz1011z31z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824732", "to_ids": true, "type": "filename", "uuid": "7cf0f64e-83f0-4c82-beb1-5129ff973142", "value": "PHIME2002A.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824732", "to_ids": false, "type": "text", "uuid": "a55dc336-bde7-469b-92f3-b1c50159c840", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507514", "uuid": "a3a9cebd-9123-48b0-8af9-231881a239bf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507514", "to_ids": true, "type": "md5", "uuid": "3fa24978-f099-4389-9c0c-03f357823783", "value": "e9f89d406e32ca88c32ac22852c25841", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829005", "to_ids": true, "type": "sha1", "uuid": "8b6ffb00-d18d-4ae3-9f27-fbda66b88e1b", "value": "a435868938adb53d403e8f8afc4e8fcf6e961717", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829005", "to_ids": true, "type": "sha256", "uuid": "ca47bfbc-3083-41c6-b639-050e61730187", "value": "b2aac98ec07bed90d8c1caf24605eccece8a953aef13ae0e02770e790e82f521", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824753", "to_ids": true, "type": "ssdeep", "uuid": "f7fca02f-5385-47e2-8b14-84908f40651b", "value": "384:0mIMV7PxkG1nBi/7tBdgd4+gjKDUmepXZkGW:067pLeUcO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824753", "to_ids": false, "type": "size-in-bytes", "uuid": "4618ee6e-1eaf-4a58-8730-3520ce5a6878", "value": "30720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824753", "to_ids": true, "type": "vhash", "uuid": "8dc4fbd4-adf4-45bc-b1b3-afd3c941c250", "value": "034046551d151039zc12lz6fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824753", "to_ids": true, "type": "filename", "uuid": "effcd952-f587-497a-9211-93c449f150b2", "value": "Adobe Systems Apps" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824753", "to_ids": false, "type": "text", "uuid": "f632aeea-dcbe-46be-ba7f-a4ae10cf28e5", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Tapaoux.A\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507535", "uuid": "f82940a4-034a-4d7a-8cc4-7b2ac6cfe76b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507535", "to_ids": true, "type": "md5", "uuid": "552ec641-6aaf-4e63-9dc3-a668424a9cf1", "value": "ec4be1af573e5c55023b35bd02efe394", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829006", "to_ids": true, "type": "sha1", "uuid": "7f44d659-1988-4e68-a98a-36ad1a45e97e", "value": "7b5848b06926d9714ea62817330c29815d35cb85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829006", "to_ids": true, "type": "sha256", "uuid": "554c0671-ab07-4181-93a7-5ccc3224a71e", "value": "def7fa2f662cf1a5f7c8ce224be79aa0ccb9339f06d118b0b073e1a31ea52d71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824774", "to_ids": true, "type": "ssdeep", "uuid": "3f3f9a66-3622-485c-a64c-5659209ceab8", "value": "192:98MGWei4pP9TITpOL2doDW9lEObkyk2RG0UoynBAimP1yPyDKINnWnSkyxv:98QVKMkLTDWsOAyk2RGxvAimdySMSpB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824774", "to_ids": false, "type": "size-in-bytes", "uuid": "b0895123-7173-445c-a59b-67498df4238b", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824774", "to_ids": true, "type": "vhash", "uuid": "d7521ea1-b29b-4952-ae08-0b9766081dd8", "value": "024036551d1058z111chz11z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824774", "to_ids": true, "type": "filename", "uuid": "1714f9b9-1025-4e78-91c9-91f1d109c500", "value": "googletoolbar.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824774", "to_ids": false, "type": "text", "uuid": "4a9bf8a3-6875-4b5d-83eb-62a801703149", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Roficor.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507556", "uuid": "a76253fc-b1f2-4c75-bfd3-9cda3bdd3ff8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507556", "to_ids": true, "type": "md5", "uuid": "cbe68971-b3ac-4e3e-9264-31eaf49613c6", "value": "ed2119548aff161ff97d6837e6a08e84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829007", "to_ids": true, "type": "sha1", "uuid": "91bac7aa-966e-49fa-9d10-308da19061da", "value": "cf4625c42d00ddfa38dcd3b2f226f8ba0af5f539", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829007", "to_ids": true, "type": "sha256", "uuid": "84759bcc-f878-4d67-812e-f4d7a7241b78", "value": "6ba280ee1b4f0fa38d88e7b8a871a5e42aba7fcdc824ffabe810289d16286c36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824796", "to_ids": true, "type": "ssdeep", "uuid": "3a0b2ff1-df3a-4ab9-9421-612cbd618b25", "value": "3072:ghHrC+oLYhOE/zdJTbrYpXU1KPUrF3wdS/AjjX2tn:gNr/ochd/zdJTbrQU1+83ww4+n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824796", "to_ids": false, "type": "size-in-bytes", "uuid": "086beec4-8846-42e7-9c3f-ba1cddb22954", "value": "152328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824796", "to_ids": true, "type": "vhash", "uuid": "e577de82-b829-452c-8724-1a04236d0cd8", "value": "015056655d151510a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824796", "to_ids": true, "type": "filename", "uuid": "8baa28cd-2251-4c21-9037-28195acc91f4", "value": "KernelMode.info_6ba280ee1b4f0fa38d88e7b8a871a5e42aba7fcdc824ffabe810289d16286c36.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824796", "to_ids": false, "type": "text", "uuid": "18684880-666d-4c76-8a82-8bfa8881022f", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507577", "uuid": "b9f5276b-1812-420a-93cc-667b4943d218", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507577", "to_ids": true, "type": "md5", "uuid": "16c4dcf3-b054-40a1-bbcc-ba7cc0796738", "value": "ed9f539ddabdab8a88491ee38f638b64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829008", "to_ids": true, "type": "sha1", "uuid": "33fdd3e2-5cee-42e6-b34f-42f62b862006", "value": "e384266d31d6f5c88717572c2c4024abea04f9fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829009", "to_ids": true, "type": "sha256", "uuid": "c794b8e3-db1a-421c-b7ab-0c3059e347b1", "value": "a3bc69a52920cb05e4cc020a215685db170074d2aced31bdd7578db64ccf20b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824818", "to_ids": true, "type": "ssdeep", "uuid": "6977af09-7d36-406b-80c6-c61364f5e650", "value": "384:lSFBzsMJ8ZtMA++pq2xReY3mNAuKZFWRtSLxjlfRlq:UFprEM/+o2xReSm2bZgRtyrI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824818", "to_ids": false, "type": "size-in-bytes", "uuid": "10daeb6d-e337-4e72-8e4d-b6030636af68", "value": "23168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824818", "to_ids": true, "type": "vhash", "uuid": "e75f0d1f-57ee-4646-98cc-1fa753a8c33c", "value": "024036651d1068z102az39z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824818", "to_ids": true, "type": "filename", "uuid": "cdb4ad65-bee7-423e-92f8-b805b98b7ee7", "value": "ED9F539DDABDAB8A88491EE38F638B64.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824818", "to_ids": false, "type": "text", "uuid": "b92117c5-ee51-435a-a698-5347ce2c150b", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507598", "uuid": "3aa74da8-991b-4ed6-81d4-185396e4236d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507598", "to_ids": true, "type": "md5", "uuid": "ea9315d5-b4cc-4961-aa68-ee01cfb08f01", "value": "ede6a67f7956686f753819c46f496c84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829010", "to_ids": true, "type": "sha1", "uuid": "6190c2d5-88f7-4aa7-a521-9e667af0a1ea", "value": "f5062103792b41ffbe3ca9fbed6f9ab345081bbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829010", "to_ids": true, "type": "sha256", "uuid": "7c85aa27-082c-4aa5-928a-dca15f344808", "value": "76b9b9b82e695719e6fcf6742ac828c606241da2424c7e9ce9d0f8bacc4fcff4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824839", "to_ids": true, "type": "ssdeep", "uuid": "25433648-885b-490b-81bc-daace997f78f", "value": "3072:HhHrC+oLYhOE/zdJTbrYpXUJ8/eeLgkw8dNncj09MrOQUvRpDb4IM6S:HNr/ochd/zdJTbrQUu/9Lgx8dNnR1pDE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824839", "to_ids": false, "type": "size-in-bytes", "uuid": "5652f70b-c100-4eca-8adb-3fe8a3d7becf", "value": "160267" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824839", "to_ids": true, "type": "vhash", "uuid": "f5f5c1f4-1b03-4220-8747-68dd7ade1bb7", "value": "015056655d151550a01031z800497z5015z8010038fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824839", "to_ids": true, "type": "filename", "uuid": "6b0f4a2c-681b-460c-bbc7-28f18dc302c4", "value": "KernelMode.info_76b9b9b82e695719e6fcf6742ac828c606241da2424c7e9ce9d0f8bacc4fcff4.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824839", "to_ids": false, "type": "text", "uuid": "f8f4c24b-b95f-45ae-94d2-6324dd528362", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507619", "uuid": "8c1d5228-9d46-4ebd-b880-85baa589c9ea", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507619", "to_ids": true, "type": "md5", "uuid": "1662020b-edb2-4dc0-ba31-68c7e9664295", "value": "f1368a2e56ae66587847a1655265d3c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829011", "to_ids": true, "type": "sha1", "uuid": "c47e6748-8e3e-4ba3-84b5-9ad40a95cae6", "value": "837600e4186404642fca895a064bfe6c048e92c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829011", "to_ids": true, "type": "sha256", "uuid": "aaa2580e-798a-4392-bdbd-e7950f115923", "value": "a80d9b04a2a68890c61c7c06067790139e9a1c0ebfb87ab6f3b441df9b61d16b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824860", "to_ids": true, "type": "ssdeep", "uuid": "28acfd36-db7b-46d6-b99c-946f4ec7aa75", "value": "1536:OLUBZ37C+sASQIPdhf9VUk5LWuAxi8EcmrwfItmLZPnj53PREYT7tqql6t6W:aUBZ36A3AhfmuJewyPnNPREkQzD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824860", "to_ids": false, "type": "size-in-bytes", "uuid": "227db2d5-6fa6-47d9-8b77-97f12cf41a7c", "value": "118744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824860", "to_ids": true, "type": "vhash", "uuid": "2fcbc705-9f04-41f3-93b0-6b7256a13db8", "value": "015056655d151550a01031z800457z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824860", "to_ids": true, "type": "filename", "uuid": "5f76b27a-e21b-4a6e-ad62-6b6c26814f00", "value": "KernelMode.info_a80d9b04a2a68890c61c7c06067790139e9a1c0ebfb87ab6f3b441df9b61d16b.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824860", "to_ids": false, "type": "text", "uuid": "0e99f5a2-8b7f-4cda-82b9-63652b9f78d4", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.I\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507641", "uuid": "160bf312-6822-4517-865c-86e13363adde", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507641", "to_ids": true, "type": "md5", "uuid": "b5d9eacd-cbaa-4e90-b508-cc9039da04df", "value": "f2231ce84551fbd8a57e75fb07d7f6c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829012", "to_ids": true, "type": "sha1", "uuid": "0e184115-750d-4032-a16b-26f5520c15fc", "value": "fd58d7a3d08a645379a2fb74dd5a1f8f84bf12d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829012", "to_ids": true, "type": "sha256", "uuid": "9c81f40c-4fcf-4421-a55b-930cd6beafba", "value": "4bc8ccf53d0c8be182fab1f13afb143de16b142fdb8f2dbc7d9741771f050edc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824882", "to_ids": true, "type": "ssdeep", "uuid": "e5d71c00-c295-42aa-b7ae-49afa55e97a7", "value": "6144:QqR5VlEPKt8v7Ph6VRFdyx85FgnQVgEDc7XzAPyG:QqJqPvPhERKu5FgdPw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824882", "to_ids": false, "type": "size-in-bytes", "uuid": "a038a0a9-46dd-4819-918d-2cd2a7125b35", "value": "279057" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824882", "to_ids": true, "type": "vhash", "uuid": "035ddb4f-14c7-4701-8151-b35bdbf2bff4", "value": "025036655d10f4z16002e529z43z1011ze1z8027zb6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824882", "to_ids": true, "type": "filename", "uuid": "688ffeb3-3d3a-479d-9753-85810da33ff4", "value": "F2231CE84551FBD8A57E75FB07D7F6C0.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824882", "to_ids": false, "type": "text", "uuid": "bb5eae65-27de-45f2-972f-f16b07f98140", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Agent.CAF\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507663", "uuid": "2e70442a-5f12-4350-9a06-c26da9c6e269", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507663", "to_ids": true, "type": "md5", "uuid": "1f3bb0c8-6d05-47e8-aca8-607884d32c33", "value": "f47cdf5bfc7227382e18f8361249212b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829013", "to_ids": true, "type": "sha1", "uuid": "afc66a27-1fb9-426b-8732-8c7c189895a9", "value": "8e1c69f456d57d7ec45889dfab2140d382b3f4be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829014", "to_ids": true, "type": "sha256", "uuid": "6bc255b7-6cdf-40c0-9647-115c05e62d1f", "value": "6c7e60bccb286283ca1b839aa0be2c3b106dc70f4290dd99357ede189bd0201b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824903", "to_ids": true, "type": "ssdeep", "uuid": "bd2504ce-889a-4804-8667-49100b8ec9de", "value": "6144:wpAfe2j9nTfmh15/RBhTJyutq0jC/aCJwLBPkOENFghmAnbP:P9j9nTytJntqKC/aCJwLBPVENm4gbP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824903", "to_ids": false, "type": "size-in-bytes", "uuid": "6f10d823-2e5f-44c1-b1a7-b589b3a086d7", "value": "358696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824903", "to_ids": true, "type": "vhash", "uuid": "966f9d34-85c8-422c-a6e7-0db84de20e9b", "value": "035046651d157160101001800857z27z12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824903", "to_ids": true, "type": "filename", "uuid": "5a1277db-1c17-4284-a9d0-cf60f4665422", "value": "KernelMode.info_6c7e60bccb286283ca1b839aa0be2c3b106dc70f4290dd99357ede189bd0201b.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824903", "to_ids": false, "type": "text", "uuid": "fa497a9c-a453-4a95-ad8e-3ea365067f81", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Iepatch.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507684", "uuid": "5c065219-3b40-45ec-860e-c45e4d0f9f53", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507684", "to_ids": true, "type": "md5", "uuid": "a461155c-dc32-4b3d-8161-29d9a71c8377", "value": "f5d745e7a575b7aecae302623acd6277", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829015", "to_ids": true, "type": "sha1", "uuid": "cb024905-6a3b-40dd-ab4c-9de5528da559", "value": "9279b6867d594f7a5fcf868b0bf6a1a2bda408eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829015", "to_ids": true, "type": "sha256", "uuid": "a8da3a3f-d47a-4864-9b25-8fdee7d3aeef", "value": "b77746fa72928937a4fef7d4d633a354093f9318877e4c7cb60169b3f60bf34a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824925", "to_ids": true, "type": "ssdeep", "uuid": "3dc7f4de-9a4e-4c48-8b8d-df89599bb4f4", "value": "768:Tq6/Th5n2lRKRpiF30h+unYVXopE921rU0mgmqMN:O6/15nfW0hlrU0mB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824925", "to_ids": false, "type": "size-in-bytes", "uuid": "3ab4c9fa-f307-408d-b1d0-ed140a878b5c", "value": "28888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824925", "to_ids": true, "type": "vhash", "uuid": "5fb33655-e7d7-4222-a2aa-6540e8f3f017", "value": "124046651d155068z181alz31z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824925", "to_ids": true, "type": "filename", "uuid": "cd9a160c-2d09-438e-992f-2ea77baae8d5", "value": "KernelMode.info_b77746fa72928937a4fef7d4d633a354093f9318877e4c7cb60169b3f60bf34a.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824925", "to_ids": false, "type": "text", "uuid": "e57ead8e-07df-4e80-87e8-cf05dbf0db1b", "value": "Type Description: Win32 DLL\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507705", "uuid": "2d23f426-9fb0-40c8-b955-86fd50b72ec6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507705", "to_ids": true, "type": "md5", "uuid": "7c7f2235-b3a6-4f92-871d-588663d4ca7c", "value": "f602fe96deb8615ab8cefbd959e1d438", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829016", "to_ids": true, "type": "sha1", "uuid": "7c481fe4-1ce8-492e-aeef-8176e9cbfdea", "value": "7589e991b0f47751d7fa3774490f0985f8a367e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829016", "to_ids": true, "type": "sha256", "uuid": "4dfa9e79-6d00-4e05-b691-392deab510ef", "value": "8119f075b901142e437224b2f4fc059d36d1080b31b3f92a68400c10c1fa3d56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824946", "to_ids": true, "type": "ssdeep", "uuid": "ad0d6a90-0764-4177-821f-2b1416bd7d56", "value": "6144:UV5AAfAYBrHT1E24P+U5ULpswXWyE8dda4f9IRgOUbjAZ4tzyTPJu9Rfn:UIAfVTC2s+Ww/A8v3MLUbI4t6P89Rn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824946", "to_ids": false, "type": "size-in-bytes", "uuid": "04e4ab56-4676-4d8f-aeb9-92d4d7c4169d", "value": "383272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824946", "to_ids": true, "type": "vhash", "uuid": "4a944b6f-4735-4290-a42b-88a584347e27", "value": "035046655d55716012z1800837z27z12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824946", "to_ids": true, "type": "filename", "uuid": "3e63c4e1-8ad1-46c1-9767-210decf3e8de", "value": "vsjxfa.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824946", "to_ids": false, "type": "text", "uuid": "e022d6ae-21c0-44a4-bd87-8f1f68743bcc", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507726", "uuid": "f4a77730-763c-4f3b-9ae7-eb203554a032", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507726", "to_ids": true, "type": "md5", "uuid": "57caa3be-718e-4772-be4c-175896a14506", "value": "f7084cf91278eb8176c815ec4e269851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829017", "to_ids": true, "type": "sha1", "uuid": "e25e5220-3efd-4f31-b644-02706eefc93a", "value": "c0c66c05dc4eb61bf4fb65ba64be77dfd701263f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829017", "to_ids": true, "type": "sha256", "uuid": "39f04c1c-7a8c-459d-a18e-04f8e670413e", "value": "fd2df5e2cd529e936dc5144edb6b5d91bd9a88e33edd386e4e31ef4b3b9d49c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824967", "to_ids": true, "type": "ssdeep", "uuid": "b3a43d15-de00-4166-badb-bc42d8de2405", "value": "49152:Hqad8sRFiyRyBmN6+x4ECtCuof50dirzaA2avFSZck+ODCVoqcTdwOyjz1L:HF8sRFiyRyBmJeE+S50dirzaA2a9yDCz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824967", "to_ids": false, "type": "size-in-bytes", "uuid": "497dd626-185d-4030-b121-75a002b96425", "value": "2235904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824967", "to_ids": true, "type": "vhash", "uuid": "03d0b3b7-9818-4ad4-8a96-5472649a63e9", "value": "026056655d656550c0201006100a7z210e5za0700e2z8019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824967", "to_ids": true, "type": "filename", "uuid": "5d2b1395-1e88-4a75-a10b-46f5058b5d78", "value": "Catch.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824967", "to_ids": false, "type": "text", "uuid": "a3c5bd45-6978-4596-8fa2-0627868039a3", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.D\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507747", "uuid": "78c54e2f-1c6c-43df-b5d0-d909e42ef231", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507747", "to_ids": true, "type": "md5", "uuid": "843f5725-20c5-469f-ad41-6febcc62368b", "value": "f97ec1cc844914a9aa8dfa00d1ead62e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829018", "to_ids": true, "type": "sha1", "uuid": "c735a69f-2050-44a4-a898-752e74247343", "value": "c1670f32cb40ff1ff3881ec6690f1c45c9263843", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829018", "to_ids": true, "type": "sha256", "uuid": "452e26bd-1cd0-4db6-b867-94b8512f68b7", "value": "ba789c3dcb6e20f401ef0c76e8c9889ebff9f2b669b8bf3fcb33f1a78109d4d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740824989", "to_ids": true, "type": "ssdeep", "uuid": "05241956-0b7c-4ac4-a33a-7a0f3d10ce14", "value": "384:9KjHq2uRPfS4KD9JIIuPcOyk+dEfV7iLx7po/xkPD8Yp:QjK2uRi4CJZuPhykJfVqp8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740824989", "to_ids": false, "type": "size-in-bytes", "uuid": "84f688ac-a6ae-4065-9b62-1f120d4ccfc3", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740824989", "to_ids": true, "type": "vhash", "uuid": "b8eea3b7-4b0d-4d58-a628-b11a13f48ad1", "value": "034046551d1510a8z1423fz1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740824989", "to_ids": true, "type": "filename", "uuid": "a0a09de4-ec83-4109-bd22-9eb3b96584bd", "value": "KernelMode.info_ba789c3dcb6e20f401ef0c76e8c9889ebff9f2b669b8bf3fcb33f1a78109d4d6.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740824989", "to_ids": false, "type": "text", "uuid": "bc2877d9-3d14-4c0d-9827-ca7d61e29bee", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507768", "uuid": "77cd1393-80ff-46f4-8681-ee62a4ced0b2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507768", "to_ids": true, "type": "md5", "uuid": "4baad6e3-327b-4c07-8703-a9b8fa8266de", "value": "fe7efa9f0417ba001c058b513518f4cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829020", "to_ids": true, "type": "sha1", "uuid": "74b6338a-865d-4f8d-9513-c9d96995648c", "value": "c5817042c1c85bde08b34bca4291dd37a5464818", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829020", "to_ids": true, "type": "sha256", "uuid": "e8d21b84-2aaf-4e38-84a6-d324bf053083", "value": "bb5a5d2c120a3d1e9fa96cc00bc7b4c0a78c13077e3f37ad4733f8c9e2e0e7bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825010", "to_ids": true, "type": "ssdeep", "uuid": "7b1258f7-32a4-4db1-b22c-c2c7343a47c7", "value": "384:sgeFYq24RVCPkeBU/G6/527Z9cOyk+rEfJNoLx7Zo/xkPD8YpX1EymF:sgef24ROkqUD5OZ9hykDfJ6Z8o1vU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825010", "to_ids": false, "type": "size-in-bytes", "uuid": "27f73e60-8f03-4fd6-a0c5-a702f868c28e", "value": "39816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825010", "to_ids": true, "type": "vhash", "uuid": "b8a8fd66-9148-4f75-b801-6495153470df", "value": "034046551d1510a8z12239z33z1011z31z81z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825010", "to_ids": true, "type": "filename", "uuid": "01029aba-1dc8-40b4-b85c-6a4d8b045445", "value": "KernelMode.info_bb5a5d2c120a3d1e9fa96cc00bc7b4c0a78c13077e3f37ad4733f8c9e2e0e7bc.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825010", "to_ids": false, "type": "text", "uuid": "f6a982cb-3011-4a95-8629-6d0e38d826cc", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:61/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507789", "uuid": "355c3f25-152d-4a78-9b3e-2c5600c45f68", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507789", "to_ids": true, "type": "md5", "uuid": "2b4e9f23-5598-47b0-921d-eadf84555166", "value": "a6f55037cb02911c5624e70a67704156", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829021", "to_ids": true, "type": "sha1", "uuid": "e9508365-d547-47f1-85f8-aeb6ff77f7eb", "value": "ef567196212a4c1e2b5c650d5876bfeb8201cd32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829021", "to_ids": true, "type": "sha256", "uuid": "87ddbd9e-054a-4f32-bc0a-5c86e9995405", "value": "78698320c2d2221dea3247f66aa1a403c0e0e936efb8a191102290f20575dfb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825032", "to_ids": true, "type": "ssdeep", "uuid": "fd2728a0-84dc-403c-9e32-34fe79200b85", "value": "1536:w4vV6hy3RDB+agTmV7BFJbRKb9P0YNUl1xPsQd8:w4NYGD0mbbcF0YNUlrPfd8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825032", "to_ids": false, "type": "size-in-bytes", "uuid": "3063f3a5-060d-4795-b4b0-633e14f912e3", "value": "94208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825032", "to_ids": true, "type": "vhash", "uuid": "b9cb858c-5234-4afe-9a97-09f3bfd4dc40", "value": "094046651d151058z5djz11z21z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825032", "to_ids": true, "type": "filename", "uuid": "b077423c-3c85-46a4-802e-02dbafb4f155", "value": "FirstSp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825032", "to_ids": false, "type": "text", "uuid": "51768556-3058-4786-8085-88efd3959eb2", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.B\nVT Total Detection:58/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507810", "uuid": "24c13741-95bd-4e0b-b982-d014600b8582", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507810", "to_ids": true, "type": "md5", "uuid": "d7f95f18-24a9-4f6c-9630-2f05e452b1fc", "value": "a131d12bc9ab7983b984c81e5e7e108e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829022", "to_ids": true, "type": "sha1", "uuid": "73b943c3-923d-4c70-a8ae-057cbbf3a804", "value": "2b8030e9df8552d8f1e3734c1029cf67b599f9e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829022", "to_ids": true, "type": "sha256", "uuid": "5cba3672-a7bc-473f-8df6-180f66d49bcd", "value": "5eaa4da196bbf9d4d178ddb8e80fddebd79ddfaa1c5163f8bdead677aaf70f1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825053", "to_ids": true, "type": "ssdeep", "uuid": "e0c92656-71cd-49f6-8ddf-95f8cf3e2e71", "value": "1536:Z4vV6hy3RDB+agTmV7BFJbRKb9P0ANUl1xKV6HjRS:Z4NYGD0mbbcF0ANUlrKEHdS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825053", "to_ids": false, "type": "size-in-bytes", "uuid": "74596ef5-8998-401a-b5a7-5d1ff665bc6b", "value": "88488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825053", "to_ids": true, "type": "vhash", "uuid": "f53ce140-93d1-4a59-be6e-77655b29b294", "value": "084046651d151058z5djz11z21z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825053", "to_ids": true, "type": "filename", "uuid": "6f968bcc-5851-4e5c-beef-9df74a549fc2", "value": "FirstSp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825053", "to_ids": false, "type": "text", "uuid": "86071420-0a17-49fe-aa96-ee3605286363", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.B\nVT Total Detection:56/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507831", "uuid": "3784a42b-fc24-478f-aa04-bbca24f6f403", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507831", "to_ids": true, "type": "md5", "uuid": "72fd430a-0c14-4b7e-9674-798404a1802a", "value": "0367f890595cf28c6c195dfabae53ba5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829023", "to_ids": true, "type": "sha1", "uuid": "66e34844-29ac-4215-be25-8819d2d17922", "value": "31fbc571213e73817243af8ab516e98724869c4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829023", "to_ids": true, "type": "sha256", "uuid": "2b4f41e7-0719-4a17-ba70-54b54885d0e4", "value": "8cc3ede145613b926268828965830ad7fbcf0b6db2b8772b4d485a55b88dd308", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825074", "to_ids": true, "type": "ssdeep", "uuid": "4186f512-4c95-47fa-a383-bb115560b922", "value": "6144:+kByzQi0ukl8ylEMj8ENkS8BAHwM1+tOg95XgLO7kP+hehEQM/+pi6xqOV:+eyzQi1zyyMj8EWFGlfg7XEek2mNify" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825074", "to_ids": false, "type": "size-in-bytes", "uuid": "be0a9cb6-0f36-474f-a6fc-35abd1b57aee", "value": "379064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825074", "to_ids": true, "type": "vhash", "uuid": "4b25e7e1-a934-4b97-a39e-db239281e0ae", "value": "035046655d15716012z1800847z27z12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825074", "to_ids": true, "type": "filename", "uuid": "4b9d58fd-9e90-4767-8c27-504f3a8f8c36", "value": "KernelMode.info_8cc3ede145613b926268828965830ad7fbcf0b6db2b8772b4d485a55b88dd308.