{ "Event": { "analysis": "1", "date": "2025-02-24", "extends_uuid": "", "info": "[Threat Intel] Operation SalmonSlalom", "protected": false, "publish_timestamp": "1780040334", "published": true, "threat_level_id": "2", "timestamp": "1772902035", "uuid": "7238406a-dac3-41b6-a63e-4671822af814", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#40bedd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": "" }, { "colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FatalRat\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#a3aa59", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"", "relationship_type": "" }, { "colour": "#c60dc9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1566.003\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#86298e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"", "relationship_type": "" }, { "colour": "#3a0bda", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1487\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"", "relationship_type": "" }, { "colour": "#a05856", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": "" }, { "colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Construction\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740999228", "to_ids": false, "type": "link", "uuid": "3732d13e-071a-4b4e-b2d0-880dfd9c678e", "value": "https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1740999228", "to_ids": false, "type": "text", "uuid": "2cf021a3-daa8-4062-9b8d-1ae75607056b", "value": "A sophisticated cyberattack targeting industrial organizations in the Asia-Pacific region has been uncovered. The attackers utilized legitimate Chinese cloud services and a multi-stage payload delivery framework to evade detection. The campaign, named SalmonSlalom, employed techniques such as native file hosting CDN, public packers for encryption, dynamic C2 address changes, and DLL sideloading. The attack shares similarities with previous campaigns using open-source RATs like Gh0st RAT and FatalRAT, but demonstrates a shift in tactics tailored to Chinese-speaking targets. The malware installation process is complex, involving multiple stages and the use of legitimate applications to disguise malicious activity." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1740999228", "to_ids": false, "type": "text", "uuid": "a41ce1e3-d871-4e11-9246-041d1dea2df3", "value": "Name: Operation SalmonSlalom\nAuthor: AlienVault\nAdversary: \nTags: [\"fatalrat\", \"zegost\", \"dll sideloading\", \"simayrat\", \"mydoor\", \"gh0st rat\", \"moudoor\"]\nTgtd countries: [\"Taiwan\", \"Malaysia\", \"China\", \"Japan\", \"Thailand\", \"Hong Kong\", \"Singapore\", \"Philippines\"]\nMlwr families: [\"FatalRAT\", \"gh0st RAT - S0032\", \"Mydoor\", \"Moudoor\", \"SimayRAT\", \"Zegost\"]\nAttack_ids: [\"T1033\", \"T1056.001\", \"T1547\", \"T1543.003\", \"T1082\", \"T1071\", \"T1053\", \"T1140\", \"T1055\", \"T1218\", \"T1112\", \"T1070.001\", \"T1059\", \"T1083\", \"T1102\", \"T1057\", \"T1027\", \"T1573\", \"T1012\", \"T1132\", \"T1518\", \"T1574.002\", \"T1105\"]\nIndustries: [\"Manufacturing\", \"Construction\", \"Information Technology\", \"Telecommunications\", \"Healthcare\", \"Energy\", \"Government\"]" }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410875", "to_ids": true, "type": "md5", "uuid": "1bdc178e-b400-4827-9747-d142482e76af", "value": "02fb1958a901d7d1c8b60ecc0e59207c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410877", "to_ids": true, "type": "md5", "uuid": "9fb79847-18d4-446d-b3f9-84ede1377364", "value": "04aa425d86f4ef8dc4fc1509b195838a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410878", "to_ids": true, "type": "md5", "uuid": "da61d157-2d95-4014-a8bd-58cce05a8d5c", "value": "096c34df242562d278fc1578dc31df92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410879", "to_ids": true, "type": "md5", "uuid": "82cc91c1-ad4b-4e06-93fd-d9d039d18684", "value": "09a50edb49cbb59a34828a37e63be846", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410880", "to_ids": true, "type": "md5", "uuid": "4bd9dd05-6553-48e5-82e7-32978023d657", "value": "0a49345c77da210ab0cd031fda6bc962", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410881", "to_ids": true, "type": "md5", "uuid": "472230dd-6388-4232-95ba-4f08e056da72", "value": "0a70ea6596c92fbfb461909ed57503fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410883", "to_ids": true, "type": "md5", "uuid": "4bf46f87-d73c-495b-864e-2334de77c928", "value": "0b20f0ff1aaff4068f99f4db69ba9c1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410884", "to_ids": true, "type": "md5", "uuid": "7aa66b90-6de7-43d3-9329-d7c4f62c2e11", "value": "142eb5106fcc2f95b7daf37dca970595", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410885", "to_ids": true, "type": "md5", "uuid": "f2954117-2316-4988-a6fd-466bcb005505", "value": "15b7990bd006d857ee02c529b45783ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410887", "to_ids": true, "type": "md5", "uuid": "5a1b0ce3-d6be-46d8-84de-8ac0144ee5c6", "value": "1e80a8b3f4efb4bb27771d729f5ced85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410887", "to_ids": true, "type": "md5", "uuid": "d83d839d-56d9-4b54-9817-e456763daea2", "value": "2026ead0c2366d049ecd5e42ac1b1b07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410888", "to_ids": true, "type": "md5", "uuid": "3380fbff-3608-468b-8d13-8653cfcab4b3", "value": "24ecb197ee73e5b1eef2ded592640cf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410890", "to_ids": true, "type": "md5", "uuid": "d6fbb597-0563-495f-9829-2f2c303cecdf", "value": "26f0806932dfd029f0fe12e49bb4c799", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410891", "to_ids": true, "type": "md5", "uuid": "d94555d5-