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825074", "to_ids": false, "type": "text", "uuid": "aa85664a-fdb8-48a6-9c26-2c1310733840", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507852", "uuid": "bc04edc3-95aa-4e69-a0d8-2adc6a242e3f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507852", "to_ids": true, "type": "md5", "uuid": "2e0c1ccb-229a-46d2-89aa-1df67b66b091", "value": "adab033d420206fcd2503643d443956e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829024", "to_ids": true, "type": "sha1", "uuid": "2b7311cb-f164-4af5-9710-e1fec8f49809", "value": "64517b244c4fcb175244f7b2c784002a53ce18de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829025", "to_ids": true, "type": "sha256", "uuid": "51d7c375-223a-4d53-b975-d6166711904f", "value": "4620cffee4c6397fedce5caf41492622dfa5435c79ac91e300556a0af329402b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825095", "to_ids": true, "type": "ssdeep", "uuid": "8a0216a8-c792-4c94-b239-eb79410b4e1b", "value": "1536:s/F0FU7lzliOTkCyhmNChRN+j+RqljZh0vQlpzTOld8KGr5lddwV0JYn:EF0FyvP/oql8IlxClGDl60JYn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825095", "to_ids": false, "type": "size-in-bytes", "uuid": "de30e96e-ea95-46a2-8aaf-1470159b8740", "value": "117528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825095", "to_ids": true, "type": "vhash", "uuid": "f38d0942-a54c-44a2-a01f-8b5d8448c4c0", "value": "015046651d15113012z18007iz12z4dfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825095", "to_ids": true, "type": "filename", "uuid": "02900725-46e2-4105-95c4-2205e707838b", "value": "KernelMode.info_4620cffee4c6397fedce5caf41492622dfa5435c79ac91e300556a0af329402b.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825095", "to_ids": false, "type": "text", "uuid": "3236c655-eeb3-4713-b6b6-596593cda7e5", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:61/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507873", "uuid": "d4d95e0b-f6d8-4847-aea7-7e91c5c746c7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507873", "to_ids": true, "type": "md5", "uuid": "37c363c3-0d7d-4981-b177-642ceb1c20b0", "value": "93283599dbf3b2d47872dafae12afb21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829026", "to_ids": true, "type": "sha1", "uuid": "fdc970a1-cb9b-462a-b3e2-49f67b8bfb53", "value": "b2e57b39fd0e698ac1bd48b8e024d20830596c1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829026", "to_ids": true, "type": "sha256", "uuid": "ba0389f5-2473-46cf-bcf4-ed3f250980d7", "value": "b71a3882d901af1e1eeaa6c954081ab673cb3a3d0e3e10c32036e3635ff1e1c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825138", "to_ids": true, "type": "ssdeep", "uuid": "ab729d5f-4481-4b4c-b09b-b71613447cdc", "value": "12288:SGF+tX3H3i+ykkxhgBAZ37hCM89Rx6F03/:SGcV3RGgBAZ9u9Rxc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825138", "to_ids": false, "type": "size-in-bytes", "uuid": "ab743347-188d-40bd-9439-9506948eda23", "value": "559616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825138", "to_ids": true, "type": "vhash", "uuid": "770b2916-ff2c-415d-a591-72f5dfb3ba66", "value": "055046655d551148z797z3015z1011z503dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825138", "to_ids": true, "type": "filename", "uuid": "c5d51d3b-adf8-4298-99eb-2a820854f3cf", "value": "IGFXSVC.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825138", "to_ids": false, "type": "text", "uuid": "b8322e7c-e039-4e9b-b527-b6df4a5c579d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Siromost.A\nVT Total Detection:57/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507894", "uuid": "d69afb57-99b7-4924-8658-2ec5d0934b0a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507894", "to_ids": true, "type": "md5", "uuid": "6233318b-2dfe-4e82-bf20-0fb697038c0c", "value": "d8137ded710d83e2339a97ee78494c34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829027", "to_ids": true, "type": "sha1", "uuid": "46624772-ea9b-4b8a-94a0-ac7c97ade98f", "value": "265fdeb993a09d2350daa130de4ce5b662bed628", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829027", "to_ids": true, "type": "sha256", "uuid": "b435d5a4-558d-4876-94f3-86603fd944ef", "value": "23e512420f9b3a090334d72b6dfa8d8ca06c6c425f8cbc6c3f0c987588a60589", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825159", "to_ids": true, "type": "ssdeep", "uuid": "8bbf42b1-f5b2-4f89-b1ea-99e6047bdf42", "value": "1536:jl/+FL7hbTicVBzqR8Iw7WPZMcn653jAB:jl/CVrCKm7n653jAB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825159", "to_ids": false, "type": "size-in-bytes", "uuid": "a274ad9c-78c6-47fc-87c8-6720a9f37fa5", "value": "86016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825159", "to_ids": true, "type": "vhash", "uuid": "44e2cbfe-8833-4741-a03b-eeffd3821bdc", "value": "084056655d151510c8z55hz13z11zb1z27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825159", "to_ids": true, "type": "filename", "uuid": "3e64aa1e-69a2-4a60-97da-0cd841cb5854", "value": "hLoad.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825159", "to_ids": false, "type": "text", "uuid": "62c92318-8c1d-4d4d-b13e-911517a069b8", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Telject.A\nVT Total Detection:53/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507915", "uuid": "6caff5db-ebbf-4319-b586-a276dde31ab4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507915", "to_ids": true, "type": "md5", "uuid": "9f903ccc-8662-441f-b777-82a662886162", "value": "06ac12b8c51aec71cefcf8a507d82ce4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829028", "to_ids": true, "type": "sha1", "uuid": "5ae49885-a616-4e85-84b4-215868004642", "value": "74c620fa0deaf30b211ccb9f6f2b1ccf29f73f40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829029", "to_ids": true, "type": "sha256", "uuid": "442452cf-15ad-4364-a894-bc1ea75eb297", "value": "eb8eefea77fb258bde014c3dfd9dc92c9b69598ecdbd74750d0ca609afc8808c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825181", "to_ids": true, "type": "ssdeep", "uuid": "d1c43d27-45c2-406f-9a9b-773120de9d6e", "value": "12288:cIq4hxhQQtqBotsyed7zfOoNhyG5yW9NN9dSf:cNO8BotsfVfxp1Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825181", "to_ids": false, "type": "size-in-bytes", "uuid": "d6568a4a-d1c0-4246-a17c-9109ab67eee8", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825181", "to_ids": true, "type": "vhash", "uuid": "226e55bf-f9be-4539-bbd5-ac1ad8ccbd67", "value": "045046655d157az56hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825181", "to_ids": true, "type": "filename", "uuid": "1649693d-5fb4-4a64-a8fb-6ec6ee715cac", "value": "~DFBB53.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825181", "to_ids": false, "type": "text", "uuid": "7b6d74a9-2fb1-4e45-8842-2ee44a2ef86c", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507936", "uuid": "07be11ba-5869-43df-afb1-4885962b45c2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507936", "to_ids": true, "type": "md5", "uuid": "102a919d-48ac-409e-a2c2-912a543928a4", "value": "3165b7472a9dd45cde49538561cba59f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829030", "to_ids": true, "type": "sha1", "uuid": "a28f8d54-035b-46e8-be7f-61c3a0b878f2", "value": "23eda5538d21e678e32919bf61330be6a7b85866", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829030", "to_ids": true, "type": "sha256", "uuid": "5d158953-96b1-4b1d-83f0-e1386c2371d0", "value": "402a8e7c29135edeed5936c7b5d3524f095bdab37658999fc3fa636b6b38e027", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825202", "to_ids": true, "type": "ssdeep", "uuid": "f60e47a7-dc27-4322-a5e5-33af2ccfc39e", "value": "6144:YOy2BoNPeogLyfosoJsAdSjZoJ1r+sOodIe9meyG5yW9NN9L8:YqBotsyed7zfOoNhyG5yW9NN9Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825202", "to_ids": false, "type": "size-in-bytes", "uuid": "6bc5162f-c958-433d-b8e2-cc8e0491dab3", "value": "282232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825202", "to_ids": true, "type": "vhash", "uuid": "04677bff-ec43-4039-bc93-5fa278e21a35", "value": "025056655d1575619z87hz42z111z301077z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825202", "to_ids": true, "type": "filename", "uuid": "1c1c679a-02ef-4e1a-a3e8-172c3885178a", "value": "wmisvcctrl.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825202", "to_ids": false, "type": "text", "uuid": "20aa3473-6526-4e64-9722-47074095d44a", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507957", "uuid": "d96a588a-105b-4df8-ba85-ddd071297b30", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507957", "to_ids": true, "type": "md5", "uuid": "8928f4ca-d036-48e1-9003-e0613fa4b972", "value": "043f0dcea6f6fbd1305571e6bf0fa78c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829031", "to_ids": true, "type": "sha1", "uuid": "7bb53c5a-0df3-4ced-89f5-fc25bb2b640c", "value": "13404ebde73c15ccf156e90e78cbf5941d1c18b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829031", "to_ids": true, "type": "sha256", "uuid": "db52819d-6ba8-4534-8783-0e85d8246e4c", "value": "cf3b528361557500dde295ae01ab84d1b37496d7240210fd6b114dfd80483360", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825223", "to_ids": true, "type": "ssdeep", "uuid": "01295b59-408d-4580-a152-0609926340e1", "value": "12288:cHq4hxhQQtqBotsyed7zfOoNhyG5yW9NN9dSf:cKO8BotsfVfxp1Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825223", "to_ids": false, "type": "size-in-bytes", "uuid": "0a296e85-5002-46de-b05d-f968333b6926", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825223", "to_ids": true, "type": "vhash", "uuid": "b1a5495b-ac91-4f15-820d-d72e0fcba413", "value": "045046655d157az56hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825223", "to_ids": true, "type": "filename", "uuid": "41a9c79f-5122-4ffc-9c9a-a739d3df2b83", "value": "KernelMode.info_cf3b528361557500dde295ae01ab84d1b37496d7240210fd6b114dfd80483360.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825223", "to_ids": false, "type": "text", "uuid": "b0affd14-bb79-48a0-9f4b-9eb8dafe49cd", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507978", "uuid": "e16d8af5-d858-4aaf-89cb-6cc73150b211", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507978", "to_ids": true, "type": "md5", "uuid": "a91ba969-d99d-4d17-af72-bb7150a27a48", "value": "17c99725043fa1573fd650e57c3c75d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829032", "to_ids": true, "type": "sha1", "uuid": "8dfcfbc8-abc7-491f-92d0-fc6cd8119f2c", "value": "1368af1819e7ecaf9186072affa5176a9b07500f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829032", "to_ids": true, "type": "sha256", "uuid": "990ccdbe-5338-434f-b3ba-9ae1c8f207c8", "value": "00f60edc9acb15a56d49296418a018da4fd7477315e943a8eed26f8c3b6e8651", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825245", "to_ids": true, "type": "ssdeep", "uuid": "f33ed9af-7cf8-4aa7-b8bf-3de3d2082369", "value": "12288:cRq4hxhQQtqBotsyed7zfOoNhyG5yW9NN9dSf:csO8BotsfVfxp1Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825245", "to_ids": false, "type": "size-in-bytes", "uuid": "88ce3e7a-a35f-4f27-897b-501d37697abe", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825245", "to_ids": true, "type": "vhash", "uuid": "8d4b8884-cc41-40c9-9e8f-98b7728de55b", "value": "045046655d157az56hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825245", "to_ids": true, "type": "filename", "uuid": "ab52118f-6569-4557-a949-c8b3baa20c72", "value": "DFDFC8.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825245", "to_ids": false, "type": "text", "uuid": "0b08e0f7-c22f-4ca8-8270-bee78c2d8430", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747507999", "uuid": "1926b7bc-7d96-46ad-9755-a4a17b872e0d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747507999", "to_ids": true, "type": "md5", "uuid": "b2f1169f-dcd8-4b73-8b80-43824df48a6f", "value": "0393036f35a7102a34fadfd77680b292", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829033", "to_ids": true, "type": "sha1", "uuid": "36665cfb-a82f-4243-888c-204fb487baac", "value": "48de817415d1fee29edb6e7a1639ef05c3989bc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829034", "to_ids": true, "type": "sha256", "uuid": "b7de0f69-3c79-476e-89c5-29df527eeed4", "value": "32edd18cc8c458186b76cfa546fe7a394de3c48366ea4854e6f6a75727026780", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825266", "to_ids": true, "type": "ssdeep", "uuid": "e714337c-e6af-4a51-8fe2-4fe5209a1e22", "value": "12288:cBq4hxhQQtqBotsyed7zfOoNhyG5yW9NN9dSf:ccO8BotsfVfxp1Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825266", "to_ids": false, "type": "size-in-bytes", "uuid": "b82f4cff-7199-4553-832d-7d527e10a59a", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825266", "to_ids": true, "type": "vhash", "uuid": "ec237a44-47b2-497b-be83-1bc3d836373a", "value": "045046655d157az56hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825266", "to_ids": true, "type": "filename", "uuid": "2dd0e80d-795f-4c4a-8e8f-a2584bba12ed", "value": "~DFD91C.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825266", "to_ids": false, "type": "text", "uuid": "d8eff27d-f853-4a51-9e25-1d949ae13127", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508020", "uuid": "8a375798-3239-4e6d-a61c-f27fbcf48494", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508020", "to_ids": true, "type": "md5", "uuid": "664377c0-5940-47f9-953c-46bcaca3e238", "value": "01cbd90ba5cf7e9595b208e4ca2d2d15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829035", "to_ids": true, "type": "sha1", "uuid": "d7705081-431d-4c61-8710-068ebcfae73e", "value": "206407f68d83df6ac1f69c7f13e64bcadff9b911", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829035", "to_ids": true, "type": "sha256", "uuid": "4bbbd154-a396-42a1-9594-62e6d6d1d73c", "value": "5bf2dfcf19db065cff2d55a9942c8fc8d5cbf77b58051ebf68ec6343cad91c16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825288", "to_ids": true, "type": "ssdeep", "uuid": "0865bae1-969c-4161-9487-9c175eed8d8c", "value": "12288:c2q4hxhQQtqBotsyed7zfOoNhyG5yW9NN9dSf:czO8BotsfVfxp1Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825288", "to_ids": false, "type": "size-in-bytes", "uuid": "e8a3b1e7-1bd0-4a65-bc78-4e3932cac23c", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825288", "to_ids": true, "type": "vhash", "uuid": "ddffeb42-b8dc-4f6e-9eb1-21c06a805694", "value": "045046655d157az56hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825288", "to_ids": true, "type": "filename", "uuid": "89e3db41-2189-4701-be34-2fb723e8d043", "value": "KernelMode.info_5bf2dfcf19db065cff2d55a9942c8fc8d5cbf77b58051ebf68ec6343cad91c16.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825288", "to_ids": false, "type": "text", "uuid": "d29fb14d-e734-4d41-a0c7-00c75b129003", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508042", "uuid": "c07ddea5-618f-43ba-9b93-18d7b22bfb05", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508042", "to_ids": true, "type": "md5", "uuid": "f7bfeaec-3d14-4338-b7d4-540b07f93502", "value": "032a7c67332a3abf6da179ed265e6e04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829036", "to_ids": true, "type": "sha1", "uuid": "d0e9c615-39bb-4f11-949f-d72d1bc0521f", "value": "8748407b0970ed118a5a0df28759e7d0b3116787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829036", "to_ids": true, "type": "sha256", "uuid": "de827d14-895d-4905-a832-4380d7be5014", "value": "cb09c377721de670a698db9d56716be19946225ed7eb3dfccef283be28d7780d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825310", "to_ids": true, "type": "ssdeep", "uuid": "5820ac7c-d62a-4e5e-9ab4-93bb11e1c46d", "value": "12288:c7q4hxhQQtqBotsyed7zfOoNhyG5yW9NN9dSf:cWO8BotsfVfxp1Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825310", "to_ids": false, "type": "size-in-bytes", "uuid": "047d0f6d-fe61-4bce-81f9-fd4dccb57b61", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825310", "to_ids": true, "type": "vhash", "uuid": "94492ac5-c546-4343-9ed7-7ad101c33bbc", "value": "045046655d157az56hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825310", "to_ids": true, "type": "filename", "uuid": "a7975c9f-68d3-48df-8e3f-7159ec970a66", "value": "~DF8C49.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825310", "to_ids": false, "type": "text", "uuid": "d3d1dc90-c86f-426a-80ed-ec9ab591a044", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508063", "uuid": "39e26d2c-f5c8-43bd-88e8-85ab7e3e07bd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508063", "to_ids": true, "type": "md5", "uuid": "afe876bc-75bc-4cc7-9143-750ab1a75737", "value": "23f7fe611ed2bd814bbdbfae457150b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829037", "to_ids": true, "type": "sha1", "uuid": "67ad6a64-b70d-4f37-8003-d45ad65f2ae6", "value": "b5d550f1ec3336e12a8134bc13519e0257b97ad7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829038", "to_ids": true, "type": "sha256", "uuid": "de994204-2686-4180-9a25-69d02af3d5c2", "value": "a02eb912b2392e7de040b65ca079ffa131622ae6ae3113e37530cc5fbc1bee67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825332", "to_ids": true, "type": "ssdeep", "uuid": "b6e119a4-60be-47fd-85cc-f05ba0ec8fd5", "value": "12288:cEq4hxhQQtqBotsyed7zfOoNhyG5yW9NN9dSf:cxO8BotsfVfxp1Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825332", "to_ids": false, "type": "size-in-bytes", "uuid": "0ffcd163-b5c4-4bdb-9dbe-b1e2ccc7825c", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825332", "to_ids": true, "type": "vhash", "uuid": "f86786c0-a160-4ae2-9a51-046162edef81", "value": "045046655d157az56hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825332", "to_ids": true, "type": "filename", "uuid": "3f1daf99-7dde-4937-acc5-9c135b3a9fb8", "value": "KernelMode.info_a02eb912b2392e7de040b65ca079ffa131622ae6ae3113e37530cc5fbc1bee67.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825332", "to_ids": false, "type": "text", "uuid": "9de9a601-7024-4de9-8257-0de4096a40eb", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Ramnit.D\nVT Total Detection:58/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508084", "uuid": "8d41fe5c-847f-4352-b94a-b717a8b5e18e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508084", "to_ids": true, "type": "md5", "uuid": "503a2318-7112-4685-b9e8-2e94234d8879", "value": "00d8dd7ec8545134bdc2527b4190078b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829039", "to_ids": true, "type": "sha1", "uuid": "d18ef51a-6c74-489d-86f3-776261210e6e", "value": "2d1c383143c39ca05cecbef35004bf9085d1d742", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829039", "to_ids": true, "type": "sha256", "uuid": "b3f2f509-dc43-462b-8f5c-4abeb3d0bfef", "value": "ffa97eb4875129646376bc88e9ff99ffeff2c6bba3a06f6727d5f343fc7f6b51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825353", "to_ids": true, "type": "ssdeep", "uuid": "92bf1311-6693-43db-8829-6a034203b7b7", "value": "6144:P7LAwG5OU3G9qdhyBgHn9Om5cgDZGYJkezn0t9lHlxLA5mUU8qdK6e20YIL+3MEE:DUwG5r3AIhyBgH9OkDZGYJkAn0t9lFxi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825353", "to_ids": false, "type": "size-in-bytes", "uuid": "a0e57dcf-efd3-49ae-a645-8de2f59c2e74", "value": "352074" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825353", "to_ids": true, "type": "vhash", "uuid": "a01022a0-ab49-4124-809a-4da600867ad0", "value": "035066655d15551f5038z58nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825353", "to_ids": true, "type": "filename", "uuid": "3beef3e4-1317-4dae-9811-bacc49cfce01", "value": "webapprt-stub.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825353", "to_ids": false, "type": "text", "uuid": "8c059df2-0262-48c9-993a-4735b49083ae", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508105", "uuid": "5902e604-6ef7-41b4-9c70-069a193bb334", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508105", "to_ids": true, "type": "md5", "uuid": "54ade772-015f-4a8d-b24e-af2e5c35dde0", "value": "01d09407d09355a821ba23ffb58ec40d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829040", "to_ids": true, "type": "sha1", "uuid": "60a74364-22db-4be0-ad2e-91dc50f28836", "value": "7b9662270202bff0aa0ec571becd3fbc2107f36a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829040", "to_ids": true, "type": "sha256", "uuid": "27d90854-f958-420a-95e4-68d3a1ac0edd", "value": "7527c116de49e52e6c7c1c50a52b8eedf758fb88acd461e92c6fca02a9ea76ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825375", "to_ids": true, "type": "ssdeep", "uuid": "48de927d-7ce8-4e5f-8fcc-a0af99ede319", "value": "12288:eGHjlIdRN3qToy7MCJ8YsxJmQPeEBWFK9FFy4WB1jkDd+2bZAYahzITOuyF:9lC3qMkJ4kQ2EbpG3jqdBbIh8TOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825375", "to_ids": false, "type": "size-in-bytes", "uuid": "d2a3605e-6422-4cca-a362-bc6ea99e34cc", "value": "795032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825375", "to_ids": true, "type": "vhash", "uuid": "2a3f8ea5-0020-46e9-9dda-28b563e4234b", "value": "07504e0f7d5f50101011z11z67z1015z13z15z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825375", "to_ids": true, "type": "filename", "uuid": "b8cf3bf8-9775-4c5f-9e1b-eca63d7762d8", "value": "01D09407D09355A821BA23FFB58EC40D.1148B76E" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825375", "to_ids": false, "type": "text", "uuid": "61d90e6d-4218-4b93-a45c-3a92ad245d54", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508126", "uuid": "0ebc6c2b-96cd-4cbd-bd41-01f283eedff7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508126", "to_ids": true, "type": "md5", "uuid": "d3693f96-3469-403d-8070-0ff46a4b3589", "value": "033d922f3f56f9ea7c976f31107e366a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829046", "to_ids": true, "type": "sha1", "uuid": "ffcc5add-198a-45be-99f5-3c532d7e180f", "value": "7d3245a9383329d138cee72c704d9194ead682ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829047", "to_ids": true, "type": "sha256", "uuid": "e1156fd5-df82-40f4-b8ce-465ad7139695", "value": "86af764b489e838982a4c5c1685ec3b43781d8b76c1ecda6edc238cfd7ee61d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825396", "to_ids": true, "type": "ssdeep", "uuid": "2341b5e1-d1f7-4ce1-b9d7-8a76917d231f", "value": "12288:5OZ6GM36bQUj57NWdGychyBgH9OkDZGYJkAn0t9lFxU5mz8qdK6e20YIq3MP:26G2mQkNERiyBgdTDZGYJkA49lFxU5mU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825396", "to_ids": false, "type": "size-in-bytes", "uuid": "3d7a061d-65d8-4e14-a269-3667570c6cd6", "value": "536394" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825396", "to_ids": true, "type": "vhash", "uuid": "22aac3bd-4b92-4f68-bcb6-ce5dc265eb64", "value": "055066655d55155f516013z10076hz1040015fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825396", "to_ids": true, "type": "filename", "uuid": "b2a064b4-bee6-42fe-bbce-4045bdbb42aa", "value": "updater.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825396", "to_ids": false, "type": "text", "uuid": "e3b9258c-08d4-41ce-93e0-a34053c3672d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508147", "uuid": "a8bf1678-9f8a-4cca-a845-32a20baf1f49", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508147", "to_ids": true, "type": "md5", "uuid": "6be62563-b059-4f50-9a84-381867e8d4e2", "value": "043c84cef3e011e3dc731d643a205f4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829054", "to_ids": true, "type": "sha1", "uuid": "0b41a399-0969-4ad1-b120-5246ef55d9c1", "value": "00b45c5d3da2bb33336a196bed0545c01c78d1c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829057", "to_ids": true, "type": "sha256", "uuid": "397d4580-5888-43c5-993b-82edb882d2e5", "value": "1d24d8268c2f8e82b65d58429c166367eee9683c38a1408910536d8084f4ad46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825417", "to_ids": true, "type": "ssdeep", "uuid": "15778b69-e2eb-4fe5-aa0e-6d7d4e13807c", "value": "12288:OeN1do7fE8FRs4p1E7oNOLLtpT7hBechK1:jkoLL5BechK1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825417", "to_ids": false, "type": "size-in-bytes", "uuid": "146ef916-fc59-4d45-81db-7284716ab05f", "value": "630644" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825417", "to_ids": true, "type": "vhash", "uuid": "cfceb3fe-269e-4816-823f-e5dec0343bcc", "value": "065056655d155f507026z5chz102001503dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825417", "to_ids": true, "type": "filename", "uuid": "684ecc6e-f8cc-4f7a-8234-c892d1993be9", "value": "nViewSetup" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825417", "to_ids": false, "type": "text", "uuid": "7f16951e-6e3c-4004-96d2-b0befadd3c61", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508168", "uuid": "fa5d5846-5dd2-4501-9173-092643f5725d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508168", "to_ids": true, "type": "md5", "uuid": "4ec34de6-0047-4a20-a464-8e6ba63c6295", "value": "058efdf7d94c5da920a3c32cbadac2d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829059", "to_ids": true, "type": "sha1", "uuid": "84041e59-bcfe-4752-b533-80e558cbd6dd", "value": "ce57e820b6dd76a8aa0ff3c99a21768a87285ecb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829059", "to_ids": true, "type": "sha256", "uuid": "b721c20c-1d0b-406b-b66c-e98314fd7b99", "value": "b1a26fec4b71446f5f12ddfd7d714fb5d452ba065e768ead0ed22778b3d10645", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825439", "to_ids": true, "type": "ssdeep", "uuid": "409aa168-b841-4e96-8ae1-babbd50c18ab", "value": "98304:bJtHbw3ttg2v5h3lwOkIbVIRyfCGPABYxmjR/2OirlUqOuyF:bJtHbw3ttg2v5h3lwOkIbVIRyfCGPAuc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825439", "to_ids": false, "type": "size-in-bytes", "uuid": "2eae7ed8-01f1-41b7-beae-52765c5caf7e", "value": "4553544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825439", "to_ids": true, "type": "vhash", "uuid": "efff823c-c3ab-40a5-bdc8-7321dcacc671", "value": "0460465d051f1)zdd3z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825439", "to_ids": true, "type": "filename", "uuid": "2b899bd2-db50-46e9-a3d9-73b7d1e31c89", "value": "Ukino DreamNote.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825439", "to_ids": false, "type": "text", "uuid": "7a5f374c-38c9-454a-8959-6622592d3239", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508189", "uuid": "ae40d31b-13c4-4963-9b18-3947d8f63ac0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508189", "to_ids": true, "type": "md5", "uuid": "e1db0439-a4f2-4673-8b64-90f4b0a59448", "value": "0b6caacd4081d3b18e847a40c1b6a7f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829060", "to_ids": true, "type": "sha1", "uuid": "3070972c-160d-49cb-8713-9059f0ef9cf8", "value": "62e9dc0cff017fea47ac0f7f65f86cdc24d9772f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829061", "to_ids": true, "type": "sha256", "uuid": "c86ef293-049b-4154-83a5-5aa252ece869", "value": "d75ac656dd563ee593993b25704a50957d0f247c7a5c21f06aca887d47ab5e1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825460", "to_ids": true, "type": "ssdeep", "uuid": "9f99c306-1dd4-4282-a6e8-4963e0ee94cd", "value": "6144:aCfk+Ie2k4pMk+AcIrN8+2Ecm6DZGrhZsRDD31T+5YUlxVo5dRF8q2QFBZsjyRG3:aCfk+KWk+AcsN8+B6DZGrhZsRX31a5YY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825460", "to_ids": false, "type": "size-in-bytes", "uuid": "d8d31677-2d14-4a05-99de-67f86b7bd137", "value": "353098" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825460", "to_ids": true, "type": "vhash", "uuid": "81cb61ef-c0bc-4359-87c5-3b61d7d2ed8e", "value": "03504e0f7d1f5bz3!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825460", "to_ids": true, "type": "filename", "uuid": "5bf150f1-35a4-4e4c-b3f4-2064b1e544e8", "value": "62e9dc0cff017fea47ac0f7f65f86cdc24d9772f_KernelMode.info_d75ac656dd563ee593993b25704a50957d0f247c7a5c21f06aca887d47ab5e1f.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825460", "to_ids": false, "type": "text", "uuid": "b43b944b-8f5b-444c-8e3a-6b921974eb6d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508210", "uuid": "e21092bc-838b-4a57-907a-bbd04994577c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508210", "to_ids": true, "type": "md5", "uuid": "12a981cf-df9c-4a22-b4d0-6f2576bd82b7", "value": "0b727001dfc90cc354bd2ccabe3c23a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829062", "to_ids": true, "type": "sha1", "uuid": "5bb20404-3867-4d2e-ad8f-f55ad4eee1f5", "value": "b78e8bf3498c500c8f5286aa911890b840a56032", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829063", "to_ids": true, "type": "sha256", "uuid": "63305b52-388b-4abd-a841-3eb7cf740a5f", "value": "90b4088896a05f8e448d76c9df08aa928207319dc898f7136eeca19225047709", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825481", "to_ids": true, "type": "ssdeep", "uuid": "d49b040c-48a1-4ef2-8128-ffbd4f3a8b10", "value": "49152:bOvb2WPBWZ152ypsDUUmOfIIbUuezh81TvlOuyF:bOjjm5regUlIIbUXUOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825481", "to_ids": false, "type": "size-in-bytes", "uuid": "388cc8f4-850c-451d-9a85-5b5c620bdde8", "value": "2210632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825481", "to_ids": true, "type": "vhash", "uuid": "9ff8cd6b-b3aa-404b-91c9-7683ea75b175", "value": "026066651d5d055f11c0605004700b46z10015zd0800b73z59z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825481", "to_ids": true, "type": "filename", "uuid": "c60c4f58-4d5a-4c72-adf1-993f0e73d91b", "value": "b78e8bf3498c500c8f5286aa911890b840a56032_KernelMode.info_90b4088896a05f8e448d76c9df08aa928207319dc898f7136eeca19225047709.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825481", "to_ids": false, "type": "text", "uuid": "c1e422ff-8bd8-4dd1-9f59-06f7f3180d43", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508231", "uuid": "23ebefb6-1071-47b1-a167-e0461a867507", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508231", "to_ids": true, "type": "md5", "uuid": "cd06b5c8-7c69-4195-933d-a8ba7bfb7856", "value": "0d3e3fd44faa32e0d83b02c8b7cff49c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829064", "to_ids": true, "type": "sha1", "uuid": "2377f665-6b3c-4afa-8659-0bad13464c48", "value": "ee7c5cf5f68ed174e07fed1fc55febe72c313cd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829064", "to_ids": true, "type": "sha256", "uuid": "854be7ae-7fc5-4321-bc2d-eca20f202b88", "value": "1203693a4ad21c5c12ec157f4ebbede35132188f02de8ce0f3ee6780788dae55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825503", "to_ids": true, "type": "ssdeep", "uuid": "9e24d10b-c0f6-4bcd-99f9-702605237e99", "value": "24576:RmfVjt5U9LdcThQMiqBrJ+AcsOk6DZGrhZec5Yax+5dH8q2QbZAf:UfVjtqxdcTh9Bl+AchzDZGlZec5Yax+S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825503", "to_ids": false, "type": "size-in-bytes", "uuid": "ce21415f-23d8-4636-ae62-e282c1d2b083", "value": "884490" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825503", "to_ids": true, "type": "vhash", "uuid": "eb1ad33f-28f3-4a7c-afcb-9d22924422ee", "value": "085066655d55755f509012z1b00887ze0d5z205005403dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825503", "to_ids": true, "type": "filename", "uuid": "49a92eea-2999-43d5-a008-01ded0401fa3", "value": "360AutoClean.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825503", "to_ids": false, "type": "text", "uuid": "145d911d-5801-4713-9998-9b7357938587", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:57/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508252", "uuid": "d79053be-aa48-431a-8728-32318abd7019", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508252", "to_ids": true, "type": "md5", "uuid": "bd6e013d-3946-4f18-adda-4de2ce58902c", "value": "0d48f948b3c47d0c08e8ee026b8f4670", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829065", "to_ids": true, "type": "sha1", "uuid": "d856fbfd-8092-4b57-a611-100a30ddd771", "value": "67a5a4da7d63a20c9a5d906e5c3bdd4692954cb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829065", "to_ids": true, "type": "sha256", "uuid": "3eb6e19e-ca00-45a7-87eb-b259132341b7", "value": "77fd82b9c32cc158df0d50e3bf32a775b35fa8dae5eba43a4f2132c7b84cd976", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825524", "to_ids": true, "type": "ssdeep", "uuid": "a09aace5-c722-49b6-903d-6735add72424", "value": "3072:QcDh24e2UrcZYXj5qjgTt2HLs7YgamhCCKJDLTPzsLaBj6qe7z7cEksJlGvCtCxG:QcDgRrcZ7gT4HA7VQgz79kJv/G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825524", "to_ids": false, "type": "size-in-bytes", "uuid": "2250362e-9c02-4606-9a2c-4b3358b9dbe6", "value": "228120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825524", "to_ids": true, "type": "vhash", "uuid": "2404d230-20c3-43d3-811d-586d38eb03c1", "value": "025046655d1510601010027007b7zf095z102007d1z8bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825524", "to_ids": true, "type": "filename", "uuid": "ad3765c9-8233-4751-812f-f5a453c5e8ba", "value": "Edown_mfc.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825524", "to_ids": false, "type": "text", "uuid": "99f1e03c-07d4-4413-8238-b50045918a73", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508273", "uuid": "0be3f5c4-31f2-4ce5-a795-90465445f47d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508273", "to_ids": true, "type": "md5", "uuid": "7a8de81e-f772-4d53-b75f-61fceba5f1e5", "value": "0fb91846ab9a4e9667c81154829f888b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829067", "to_ids": true, "type": "sha1", "uuid": "709c3da8-c252-4716-9bc8-6c81434de0e5", "value": "b4101bdbd0eb2167e79eb2597689ef5927af84e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829067", "to_ids": true, "type": "sha256", "uuid": "55231274-1097-41da-b874-d24fee22703d", "value": "858ae3350ac3f7fc6ce235536e70b9eee1aef8df95fdc5d90bf67b825171e89a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825545", "to_ids": true, "type": "ssdeep", "uuid": "b5305edb-3867-40cc-96af-9d917c6c0075", "value": "12288:U2aKuIyyGBmRkLXFgjo0nJu4MNXP75Fz8k+AcsN8+B6DZGrhZsRX31a5Yax+5dHe:7aKuI4mYXFAqzJXB+AcsOk6DZGrhZec7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825545", "to_ids": false, "type": "size-in-bytes", "uuid": "dcf4ac26-6572-4d2a-be59-c617bc8bb81b", "value": "675146" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825545", "to_ids": true, "type": "vhash", "uuid": "526467dc-3d09-4489-8b6e-b299183cfcc4", "value": "06504e0f7d1f50101011z11z37z1015z13z1011z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825545", "to_ids": true, "type": "filename", "uuid": "7b3ee0c0-f6ba-4586-8386-da0cf8e237db", "value": "b4101bdbd0eb2167e79eb2597689ef5927af84e2_KernelMode.info_858ae3350ac3f7fc6ce235536e70b9eee1aef8df95fdc5d90bf67b825171e89a.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825545", "to_ids": false, "type": "text", "uuid": "5f586b14-647f-435e-90d8-9effe7a55ea3", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508294", "uuid": "cb752a6e-658f-4350-bc33-52813662639f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508294", "to_ids": true, "type": "md5", "uuid": "a0c897f2-55b1-43ad-87b1-bbac1ad3cc29", "value": "1d399370e82b314ba20c21ff4ee82205", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829069", "to_ids": true, "type": "sha1", "uuid": "e3768687-15d2-4f30-8bd7-a0c73ca589c9", "value": "f05fb185bde1f40f2a45f5fe6df64ef50ff8a7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829069", "to_ids": true, "type": "sha256", "uuid": "3a98407d-ad81-49b3-acdc-113fc928ef18", "value": "89d25d75f3589f80ac4753456cb4977f0fd1f3f701996e740d022ba1423aaf3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825567", "to_ids": true, "type": "ssdeep", "uuid": "ecdd6849-201a-4181-8d53-83d38f2cbec0", "value": "24576:Dh0SQsCAFPJqmE8/gnglQ+vBhSVXparT9dv2nq1zNoJ/xcOuyF:DeqrFB7Dv3rSqrnSq1zNoJpcOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825567", "to_ids": false, "type": "size-in-bytes", "uuid": "1f24a3d2-6d72-41e6-aa25-d7a95697663c", "value": "1341256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825567", "to_ids": true, "type": "vhash", "uuid": "228c1177-eacc-44b7-9233-a090ee3f3d57", "value": "01603f7e1f5bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825567", "to_ids": true, "type": "filename", "uuid": "57f5535f-f63d-45b4-8491-377ae9d83e0a", "value": "SIW.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825567", "to_ids": false, "type": "text", "uuid": "5cff97a3-3b89-4f07-b258-c1d3f0f44874", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508315", "uuid": "c5e7f27f-5e63-4e0c-a378-c2687dca9fad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508315", "to_ids": true, "type": "md5", "uuid": "0e38e27a-ce14-4f82-bf10-25e2956b128c", "value": "1f9d915d331f7e363c39108f41145c44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829070", "to_ids": true, "type": "sha1", "uuid": "c8bf8bdc-da69-4e0b-92fb-7069b5938e8b", "value": "f27e37f7cbbab344559640b37d63c7b1a48fe355", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829072", "to_ids": true, "type": "sha256", "uuid": "2fa19fcd-c5b3-4d2b-a4ec-3c33fe41ac3c", "value": "f9f7608d46fbdd1b700c69590c8ba913f977e8ae3fd4efd49cf5a82266910381", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825588", "to_ids": true, "type": "ssdeep", "uuid": "7f8004b3-0f95-458a-95cf-74e928549b43", "value": "24576:ZfI6w1Xw8FZqaNQi1nyDt1GdMiAGzVYkbSOyylBkcy7NUbO7QwGYIRL4JJu+EAIr:AqaNQi1nCt1GSiAGzVYeSOyylBkcy7Nc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825588", "to_ids": false, "type": "size-in-bytes", "uuid": "3ccc7e15-a03c-4b4d-8f11-02a8a2c7f5ea", "value": "1362762" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825588", "to_ids": true, "type": "vhash", "uuid": "1522ce8b-e812-4cc2-a13d-f520c26952a5", "value": "016056656d151f10301040018005f7z4015z32z3c3z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825588", "to_ids": true, "type": "filename", "uuid": "5775375f-ae10-470d-8939-4cdc7e2f94ff", "value": "f27e37f7cbbab344559640b37d63c7b1a48fe355_KernelMode.info_f9f7608d46fbdd1b700c69590c8ba913f977e8ae3fd4efd49cf5a82266910381.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825588", "to_ids": false, "type": "text", "uuid": "60971630-2246-4ec0-b09c-3409294d51ae", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:57/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508336", "uuid": "d059a6ae-fbcb-414d-b778-15dc0ef74659", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508336", "to_ids": true, "type": "md5", "uuid": "40a7cb6a-b6eb-4fa2-83dd-3354549ab368", "value": "2431db868ebec1b967f5ad38abfd95c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829073", "to_ids": true, "type": "sha1", "uuid": "f0de8dc3-b19b-4e61-b238-09994d22cdd7", "value": "3942436aca86dbfc5ad10b95b054e5b19a2c9713", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829073", "to_ids": true, "type": "sha256", "uuid": "8cb83b0f-cb88-48dc-a853-1c8f79f3f79c", "value": "b3c31a5c57906233681ac8936088ada14adb4d4e4e7c2d7ffe429c5ffaab5b0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825609", "to_ids": true, "type": "ssdeep", "uuid": "83c03fef-c951-451e-8b20-11d47aaf0a60", "value": "6144:qgqM3rkqDK8qNdFDyMfZls3WNN7B6u6BN5zf6yJqMOuyF:qgqd7jCGd6uuP9FOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825609", "to_ids": false, "type": "size-in-bytes", "uuid": "f98fd768-0b27-466d-b5f9-d7f3c2d635b9", "value": "373592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825609", "to_ids": true, "type": "vhash", "uuid": "56ccad5c-79e0-469d-bcdd-7e58273fadb4", "value": "035056655d155f602013z600527z90f5z22z27033zd87004d1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825609", "to_ids": true, "type": "filename", "uuid": "88dbacaa-084a-4dcd-992c-8bbd4a977d04", "value": "TipsExtend.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825609", "to_ids": false, "type": "text", "uuid": "5f58f108-9157-48cb-855b-0f7cc1b1ca31", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508357", "uuid": "298f033e-7856-4b7b-81cc-154a7e6ca417", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508357", "to_ids": true, "type": "md5", "uuid": "b82bab68-748c-4d33-b23e-56b57296ae94", "value": "255f7842c6f07a6a1500a30fb4d27d54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829075", "to_ids": true, "type": "sha1", "uuid": "7a07d328-b777-4b89-91cb-1a8483a0db5b", "value": "12d460fe918b581d56c9360e117b45589b29c790", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829076", "to_ids": true, "type": "sha256", "uuid": "64ed22f0-0cce-4c00-8e5a-32edae3add70", "value": "6640c3cf1b37bafcc1d3b3accb0b3552a966e2265ca4adbb0b3e2bdb888e67ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825631", "to_ids": true, "type": "ssdeep", "uuid": "e258d502-0685-4102-a0d5-dcb6c404f6e3", "value": "49152:SLRI+LAgo2kphE8AYANBSqp8eCQEGGKJeTDxeq7uWYqYwTytOuyF:S5AZXeCQyKsDxeKuOYdOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825631", "to_ids": false, "type": "size-in-bytes", "uuid": "c7084b4a-16dc-4d53-9881-c894ea5b6376", "value": "2511688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825631", "to_ids": true, "type": "vhash", "uuid": "7eac3a7b-f4b8-451f-a5af-c45eedc75466", "value": "0260976d156c055d5d756044z16006214fz12z472z161e5z81" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825631", "to_ids": true, "type": "filename", "uuid": "708beb25-ab54-42eb-803f-a8b7e9850005", "value": "malware.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825631", "to_ids": false, "type": "text", "uuid": "b63b3b2e-a07e-4261-a10a-e29a3b78331a", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508378", "uuid": "d368c16e-e393-4e87-b7a7-46b3bbaa99d6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508378", "to_ids": true, "type": "md5", "uuid": "ba51b16e-e9f7-4a09-a2d2-a40fad450ca4", "value": "35994a29128c08bed6f5d4aad28f102b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829080", "to_ids": true, "type": "sha1", "uuid": "84de66e9-24fb-458a-a238-c5874ff9dbe3", "value": "b204b92247fd131b6eb0169d170c4a8298083da1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829083", "to_ids": true, "type": "sha256", "uuid": "61114624-9ab8-4d37-9390-2a7c003ddba6", "value": "b7f6abeae241dcf48e880d81ed88858e4c31a584eb43de71104fd263c488c2e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825652", "to_ids": true, "type": "ssdeep", "uuid": "b9d1db94-a3cc-4fc6-8da8-ef503ed57ec1", "value": "1536:QUBGhDEHEpLlcFixMTeDUjg4FvXGu5lnY5k7uG1YOuyy9pji67w9IWiWQAqxT04Y:QUchY6RcFixMcAnvWcd7uGCOuyodRw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825652", "to_ids": false, "type": "size-in-bytes", "uuid": "5e679a5a-c5da-42e8-b452-c37d6cd6a104", "value": "119624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825652", "to_ids": true, "type": "vhash", "uuid": "fbef8f74-1cec-40d4-a3e0-3f387bbf9294", "value": "01504e0f7d1f5015z11z39z15z13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825652", "to_ids": true, "type": "filename", "uuid": "3a7df59d-e232-4f9b-8f40-05806b2536ee", "value": "LSUninst.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825652", "to_ids": false, "type": "text", "uuid": "6a624063-a31d-4a51-8cac-2df3e10ac560", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508399", "uuid": "9acda227-2191-434d-9e6f-058fc02c781c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508399", "to_ids": true, "type": "md5", "uuid": "6fdfe3c8-70ca-42d5-a7a2-777402b9d097", "value": "268d17f3763246ac27de7dc8024f23fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829089", "to_ids": true, "type": "sha1", "uuid": "3b67cc08-c45a-43e4-beb7-9a248ae89b56", "value": "687b801a91383a1d3c7977e5cb27c68c7fbb83a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829090", "to_ids": true, "type": "sha256", "uuid": "76aa1d68-9657-46b8-849d-7ccb1a914d24", "value": "fbee0422f1d775b6abd1a2bee86ec0644e9c18ee4c2631b09f0d3244c05b10d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825673", "to_ids": true, "type": "ssdeep", "uuid": "1e06c9be-ae5e-43fc-9ba8-e86f84fb95f6", "value": "6144:i9/JZ2DDOZRTDOMJ3EaCnqeNb1w8ZDuWBHAmpcE92Tb0itDiQQaDu/3xYDMOuyE:U2I8Mncqab1rZDvg0cEIcitDx4OuyE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825673", "to_ids": false, "type": "size-in-bytes", "uuid": "d9a79af4-0f22-4df8-9561-92dd7baa1873", "value": "444464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825673", "to_ids": true, "type": "vhash", "uuid": "d74c030b-7e90-4cff-a9b7-aec0e0d71076", "value": "04504e0f7d1f50101011z11z47z1015z13z101dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825673", "to_ids": true, "type": "filename", "uuid": "7b779e46-2ce6-4b97-8deb-db94de34a16a", "value": "687b801a91383a1d3c7977e5cb27c68c7fbb83a8_KernelMode.info_fbee0422f1d775b6abd1a2bee86ec0644e9c18ee4c2631b09f0d3244c05b10d8.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825673", "to_ids": false, "type": "text", "uuid": "6d8e47fa-21b9-495a-bd04-1246cfe9852a", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508420", "uuid": "5aa4bc47-70dc-408e-8920-954374719e2a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508420", "to_ids": true, "type": "md5", "uuid": "5733f196-2b04-489d-a930-d928e7129250", "value": "40591b4ba82e0347b33098f6652640d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829091", "to_ids": true, "type": "sha1", "uuid": "b1c31f3c-459b-4bca-8488-f928a8e51bbb", "value": "2c68e35af3f74933aab5b89a372c05282026fdef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829092", "to_ids": true, "type": "sha256", "uuid": "4eb676e6-9b12-426d-8204-a1a4a5a9e06b", "value": "f5974d912b6379d6644515db33baff9fce15933fac7e376521b9ad609cbb0d67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825694", "to_ids": true, "type": "ssdeep", "uuid": "ca63367a-dd08-4524-9bda-11394aa63186", "value": "6144:zsNkAy+TYbRTGtg5t0QUj/aHqmLKBBW5a7GipL1/aqPYHt90BiY:akAy+TYRS4tXUfA5GdpLR9cHY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825694", "to_ids": false, "type": "size-in-bytes", "uuid": "8234ed0c-4aa9-4be4-a3b1-fc0de80d1e12", "value": "507956" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825695", "to_ids": true, "type": "vhash", "uuid": "12400401-519e-4bea-bb75-a213a7a21523", "value": "055056651d155f1070201002700747zf095z12z813z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825695", "to_ids": true, "type": "filename", "uuid": "f12f42b7-a9aa-45c5-9c5f-a7896f8ae85b", "value": "Dojuk.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825695", "to_ids": false, "type": "text", "uuid": "27836df2-0d66-4cfa-86cd-ea7bad1f20cb", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508441", "uuid": "a4972077-86d4-4a0d-8196-f0c39d783861", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508441", "to_ids": true, "type": "md5", "uuid": "6e7908a1-3679-4753-8857-1281113ee5a8", "value": "4286ee45e9fcc2db3ddfad38426b7f50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829093", "to_ids": true, "type": "sha1", "uuid": "948d31c0-cd0c-4e6b-9575-d375f4a20de4", "value": "49b973555890f1bda67a12a5927de1a9691005ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829093", "to_ids": true, "type": "sha256", "uuid": "d6583fc4-ffd8-4efc-9a69-ad4f0ef0bffd", "value": "85dffbf4e989fd9c86261cb8b790f198f7407fc63eace1601ab3a2494e4b4914", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825716", "to_ids": true, "type": "ssdeep", "uuid": "177ee3b8-c9a7-4329-a2dc-a0477abe7b45", "value": "1536:4cxqeQIAlnY5k7uG1YOuyy9pji67w9IWiWQAqxT04jE:lsd7uGCOuyodRw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825716", "to_ids": false, "type": "size-in-bytes", "uuid": "4438319f-1833-40af-b8e2-e4e0530ddb0c", "value": "86344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825716", "to_ids": true, "type": "vhash", "uuid": "0dc8ac35-495b-4e47-b8d7-bcfcfda02c08", "value": "0840966d1c0d1c0515651038z16nz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825716", "to_ids": true, "type": "filename", "uuid": "daf380d3-7396-4218-a685-0593a4cddd92", "value": "VirusShare_4286ee45e9fcc2db3ddfad38426b7f50.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825716", "to_ids": false, "type": "text", "uuid": "b44951de-a3e5-4373-8409-6de3dae3dd38", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:64/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508463", "uuid": "5d4defa3-3a69-4d80-8e5e-ad33a430c4d8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508463", "to_ids": true, "type": "md5", "uuid": "3b5ebd73-3705-497f-a11a-6bb42ef84993", "value": "4a0fa9be43cc84b5beb0b484227edfcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829095", "to_ids": true, "type": "sha1", "uuid": "55531754-1b43-4f79-ba6c-a7e31fe37f26", "value": "97698669fa290dfd9e0a374e09221b352302bf3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829095", "to_ids": true, "type": "sha256", "uuid": "065fb372-62f6-4588-be0e-74b3dbba4894", "value": "cfcc7037196cef0c0566bb08f934c04e6ee3dfcb2085bc4c46bd059405c39c89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825737", "to_ids": true, "type": "ssdeep", "uuid": "7a307085-f74b-4077-ab5b-98bd31372d36", "value": "1536:QcmuR8I4k6sMLypC5nncP8vPF37Zo4i5ClnY5f/7S7uG1YOuyy9pji67w9IWiWQI:SR1kVML69gFTi5CH7uGCOuyodRw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825737", "to_ids": false, "type": "size-in-bytes", "uuid": "2a064c3d-c08a-4cfd-a925-dc595e2e6b5c", "value": "136952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825737", "to_ids": true, "type": "vhash", "uuid": "2add262b-58f2-4f8e-9c3b-a600300ea20a", "value": "015056655d150f5az4bnz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825737", "to_ids": true, "type": "filename", "uuid": "1c3dfa79-da89-4375-aab0-e8dde4f20027", "value": "97698669fa290dfd9e0a374e09221b352302bf3e_KernelMode.info_cfcc7037196cef0c0566bb08f934c04e6ee3dfcb2085bc4c46bd059405c39c89.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825737", "to_ids": false, "type": "text", "uuid": "beb34a5d-47b9-4ad9-91f7-4e5b206bf46f", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508484", "uuid": "07f910cc-4842-49ac-9bd6-ade3e5f49f65", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508484", "to_ids": true, "type": "md5", "uuid": "952d9cd9-cc89-4b9c-8720-9efb64536ac3", "value": "4e01e648645d041d52af9dbb09e442ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829096", "to_ids": true, "type": "sha1", "uuid": "6dad81e9-8cc7-4a54-84d1-c69576592dc6", "value": "d1b3b3f99da8e4712017b741f29464b2a051fd40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829096", "to_ids": true, "type": "sha256", "uuid": "d00b0974-5055-4a7d-9920-64a036628d17", "value": "5235cc16625751e7fc356fcfddee656c8f5938a2c1d1a8a305520b083b2a1cee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825780", "to_ids": true, "type": "ssdeep", "uuid": "a68105a0-f995-4d6b-b354-cc781de67180", "value": "3072:T3K9Zb4+zO8/VSVcnFCsNzTOzqkYHVVE2FalOxxhvFEy/HVr:u9Z8n8/VSVcnIshTkPY1VE2MObh9Ft" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825780", "to_ids": false, "type": "size-in-bytes", "uuid": "1d495fa4-7acc-499c-abc2-0546ed662cb8", "value": "177112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825780", "to_ids": true, "type": "vhash", "uuid": "2dc321f3-64b2-462b-8715-1405bf6668f7", "value": "015046655d151034z1700799z35z22z5gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825780", "to_ids": true, "type": "filename", "uuid": "d75e1f87-a71b-4e40-9101-65e45b104ede", "value": "KernelMode.info_5235cc16625751e7fc356fcfddee656c8f5938a2c1d1a8a305520b083b2a1cee.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825780", "to_ids": false, "type": "text", "uuid": "884be44c-6885-488b-a1f5-1ae693a3f523", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Telject.A\nVT Total Detection:55/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508505", "uuid": "f4b46c51-b3b4-412c-82c8-8b577d99decc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508505", "to_ids": true, "type": "md5", "uuid": "4ef59f70-35a1-43db-95e9-a29e36350f57", "value": "4e8ea6bfacf9766f25af12fd63b16ce9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829097", "to_ids": true, "type": "sha1", "uuid": "f55d42d4-b4bb-4d94-9cf6-90dc6df7c332", "value": "c211a3621dae388b4594d12c482ccadc21f9c68b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829097", "to_ids": true, "type": "sha256", "uuid": "eda1aa88-79ca-406c-b3a9-bebdd241b68d", "value": "6c77e85438b42a04ebc065e971a2d2b953899256522d37df5c753c73b9e32646", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825801", "to_ids": true, "type": "ssdeep", "uuid": "1cd34ecd-506b-4d42-8928-8a3e37fa2a5e", "value": "3072:ELdfjW93yh7blZZrbJKWn3Z7TA41LYc+tSwTd7uGCOuyodRw:EJ6x07lbJKqFT3LYSKtMOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825801", "to_ids": false, "type": "size-in-bytes", "uuid": "a4183f87-44a6-46ad-94c3-823c8ad31c03", "value": "211784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825801", "to_ids": true, "type": "vhash", "uuid": "79fafe47-e4bf-4f68-8a65-7b616312fe74", "value": "025056655d151f1az547z2vz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825801", "to_ids": true, "type": "filename", "uuid": "390e3d1f-9cf5-4007-ba9d-bee5681e8f08", "value": "MsiX.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825801", "to_ids": false, "type": "text", "uuid": "48521478-edf2-4cf1-98c0-2f1510819ba4", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:57/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508527", "uuid": "0bc108bd-f16b-405c-9db2-6e7d4554c06b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508527", "to_ids": true, "type": "md5", "uuid": "553d6f12-9ab3-46f3-b2ad-107f782ac87c", "value": "56217179283737f5c46c0a64ebe28a82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829099", "to_ids": true, "type": "sha1", "uuid": "ef41a95b-c70d-4d5c-a90b-f7ee2d67107f", "value": "adc7b4a6bb6eaaeebec41dc3c98600103880f2ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829099", "to_ids": true, "type": "sha256", "uuid": "121f515e-ac32-4b95-8b6a-344f2523c2ed", "value": "c6698d974e7f1fce8d1af59b1d6f3eeadd506c9af38e43c2f2602ef926ef444b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825822", "to_ids": true, "type": "ssdeep", "uuid": "ee977bee-2a18-4cea-a8da-b15318785ba8", "value": "12288:g2GFYGEhyBgH9OkDZGYJkAn0t9lFxU5mz8qdK6e20YIq3MP:g2KYG6yBgdTDZGYJkA49lFxU5mz8qdXa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825822", "to_ids": false, "type": "size-in-bytes", "uuid": "661f145c-6f08-4aa4-a58c-27a412002655", "value": "462154" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825822", "to_ids": true, "type": "vhash", "uuid": "49efdf4b-3ac2-4b57-b415-a9ddf0b178c1", "value": "045066555d15751f5az1cnz1az2f1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825822", "to_ids": true, "type": "filename", "uuid": "bb1bfe16-1586-4de1-80de-db6d6abe2038", "value": "firefox.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825822", "to_ids": false, "type": "text", "uuid": "28d39072-3727-4734-aff5-f2d68f852202", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508548", "uuid": "487cbf89-d74a-4f80-ab43-ccccbaec1baa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508548", "to_ids": true, "type": "md5", "uuid": "3ecafdbc-565a-42b5-8bce-40e0e497741c", "value": "5cb91f0c3a1452176007dcc594ec02ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829100", "to_ids": true, "type": "sha1", "uuid": "ace9f1db-d26b-4f0e-9d82-951b466684c5", "value": "d5ee88f37d337e3ee44fc049da89bad50fac374a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829100", "to_ids": true, "type": "sha256", "uuid": "586d85de-a4e2-43f3-b7f5-574a1a4a9def", "value": "5d0e080fb7b6541c020f110be64e7f106fa6fe0ab1cc65d2d39cf2435781e7b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825844", "to_ids": true, "type": "ssdeep", "uuid": "08d1c04b-5e41-4a73-87d8-07da2f27ae65", "value": "384:jgh8NmsfhVifRxb3mh3rkGbpek1iQvELK9VLtNMSpQ:CfGh3tb8gMLKjMN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825844", "to_ids": false, "type": "size-in-bytes", "uuid": "b89651b6-fe76-4e66-9dba-f198d8d41e21", "value": "23256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825844", "to_ids": true, "type": "vhash", "uuid": "36c475cc-1d90-4974-8cfa-70d0b3e3a9ec", "value": "024036651d1069z91ehz10102fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825844", "to_ids": true, "type": "filename", "uuid": "afeb49cb-65f7-4e07-88e8-ee7853027a50", "value": "KernelMode.info_5d0e080fb7b6541c020f110be64e7f106fa6fe0ab1cc65d2d39cf2435781e7b7.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825844", "to_ids": false, "type": "text", "uuid": "2bf92746-83ac-46be-b19d-febae4ff0066", "value": "Type Description: Win32 EXE\n\nMicrosoft: PUAAdvertising:Win32/LoadMoney\nVT Total Detection:60/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508569", "uuid": "f7ef74ca-898f-48a3-bda3-3bcf3e5d718a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508569", "to_ids": true, "type": "md5", "uuid": "24880be3-f8ef-4e35-97a7-0f97556cc1ae", "value": "5f05b4aff89a07dbac9914ae3cf1314f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829101", "to_ids": true, "type": "sha1", "uuid": "4b6e9da1-9f19-457a-a3b5-2262221efadb", "value": "0be64d83e465beaac567ff41de244a750ade92d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829102", "to_ids": true, "type": "sha256", "uuid": "8947991a-84ce-4da6-80bb-d651a0aad7b7", "value": "f7fafc73621f44cdd8994151537da12c665ae9953bab22360871af59ffd646fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825865", "to_ids": true, "type": "ssdeep", "uuid": "db5bf7f1-5a67-4857-a744-d18bb1d3edf6", "value": "6144:39/JZ2DDOZRTDOMJ3EaCnqeNb1w8ZDuWBHAmpcE92Tb0itDiQQaDu/3xYgMOuyG:p2I8Mncqab1rZDvg0cEIcitDxtOuyG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825865", "to_ids": false, "type": "size-in-bytes", "uuid": "6163affd-40b7-42fc-9f1b-5af708b91328", "value": "447304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825865", "to_ids": true, "type": "vhash", "uuid": "f9429292-eb7f-4bef-a67a-db341941b2af", "value": "04504e0f7d1f50101011z11z47z1015z13z101dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825865", "to_ids": true, "type": "filename", "uuid": "5ebfc482-1cff-429e-9752-3aae37760a2d", "value": "FileEncrypt.exe~" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825865", "to_ids": false, "type": "text", "uuid": "06eb5a42-428d-4970-8342-459e5a0a8797", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:65/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508590", "uuid": "c8fccee2-cba2-4402-aee3-0abe953cb018", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508590", "to_ids": true, "type": "md5", "uuid": "53a83c6d-aacb-49dd-b337-701b0faef0ed", "value": "611c4440aa2587f54702e7e58b7be75f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829103", "to_ids": true, "type": "sha1", "uuid": "1d1b6b6b-aeed-439c-bef0-290dfb723b41", "value": "24b023458ca4eff37a3be3b486c59229fb20d276", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829103", "to_ids": true, "type": "sha256", "uuid": "022bec07-51d4-4735-b39e-2a7c99ed7fa1", "value": "25cbd45f2510444f86b10507e2884888decee0a5bec4bbab073cc6a6840b3a86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825886", "to_ids": true, "type": "ssdeep", "uuid": "cfda60cb-8a7f-4123-929c-15e6fd86ca46", "value": "24576:L5Zaptm/KI+LxMlXvg3FKZBVr4hvE9jersLVXn+U9ez+1dqeAyBgdTDZGYJkA49Q:L5k80LxCXvZ3VEJExersdTfqeAyBgdTV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825886", "to_ids": false, "type": "size-in-bytes", "uuid": "7320eb2e-cc79-4674-b6f1-3bd14fa29b04", "value": "1376154" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825886", "to_ids": true, "type": "vhash", "uuid": "d8ca5840-979a-435e-9cbb-010e3a502206", "value": "01606e0f7d70707f50101011z11z6015z101013z13z15z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825886", "to_ids": true, "type": "filename", "uuid": "57af3e13-a2d5-41e1-81b9-9fa8042ce94a", "value": "uTorrent.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 16/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825886", "to_ids": false, "type": "text", "uuid": "f4fca7c3-839f-4e9c-bde0-c893c5a95873", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508611", "uuid": "89808fcf-0e8f-4d95-9c6d-3c23afaf2084", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508611", "to_ids": true, "type": "md5", "uuid": "8d069317-2be0-4ef9-a1ec-26e76f7d76f6", "value": "65f7b330bcc7aeebf8d84afa0b23bf02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829104", "to_ids": true, "type": "sha1", "uuid": "a4dfae81-fe4a-47d9-b0bb-63f10ad53258", "value": "50fcc294c5cba9ca4dc12613693798a5d412614a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829104", "to_ids": true, "type": "sha256", "uuid": "bcc2768a-e9ff-4a07-9f23-b7cd3d6130a9", "value": "0146c57cb02974db2bad93a85aae7d5681a4aa98aec6f214f72c280266ca619d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825908", "to_ids": true, "type": "ssdeep", "uuid": "84913365-6466-4f95-a785-b663ca7fb598", "value": "24576:4sfwGuidFXNYGscMCQwdpRcf5SPtSB7fTZD0x:4sfwGuY3Iw8b9gx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825908", "to_ids": false, "type": "size-in-bytes", "uuid": "3c655197-5c02-4dbf-a3e1-ed697f45e386", "value": "1874036" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825908", "to_ids": true, "type": "vhash", "uuid": "0a818e8d-a95f-4273-8443-5132fbdf7b74", "value": "0160966d5d0515551565603162z4100597z1075z12z9aez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825908", "to_ids": true, "type": "filename", "uuid": "c23ab83f-4322-4a64-b7a3-4b55a174acc1", "value": "50fcc294c5cba9ca4dc12613693798a5d412614a_KernelMode.info_0146c57cb02974db2bad93a85aae7d5681a4aa98aec6f214f72c280266ca619d.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825908", "to_ids": false, "type": "text", "uuid": "f5f13b00-25de-491d-833d-666304ae2430", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:58/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508632", "uuid": "97b2861d-5834-4b0d-b6f2-ce62732b9d92", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508632", "to_ids": true, "type": "md5", "uuid": "967cfcd5-5e44-46c1-a308-bf6062e7413d", "value": "67b96c2265e44ccfad708c9387570ab4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829105", "to_ids": true, "type": "sha1", "uuid": "d8b0d44a-068e-4317-b15e-ad85868dc318", "value": "63781eba646820246d53d3b8d0d68903faa96fa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829106", "to_ids": true, "type": "sha256", "uuid": "3daecf93-658c-4529-b705-9daeff53af56", "value": "1929616f0e2574e320e010dc5cef87f9affe2813b2238aeed6c10e67f7f8e480", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825929", "to_ids": true, "type": "ssdeep", "uuid": "bd08d247-b802-478d-9d8e-0826e9be0609", "value": "1536:+a8hL4upTED0mJ0W8tFh0HwG8iEQsTY5Q5n0/lnY56OeVylTutNBLaNGmDOaa2F6:oL4sfjP0HwziEVr5n6btNBj72F6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825929", "to_ids": false, "type": "size-in-bytes", "uuid": "aea70618-f48c-4f1f-8b51-24888083d7b5", "value": "155976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825929", "to_ids": true, "type": "vhash", "uuid": "da3596ef-ad9e-441c-9683-3512879292c5", "value": "0150966d1c0d1c051505503013z700179z3bz2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825929", "to_ids": true, "type": "filename", "uuid": "82a99340-ce32-41e5-8488-7eab35e2a2e0", "value": "63781eba646820246d53d3b8d0d68903faa96fa5_KernelMode.info_1929616f0e2574e320e010dc5cef87f9affe2813b2238aeed6c10e67f7f8e480.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 17/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825929", "to_ids": false, "type": "text", "uuid": "61078621-77ae-4b60-8113-b0c9415f349a", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508653", "uuid": "6e788ff9-97ce-4bd4-90ba-c10fa56b10f2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508653", "to_ids": true, "type": "md5", "uuid": "14c034b4-fcfb-4388-b975-53753d018c00", "value": "69fa0bfd74d0db4ad734b9944ea71ec3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829107", "to_ids": true, "type": "sha1", "uuid": "20626565-fb28-4b10-b6de-b067a31b451e", "value": "3d4d67709b3b36dd09d6db5a9b2f74602abfa6be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829107", "to_ids": true, "type": "sha256", "uuid": "33d6b095-8bd0-4873-a45f-c823b1db3a06", "value": "e5a92dfe913ed5cc5949532e79d77de9c7bdb82c9c07151d90b23ef8c3afcbfa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825951", "to_ids": true, "type": "ssdeep", "uuid": "33ada5fe-6730-4e32-801b-15ac6a3f0b70", "value": "1536:4ial1EYW73OBd7EqC6TP32hUUUUwUUulnY5r7uG1YOuyy9pjiWw9IWi9NAqxm+4i:8KSBhdTPGhUUUUwUUu27uGCOuyokE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825951", "to_ids": false, "type": "size-in-bytes", "uuid": "c172779d-560f-427a-9bf5-e5d599aeb1cb", "value": "104264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825951", "to_ids": true, "type": "vhash", "uuid": "7b66df63-2e58-4b6b-8e9d-acfa85b7f7b4", "value": "0150676d155c0d1f5bz503=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825951", "to_ids": true, "type": "filename", "uuid": "01663f91-e35e-4ba1-8fee-e6f9e4d22027", "value": "3d4d67709b3b36dd09d6db5a9b2f74602abfa6be.codex" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825951", "to_ids": false, "type": "text", "uuid": "b03f7137-2995-4bfd-aa8e-15aa9911dbc3", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508675", "uuid": "cdb22a2c-576e-4d0a-8c6b-5860e18fbe6a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508675", "to_ids": true, "type": "md5", "uuid": "9b4af358-8aba-4425-9441-2399f1ec1b99", "value": "6a79c842a6edca3460b0026cd16c3670", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829108", "to_ids": true, "type": "sha1", "uuid": "c09cf70b-dc1a-4d6c-ac9a-ab0dbc670756", "value": "6635e1ed92df4b225de32cc3ea3976eced2af159", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829108", "to_ids": true, "type": "sha256", "uuid": "ad84bfcc-05d4-43bc-a41e-33a0ddc8c1e4", "value": "2eeae7447df15f4222baac0355552e52c54115845c8811a537f547cb6dc44b1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825972", "to_ids": true, "type": "ssdeep", "uuid": "5f81ba43-1f96-4473-9ddd-393fe90a5b86", "value": "12288:AsyrCS6xoIAfVTC2s+Ww/A8v3MLUbI4t6P89R1:As8TCVcA8v3MLUbI4t6P89f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825972", "to_ids": false, "type": "size-in-bytes", "uuid": "c1aa90be-a71b-43fe-adf5-f5f9e56ea6e9", "value": "503808" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825972", "to_ids": true, "type": "vhash", "uuid": "f710e733-9dd2-4244-981f-2d182539e0c1", "value": "055046651d157az44hz23z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825972", "to_ids": true, "type": "filename", "uuid": "9bf210c6-c0f8-4be8-b6cb-38b66ca21127", "value": "SETUP.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825972", "to_ids": false, "type": "text", "uuid": "e8b417dc-1eba-41c8-91a0-fa31f1fbe9c6", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508697", "uuid": "e1f305f1-f8ec-4edd-bc13-44e893842468", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508697", "to_ids": true, "type": "md5", "uuid": "cef57e15-ab37-4c92-9fc3-2282b6904288", "value": "6acd47c45a3e031411af351b3be5f82e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829110", "to_ids": true, "type": "sha1", "uuid": "0bafe885-0237-4f63-ac5a-b02d665fa72a", "value": "32263826dd62a0e782c34beef8d1d01cb1ad3088", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829110", "to_ids": true, "type": "sha256", "uuid": "a29213d4-5e9e-448c-a843-c29decf03f2f", "value": "9338630f8b136658808163282982dbc7903b0cecb4346fb5beec8a6e421bf91f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740825993", "to_ids": true, "type": "ssdeep", "uuid": "c936afe6-c0b4-48f5-b334-71226f207033", "value": "12288:vHUV6ZbE5kth+TFeHzB0gbup30PuGLTrhAYxFp4r2ryrXEVBSyR5wOuyF:sV6RGmUoHzByp30PtLTrhAYxX4zTyR5v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740825994", "to_ids": false, "type": "size-in-bytes", "uuid": "be3d043f-7112-4b58-ae62-dd488979cdfe", "value": "644424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740825994", "to_ids": true, "type": "vhash", "uuid": "1756c1a5-b981-4ea3-8e90-68f253377a0d", "value": "06504e0f7d1f50101011z11z3015z1015z1011z11z1011z15z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740825994", "to_ids": true, "type": "filename", "uuid": "06d9b506-12fe-4de2-b79e-22d254eef8ac", "value": "Blader.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740825994", "to_ids": false, "type": "text", "uuid": "0b46ed08-6fdf-4ca4-81e4-fbc46a48abba", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508718", "uuid": "c1a11024-b2d3-415d-893d-65a660f25e1f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508718", "to_ids": true, "type": "md5", "uuid": "38c75175-47a0-4415-b6cc-510c5e71f555", "value": "6d3839c312976ba96e89ab6a243aef8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829111", "to_ids": true, "type": "sha1", "uuid": "b5a1c918-094b-4db7-8450-3ee35ce1a06c", "value": "ff69d0aff85855980d01fe2fdf64e62e9ed7c944", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829111", "to_ids": true, "type": "sha256", "uuid": "800838f0-5a99-4c92-a2f4-d885a7e28a70", "value": "5de81f82bf32106b18adf81e007508a9092ca19b58e4e17796f82578299b19c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826015", "to_ids": true, "type": "ssdeep", "uuid": "2b78719b-1717-4d56-b5fa-53e9ee44203e", "value": "12288:Szl12U1hPq2AwzwyHHWv3FA6HN7PcO1h0hyBgH9OkDZGYJkAn0t9lFxU5mz8qdK1:Sz/1hPLAwhHHWvVdHNTDjqyBgdTDZGYv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826015", "to_ids": false, "type": "size-in-bytes", "uuid": "4e8fba3b-74ee-41cd-a914-4b473cb83eb1", "value": "603570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826015", "to_ids": true, "type": "vhash", "uuid": "f10d1291-3965-4037-b075-1b924cd00936", "value": "065056651d557f5az15hz23z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826015", "to_ids": true, "type": "filename", "uuid": "db8714a5-32a7-479b-bcbf-7410ddf81ab5", "value": "5de81f82bf32106b18adf81e007508a9092ca19b58e4e17796f82578299b19c3.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826015", "to_ids": false, "type": "text", "uuid": "8978baa5-801f-46ac-bf88-74551d955176", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508739", "uuid": "1b3a4dd6-ca1d-45fb-8523-eb9cf732606a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508739", "to_ids": true, "type": "md5", "uuid": "6cbec878-dede-4fa6-8c48-54e935b1e8b8", "value": "6f7ec5ff103e4ee038a54816c6b9bc09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829112", "to_ids": true, "type": "sha1", "uuid": "30b53654-16f0-4109-a8b4-9886eaaefe84", "value": "290d4cb961aa6537e7afee820bdb08cb504fc901", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829112", "to_ids": true, "type": "sha256", "uuid": "c7e86d94-c3b1-4e3e-a357-5f14d7c594c0", "value": "275035630745793d55693edfb537775534ca75f4344c84b4b2d4047f6b71ddb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826036", "to_ids": true, "type": "ssdeep", "uuid": "3ba02dbd-de5c-4328-81db-49b9fd9a2016", "value": "24576:/lNoblhlObkHzkl3PZ5nT/TxrXLHRQJKRbD2d/uCB3fCj3c3Qw3:/lNUlikAR3TTJ1kYboP83cD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826036", "to_ids": false, "type": "size-in-bytes", "uuid": "8951a080-dd77-44e7-ab05-e4138be85da0", "value": "1620808" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826036", "to_ids": true, "type": "vhash", "uuid": "a7b4ec83-a8ca-433d-99a9-04e3a2a3bab5", "value": "01608f7d7d7d7d7f6f0f50101011z11z37z1015z1011z13z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826036", "to_ids": true, "type": "filename", "uuid": "507d5eff-53de-43f5-ae1f-d41b53ef06ee", "value": "290d4cb961aa6537e7afee820bdb08cb504fc901_KernelMode.info_275035630745793d55693edfb537775534ca75f4344c84b4b2d4047f6b71ddb6.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826036", "to_ids": false, "type": "text", "uuid": "980a9348-f974-48f3-8e84-57069210eaa0", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508760", "uuid": "3072e1f7-3ca4-4ac1-9f55-cc18f6967f02", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508760", "to_ids": true, "type": "md5", "uuid": "81e52586-71ee-4257-aa33-356ee38e7ab3", "value": "720af0fa1f2633b1b73c278a0a016559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829114", "to_ids": true, "type": "sha1", "uuid": "ee5f6a0d-1f87-40b0-83e7-0d3ea982b541", "value": "ca183cdd468c88d37d1f8328d618f9f8f4b9b744", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829114", "to_ids": true, "type": "sha256", "uuid": "1096533d-3558-4c8b-b73c-74429de0a064", "value": "babf823e9cd1af89ab0388a5acc884c0e1367d0ab014f440bfe4a70b4d2207b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826058", "to_ids": true, "type": "ssdeep", "uuid": "eb34aef3-3a61-418d-97e8-88cecd03cef7", "value": "49152:CpFT4FWNgy1A+Q6DQGjiKhf10zaTgdz/X81JK83HX2yBgdTDZGGkA49lFxU5mz8j:CcFWNgs9JQeFZ10zaTgdz/81Jv3GyBgD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826058", "to_ids": false, "type": "size-in-bytes", "uuid": "5694abc9-a403-446f-88aa-6168f273d865", "value": "2088362" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826058", "to_ids": true, "type": "vhash", "uuid": "d088477b-a736-4ec5-bb0e-65875991a711", "value": "02604e0f7d1f5015z11z6015z17z13z10101bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826058", "to_ids": true, "type": "filename", "uuid": "0acde131-6a6f-492b-a6d1-52cce278d10a", "value": "iview436_setup.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826058", "to_ids": false, "type": "text", "uuid": "0ab5065e-83ec-4b3b-92b2-28202eadc64c", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508781", "uuid": "25c4906d-94bf-428c-b320-cd9a0c6ef247", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508781", "to_ids": true, "type": "md5", "uuid": "18e4c97d-02f9-4903-b3d8-eb84b732e738", "value": "729a2f6c7e95075ff36947bc5811a5d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829115", "to_ids": true, "type": "sha1", "uuid": "5735f312-2581-4282-b56d-57899dfcacee", "value": "c1ae4ebce52e3998665ebe4213a452413f9091a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829115", "to_ids": true, "type": "sha256", "uuid": "391eb5ce-86f2-4faa-806e-053cd8091bb6", "value": "0efd49bfbdc8655e5db47d45b6ce4c2c64d6152665f45ef7ac57f04459369487", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826079", "to_ids": true, "type": "ssdeep", "uuid": "3a513bcd-e37d-439f-a4ac-29127692d66a", "value": "6144:EafaykDg0NVerj5Jgj3O7hBqFBT1pHQuoPBjI6:EyXkk0NIcje7PqzTQu6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826079", "to_ids": false, "type": "size-in-bytes", "uuid": "68fad08f-dfc1-409e-9377-1ba1debecf5e", "value": "600904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826079", "to_ids": true, "type": "vhash", "uuid": "3ad601de-b734-4863-978b-5dafe08ab290", "value": "0650467d051f1)z383z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826079", "to_ids": true, "type": "filename", "uuid": "df0d1eb8-fa47-46a7-b559-137bf2608e50", "value": "Autorun.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826079", "to_ids": false, "type": "text", "uuid": "27672701-3a35-41a1-a8d8-5ac35fc4ac7d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508802", "uuid": "f4b5a13e-215e-4513-a582-6fdbbe042468", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508802", "to_ids": true, "type": "md5", "uuid": "5971fc19-97d1-423a-870c-4ba50c304e14", "value": "752c351778a8a18245f132dafdc54599", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829116", "to_ids": true, "type": "sha1", "uuid": "b9cdde15-e16f-4b1c-aaa4-a6c0ccae6a71", "value": "25f8a6971bdd501fa6deff78d86bc5fd6312dc6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829116", "to_ids": true, "type": "sha256", "uuid": "9ac42353-11c8-4121-bbb8-9363755a7f04", "value": "d6a684b35cac3b7d434187a4623cf4c17864327968aa05a6ee58d89ba6ed9f1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826100", "to_ids": true, "type": "ssdeep", "uuid": "cc480f4a-368c-4ffd-82c9-0f5dcfa6970d", "value": "49152:8GrXtUAVCN3i7yfe8JACUOxIpRMfYQXeZpVleQUqKcJacr6pNiXrOuyG:XXtUvNhfRACUOx8RMfYQXe8QUqFJacr1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826100", "to_ids": false, "type": "size-in-bytes", "uuid": "4d0d6198-7316-4298-9e6f-c399e6e176f8", "value": "1773208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826100", "to_ids": true, "type": "vhash", "uuid": "d213d4c7-2205-40a7-a9c3-3d6e62b8c2de", "value": "016066655d55555f50b0201006100976z210d5zb0500dd3z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826100", "to_ids": true, "type": "filename", "uuid": "131d39bb-1fff-4eef-9384-05b60cb9b5d6", "value": "gbgcupdate.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826100", "to_ids": false, "type": "text", "uuid": "8c35423e-74d5-40e5-bc48-327526ef48f5", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508823", "uuid": "e878ec40-6987-4f06-978a-8d9e7bcf75b5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508823", "to_ids": true, "type": "md5", "uuid": "77bfb1a2-8356-43ea-97f3-e6f3951a7d98", "value": "7a5256dda43cb459e99c0073f1e8f07b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829118", "to_ids": true, "type": "sha1", "uuid": "8ff5ee8a-5737-42b9-8be3-7a5c56fbdf9b", "value": "cfaea52682733dc39d4cd8324abb23e053f23a35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829118", "to_ids": true, "type": "sha256", "uuid": "5c6d579e-225e-4491-a7ae-6274426e4636", "value": "12811f786fb3a98c0eeff39d3faabc5824881bcd691fc1cc8f35d7ffaa707c03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826122", "to_ids": true, "type": "ssdeep", "uuid": "b0718c90-fd9c-4641-b442-be4bdedd23f6", "value": "1536:V2voC6r/yoOlnY5k7uG1YOuyy9pji67w9IWiWQAqxT04jE:FC6eoOd7uGCOuyodRw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826122", "to_ids": false, "type": "size-in-bytes", "uuid": "65696317-329d-4622-ab0e-9e4e664eb46f", "value": "105288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826122", "to_ids": true, "type": "vhash", "uuid": "8efc97df-251f-438a-9298-eb93f2e91e8c", "value": "015056651d151f1az2fnz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826122", "to_ids": true, "type": "filename", "uuid": "a68afaf8-196b-4371-8a91-687ca3036b7e", "value": "cfaea52682733dc39d4cd8324abb23e053f23a35_KernelMode.info_12811f786fb3a98c0eeff39d3faabc5824881bcd691fc1cc8f35d7ffaa707c03.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826122", "to_ids": false, "type": "text", "uuid": "b442a89c-3e39-4075-91c3-3e4c64fdf956", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508844", "uuid": "72e5f4ba-62b5-4329-b0fe-1aca66b82e7e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508844", "to_ids": true, "type": "md5", "uuid": "e9791c07-c11a-420e-995d-758b2bb2c14d", "value": "7ad3b74bec51678622e21f57fb82e136", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829119", "to_ids": true, "type": "sha1", "uuid": "f1c33c08-577a-4803-9885-7701de573f16", "value": "8451a774e40be182504e4a82852af45074cfb16e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829119", "to_ids": true, "type": "sha256", "uuid": "65989769-4d00-4283-bf06-86c4378c9e6d", "value": "578cc3d6721db808eded6cde770f75c3cfcadeab323fab5871f44b201ce0a894", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826143", "to_ids": true, "type": "ssdeep", "uuid": "b3107717-4b12-44f3-9ef6-cf5da8289cc5", "value": "3072:svTLarPCjBbMiH1V5l2ETT4gVVljxJVBAIkRLcClVzYmhpIetmTl27uGCOuyokE:svTL2CWSVH2EYIiZLcszYmMNTlgMOuyG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826143", "to_ids": false, "type": "size-in-bytes", "uuid": "6c147df6-3212-4fee-9b93-d55dd4d55d79", "value": "265032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826143", "to_ids": true, "type": "vhash", "uuid": "de0394d0-a8c3-4f5c-bca8-199a3752dc12", "value": "025056655d151f1az5c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826143", "to_ids": true, "type": "filename", "uuid": "db129238-7486-4d68-ba96-77cf79b750e9", "value": "8451a774e40be182504e4a82852af45074cfb16e_KernelMode.info_578cc3d6721db808eded6cde770f75c3cfcadeab323fab5871f44b201ce0a894.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826143", "to_ids": false, "type": "text", "uuid": "9b27037f-3403-44cb-b719-82c5e2b4cc0d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508865", "uuid": "8ae70d17-bfea-4279-97ea-ff79975f09d7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508865", "to_ids": true, "type": "md5", "uuid": "011eaef4-2088-4cc7-8af2-2061059d0c06", "value": "7f608ebfb9b1c81cb07eb8f26fd7647a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829120", "to_ids": true, "type": "sha1", "uuid": "fe9d7bbc-1c4f-49e7-898c-fff6e06f49c4", "value": "b2fa0b4fe44aef10cd1ac859615780bba25e0f8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829120", "to_ids": true, "type": "sha256", "uuid": "9a04038c-9462-40ae-9aac-d23b9776a044", "value": "1efbbbc1d4a4595a9c3788417d3210454f8f5f727fcfcc5513d448989510a0b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826165", "to_ids": true, "type": "ssdeep", "uuid": "18e46f43-f1ee-4973-b6ae-12d7e46637bb", "value": "6144:RqdhyBgHn9Om5cgDZGYJkezn0t9lHlxLA5mUU8qdK6e20YIL+3ME0/pba12NnCb2:ShyBgH9OkDZGYJkAn0t9lFxU5mz8qdK1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826165", "to_ids": false, "type": "size-in-bytes", "uuid": "c9f1906f-e435-4847-929a-22deefdc034b", "value": "246090" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826165", "to_ids": true, "type": "vhash", "uuid": "966cebbc-0fc7-456a-9f00-77f745f9ed5b", "value": "2250465555115140b6f214010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826165", "to_ids": true, "type": "filename", "uuid": "8766160f-ae83-4deb-a392-8960b72937bb", "value": "TextBoxTool.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826165", "to_ids": false, "type": "text", "uuid": "f56e0057-9c7b-4ce7-bcc8-dcb5020b9145", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim\nVT Total Detection:38/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508886", "uuid": "f07bfcf2-10ca-4ea4-a44d-38b0cdfdef38", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508886", "to_ids": true, "type": "md5", "uuid": "e09d907f-762d-467e-8373-b702444b39cb", "value": "83f0f16fb86d6f67ca158d66c195884e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829122", "to_ids": true, "type": "sha1", "uuid": "0da6df0e-e24a-4137-bf64-87daa4db1538", "value": "87fe8603958956345f3d2a6ce77b507fb9b3e9eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829122", "to_ids": true, "type": "sha256", "uuid": "20e512a1-df58-4c90-8874-84cd184167b9", "value": "3af81b40019faf5f32fd4860ab11ece3687a59a54df2b2b99e87af72df56434a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826186", "to_ids": true, "type": "ssdeep", "uuid": "f76720ee-ffc1-4e0d-b8f1-1fe2df43e706", "value": "1536:2jUC7DT01DULoOlrHRd58GecWZVncvAu6vYh:2jUY01coOlj/5wxu6Yh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826186", "to_ids": false, "type": "size-in-bytes", "uuid": "779eb62e-d7c2-4e6c-884f-983315eca431", "value": "64280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826186", "to_ids": true, "type": "vhash", "uuid": "bef8fda5-7d98-4f3f-aabb-bce3a897b7ad", "value": "064036651d5az3bbz3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826186", "to_ids": true, "type": "filename", "uuid": "ced6b9ca-bc05-4de5-92d0-3a17216e7c5e", "value": "igfxext.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826186", "to_ids": false, "type": "text", "uuid": "6c885eed-5365-45fe-9422-26b61904b1a7", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508907", "uuid": "2ebd0d41-8a45-4464-af42-9292a1e07893", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508907", "to_ids": true, "type": "md5", "uuid": "79e10567-b595-4747-80f8-09b5644fb017", "value": "873f26caddfe1e9af18181d8f5f18368", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829123", "to_ids": true, "type": "sha1", "uuid": "e37b7e42-99a6-4ff4-bf39-6d213f4bf2de", "value": "4a0ee509ae480fe2818fb2d29f453ccf8bbdb457", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829123", "to_ids": true, "type": "sha256", "uuid": "ae94d4e2-9296-4a89-866d-9d4432af9727", "value": "0a7c3259739432f52c61df38ecb2b28b73c1ceba0328955e7f2b672d131d30bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826207", "to_ids": true, "type": "ssdeep", "uuid": "8febe166-683b-4464-9239-fa95c90bb3dc", "value": "6144:TKdhyBgHn9Om5cgDZGYJkezn0t9lHlxLA5mUU8qdK6e20YIL+3ME0/pba12NnCb2:TohyBgH9OkDZGYJkAn0t9lFxU5mz8qdK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826207", "to_ids": false, "type": "size-in-bytes", "uuid": "8bac6c90-b67c-47a3-90ed-1008a88160e3", "value": "244042" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826207", "to_ids": true, "type": "vhash", "uuid": "3edd7426-24d7-4656-b809-ef0a000cef7c", "value": "025066555d15555f5az11#z1b1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826207", "to_ids": true, "type": "filename", "uuid": "79ab3dcb-2684-475c-b04a-55c1a083a9b3", "value": "plugin-container.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826207", "to_ids": false, "type": "text", "uuid": "94117b67-094d-4221-9fb6-a3458389d93a", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508928", "uuid": "6c757aee-5139-4122-99f5-ee10360a5089", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508928", "to_ids": true, "type": "md5", "uuid": "690c7521-a86e-4210-9c46-5a2f16575d91", "value": "8cdd3b6c577a17b698333337dd1cf3e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829124", "to_ids": true, "type": "sha1", "uuid": "dd4f68ac-9b37-47aa-90bc-09fddc7a1537", "value": "e73ed0079c25049e3be45a527b6d44e2d8fcd063", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829124", "to_ids": true, "type": "sha256", "uuid": "f3de24bf-2188-4b55-9feb-2b7223378184", "value": "36dbe5147c872da08b1c29cb581ff44f09e24e6db060b3ad16810f1481b5f1df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826228", "to_ids": true, "type": "ssdeep", "uuid": "4db55325-fde1-4be4-bdc2-8c061d5f8bbf", "value": "3072:UeBTP3RvohgtSAF76xITDvNAlE+vbHQ2PY8:1R8Cv4LjQU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826228", "to_ids": false, "type": "size-in-bytes", "uuid": "85488a40-0309-4133-a8b3-930cb98b691a", "value": "196656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826228", "to_ids": true, "type": "vhash", "uuid": "799e522b-c586-4bcb-8e96-9c7f1c09e410", "value": "0150465d051f1)z513z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826228", "to_ids": true, "type": "filename", "uuid": "14be6459-4f72-4427-944a-269ea4378ac7", "value": "Get_ICR.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826228", "to_ids": false, "type": "text", "uuid": "af15cb1e-1275-4c41-b93b-830a612295b7", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508949", "uuid": "5b4410c2-28b4-4dbd-b741-11abcc8a1906", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508949", "to_ids": true, "type": "md5", "uuid": "a2f2a210-70a8-466a-b923-520215e72e84", "value": "8def236d23dea950d9b1b222cb9a463a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829125", "to_ids": true, "type": "sha1", "uuid": "2b2bff79-8562-4fa2-8916-d18192b584b3", "value": "69b8bbc7939e89d0aaf54a141afc6449daf315ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829126", "to_ids": true, "type": "sha256", "uuid": "ce16229a-e1ce-4576-896d-9928396b6126", "value": "ce59e874dce78a606dfd6953fb574b401bcff6de10360f7351464657dcc2ff3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826250", "to_ids": true, "type": "ssdeep", "uuid": "87751d1d-9683-43ef-ae1f-7dde98f09b7a", "value": "3072:xx+fXkOEH2akyFsDbDo3zU7PdH3/AfRHh4BW9jOGiVCP07kuTA/7uGCOuyodRw:xx+fBG2yFsDbpvAfRBlOX0FuTADMOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826250", "to_ids": false, "type": "size-in-bytes", "uuid": "d6017fac-3e97-4a7d-8dbd-b53cad38c22f", "value": "257504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826250", "to_ids": true, "type": "vhash", "uuid": "4ccb0717-794c-4cbb-9452-8e7c93215e90", "value": "025066655d15555f5084z14003d7z9095z10300446z140038007" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826250", "to_ids": true, "type": "filename", "uuid": "c7b9b5f3-2a58-4576-adcb-61a9ef786bdd", "value": "vmware-unity-helper.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826250", "to_ids": false, "type": "text", "uuid": "de171774-e27f-4c7b-8f37-3cf79e94ad68", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508971", "uuid": "3477eb8c-9e13-4ead-9e94-08a73f6de372", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508971", "to_ids": true, "type": "md5", "uuid": "b359d086-7412-444f-a9bd-199f69db20bc", "value": "9305008e17b0805118a6a9bb45493441", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829127", "to_ids": true, "type": "sha1", "uuid": "a8b43be4-f730-40c4-a519-a0b7e020cc79", "value": "979888ad8da108d8c259207d2c66c3c6c071ad49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829127", "to_ids": true, "type": "sha256", "uuid": "3d0c9924-1cbf-45e3-a982-1f5b5f1edc92", "value": "d6684a4aff4f0706c5a9818fb0b1a5f52cb22531c88d416e5950e28b67adfbdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826271", "to_ids": true, "type": "ssdeep", "uuid": "821d54da-85ab-4299-9cfc-de0c062fa2e6", "value": "24576:nl35AE7YzdGia/ash+PBk6NkZvE+jZzZ+AcsOk6DZGrhZec5Yax+5dH8q2QbZAf:jAE4TqasuNkS+jP+AchzDZGlZec5YaxN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826271", "to_ids": false, "type": "size-in-bytes", "uuid": "fd8e8e7e-3873-4438-a074-f6aca571d1e9", "value": "1069898" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826271", "to_ids": true, "type": "vhash", "uuid": "bbd831a5-2f43-4c7f-b452-2ade6f7499b0", "value": "0160bd7d7d0d7d0d1d0d70101011z11z37z1015z13z101dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826271", "to_ids": true, "type": "filename", "uuid": "20e8e035-520f-44b4-b349-ae39c36fc70e", "value": "979888ad8da108d8c259207d2c66c3c6c071ad49_KernelMode.info_d6684a4aff4f0706c5a9818fb0b1a5f52cb22531c88d416e5950e28b67adfbdd.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826271", "to_ids": false, "type": "text", "uuid": "391a9191-721a-4bf4-828e-254a1c340708", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747508992", "uuid": "e4a1d904-2df9-421c-a199-bc7cc92539e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747508992", "to_ids": true, "type": "md5", "uuid": "0f5c886d-ab88-4bc6-ad12-fe3195e0b6de", "value": "965e7d4785d23ba6b6608c1245586eba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829128", "to_ids": true, "type": "sha1", "uuid": "dc415194-62a4-4b32-b597-3c0ad2d3ef9b", "value": "545d0da71f4d9dc4eed87027859127854cca5a3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829128", "to_ids": true, "type": "sha256", "uuid": "9f16d2fe-d4f8-417c-946f-e74490d1cb98", "value": "579bbcfbd9d5631489f5a2be73970ba67e51f3fcd7ac296695f83eeb04bcb2b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826292", "to_ids": true, "type": "ssdeep", "uuid": "1f75caff-24f0-45a7-a9e9-3d56928daf54", "value": "49152:79pXH0lCNyyPB/IwkSg7z5bbdYWcG9cbMRbESPnKitBEaAJcc:wlY13DgH9bdCGSwySVErJL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826292", "to_ids": false, "type": "size-in-bytes", "uuid": "5dc7e8d0-943e-42a2-b0d8-f135c3eb0a22", "value": "2544196" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826292", "to_ids": true, "type": "vhash", "uuid": "53b46b55-63dd-459d-9fd6-f8032e970a52", "value": "02603f7e5f50101011z11z47z1015z1011z1011z1017z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826292", "to_ids": true, "type": "filename", "uuid": "86e8372f-9436-4677-89b3-03ff08c031e7", "value": "BitComet.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826292", "to_ids": false, "type": "text", "uuid": "33e4922e-fc87-42a9-968e-0723f59e06b7", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:55/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509013", "uuid": "3a57f2e4-2e56-4a4b-952c-30f040b24664", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509013", "to_ids": true, "type": "md5", "uuid": "61b9aa7b-bb96-4d7d-be06-54380675d138", "value": "98b07144f4f5cc95348b39d6bfaeb56a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829130", "to_ids": true, "type": "sha1", "uuid": "8d71acd6-96cd-4d95-8431-f29ae75c813d", "value": "ec57abb7c877574903739128822ff20c7b6c163f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829130", "to_ids": true, "type": "sha256", "uuid": "ade7aa24-ddb9-4969-b772-706206a0a877", "value": "dbe718e86f504515e6bc25f7ad64db7b38e60dde3bffe71c4bb65cb9ee15d57f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826314", "to_ids": true, "type": "ssdeep", "uuid": "3134a2cd-9b26-4fad-8473-e02f9dd86073", "value": "12288:DCoUjvgLfRpTHsX8kGdfTd5D06r1lkfQOuyF:DCoD3THsdGNTdhBlkfQOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826314", "to_ids": false, "type": "size-in-bytes", "uuid": "2d7b2e80-5b2e-45b3-a401-ae65dd4e39f9", "value": "1272648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826314", "to_ids": true, "type": "vhash", "uuid": "9bba1163-e062-41dd-8528-551826d40dab", "value": "016056657d157f1055zd00497z37z12z323z59z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826314", "to_ids": true, "type": "filename", "uuid": "db7b3b94-9961-4211-a2e4-a1219516ae70", "value": "DC2PC.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826314", "to_ids": false, "type": "text", "uuid": "83b22043-e591-4031-91d6-118bbd196dec", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:44/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509034", "uuid": "d98889ba-9d1f-4e22-a4d7-4664e24ed8ee", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509034", "to_ids": true, "type": "md5", "uuid": "13c40487-cc81-4500-95d3-bc8ce4d61879", "value": "9978ced410a7dfd3a21ff59cbe1e4303", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829131", "to_ids": true, "type": "sha1", "uuid": "a775fbbe-7292-4f24-b8c7-dd2e99e27ddf", "value": "7516894fe87166a699be782791515586cd0dc9c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829131", "to_ids": true, "type": "sha256", "uuid": "5540daaf-030c-4f04-acc2-73512b8d5438", "value": "657b4e98139bd4e816caab0eaae7d0c3461e08e61ad1970a82114603108f5f0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826335", "to_ids": true, "type": "ssdeep", "uuid": "a2a13330-bb9c-4bb2-a547-997291897587", "value": "1536:WofJO68L3sMxpaE5WcKx3KtnlnY5/5jvdOeVylTutNBLaNGmDOaa2FRSce:WyJO6mfa/cy3USvBtNBj72F6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826335", "to_ids": false, "type": "size-in-bytes", "uuid": "aebda8bd-583b-459c-b1f0-54a022deba30", "value": "117680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826335", "to_ids": true, "type": "vhash", "uuid": "fd40cfe4-da50-4df3-9876-ef3842e3f777", "value": "015056555d156f5018z15nz1az22z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826335", "to_ids": true, "type": "filename", "uuid": "04db55ba-2dc6-4189-87bd-d7023cd5ff83", "value": "7516894fe87166a699be782791515586cd0dc9c8_KernelMode.info_657b4e98139bd4e816caab0eaae7d0c3461e08e61ad1970a82114603108f5f0e.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826335", "to_ids": false, "type": "text", "uuid": "bf1b852b-dcd7-46b5-ba70-2e6513a6cf52", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509055", "uuid": "cabf275f-b692-4a2b-8100-6cafd5b53a06", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509055", "to_ids": true, "type": "md5", "uuid": "ea7fd451-f37b-418a-9d9e-2995e432625e", "value": "99a2cca89d044148aa3379cdf2e899fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829132", "to_ids": true, "type": "sha1", "uuid": "1696ee23-cfdd-40c7-8ebe-f3e34d722917", "value": "8acfeea5875fe9ed2f3ed4fcd45481a42b24c044", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829132", "to_ids": true, "type": "sha256", "uuid": "55205ef5-acde-4020-a019-b110bd1ff11d", "value": "76e505edb12c9a1f0b1cf70f0e88f68e3116dbad2e759cd7688bda07c9a20692", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826357", "to_ids": true, "type": "ssdeep", "uuid": "515e4044-59cc-4d47-b2a8-3786cd277646", "value": "1536:7UtiuelnY5r7uG1YOuyy9pjiWw9IWi9NAqxm+4i:7l27uGCOuyokE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826357", "to_ids": false, "type": "size-in-bytes", "uuid": "34da9fa1-38e1-46d7-9e19-9230d2ac043d", "value": "87880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826357", "to_ids": true, "type": "vhash", "uuid": "e5830d59-522c-4f04-9ba6-ef5929626886", "value": "0840876d151c0d1d1d1f5az1001=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826357", "to_ids": true, "type": "filename", "uuid": "009abcb0-3aaf-4e13-b76d-a056368ac726", "value": "BK (2640).exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826357", "to_ids": false, "type": "text", "uuid": "c8e7432a-0aa9-4d67-bdd0-96feea039274", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509077", "uuid": "98cc9c81-e0db-4fe7-81d6-1eb0f546bd71", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509077", "to_ids": true, "type": "md5", "uuid": "4f461137-e8a1-42ba-a333-0cc37f32da4c", "value": "9a56bb6c022b3a2ab40d2b308ddf7015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829134", "to_ids": true, "type": "sha1", "uuid": "c9ae1304-7600-4fe7-b3c0-6eca3c1ba9d6", "value": "0bd189e1b0482b021dad59ea33c3fb8efdb3692a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829134", "to_ids": true, "type": "sha256", "uuid": "930ca85b-ed3f-45dc-9999-36836d0f0c17", "value": "0967cf32f7a3588bd891b76f4db8c9dfc96bcc8ee2bd1e08fe61cfed7f042fe3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826378", "to_ids": true, "type": "ssdeep", "uuid": "49f6dd1e-88c4-4f96-a26c-d49dee43dcf1", "value": "3072:cjgWQmFwu8gtGa1ZD+UyutrlapbtNBj72F6:cjZFFwBgtZ1ZKUjapPBjI6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826378", "to_ids": false, "type": "size-in-bytes", "uuid": "2b6c5577-2200-425e-9538-bb3b183ca50d", "value": "183112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826378", "to_ids": true, "type": "vhash", "uuid": "e606fddf-370b-4900-bd0a-cd934e8ea41a", "value": "015056655d155f1038z5bhz12z15fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826378", "to_ids": true, "type": "filename", "uuid": "6d77ae86-9319-4110-ac0e-75cbdc3b61cf", "value": "0bd189e1b0482b021dad59ea33c3fb8efdb3692a.codex" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826378", "to_ids": false, "type": "text", "uuid": "923b511b-20b5-4bc7-9993-472ae5ea1665", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509098", "uuid": "184dd518-998d-49a3-beff-16adb0d55dc9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509098", "to_ids": true, "type": "md5", "uuid": "c424d2f4-86a0-4de0-b264-e613f5a2cb81", "value": "9ba119cf7107d6f4f910447c90c4985d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829135", "to_ids": true, "type": "sha1", "uuid": "43ead64c-a671-4bc7-9854-d0fe413b8899", "value": "3c95f712adccb968d3e6d709684c36c4f1410ee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829135", "to_ids": true, "type": "sha256", "uuid": "0512ad9f-3db6-40ee-a515-3bee19fd81fe", "value": "49bb40ab78fa4834b45a2bd479637e81b56dbb7f299b620c2ebf3af922af7c7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826399", "to_ids": true, "type": "ssdeep", "uuid": "28c714dc-1be3-46a1-af92-2929626ddff1", "value": "1536:5pJhiI2nloOlQncePh/E/HPYfYmqUbAbU+buzbDs:7R2+IQnRc/HPYf7b+U+b8bQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826399", "to_ids": false, "type": "size-in-bytes", "uuid": "7ba41719-273f-4104-9975-0b52094241a9", "value": "67404" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826399", "to_ids": true, "type": "vhash", "uuid": "5cf0e47c-9c81-47af-bdd5-4bf54050200d", "value": "0640466d151f51c8z35145z8045z13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826399", "to_ids": true, "type": "filename", "uuid": "b139b095-d059-436e-8ef8-2013d5e862e4", "value": "dwtrig20.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826399", "to_ids": false, "type": "text", "uuid": "550b4ea8-86ce-4cfe-ac49-c56a3c6482bb", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509119", "uuid": "147fcb76-086c-4fb2-bf57-3524c8d071b3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509119", "to_ids": true, "type": "md5", "uuid": "bcbfc818-e186-45d6-91e4-409bbd29a641", "value": "9c3b06ab28840239cf1d0ecf4a45f6f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829136", "to_ids": true, "type": "sha1", "uuid": "90572133-edbf-4945-8f15-614088206b9a", "value": "92cc53b944b35b130eb0d9fbe28d8afbb203111d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829136", "to_ids": true, "type": "sha256", "uuid": "5bddb021-a5d8-4b1e-9906-61ecf30649f9", "value": "131a3051e08a46bc4ddaaadf823d6466fe8207cbc1f66d9b9a6e7053c11ca463", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826421", "to_ids": true, "type": "ssdeep", "uuid": "523dece7-182b-4471-994d-ad77e3623867", "value": "6144:6wf2I914dhyBgHn9Om5cgDZGYJkezn0t9lHlxLA5mUU8qdK6e20YIL+3ME0/pbam:vtyhyBgH9OkDZGYJkAn0t9lFxU5mz8qA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826421", "to_ids": false, "type": "size-in-bytes", "uuid": "b51f0657-40a1-4830-8a0c-d60a7ebfb9e8", "value": "293706" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826421", "to_ids": true, "type": "vhash", "uuid": "73f8b288-b4d3-451f-ac47-a56c6b27052b", "value": "0250465d051f1)z573z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826421", "to_ids": true, "type": "filename", "uuid": "f8add37a-7920-412e-b344-9cd47d9490e1", "value": "Systray-gDock.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826421", "to_ids": false, "type": "text", "uuid": "907f00fb-5036-444e-ab73-247b974d17a8", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509140", "uuid": "c2910f63-df7b-42e9-b02a-49f0e7e2d271", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509140", "to_ids": true, "type": "md5", "uuid": "5dbd88bb-08f8-4d26-b7c7-c3b00fe10089", "value": "9d248e5cc726f2aa2fa4f06566a2d5b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829138", "to_ids": true, "type": "sha1", "uuid": "ad91ce5e-f327-4fc2-adee-ac42daf48534", "value": "f5d4bcaa273e33091f76552022d53236cd5965f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829138", "to_ids": true, "type": "sha256", "uuid": "321aceb8-1aa7-4500-ad75-9fe4521864fd", "value": "36c89c535f6b12d56ae0078ccbd78a58af47aa4d9865ecd4c9b0c553d76894e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826463", "to_ids": true, "type": "ssdeep", "uuid": "1e42679d-743f-48cd-a143-004bf15cca06", "value": "6144:kAwcMk+AcIrN8+2Ecm6DZGrhZsRDD31T+5YUlxVo5dRF8q2QFBZsjyRG+0spba1v:kAkk+AcsN8+B6DZGrhZsRX31a5Yax+5U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826463", "to_ids": false, "type": "size-in-bytes", "uuid": "6f9af6b4-dfc2-471e-a2a0-9da2cb199a46", "value": "257866" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826463", "to_ids": true, "type": "vhash", "uuid": "35048034-3cd7-44b0-821c-025a6f9de1a4", "value": "02504e0f7d1f57z11z3hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826463", "to_ids": true, "type": "filename", "uuid": "39a89905-6060-43fe-a215-d59d9e451dd0", "value": "Tyakumoto.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826463", "to_ids": false, "type": "text", "uuid": "8bbee5d1-bdac-4d91-8b0f-8143ad5a31fd", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509161", "uuid": "eeb03631-bbbb-437d-b75f-021ce8307889", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509161", "to_ids": true, "type": "md5", "uuid": "c3f5a3e6-0a44-4741-8ff6-dd46c5c5e0b3", "value": "9eae89f27c8fbc5896fc7e540e4cfd4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829139", "to_ids": true, "type": "sha1", "uuid": "99e81136-c058-464e-ba84-a6114833b2fc", "value": "58fa595933d4de05e586d444a89fa11cc21b3cd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829139", "to_ids": true, "type": "sha256", "uuid": "b585bac7-4c23-48fd-8a04-1e0c60aa104e", "value": "f32cdc8ed6ed1787da7a9d7f9a4110deb419b4fbf20202ea752026abefa5951f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826484", "to_ids": true, "type": "ssdeep", "uuid": "48f6a06e-b31b-4521-90d7-bb7e347ecdca", "value": "6144:E175xp3JCcB6KXAC7XTGNAYugzduh1s1pLERmuxh7sZkV9Aw8IOLgMOuyG:Edp5CO6KBXiNAYugzdUkLWm2r+5OuyG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826484", "to_ids": false, "type": "size-in-bytes", "uuid": "0098fc35-d7f9-4fbb-ae33-c1646afc6998", "value": "334664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826484", "to_ids": true, "type": "vhash", "uuid": "4012fbfd-6169-4d9a-b986-a5a2e3c35cd8", "value": "035046655d5f1bz649=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826484", "to_ids": true, "type": "filename", "uuid": "7406be41-6ab4-4f5c-a515-9226ea94ff45", "value": "58fa595933d4de05e586d444a89fa11cc21b3cd8_KernelMode.info_f32cdc8ed6ed1787da7a9d7f9a4110deb419b4fbf20202ea752026abefa5951f.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826484", "to_ids": false, "type": "text", "uuid": "5562a97a-639d-4918-bbae-5dd20c0b1c7f", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509183", "uuid": "1851d1e6-add4-4d0b-98c5-87c4d30281e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509183", "to_ids": true, "type": "md5", "uuid": "806e058a-4af5-4e9e-83c4-0c9fcddb6934", "value": "a07db3237b6bd9789b5f1126ea7b0195", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829140", "to_ids": true, "type": "sha1", "uuid": "aee9d302-2ab3-4e1a-a910-444529c7f78b", "value": "5f8164553aae8b60eee401cf296e1bfcdfde07d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829141", "to_ids": true, "type": "sha256", "uuid": "0718614e-132b-4a72-849d-10ed4dc586a0", "value": "0867c7d02dda064eb59656e7c175928d8ca63a9e58eae95d116fee4f5db41c50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826506", "to_ids": true, "type": "ssdeep", "uuid": "9bc78bc5-56b3-4afb-92a4-cde3efb3d91d", "value": "3072:JoXTB3WgSOWRMgaCIHzchwUgx0ULCwUMJ+fbJaiUpGf4A+9emFuHmY80JSVtay4u:WXNmpOOwceJ9b04AcoS7aFq0E1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826506", "to_ids": false, "type": "size-in-bytes", "uuid": "07b9e637-004e-47e5-bad2-dd2b233e1693", "value": "320268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826506", "to_ids": true, "type": "vhash", "uuid": "1b4af544-0e3d-4443-b867-fa75ec4fbb95", "value": "035046655d1f500260a008b00ff!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826506", "to_ids": true, "type": "filename", "uuid": "8af38169-be23-40da-bcaf-e6c6ec3126b4", "value": "A07DB3237B6BD9789B5F1126EA7B0195.bin" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826506", "to_ids": false, "type": "text", "uuid": "3d9c5b43-f1f3-44ae-b913-e0b47eb1f3f1", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509204", "uuid": "24160ca2-515e-4720-a3a6-c2fd9c9f2f7b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509204", "to_ids": true, "type": "md5", "uuid": "ed709c94-d82f-44a0-b3e3-cc60d0023935", "value": "a1467e57ea55030e45325d3987db9fca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829142", "to_ids": true, "type": "sha1", "uuid": "cb6aa507-a18e-4fdf-84b3-9e71f5922231", "value": "6420d9a77b8daf81acccf13272d3c69c17b54f39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829142", "to_ids": true, "type": "sha256", "uuid": "f08e2c91-6760-49dc-a336-b624d8945405", "value": "d208de537f267c2f85ce4da78bd41692fb97371f1782d36c50072c190dd579e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826527", "to_ids": true, "type": "ssdeep", "uuid": "0d85e1f6-8ec2-4a1b-88b4-cedac67410be", "value": "1536:R1plnY5k7uG1YOuyy9pji67w9IWiWQAqxT04jE:Ppd7uGCOuyodRw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826527", "to_ids": false, "type": "size-in-bytes", "uuid": "65f6a4e3-1af9-42ff-8309-b0e2ddaf6eb5", "value": "78152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826527", "to_ids": true, "type": "vhash", "uuid": "c6edaba6-7836-4658-a3a5-36c52993ba7a", "value": "074056655d155f57z1001anz1az1f1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826527", "to_ids": true, "type": "filename", "uuid": "e0c21f6f-9779-4c15-85a0-f163adcbd2a8", "value": "6420d9a77b8daf81acccf13272d3c69c17b54f39_KernelMode.info_d208de537f267c2f85ce4da78bd41692fb97371f1782d36c50072c190dd579e2.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826527", "to_ids": false, "type": "text", "uuid": "0709996a-e6f1-42ef-864c-5800523ffc1c", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509225", "uuid": "7e50517e-cea0-46a6-ba5d-a3ba0d5d0b24", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509225", "to_ids": true, "type": "md5", "uuid": "f79744e5-363b-44b7-a474-fe824e04fe35", "value": "a6b0406dff68430aac6a5b738731e7d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829143", "to_ids": true, "type": "sha1", "uuid": "70eaabb6-1120-497b-b56a-375d11a9afb6", "value": "c6087f7de838cda5a9e5256f0e12b620a42af25d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829144", "to_ids": true, "type": "sha256", "uuid": "65bb66f0-d5da-4b4a-b481-29941e4308ff", "value": "613d9a7ce2d7db4a31e846f75bf91eb9a0ef30ad23d1085cc78bcd8da327b5b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826548", "to_ids": true, "type": "ssdeep", "uuid": "b6e98dce-b0eb-4ddb-9e1c-eb9041545056", "value": "6144:rHxB+4eO6TASGVlzCw9ncG/z0X0enxQX/9qLhfCaha0mu6JMOuyF:7jrlv9ncG/z0kenxQX/eZLp6SOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826548", "to_ids": false, "type": "size-in-bytes", "uuid": "e5ed254d-06a8-4117-b0b8-ceeb05157f23", "value": "684824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826548", "to_ids": true, "type": "vhash", "uuid": "419f1867-cc37-4f02-a9ff-132855627177", "value": "065066651d15151f603033zd003e7z47z202003daz311z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826548", "to_ids": true, "type": "filename", "uuid": "b7e6e570-ffe2-4693-9cbf-443564a2a49d", "value": "AliFileCheck.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826548", "to_ids": false, "type": "text", "uuid": "76ace082-c587-4b94-940c-7bd475d02bf3", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509247", "uuid": "f512566b-bb44-4cf3-ab1e-031c84fa5807", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509247", "to_ids": true, "type": "md5", "uuid": "5935b312-98c8-4733-8c35-569935c3e60c", "value": "a855b983f1f414461de0e813e2f72b24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829145", "to_ids": true, "type": "sha1", "uuid": "ebee5aae-19da-4ecf-8c29-f5db0a3e2357", "value": "e96af17666d488fd2c8212c82e1f4f2a79798b8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829145", "to_ids": true, "type": "sha256", "uuid": "47995475-f8bf-44bf-90b3-9b92fd0b0818", "value": "5f9d069841b5cacbbc2ec63d6e0055a60e41ea30cc469f9c57ade582dc865635", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826570", "to_ids": true, "type": "ssdeep", "uuid": "45d50980-526f-4e8c-8b98-de4e013a372a", "value": "49152:L5Jdp8irorHIa0OiHnNGx9Dwir1OiPvaXRnUg0ODGjlvenJSFFbK6ae3CFakM7M5:Lv3LhKcPzRyBgdTDZGGk39lFxU5mz8qA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826570", "to_ids": false, "type": "size-in-bytes", "uuid": "baaddb4d-9ad7-40be-97fd-a6af2c1b0289", "value": "1809226" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826570", "to_ids": true, "type": "vhash", "uuid": "1d55fcaa-c1df-467d-a86a-5c5007e714dd", "value": "016056656d157f11z1030012005e7z4015z42z4b3z37z25" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826570", "to_ids": true, "type": "filename", "uuid": "ee39742b-1da1-4e5d-af66-b9aab43ed504", "value": "e96af17666d488fd2c8212c82e1f4f2a79798b8a_KernelMode.info_5f9d069841b5cacbbc2ec63d6e0055a60e41ea30cc469f9c57ade582dc865635.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826570", "to_ids": false, "type": "text", "uuid": "12908859-2d97-4ffb-8f05-cacf08a79ec7", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509268", "uuid": "378246b1-a65d-4399-98d3-0c4e5b56d72d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509268", "to_ids": true, "type": "md5", "uuid": "6056212c-688d-4acc-aee7-b5a21ceb8ed3", "value": "ad35db962130becfac1de2f803a119ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829146", "to_ids": true, "type": "sha1", "uuid": "6d88deaa-235d-4020-9a63-0cd2eaba1134", "value": "f667edddedcc45074f4189a4535ea6bc5cd5f634", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829146", "to_ids": true, "type": "sha256", "uuid": "50c576ab-3ea5-4176-8009-5f19052d6600", "value": "6350ea625ca0dbfe316539fcc04696cc45ce5ed3e9960591a03a3bfec4d5ce1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826591", "to_ids": true, "type": "ssdeep", "uuid": "07bd306d-2ee3-4a0b-9a2e-c63b5039cdba", "value": "12288:waHMIElfLk+AcsN8+B6DZGrhZsRX31a5Yax+5dH8q2QFBZsj/3:was5NI+AcsOk6DZGrhZec5Yax+5dH8qW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826591", "to_ids": false, "type": "size-in-bytes", "uuid": "31f34d04-7409-4b53-aa5e-c2cc4ee1092d", "value": "408394" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826591", "to_ids": true, "type": "vhash", "uuid": "a63077f3-1254-42bc-bfac-fd753eef13ae", "value": "045056651d155f17z100527z37z32z293z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826591", "to_ids": true, "type": "filename", "uuid": "4761c62d-6d40-4bb1-b3fb-cf32b65f7207", "value": "SISTERS.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826591", "to_ids": false, "type": "text", "uuid": "db4d85e8-4e58-4595-8c64-fb780cfe7508", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509289", "uuid": "ca9e5d84-1faf-4a6f-a75d-cb9f3db3930f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509289", "to_ids": true, "type": "md5", "uuid": "a6398a98-e7ca-43aa-9160-fcf104a1dbce", "value": "b164febacafd2ab33f203fc5faecd531", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829148", "to_ids": true, "type": "sha1", "uuid": "3d7db179-b062-42d6-a874-a3c8aad53442", "value": "5c6725a15ca5a70b5898d707dde0feca814d945f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829148", "to_ids": true, "type": "sha256", "uuid": "3dcbf047-882f-4b01-85f5-35a269783c20", "value": "9b55f812019d7403a2548cded2d5bd2f59264fcdb0718d8aafb0ff9d9abc35c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826613", "to_ids": true, "type": "ssdeep", "uuid": "c1c8af2a-10b1-418d-a662-307ec2e4107c", "value": "1536:VLxNFJeGYATsZN0bbEw/XZfq5e1mEyfaTvARdAZ+1ppppppppppppppppzSppppO:LNDYcE0bV4jEyyid0ibtNBj72F6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826613", "to_ids": false, "type": "size-in-bytes", "uuid": "2876aba7-b11f-4246-b835-c84f7a616475", "value": "136008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826613", "to_ids": true, "type": "vhash", "uuid": "d24aefd0-2a47-4447-8c68-1e3afb23aa9b", "value": "01504e0f7d6f5bz6@z13z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826613", "to_ids": true, "type": "filename", "uuid": "c2b0facc-d79b-45c2-853b-433df6db1784", "value": "pureplayer.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826613", "to_ids": false, "type": "text", "uuid": "bc53cdf1-1c80-43d5-9623-24a2df3cd743", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509310", "uuid": "8b8f015f-45ca-4d38-8abf-8eb211f21007", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509310", "to_ids": true, "type": "md5", "uuid": "fe65a932-0d6d-4fd0-b5f9-f006c5b3250a", "value": "b44a988d18264735f39efc2001b29c63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829149", "to_ids": true, "type": "sha1", "uuid": "18cb294b-ab59-4c5f-899f-b36a74746419", "value": "06404be14aec2db90c25a427f0821a8e559cda08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829149", "to_ids": true, "type": "sha256", "uuid": "2c502daf-da9e-4354-a268-cf75b7520a59", "value": "8b5147e08b77381f1c067dea849b33f4e6d1c55d550c5db802af851962f44d2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826634", "to_ids": true, "type": "ssdeep", "uuid": "b3757009-9720-41df-91c7-3f0ad0fc1d50", "value": "12288:7A+7gBIpNeZwY/b9Nm3ZSD4m4uQ8XdOuyF:puwYz9RDXdOuyF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826634", "to_ids": false, "type": "size-in-bytes", "uuid": "aab3aaaf-d404-4121-bda5-f3b1772aea60", "value": "432968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826634", "to_ids": true, "type": "vhash", "uuid": "f75ed336-bb48-4ebf-ab7a-bad7b4f68d7e", "value": "045056655d651f10502040021z537z37z52z64fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826634", "to_ids": true, "type": "filename", "uuid": "77f04a36-668e-4e20-a3fa-6554e1bf785b", "value": "8b5147e08b77381f1c067dea849b33f4e6d1c55d550c5db802af851962f44d2d.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826634", "to_ids": false, "type": "text", "uuid": "6aa6b4ea-d39a-45aa-8327-67349c8bb168", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509331", "uuid": "c2ec063a-e708-49fb-a8e0-68087f8f3867", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509331", "to_ids": true, "type": "md5", "uuid": "8bd7b49a-0a20-4210-a630-0b1580e55c52", "value": "bc6a78142fa68af60e4edc06d28a2f28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829150", "to_ids": true, "type": "sha1", "uuid": "0bce847e-e86f-4cb8-8b89-d6856bfcac93", "value": "87158d8479b4d9478355eebe72b8cfeaef897ffb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829150", "to_ids": true, "type": "sha256", "uuid": "4b6ec017-8f63-440e-8bfc-7d7f32831fd1", "value": "95654eb553e3940fcbc82ffa72008d00f8d52faf8c37a712cd40b3aafe970ab2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826655", "to_ids": true, "type": "ssdeep", "uuid": "90170a43-3525-4cdf-8a7f-ec500b5f4a01", "value": "6144:/uoRKBAU+px8WTxAvROV01dhyBgHn9Om5cgDZGYJkezn0t9lHlxLA5mUU8qdK6en:XKapx1TxW00/hyBgH9OkDZGYJkAn0t9Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826655", "to_ids": false, "type": "size-in-bytes", "uuid": "f2f8d22d-a3e7-42ce-9c81-2ab1fee1a960", "value": "317770" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826655", "to_ids": true, "type": "vhash", "uuid": "99454d76-bf62-497d-99f0-bfdb01cb76fe", "value": "035066551d15751f5az11!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826655", "to_ids": true, "type": "filename", "uuid": "9ca754c1-d8a5-4bda-b7b7-7f8289c91b6f", "value": "87158d8479b4d9478355eebe72b8cfeaef897ffb_KernelMode.info_95654eb553e3940fcbc82ffa72008d00f8d52faf8c37a712cd40b3aafe970ab2.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 17/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826655", "to_ids": false, "type": "text", "uuid": "61133e1f-0332-4b3a-9050-0e33491a5c8a", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509352", "uuid": "988aea7f-fea6-455a-a7ab-23662cf52c63", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509352", "to_ids": true, "type": "md5", "uuid": "706db88e-455a-4876-a0ac-d92bdb2c0220", "value": "c25d146b4cf05f7aaa9aebbe8d1563db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829152", "to_ids": true, "type": "sha1", "uuid": "a39725a4-9fef-48f4-9c29-a8c92959185e", "value": "eedf972f011a11cca626263d3eff437ce79f183e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829152", "to_ids": true, "type": "sha256", "uuid": "d88dafc0-5710-4429-a67f-d76f9ac609ae", "value": "1a8655886ea6be9ae0a71e845b5a334b476494b3aad7bfe6510218059eba5788", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826677", "to_ids": true, "type": "ssdeep", "uuid": "c1cb1c11-43f1-4e7b-a909-14046ac532ea", "value": "12288:pz5PCOfot//JG7tute5Sv/jReLCHVvPGneJlNLFwPfMnTUGAOys:pdOR4tWeKrALCHVvP0slnwPfMTr5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826677", "to_ids": false, "type": "size-in-bytes", "uuid": "a3f17b12-f5c2-4fcb-b27b-bd75e6f46b72", "value": "452472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826677", "to_ids": true, "type": "vhash", "uuid": "036fcc3b-c15f-47e6-a088-542b06d7a4e4", "value": "045056651d156f508022z2400487ze0a5z20700687z2003e1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826677", "to_ids": true, "type": "filename", "uuid": "1de27b95-565b-4db0-8e20-cd21111c54d5", "value": "BFVComponent.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826677", "to_ids": false, "type": "text", "uuid": "4c72645e-61d7-4110-a45c-5514ebcabdd7", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:51/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509373", "uuid": "c1f56768-e671-4f69-8aff-5ed345cd7516", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509373", "to_ids": true, "type": "md5", "uuid": "be91324a-0ab6-465e-81d4-92991f74d764", "value": "c34eb5aa60373119a03cfd90a5fea121", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829153", "to_ids": true, "type": "sha1", "uuid": "5bc407cf-043c-430e-9854-79acae2ad4a6", "value": "1cf9c6b9bffee3b3ac33efc9eab719446e7c86fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829153", "to_ids": true, "type": "sha256", "uuid": "b5265193-98a2-40a0-bf3e-a651d76dad9b", "value": "b636bc4c11fe003a40c57114103cee4fa7ee79ff82045cf64762c752e6446e87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826698", "to_ids": true, "type": "ssdeep", "uuid": "963d1580-8fd3-48b9-b319-26a71c92f5c3", "value": "1536:Nj/nIptPxT2wwVj79UIgPMGATLVWO8zKW5BQINlyxnlpnIDh:lApllj0pWMHTi5BQINlyxnlpnIDh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826698", "to_ids": false, "type": "size-in-bytes", "uuid": "59f5a089-3f17-42b0-b3bd-7c847ae240a3", "value": "100288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826698", "to_ids": true, "type": "vhash", "uuid": "cce42272-c176-4634-9422-0ec80085f92f", "value": "015056655d15155088z66hz1011zc1z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826698", "to_ids": true, "type": "filename", "uuid": "f4e6aac5-2871-475e-aa8f-ff54ffd01bac", "value": "Windows Service" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826698", "to_ids": false, "type": "text", "uuid": "8a1cfbc0-5cd5-40ae-ac84-fdf151d31c7f", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Ypdl.B\nVT Total Detection:62/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509394", "uuid": "d65b13a6-765a-46a2-8611-98ca95823537", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509394", "to_ids": true, "type": "md5", "uuid": "5fe1d9b3-12d6-4f9e-b533-1e0269a8c010", "value": "cdf5267225e6994b4670bf49ba50595a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829154", "to_ids": true, "type": "sha1", "uuid": "82aaf1b0-7b4e-427d-bc59-9047cb7bc97d", "value": "2cdaced0682fdacdf7cb278bfb3b4a0615739bc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829154", "to_ids": true, "type": "sha256", "uuid": "fdaa6f5c-7d8c-40dc-8351-55036067607a", "value": "028ac5de8fd79e52ab428bda72bacfd461907a78848d37d661223a7caf4f683d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826720", "to_ids": true, "type": "ssdeep", "uuid": "6ab01f0e-d23d-4446-b241-cf089753eb6b", "value": "1536:GCavHHYvcfJAT3DZ8OoYzzmDTbQWaYVs/tkimQLtoQ1xQwOYR:vyHYvI2/eCzcT0VkimQLtoQ1x0YR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826720", "to_ids": false, "type": "size-in-bytes", "uuid": "60a9352c-a864-465d-9d60-8406e0494670", "value": "99512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826720", "to_ids": true, "type": "vhash", "uuid": "fa19dacd-f0c4-4afe-a368-ebb6d3936274", "value": "094056655d15155058z65jz11za1z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826720", "to_ids": true, "type": "filename", "uuid": "30a90159-a873-4fbe-a2cb-81baf5be8414", "value": "Windows Service" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826720", "to_ids": false, "type": "text", "uuid": "f203891c-60a5-44ee-a7cf-143c706a1cc1", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:64/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509415", "uuid": "a7b0a2d1-7923-494e-81c1-eb946e968c6e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509415", "to_ids": true, "type": "md5", "uuid": "24949502-4c01-4556-9743-df7b6e3fdb66", "value": "d46204e579808d520affcc71a7d35cda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829156", "to_ids": true, "type": "sha1", "uuid": "e8fe76d1-9672-455c-b255-1a6d9701a4d9", "value": "3c9a93967dbe5053fa8b71b2de4a72a8f6b07432", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829156", "to_ids": true, "type": "sha256", "uuid": "306b2ee5-5808-4df5-bd46-47a5781cd6e2", "value": "5bf0a90a19b7001cafbb7e230a9b13a4d684dcb6577e857557457d1ec177ba63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826741", "to_ids": true, "type": "ssdeep", "uuid": "513f1163-2959-450e-8de8-36bf9c67c509", "value": "24576:qr2oM1EiY+dfTa+4wxQhRiNTPUZf7g+CFIS/Lr3M0ME+AcsOk6DZGrhZec5Yax+S:qr2o0pR/mgHLr3M0Z+AchzDZGlZec5YY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826741", "to_ids": false, "type": "size-in-bytes", "uuid": "abc81bbf-6bb5-4654-886f-39ebbb52d6e0", "value": "1338186" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826741", "to_ids": true, "type": "vhash", "uuid": "0b3d81b6-5e67-4606-bb89-bf9d0cd16c52", "value": "0160966d5d05155555556041d2z3d007d7z40b013z22zb1031z27z28" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826741", "to_ids": true, "type": "filename", "uuid": "08be6cfc-4ce1-479b-a746-596cedc8f1a0", "value": "JoyToKey" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826741", "to_ids": false, "type": "text", "uuid": "aaf0cf7e-af04-4df7-b518-ed3d5c84162d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:56/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509436", "uuid": "0c19c369-a70a-4005-9cf8-b1cfb0fff0bc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509436", "to_ids": true, "type": "md5", "uuid": "ea4ffdd5-938e-4502-a3ae-a3e27ee33fb5", "value": "d73b08376c7cdf355d31b05a71c8c5ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829157", "to_ids": true, "type": "sha1", "uuid": "8ba2ec36-4b07-4c73-9e19-8bc49e3e4d95", "value": "bf222e0a028a2bcbf6d4df529beea5db185fa97d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829157", "to_ids": true, "type": "sha256", "uuid": "ba423790-5902-4fbb-ad1c-775da7d983de", "value": "37a7ec5b6ff7733257634df01004c6d3cfa859fd7770fe9b1f06a6459f57d350", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826763", "to_ids": true, "type": "ssdeep", "uuid": "2350008f-cac3-43bf-be79-d8baf1662a12", "value": "6144:/d14IgvN8R/gGQE6hrr6BnutQTxNxlnXeBWaakHbPBjI6:/z43NAIcutQT7RaaCz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826763", "to_ids": false, "type": "size-in-bytes", "uuid": "27139a8d-de75-4030-8478-30f628ff9240", "value": "288584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826763", "to_ids": true, "type": "vhash", "uuid": "637de701-4ce7-43ef-b01f-6f292d4f3d30", "value": "02504e0f7d1f50101011z11z39z15z13z1011z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826763", "to_ids": true, "type": "filename", "uuid": "0e382a26-5e0b-4ab7-b891-72c0c24a1b61", "value": "bf222e0a028a2bcbf6d4df529beea5db185fa97d_KernelMode.info_37a7ec5b6ff7733257634df01004c6d3cfa859fd7770fe9b1f06a6459f57d350.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826763", "to_ids": false, "type": "text", "uuid": "2ef44d9c-a9d5-489e-9450-5b2f19705134", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509457", "uuid": "b4b5b046-fbe2-427a-b913-fa9fceec64eb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509457", "to_ids": true, "type": "md5", "uuid": "c8c43e7a-37c8-4051-bc94-6d673dc45aa0", "value": "dd6c020e4a9c112c1776215b763f7525", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829159", "to_ids": true, "type": "sha1", "uuid": "09a1f312-cce9-4261-bac4-386850965559", "value": "adc4243665025f5f73eab34f98901af78d790885", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829159", "to_ids": true, "type": "sha256", "uuid": "4137f3c8-e2c5-4c6e-b962-f43276065e93", "value": "8a76072a0771ddbf7dab6138e6c65f2167a95ea0abfefd4aea82d302d74e0a70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826784", "to_ids": true, "type": "ssdeep", "uuid": "e36dff3a-1101-4bdc-8e01-0cdcd5d55799", "value": "6144:vY9OZYEggvJY+i5NP3w0wOCs0vrz2Vb3yMCyhKBLzq955uf2sSVZ9POxsps+6xME:vY93EggvJY+i5NP3w0wOCs0vrz2Vb3yr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826784", "to_ids": false, "type": "size-in-bytes", "uuid": "baec842e-ad83-4a9a-b2a9-aa2352521e20", "value": "262936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826784", "to_ids": true, "type": "vhash", "uuid": "03f14db6-b1d0-44b4-8afc-9d4d3dc6c746", "value": "025056651d151f6038z177z27z13z26z41z2e1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826784", "to_ids": true, "type": "filename", "uuid": "6106d148-92ae-4be0-8d29-939b45768974", "value": "x3.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826784", "to_ids": false, "type": "text", "uuid": "fa1748c8-c0b5-41ed-820f-408951a1abf4", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509478", "uuid": "19434e0b-a54b-44eb-9c5d-777e92387c14", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509478", "to_ids": true, "type": "md5", "uuid": "8243221a-8c81-4c00-bf4e-a4de3d922665", "value": "e4fe6fa6e540cdb77807401aa2121858", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829160", "to_ids": true, "type": "sha1", "uuid": "af2dc709-ead1-48df-b193-2b5573319427", "value": "c40debee0e1ca58e2a25ba77d49b0e0175442529", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829160", "to_ids": true, "type": "sha256", "uuid": "0d4778e5-6645-46dc-9803-7de34264f149", "value": "0726fe9924c25eeab7665f5a70e1173a7f4008409890c9941f3b5f726d2b257a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826806", "to_ids": true, "type": "ssdeep", "uuid": "65d494be-7851-4579-9307-01cfbb2c4bf6", "value": "49152:UOUGogOerrr1EWgY7pyKK8Z/IM+Ml63k09unriTwcw/H+V+AchzDZGlZec5Yax+S:UOUDgvrr1E7Y7py18Z/3+N8n1cw/H+Vh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826806", "to_ids": false, "type": "size-in-bytes", "uuid": "15da2607-0f58-475c-b678-626de1d2271f", "value": "2014026" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826806", "to_ids": true, "type": "vhash", "uuid": "38810041-d599-4258-9270-efc6f24d445c", "value": "0260c76d156d5c055d5d1az2506lz1dz7b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826806", "to_ids": true, "type": "filename", "uuid": "bab3cbbc-2d8f-453f-9bfc-b7c524bdd61c", "value": "c40debee0e1ca58e2a25ba77d49b0e0175442529_KernelMode.info_0726fe9924c25eeab7665f5a70e1173a7f4008409890c9941f3b5f726d2b257a.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826806", "to_ids": false, "type": "text", "uuid": "080fb387-9e1b-4843-ae3a-0e78e4f0a335", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509499", "uuid": "40a3be2f-dbbc-4e8e-a998-6acb25203bfe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509499", "to_ids": true, "type": "md5", "uuid": "43199908-ad8d-4a50-9f90-6041f0f74806", "value": "e52b7d5391152da89b1db64060ba96ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829161", "to_ids": true, "type": "sha1", "uuid": "568d6d98-ae98-4ca0-8f81-7e1582a3deff", "value": "b12e475911e8464ce1b3389200f1473d551bb62c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829161", "to_ids": true, "type": "sha256", "uuid": "a6574bff-4b05-4f42-917d-6f34102d2c01", "value": "9bfa356f71859ff0a0c97136cc795ed56edb0966e826c7bd988b89adafaaa971", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826827", "to_ids": true, "type": "ssdeep", "uuid": "764e6dee-00c6-49f7-8f4d-be5ee3e67fdd", "value": "24576:g3RG3StKsQYqMwGIQTXXSrjYxoELaQPToaS5v1pHU2bxMeJkh92YADbX/RpCKi+T:yRvQYqMlLLXSQaEW00HpLtM1oZppV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826827", "to_ids": false, "type": "size-in-bytes", "uuid": "ad7b70ac-5b4c-4831-92f0-323b34c10513", "value": "1596232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826827", "to_ids": true, "type": "vhash", "uuid": "bfbb6c1e-de37-4aa8-9d87-085d193eba49", "value": "01608f7d7d7d7d7f6f0f50101011z11z37z1015z1011z13z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826827", "to_ids": true, "type": "filename", "uuid": "afcfc7f3-41da-46e7-bc2f-a1d5ba7f6281", "value": "b12e475911e8464ce1b3389200f1473d551bb62c_KernelMode.info_9bfa356f71859ff0a0c97136cc795ed56edb0966e826c7bd988b89adafaaa971.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826827", "to_ids": false, "type": "text", "uuid": "06051bb4-2c5a-4ef3-9d6d-1d1493de6a11", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509520", "uuid": "650a279b-e06d-41f9-98b8-46f30ae1277f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509520", "to_ids": true, "type": "md5", "uuid": "63019319-4340-4de7-9c69-684eb51dede9", "value": "efda0c1d8593d3ab3a7c079b71a0f2bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829163", "to_ids": true, "type": "sha1", "uuid": "41fb3ce1-cb80-497c-ba68-b92e582e6a40", "value": "b167ebaca7eb71838aa80fce227a686da9706310", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829163", "to_ids": true, "type": "sha256", "uuid": "cb7dd323-e350-40f9-a354-51a98f1ae56d", "value": "d0bc7eab93813faedf262503e231bfd1c7ce6b6feb3614d5d4bd32f32a735727", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826849", "to_ids": true, "type": "ssdeep", "uuid": "18436645-6c80-4d85-89d1-972280eb8217", "value": "6144:5Mk+AcIrN8+2Ecm6DZGrhZsRDD31T+5YUlxVo5dRF8q2QFBZsjyRG+0spba12Nn6:mk+AcsN8+B6DZGrhZsRX31a5Yax+5dHe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826849", "to_ids": false, "type": "size-in-bytes", "uuid": "e4944757-2981-46e5-b33b-5ff67beb4ab1", "value": "243530" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826849", "to_ids": true, "type": "vhash", "uuid": "ff8897ae-2347-448f-b9b8-3c7a64667b8a", "value": "02504e0f7d1f5019z3nz101dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826849", "to_ids": true, "type": "filename", "uuid": "0a037914-34a5-4e2f-84c5-c1c37670c94f", "value": "b167ebaca7eb71838aa80fce227a686da9706310_KernelMode.info_d0bc7eab93813faedf262503e231bfd1c7ce6b6feb3614d5d4bd32f32a735727.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826849", "to_ids": false, "type": "text", "uuid": "2b1b5dec-537e-4981-90f8-9ec763b8a330", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509541", "uuid": "3a0d8348-1555-4f85-91b5-5305d04bef7b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509541", "to_ids": true, "type": "md5", "uuid": "ca0f249d-1f2d-43cc-9cc6-ab29ca4a40d5", "value": "f7d0d5fc6b01a2e0f3a1c021bab49437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829164", "to_ids": true, "type": "sha1", "uuid": "63f00acf-2a3f-4c05-a891-61a3fe235c88", "value": "e3b3075c2dda893c78205bd830f81d61bf82478f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829164", "to_ids": true, "type": "sha256", "uuid": "18477f89-f80c-4dd7-98aa-9295454d21cb", "value": "39bc909ff15a2b6987a53e9a836e0ed9426aeda4b34e41d5639afa39d306dc70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826870", "to_ids": true, "type": "ssdeep", "uuid": "01c1ab0a-d294-4732-b416-0e6b86ad9a54", "value": "1536:GcyAT8m1SvlnY56OeVylTutNBLaNGmDOaa2FRSce:nMm1SvbtNBj72F6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826870", "to_ids": false, "type": "size-in-bytes", "uuid": "de229bf0-3f2a-4d21-b7dd-37923df837e5", "value": "80200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826870", "to_ids": true, "type": "vhash", "uuid": "041ec409-83e3-49c2-b6f8-cbd71f7dda27", "value": "084066655d15555f5068z1e3z4bz13zb0301014z1b1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826870", "to_ids": true, "type": "filename", "uuid": "9a7bdc28-31f8-41f6-8c24-9b4009edc0d7", "value": "e3b3075c2dda893c78205bd830f81d61bf82478f_KernelMode.info_39bc909ff15a2b6987a53e9a836e0ed9426aeda4b34e41d5639afa39d306dc70.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826870", "to_ids": false, "type": "text", "uuid": "7d45c8ac-7894-423b-8f0b-a23037ae112b", "value": "Type Description: Win32 EXE\n\nMicrosoft: Virus:Win32/Nemim.A\nVT Total Detection:60/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509562", "uuid": "7a66fcd6-2c81-47f6-b6a8-f5cc06f85bb5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509562", "to_ids": true, "type": "md5", "uuid": "e4782898-e788-4e30-95f6-acbc7152c825", "value": "fcd2458376398b0be09eaa34f4f4d091", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829165", "to_ids": true, "type": "sha1", "uuid": "10418d1d-3e56-4a4e-9296-c739c3ad73db", "value": "bde53ddafa82ed4266ada13488af219736b766e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829165", "to_ids": true, "type": "sha256", "uuid": "a5eaadd0-a5f0-4f8d-9da6-26712e83c1fe", "value": "c3fc6ff8ad62804c0e408961e035c03c51ad9bb2fe858c5dd0db0b429bda5263", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826892", "to_ids": true, "type": "ssdeep", "uuid": "249928a7-9202-4fff-876d-1fc8868d27a8", "value": "1536:vjUC7DT01DULoOl1HRd58GecWZVncvLuLqY7:vjUY01coOl9/5w6uOY7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826892", "to_ids": false, "type": "size-in-bytes", "uuid": "bf7e854e-d5f0-43bc-aa62-75c339a627a6", "value": "64280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826892", "to_ids": true, "type": "vhash", "uuid": "1b85a4bf-c7f3-4f36-abb6-c191fdde54f4", "value": "064036651d5az3bbz3rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826892", "to_ids": true, "type": "filename", "uuid": "56093402-7ff2-43c7-b6be-d75f17b1808d", "value": "igfxext.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826892", "to_ids": false, "type": "text", "uuid": "c647cf1f-876f-45d9-a543-cc0204ce8927", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nemain.A\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509583", "uuid": "b5598862-6b00-4c22-82a3-e11e34516ded", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509583", "to_ids": true, "type": "md5", "uuid": "28ee3559-106a-4621-9c8b-2232f1a1d00a", "value": "a47f6878da6480089c2ff3bdddbd7104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829167", "to_ids": true, "type": "sha1", "uuid": "56d7fccd-e69c-4134-a350-e229262643fb", "value": "bbd24fe828905b6e64981283b74fa0f0c9c06b2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829167", "to_ids": true, "type": "sha256", "uuid": "e8df8959-31a3-4dbc-a028-fe8f86a08895", "value": "276a6c74b79740aff136d8eebb1c78e7a5be438c454847832e9426a7be4fa6c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826934", "to_ids": true, "type": "ssdeep", "uuid": "589469fb-35f0-4192-9e49-eb0ca0190ba7", "value": "6144:ChUIiyrRPstWFeXzWNbN7v7qmtVnkoAVGP:JyWtWEjufzcob" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826934", "to_ids": false, "type": "size-in-bytes", "uuid": "7dd2bd14-0d7e-4dc6-958d-5e26eba5ed64", "value": "397312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826934", "to_ids": true, "type": "vhash", "uuid": "e520fdb0-12c0-426b-be21-87eb7627e9f4", "value": "03502f5e606010100180072hz12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826934", "to_ids": true, "type": "filename", "uuid": "3bd44ef8-9a33-4c69-9657-997f6396bd59", "value": "DroppedTrojan.Generic.3607388" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826934", "to_ids": false, "type": "text", "uuid": "b500e35c-00ae-4cf0-aa09-c49c7a46cbba", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:61/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509604", "uuid": "f588971d-0b7d-4f19-8bb4-49f263f73502", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509604", "to_ids": true, "type": "md5", "uuid": "19645901-f20f-447b-93d7-e0393199940c", "value": "9f56c7f03370692f1d4761ddb848daf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829168", "to_ids": true, "type": "sha1", "uuid": "c03bfb42-5f85-4bf7-9fde-5b7d9cf4a15d", "value": "94cd22a1c07ec9d9e8081db872b2b58e14dd29bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829168", "to_ids": true, "type": "sha256", "uuid": "f84a16f8-38e3-44a8-821f-a61d236e5d6d", "value": "6c095b01ee712bbca41dc10d9bcc7875db2a87b1fa9a71f60b39d46f2b87983b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826955", "to_ids": true, "type": "ssdeep", "uuid": "79ca22d2-7fd9-41f4-8beb-d7ff97c81ab0", "value": "3072:mTmwvKI/JAupMNtWFX47rLvWJ6WchXokakebMiTT:2RPstWFeXzWNbN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826955", "to_ids": false, "type": "size-in-bytes", "uuid": "f6680c77-7ec5-48d9-a68b-32096115abb2", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826955", "to_ids": true, "type": "vhash", "uuid": "b5ce5f7a-5947-4dc0-86db-6713eb9dabaf", "value": "115056651d151510e01010018007f7z27z12z531zb1zb6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826955", "to_ids": true, "type": "filename", "uuid": "f8107b2d-da95-4863-8580-3873a039466c", "value": "actmove.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826955", "to_ids": false, "type": "text", "uuid": "f0ef0c02-0237-4b11-8ccc-782f538ec918", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:55/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509625", "uuid": "08ff2dd7-fcd7-4e04-9787-a46c206a1fda", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509625", "to_ids": true, "type": "md5", "uuid": "6a98e8a2-d144-4d31-8ff2-b8b94d89ab41", "value": "3e38b8ccd38682ad4ec1f0fcfc1fb16a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829169", "to_ids": true, "type": "sha1", "uuid": "1afb33b3-95cd-4686-85fe-36649de0e154", "value": "a674b011637c0735740d3d51a5cd30c63343c536", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829170", "to_ids": true, "type": "sha256", "uuid": "68e7c62c-80b7-4716-9002-cc559aaecaea", "value": "402557e597c5f93cb35055c43335be5e7ab9de9cb088f3cd003e204ada2fbfe2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826977", "to_ids": true, "type": "ssdeep", "uuid": "d85d7a1d-a930-4183-8839-d50c7fcaeff6", "value": "1536:PqLcYGTO9AhVRuO+GptP6FAz9GnAeaFzvonPdLxorBry85ttB:PvdhVomtuRngqFLxohyYnB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826977", "to_ids": false, "type": "size-in-bytes", "uuid": "2d8f73e6-3bf3-4c56-9a88-27269b5df225", "value": "110592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826977", "to_ids": true, "type": "vhash", "uuid": "663583b0-1dc8-47ad-948b-01b0c9c616b3", "value": "015046651d15113012z18006e7z27z12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826977", "to_ids": true, "type": "filename", "uuid": "96c74752-d1cd-4dc1-b973-85926ba53f11", "value": "actmove.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826977", "to_ids": false, "type": "text", "uuid": "24cf4de7-7c57-474f-9cc3-adaa6782c26c", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509646", "uuid": "d272b2e1-17f7-49dd-9320-46655e08cb39", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509646", "to_ids": true, "type": "md5", "uuid": "2756bfa3-2beb-4567-aae3-b25fb4ded4e0", "value": "b5ab66687d53914a65447aacc8fb3e88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829171", "to_ids": true, "type": "sha1", "uuid": "01f4ebfd-5e7b-4a2e-a80c-8f4c30194049", "value": "52324e5f75c8d7ba6a085cb92c84fd1f1042bb1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829171", "to_ids": true, "type": "sha256", "uuid": "aa4cdc76-9f86-49b0-8c1f-a0699fe09418", "value": "4ddfabe1b2f3ad0d60b795f7123db0006778800c038401ee780213f01bca1090", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740826998", "to_ids": true, "type": "ssdeep", "uuid": "3b015bca-e5a1-4b7f-825b-bdc770f8b24a", "value": "384:MEyXdmAidN2YK9/CLhNvqEeAc1lUbIpZ:0XdjiX2HGnqaID" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740826998", "to_ids": false, "type": "size-in-bytes", "uuid": "0d774308-0a59-456a-9a22-6ee02db54850", "value": "15488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740826998", "to_ids": true, "type": "vhash", "uuid": "cc7b28ee-f568-4f46-8b48-1d928334f41c", "value": "01405e551d1e5559z26z2exz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740826998", "to_ids": true, "type": "filename", "uuid": "8e4e521b-ac02-4897-a438-6a6df85ecbd5", "value": "actmove.sys" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740826998", "to_ids": false, "type": "text", "uuid": "7d71104d-a5de-4534-b8fb-d349f1d43e81", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Bumat!rfn\nVT Total Detection:46/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509668", "uuid": "fa3fbbda-4960-42de-890f-fdc76f4d6170", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509668", "to_ids": true, "type": "md5", "uuid": "0d123b4d-dc29-48bb-9e06-93b6730d9f12", "value": "fda0320d1e28bc022e4d9e9aae544db4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829172", "to_ids": true, "type": "sha1", "uuid": "0523c96d-b3bb-49ec-8fc8-37262f7c8cec", "value": "c3e552ca78fa53984c04de44c17e25c3a06259f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829172", "to_ids": true, "type": "sha256", "uuid": "d1888fcb-27bf-46c2-8fc0-8361be442bf4", "value": "98165b4667ae606a8ff0c8f398f584c264f1bf337344f4f4e6ac9ef4b0322d7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827019", "to_ids": true, "type": "ssdeep", "uuid": "ef86fc87-1c65-424a-b1d4-5dd44d3c9e44", "value": "6144:fw1FdcTMsW3SLhXR+C5czY2Ao7LWdm70N9OCV3:fadiMs7R+gf2Q00z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827019", "to_ids": false, "type": "size-in-bytes", "uuid": "9f7787a7-441c-4111-ab21-0d4db0198a74", "value": "376832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827019", "to_ids": true, "type": "vhash", "uuid": "12d38ff9-ce7c-4b93-aecb-63b06c3e677d", "value": "035046655d55006010100180074hz12z4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827020", "to_ids": true, "type": "filename", "uuid": "3dc6854c-9e1e-4d62-8810-0a642113a82e", "value": "KernelMode.info_98165b4667ae606a8ff0c8f398f584c264f1bf337344f4f4e6ac9ef4b0322d7e.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827020", "to_ids": false, "type": "text", "uuid": "55998035-a9ed-4f84-8824-1e5360fe347d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509689", "uuid": "06a090ea-40b9-410a-8c6c-a30887602f50", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509689", "to_ids": true, "type": "md5", "uuid": "f8e8a99d-5b5d-4e70-aa2a-6feb4d045d45", "value": "29d76d34d8878f7ac703837ec774f26a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829173", "to_ids": true, "type": "sha1", "uuid": "eeeee074-f841-478d-8fdb-a16bec7ea2e4", "value": "2a28a4b9e81daf4d5579d2beb0426391be4eeb08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829174", "to_ids": true, "type": "sha256", "uuid": "41ddb2f2-f6f9-4227-972a-7d760783370c", "value": "da0a49a477910ea77b93615a257640f01abf16cf08925c266094a82763f80745", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827041", "to_ids": true, "type": "ssdeep", "uuid": "0b00eff4-2bec-4649-8e90-780794cec891", "value": "1536:eiGsiWZVdLH2OWCFoouCmqrd9z27VTw0fov4qW7SI1qxHlp64kIJCII6G:efsiWZVdLH2OWCaoKqrdF27VTw0fovKz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827041", "to_ids": false, "type": "size-in-bytes", "uuid": "a1aada0b-ea64-4841-ad53-e5bb52dbecdf", "value": "61440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827041", "to_ids": true, "type": "vhash", "uuid": "d9be3266-8071-48b2-987c-bb93dbd8112b", "value": "164046651d551059zf29fz19z1146z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827041", "to_ids": true, "type": "filename", "uuid": "d514416b-b43c-40ad-9f63-886f0f9d7418", "value": "iconpop.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827041", "to_ids": false, "type": "text", "uuid": "45e76528-a0ba-44b5-a046-6d265a144789", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Riberow.A\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509710", "uuid": "770f8875-5807-44e7-a80c-01eebac133da", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509710", "to_ids": true, "type": "md5", "uuid": "e6f19e5c-bc93-40f5-9476-09fae3c43f78", "value": "1bfc1b606fc8aa85e1094b01b08eafd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829175", "to_ids": true, "type": "sha1", "uuid": "4bd9bb70-267f-4514-92c3-d442fe3125a9", "value": "4e3f751a5e88fa7da10c464d5065a71f8036eafb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829175", "to_ids": true, "type": "sha256", "uuid": "598b221d-2e4c-4fa1-b546-8e09216ab099", "value": "a9b0a9508c374a1c891f873074514a8afcee2bb19ebf64dd5bb4e6a79a05640a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827062", "to_ids": true, "type": "ssdeep", "uuid": "7e51dceb-ba6c-42e5-82f1-4344d49195f2", "value": "3072:1R2ZNZxMTFbG/Chx7P767TOQfsiWZVdLH2OWCaoKqrdF27VTw0fovKSI1qxHlp66:1RUNZxMV16e6sZVdLH2OWCaYrdF27VTv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827062", "to_ids": false, "type": "size-in-bytes", "uuid": "6b746bad-499f-416c-998a-c1d8b4e427ce", "value": "143360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827062", "to_ids": true, "type": "vhash", "uuid": "afb85b88-ee44-4715-ba36-020abf1b8b8c", "value": "015046651d551088z24397z25z13z13z1147z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827062", "to_ids": true, "type": "filename", "uuid": "dcdf1ab4-45fe-4a94-9656-8e27054dbf73", "value": "wins.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827062", "to_ids": false, "type": "text", "uuid": "b485d6ad-7711-4ce2-9ead-7fb6ffc6c603", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Riberow.A\nVT Total Detection:64/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509732", "uuid": "d323049e-3e45-415d-83b5-acb9b91cbf7a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509732", "to_ids": true, "type": "md5", "uuid": "81dfd8eb-f452-424d-8458-7f135a8482ee", "value": "64c4d56457516a646d10732f24214cf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829176", "to_ids": true, "type": "sha1", "uuid": "5682866d-f13d-4c7d-93df-450372632849", "value": "e90064d817deb0f0b4ee47a77780df71c7c99c51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829176", "to_ids": true, "type": "sha256", "uuid": "87cb67e9-860c-45a0-8114-ebaa5900af15", "value": "d4a15ab2af2be3d1b5697ffc27d5532b1dbc0b62c9466b6a1911386faa8f1d9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827083", "to_ids": true, "type": "ssdeep", "uuid": "ddfef468-c5ff-443a-8e96-08f560f9d99c", "value": "3072:mTmwvKI/JAupMNtWFX47rLvWJ6WchXokakeRKMiTT:2RPstWFeXzWNoN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827083", "to_ids": false, "type": "size-in-bytes", "uuid": "06a27f3a-7e27-4d0a-9c93-3124aa0f37c4", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827083", "to_ids": true, "type": "vhash", "uuid": "f4095965-361f-4d4b-ad68-829f01202c27", "value": "115056651d151510e01010018007f7z27z12z531zb1zb6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827083", "to_ids": true, "type": "filename", "uuid": "9a01ec5d-8eca-4246-9de4-bb85acaf31a7", "value": "64C4D56457516A646D10732F24214CF2.033EB81E" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827083", "to_ids": false, "type": "text", "uuid": "a46836e6-508c-4512-99df-f8de0d8b0b3e", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:54/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509753", "uuid": "a7abef6d-76d5-4dde-80a8-843973d652a2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509753", "to_ids": true, "type": "md5", "uuid": "c15a707f-c594-4f43-acfd-b6269c03dc1a", "value": "2600671b87dedbb50ca728285eb141b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829177", "to_ids": true, "type": "sha1", "uuid": "5234116c-8358-48a9-a2cf-021dcccb59ee", "value": "d64945b015034188e7993ef505df428d4797bb7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829178", "to_ids": true, "type": "sha256", "uuid": "6ca47b0a-db1a-40cf-ba61-afdd6f3bd552", "value": "2e8d265191a86af4195ff0cdc24113d74369a05128a72b5212cbac6d7f94306c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827105", "to_ids": true, "type": "ssdeep", "uuid": "045efb17-4a61-4d5a-99ee-e5d64db20b2e", "value": "3072:8WnvKKS2KNXXRFvAWfA15YPos0uRo2akezyF2hio0:8W3SLhXR+C5czY2Ao" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827105", "to_ids": false, "type": "size-in-bytes", "uuid": "4e1812ad-09a6-44c6-9546-b47ee6d056f0", "value": "159744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827105", "to_ids": true, "type": "vhash", "uuid": "2ac0e914-50aa-4f10-a37b-8f6f07a40342", "value": "115056651d1515110010100180088z27z12z531zb1zb6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827105", "to_ids": true, "type": "filename", "uuid": "d89c54f2-a01c-49ca-8788-05ed6aa4c6bc", "value": "secury.dll" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827105", "to_ids": false, "type": "text", "uuid": "21203e92-3a88-488b-9c90-66d84621c9fa", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509774", "uuid": "7b23e61c-6fe2-4118-8ac5-20eb83eeb5b3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509774", "to_ids": true, "type": "md5", "uuid": "5c23562d-6ae6-409f-ba79-469576b5ccd0", "value": "cd1134ad11d21b4626e28cf5a9eb6f0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829179", "to_ids": true, "type": "sha1", "uuid": "90e9f7b5-2fa7-4e41-afb5-865242955937", "value": "975f80aa1f6158e4670c216eb7bb0dcfcec48c6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829179", "to_ids": true, "type": "sha256", "uuid": "c7624aec-ba17-4544-a44f-40e3cab634bb", "value": "de18a47320a1eb08efd96e7bcee8ae0b3cd19683bc602063b854cf96a51536f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827126", "to_ids": true, "type": "ssdeep", "uuid": "710d8b17-dbca-4fb5-9708-e37b7157a431", "value": "1536:6h1zT5dzVnGu5e0lcthascJVivofCd76EcmB3sWUl9qTG5dalUg:S7GltQC8Bk3/Ul0TUg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827126", "to_ids": false, "type": "size-in-bytes", "uuid": "6c8a5256-da60-4cbb-821e-69ce4be7ecfa", "value": "109448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827126", "to_ids": true, "type": "vhash", "uuid": "afca3635-5fe4-4f27-84a9-f01da32234ce", "value": "015046651d55116012z18006c7z17z12z4efz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827126", "to_ids": true, "type": "filename", "uuid": "bff9c769-16de-47ee-806c-b882405475a4", "value": "xsocket.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827126", "to_ids": false, "type": "text", "uuid": "6803fc72-43d1-45ea-878f-c66f1bc79e5b", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux.A\nVT Total Detection:56/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509795", "uuid": "aa7249e2-caef-4f7e-8463-2e0932ed4f3c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509795", "to_ids": true, "type": "md5", "uuid": "72b21f0a-70eb-42ae-8b10-bc0cd27a070b", "value": "53bc1a9d19aae7f783e019ec7613c366", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829180", "to_ids": true, "type": "sha1", "uuid": "638d6b51-fc6d-46a7-a05c-ad6f92176ca3", "value": "dc1f9cef5d41a92227bc99e7ac7bc419b1de06c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829180", "to_ids": true, "type": "sha256", "uuid": "98d1b27e-450a-49c3-b96d-92ff3e2a44e2", "value": "109b6afa8d05829d80cd8c8bc4e223494427dea3e24a6a82c521a7341278ebab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827147", "to_ids": true, "type": "ssdeep", "uuid": "e243f729-ec6b-4b56-b40c-fcbd7ebf2648", "value": "6144:LnMdusHhL/+Xz2X17j9mZGa4YOJ8Qw+VsSV:wEUB/+Xz+pmZGzhp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827147", "to_ids": false, "type": "size-in-bytes", "uuid": "114de6bc-dd59-4f53-95b0-22e1e9a1df14", "value": "239256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827147", "to_ids": true, "type": "vhash", "uuid": "ffbc9e7b-a21a-43d1-bef2-d018384d19c1", "value": "125056655d15751az4d!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827147", "to_ids": true, "type": "filename", "uuid": "f1809ecf-decf-4cb0-9a00-a042904b3491", "value": "53BC1A9D19AAE7F783E019EC7613C366.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827147", "to_ids": false, "type": "text", "uuid": "2af9932b-7228-414c-a9e8-faa210af48f2", "value": "Type Description: Win32 DLL\n\nMicrosoft: TrojanDownloader:Win32/Garveep.G\nVT Total Detection:58/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509816", "uuid": "0a1f1454-ff9d-44ff-9986-b11a157ac23e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509816", "to_ids": true, "type": "md5", "uuid": "38961ba2-3592-4820-afc0-21453f4784a7", "value": "ebe6b78006ecffe1511f46c86d16f4aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829182", "to_ids": true, "type": "sha1", "uuid": "18e18c25-e887-4cbd-b18d-a636fda0a15f", "value": "8b21091b898ecc2f7b8ae25508c092322b25ffe1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829182", "to_ids": true, "type": "sha256", "uuid": "4336ba24-665b-441a-a002-6956c230aae6", "value": "31659d45adf0779bd8de85435f9f7ba61044296462f17643dbe90429de7c894b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827169", "to_ids": true, "type": "ssdeep", "uuid": "4b209f20-ec26-48c9-96ff-907107f05c9c", "value": "3072:cIYn6N1nYbKX2kOdwNEp/GTd3uB1J/5MQQZPoE:cVDKhE/p/GTAPqPoE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827169", "to_ids": false, "type": "size-in-bytes", "uuid": "eae48c6d-5d3f-4414-81ed-3e457e70dfa9", "value": "140920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827169", "to_ids": true, "type": "vhash", "uuid": "77c890b0-d0e6-46f7-8d2c-46283d62e0c4", "value": "115056655d155550c8z7iz1011z71z41zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827169", "to_ids": true, "type": "filename", "uuid": "75c86b7c-e4d4-4b80-a9e6-82f86ca20699", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827169", "to_ids": false, "type": "text", "uuid": "303f3bd2-c4cc-4f30-8fd4-71a48246bbca", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Telject.A\nVT Total Detection:57/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509837", "uuid": "f66abd2c-2830-4c18-bf56-7c26dbc9b9e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509837", "to_ids": true, "type": "md5", "uuid": "828caf58-4ab5-4cbe-9552-8c4fa418e8fb", "value": "c2d00fef0659640c1345967d2f554278", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829183", "to_ids": true, "type": "sha1", "uuid": "54a77e80-f655-41f0-adfb-8ac9da5f7bea", "value": "e05e8450d3a1354e3824c45123822bd06055f6eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829183", "to_ids": true, "type": "sha256", "uuid": "39ceeed7-ad22-47ff-903d-466e60bac523", "value": "b5f71acac5b5eb9ad1b05d040729880da1d3617e5ec1e92805d14dcd94712da9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827190", "to_ids": true, "type": "ssdeep", "uuid": "166da7f8-ce8b-457c-9802-cff4c7c9ee91", "value": "3072:8FAMQ7pZbHt/OkqizltnPkrdYQm9OdY4mN6vQ8hQG:RdpZbHt/zqIZPkrdYP9V4mN6f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827190", "to_ids": false, "type": "size-in-bytes", "uuid": "9f514bdc-89bd-4731-a1c1-03025342ba38", "value": "174560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827190", "to_ids": true, "type": "vhash", "uuid": "d79ddf73-dded-4eed-a8fb-d17d3ce1aab2", "value": "015046655d151034z1700729z35z12z5gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827190", "to_ids": true, "type": "filename", "uuid": "26c7bb4f-c766-4d6b-b83c-f145f4263d05", "value": "DarkHotel_c2d00fef0659640c1345967d2f554278" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827190", "to_ids": false, "type": "text", "uuid": "f10671f1-bc24-410d-9770-86bdc62b82d2", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Telject.A\nVT Total Detection:54/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509858", "uuid": "6fcca0cf-7c92-411b-bfd6-17682477e20d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509858", "to_ids": true, "type": "md5", "uuid": "676e3b50-aabc-40ff-bb0a-8de679c3f579", "value": "fe95141837ae86cb02a1bbf6a070cbb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829185", "to_ids": true, "type": "sha1", "uuid": "f32e71c8-271c-46d0-b635-1878119d13a7", "value": "ce53f4c743fa5db587fa108a47a8c18a22dc75fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829185", "to_ids": true, "type": "sha256", "uuid": "6109de14-f503-4dd9-9c9d-56442adb6ace", "value": "472a9cfbba1990d438c92cda1b7d73c9940e5fd0523beb6483de025f25c28314", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827211", "to_ids": true, "type": "ssdeep", "uuid": "10908552-7da5-46e5-a683-69eca63c38f9", "value": "6144:ez2RpFGSi8wagXy1hT7mbmgG4dFdrYhxQErD70VZ:W2R3G/agivudFdrYhxQE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827211", "to_ids": false, "type": "size-in-bytes", "uuid": "2d1e189e-9041-4abe-bb4a-24256804a07e", "value": "320512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827211", "to_ids": true, "type": "vhash", "uuid": "fb49f9cd-e663-4581-a071-18883f4d46cd", "value": "035056655d75151068z59nz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827211", "to_ids": true, "type": "filename", "uuid": "e51b52ef-1cf8-417e-ad84-1fc1c6f892f1", "value": "Explorer System Checker" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827211", "to_ids": false, "type": "text", "uuid": "5ebc1923-ffc0-4efe-b9fe-7c70ae069530", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tapaoux\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509879", "uuid": "9187389a-6295-40f5-be2d-fe3634a75d6d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509879", "to_ids": true, "type": "md5", "uuid": "a3726193-963c-4ba8-9d71-cee0be83dc81", "value": "a0b0389eb9bbfe1839d3da7a1995da3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829186", "to_ids": true, "type": "sha1", "uuid": "3af9bc6b-0db1-4ed9-9c6b-5724abe6055a", "value": "338899996aeb3bebae0947bd3747eb0cb1ec1a1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829186", "to_ids": true, "type": "sha256", "uuid": "00a8f8f1-2891-48c2-8f43-0b772779fbb5", "value": "5da5c672a2a91c1cfc05ad804ca12caf86e03231cefb3ea7da9e87e0d070b3a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827233", "to_ids": true, "type": "ssdeep", "uuid": "f71650b6-faef-40e4-9508-a7ce8dd0a39b", "value": "1536:7WKp6Bsq+RdIcmw6BCgPO7YHSwxSnQ2EOSwMGjYj0BbBfj8JyBRZ1sID2:7WK0uLRyL32UlxSSdGPBbBYJyvZyID2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827233", "to_ids": false, "type": "size-in-bytes", "uuid": "e590ceea-2ec5-4838-9440-32a93c089518", "value": "98752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827233", "to_ids": true, "type": "vhash", "uuid": "1737cc06-45c1-4431-a33a-b8ca50a611f0", "value": "094056655d15155088z68hz1011zc1z71z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827233", "to_ids": true, "type": "filename", "uuid": "c7fdf37e-fcc6-4a6a-a60e-0e6656035893", "value": "Windows Service" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827233", "to_ids": false, "type": "text", "uuid": "cac6cfc3-10a3-482b-beda-ec7f27f4c2cb", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Ypdl.B\nVT Total Detection:63/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509900", "uuid": "45c38b93-ef81-4190-b36d-471890742b52", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509900", "to_ids": true, "type": "md5", "uuid": "3222a1bf-a66d-447c-b155-ae9d0c7c36f0", "value": "822871578022c1292c9cb051cceedfe2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829187", "to_ids": true, "type": "sha1", "uuid": "8bcdbf4e-355f-4f14-a2f6-cf790ba3394d", "value": "41308106d1331304db35d81a1d38e9451befd241", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829187", "to_ids": true, "type": "sha256", "uuid": "c67f941e-66ab-49e7-b89b-fde099033414", "value": "8d78ba7e47fa48bde3707313fcef9ce42ef2190e4df03d1b9b4ad576d5f49a02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827255", "to_ids": true, "type": "ssdeep", "uuid": "516289cf-4d48-45b1-a237-d3547c7e5c57", "value": "384:fCUJ7ZnI9pCFgqpVXnjINRVV08xCDabQwNdU65odX/o2y4Nq7mcqe9E9l7IKuCE:1eumc3jcU8YOSXg2FNq7/Zu9lMJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827255", "to_ids": false, "type": "size-in-bytes", "uuid": "1008dc33-28e0-49ed-90bb-451f07f7d8b0", "value": "47160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827255", "to_ids": true, "type": "vhash", "uuid": "f9e4e454-79ce-4737-9f75-f8d922e6ef4c", "value": "044036651d1038z37!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827255", "to_ids": true, "type": "filename", "uuid": "16a71890-b848-4826-9a11-d731ef97f72b", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827255", "to_ids": false, "type": "text", "uuid": "68c3737e-4bcd-41bf-8ac1-e193a88b87f9", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Smupter\nVT Total Detection:54/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509921", "uuid": "196ce10b-b4ea-4e99-9832-a4ea21ebef62", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509921", "to_ids": true, "type": "md5", "uuid": "4d0f0f8b-78ed-45de-bf30-513ffa3a9a39", "value": "ca7e5ff32b729d0d61340911a01a479a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829189", "to_ids": true, "type": "sha1", "uuid": "7e1292d7-5fee-44d0-a6be-50751a793306", "value": "35edee4bf2034b085cf7515762a68b15011c2550", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829189", "to_ids": true, "type": "sha256", "uuid": "3702cb8f-face-49ae-9cf8-8dedb55469ab", "value": "f55f2f2d6da2d7262510371a9fa4401a22f474d7719a5649ef6055a72e0faf77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827276", "to_ids": true, "type": "ssdeep", "uuid": "4d976e2b-34e8-40b5-988d-a22771210af5", "value": "192:F52aN4JYW3L/V6RBNDNJWJP1oyns9NnWklmh4pjW79:t4mKEDN616EL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827276", "to_ids": false, "type": "size-in-bytes", "uuid": "90d1e8ea-a558-43ea-8566-f1de932d6325", "value": "19336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827276", "to_ids": true, "type": "vhash", "uuid": "713b2f03-59fd-4db8-a36b-8838e47f0714", "value": "014036551d1079z91a9z33z1011z2fz" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827276", "to_ids": false, "type": "text", "uuid": "36225604-a895-4986-a0e7-adf49a38e14d", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.F\nVT Total Detection:59/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509942", "uuid": "568144f6-2f6b-4ca8-b618-af562b4c9cd8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509942", "to_ids": true, "type": "md5", "uuid": "1c061336-ecda-4eef-aece-e852c734f336", "value": "35cd5ca2e33400a67345b00ef6db3ff6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829190", "to_ids": true, "type": "sha1", "uuid": "a7525624-8c50-4393-8e54-90bf39dda2f8", "value": "35f048c2c9fbdff130ad633e5d93cddf8b88ef6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829190", "to_ids": true, "type": "sha256", "uuid": "bbc440ce-ba3a-4853-8259-f1e2764ac892", "value": "3fb1c5e1e621d1d465528d5965f3ae17cd809300d668b350e6b8c63381741df8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827297", "to_ids": true, "type": "ssdeep", "uuid": "97fc4b3e-023a-440e-82b8-06e3155aea1b", "value": "6144:XIkHV4r8jXILqO2gh8lFFgwt8DFVZVgUJc5APOc:YJrQWggh+FZ6DFGjW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827297", "to_ids": false, "type": "size-in-bytes", "uuid": "c32ca61a-102d-461c-bcf8-2b1ff113f22a", "value": "285576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827297", "to_ids": true, "type": "vhash", "uuid": "9e724551-bc7f-4c9d-9d7c-fc917ade2d60", "value": "025036655d10f4z16002e539z43z1011ze1z802055zb6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827297", "to_ids": true, "type": "filename", "uuid": "bc0a8668-ffcb-4436-971f-463b3d2463b6", "value": "35CD5CA2E33400A67345B00EF6DB3FF6.sample" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827297", "to_ids": false, "type": "text", "uuid": "8074118a-0db2-4395-9023-c6a5376d2a90", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.B\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509963", "uuid": "54385d22-7d6a-4ec2-a2ab-558f0cbe488a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509963", "to_ids": true, "type": "md5", "uuid": "32b01289-f570-472e-b4d1-fcb71c9944a6", "value": "a45e0f8a404d846289f3a223253e94a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829191", "to_ids": true, "type": "sha1", "uuid": "123a955e-e78b-4803-ab8b-a8da21450d49", "value": "ff8224a2211faf9a684cd7856bf390b8ba7ffef2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829192", "to_ids": true, "type": "sha256", "uuid": "5cbc46fc-89b9-4159-8542-0358938e66f8", "value": "6ddd3ea4ca101d6095c8ce59f00455aec6fa671424ecf6e10dcc1982f0f88b8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827319", "to_ids": true, "type": "ssdeep", "uuid": "9484ad48-2561-4edf-872f-6eca1706c5ad", "value": "192:h8HBQfwWOr0t+/c5mLn3lEOCNNyP1oyn+8NsrBNnWklmh4pjW1:awwX+ScmnaO8Nc1Y8SvEz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827319", "to_ids": false, "type": "size-in-bytes", "uuid": "9623b9b6-bd74-4a50-b309-b33d4ecc6ceb", "value": "23432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827319", "to_ids": true, "type": "vhash", "uuid": "6737205c-ea33-4a6e-ae39-bd2a604b24d2", "value": "024036151d1028z1018fz1011z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827319", "to_ids": true, "type": "filename", "uuid": "ab097388-0809-4ad9-a0d8-3517039d9923", "value": "KernelMode.info_6ddd3ea4ca101d6095c8ce59f00455aec6fa671424ecf6e10dcc1982f0f88b8b.ViR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827319", "to_ids": false, "type": "text", "uuid": "41ec3a6e-9498-40a3-8222-eaaf46a7c9c1", "value": "Type Description: Win32 EXE\n\nMicrosoft: VirTool:Win32/Injector.DZ\nVT Total Detection:61/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747509984", "uuid": "eed6452c-5cd2-4663-bd60-2ce3aaeacdb6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747509984", "to_ids": true, "type": "md5", "uuid": "714abc7c-01d5-4c03-90b7-09e4d51411d2", "value": "8c3fc5e341d7df51ea9b781a55908e82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829193", "to_ids": true, "type": "sha1", "uuid": "aa2ef8b8-8285-4497-bcbf-6bb13cc8e192", "value": "84f5ff85b261dc5b9d65bc39e52a60da97ff60d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829193", "to_ids": true, "type": "sha256", "uuid": "f682ac51-f1d8-4e14-b626-9bdcc2ca656d", "value": "75699f124be1e31d76a0669bfcdd05c43117629d5b5cdbb33d57e0ae28ab2d15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827340", "to_ids": true, "type": "ssdeep", "uuid": "b9a1143e-bf1f-4ffc-9960-612bb062f10b", "value": "192:xf8/SMBztIDIDdJlUoynRXBePw3ZUNnWHlmh4yWQ:10SMBpVJSfXQPwwVz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827340", "to_ids": false, "type": "size-in-bytes", "uuid": "2231817f-454b-499e-b4e9-b7b8813b21de", "value": "10632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827340", "to_ids": true, "type": "vhash", "uuid": "84544dc6-ed48-4464-ba41-a88f64be5ff2", "value": "014036555d1028z101dfz1011z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827340", "to_ids": true, "type": "filename", "uuid": "8c67b992-25b8-4058-84c3-331389978dce", "value": "prtshgrd.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827340", "to_ids": false, "type": "text", "uuid": "06a4e704-0198-4656-be15-dfbe7fcf4de5", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:50/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747510006", "uuid": "86dd2493-66d2-49b9-b39a-7e1cb60a277d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747510006", "to_ids": true, "type": "md5", "uuid": "3f0e833e-6b5b-4916-8080-87dbec918ca4", "value": "e8190374c3d962f5c2cbb5e30007216c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829195", "to_ids": true, "type": "sha1", "uuid": "a7030a2c-22d0-46cf-baaf-de094a6304a0", "value": "e9827157fa4b39db8894968e670c16a5f932d692", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829195", "to_ids": true, "type": "sha256", "uuid": "3f1590eb-6b68-44d8-a3eb-9769e35bf195", "value": "608da4d2771afebd72ba09d877e708e0a40d3a0ca9638a34360a4ee33eb75e10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827361", "to_ids": true, "type": "ssdeep", "uuid": "9bf56351-8615-4d3a-8064-737d4240f4ef", "value": "49152:DJmkoDUXu9ibTMIVJgUfXq4uc49hkhefttuXK:DJmFDWu9dI8U/Vaua" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827361", "to_ids": false, "type": "size-in-bytes", "uuid": "3e070754-438b-4dde-8375-84c1e8481274", "value": "2072576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827361", "to_ids": true, "type": "vhash", "uuid": "820d5900-27c6-4c2a-b404-2ebf3d3979e8", "value": "026046551d157az3ehz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827361", "to_ids": true, "type": "filename", "uuid": "757d7183-6b33-4d50-bc4e-e38cca56cd24", "value": "ais_samples (50).exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827361", "to_ids": false, "type": "text", "uuid": "44c7c414-6d8c-4128-bb01-36ce70c98712", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.I\nVT Total Detection:62/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747510027", "uuid": "b3be06e6-c6e6-4fcf-ab3c-b48149347bfc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747510027", "to_ids": true, "type": "md5", "uuid": "f69e48a9-6dac-4cef-a2b3-c2154badbaa9", "value": "9a0963dbee2361fa9cebaa6e0e517774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740829196", "to_ids": true, "type": "sha1", "uuid": "aa546dc9-5526-425d-95ed-1f28d66c24bf", "value": "efa499354b533739c7ab867a29e3c5003cfec259", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740829196", "to_ids": true, "type": "sha256", "uuid": "9af01d4d-c4c2-4c77-a8b4-3dbe399fa9dc", "value": "014d68b2e2dc957c6b6fdabcd754780cf8f5aa223f38c31fd47d713d9cfd21f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740827383", "to_ids": true, "type": "ssdeep", "uuid": "a198c3d0-233a-4355-863f-5aefd25ed1f4", "value": "1536:OgYPhQXwIiPrrjThO+lUBrzCxry1ec7rUyj239aug53B1ci16ShZBJIFvTQ:hYP2XerzhOUxu/XUtau4B1cyBZBJr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740827383", "to_ids": false, "type": "size-in-bytes", "uuid": "8254d611-df2f-463a-aeb9-079eb91db4b4", "value": "120144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740827383", "to_ids": true, "type": "vhash", "uuid": "81c34406-2fad-43e5-abdc-270c13eedca1", "value": "015056655d151510a01031z800497z5015z82z36fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740827383", "to_ids": true, "type": "filename", "uuid": "6ee7dca4-8fd7-4f13-88af-590b0bb12b18", "value": "DirectX11.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740827383", "to_ids": false, "type": "text", "uuid": "542c6c78-892e-4877-bc6a-73f56dc718f0", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Garveep.I\nVT Total Detection:62/75" } ] } ] } }