23cd-46a3-b901-aced3d2a9807", "value": "2aa41ae3d3ae789147218652e6593161", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410892", "to_ids": true, "type": "md5", "uuid": "9aad9066-270a-47a8-b755-2154f9d9c05e", "value": "2bccd50322afb7a349c163ce9b76bb66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410894", "to_ids": true, "type": "md5", "uuid": "6b5cfd0c-529e-435b-9c56-c8606885efde", "value": "357534f6a2bffa77b83501715e382a94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410895", "to_ids": true, "type": "md5", "uuid": "16cbc62d-464b-4ff3-bc0c-feb6747085be", "value": "362fc5799ecef8e9e328cfbf6272c48f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410896", "to_ids": true, "type": "md5", "uuid": "716cc43a-7257-482f-9007-5764525e4420", "value": "3843ef98a4c7ee88f10078e6a38f15ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410897", "to_ids": true, "type": "md5", "uuid": "36d55aa1-5df0-47ba-8cb5-40eae6300db6", "value": "44b47fdab8ca3375fe5a875deefa265c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410899", "to_ids": true, "type": "md5", "uuid": "7cca3a5c-9c5b-4130-80a2-a0abdeb444d7", "value": "502054d938a18172a3657aaf2326bcf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410900", "to_ids": true, "type": "md5", "uuid": "4abbc73a-b1cd-4c00-a7ed-4ed9e806d443", "value": "50a5c5a3c07f04d96f5f1968996cfb74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410901", "to_ids": true, "type": "md5", "uuid": "400a0f74-0c31-49a9-a547-fdfe7cbb0420", "value": "58a8daae643a84c112ddc6e79c750271", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410901", "to_ids": true, "type": "md5", "uuid": "d0263b70-17c2-4b95-85ed-95cb7446adc9", "value": "58e44c4d797cecfed42c1fdf18c2d5f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410903", "to_ids": true, "type": "md5", "uuid": "a75dcd91-eb71-4725-be41-0b2c9f0781d7", "value": "58fe500e022ea1aeebbe72c4ce694531", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410904", "to_ids": true, "type": "md5", "uuid": "dbda1096-b225-4bf5-84b9-a344424422d9", "value": "5b730131c3271820c03d711f2549b894", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410905", "to_ids": true, "type": "md5", "uuid": "539085c3-b590-4b4a-bd0f-bf949ee9b127", "value": "5d7fba23a44683c0b471d9a7cc7f5042", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410907", "to_ids": true, "type": "md5", "uuid": "e8e3623e-7c5f-4e17-9a47-39729118fccf", "value": "63562347202715eff0e7f2d6ad07a2aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410908", "to_ids": true, "type": "md5", "uuid": "6522a082-3520-44d9-baa9-0ef4ff56f300", "value": "63c600434def54157204765619838372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410909", "to_ids": true, "type": "md5", "uuid": "7fe64265-9931-4bdd-8cdd-d35b72206856", "value": "64013e613a0130cb1b7845139537bc5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410910", "to_ids": true, "type": "md5", "uuid": "e7d110dd-561f-400c-8040-218363fa3faa", "value": "64fdeed776cfd5e260444ae2e4a5b1a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410912", "to_ids": true, "type": "md5", "uuid": "79b1cd89-993e-4c69-a829-d205dfe3e21d", "value": "699ad2a5b6d9b9b59df79e9265ebd47a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410913", "to_ids": true, "type": "md5", "uuid": "8083a9f6-a5d0-4cd5-8ad0-a7cbeff3e2c0", "value": "6a5e3776c3bfdadd899704589f28e9fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410914", "to_ids": true, "type": "md5", "uuid": "579a932d-b09e-425d-9ffb-eb4205da43ce", "value": "6a73f3bab8fb205ed46e57cf076b6f6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410915", "to_ids": true, "type": "md5", "uuid": "5a2b691a-155f-467e-8f26-6aeb1169700f", "value": "771a5d8fc6829618f15abe49796d1c44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410917", "to_ids": true, "type": "md5", "uuid": "56342525-8be9-4bac-afd8-fb7c75f37944", "value": "790cf080abb18af471d465998b37fd1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410917", "to_ids": true, "type": "md5", "uuid": "412ff0c2-91c7-434c-b1c2-834d784f6581", "value": "797d111244805e897db5c21010ee8e12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410919", "to_ids": true, "type": "md5", "uuid": "e7ac6714-b4b3-4d13-9046-8e703b79f0d6", "value": "7ba376f5a71ffa21a92c7b35c3b000eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410920", "to_ids": true, "type": "md5", "uuid": "8f901015-b4bb-45ed-b435-606c43869bb3", "value": "82394a97458094b1cb22c4e243f4e9db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410921", "to_ids": true, "type": "md5", "uuid": "5bf36b50-1667-4dd1-9864-d8766fe91e89", "value": "8c0599c0a6b7ffaff93762d0c3ea2569", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410922", "to_ids": true, "type": "md5", "uuid": "4638e657-416e-462a-97be-b5c271d378f0", "value": "8da2c4796c439f4a57536bd5c5d3f811", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410924", "to_ids": true, "type": "md5", "uuid": "4525c272-f455-479e-807c-c4dba28ba840", "value": "8e474f9321fc341770c9100853eb41eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410925", "to_ids": true, "type": "md5", "uuid": "4e9f574e-510e-4702-8b8d-22b25cf098d6", "value": "9037ccfcd3d3d1542089d30d3041db1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410926", "to_ids": true, "type": "md5", "uuid": "453e4ca3-bf18-4beb-862c-111890d9d02e", "value": "936c16a64432348176f9183cd1524cef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410927", "to_ids": true, "type": "md5", "uuid": "83129877-31b6-4279-9efa-4c7041e6da95", "value": "93f12cbfb9ba1a66d3a050a74bab690b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410929", "to_ids": true, "type": "md5", "uuid": "3ca25224-f37e-48f2-b588-bbaa093ce32a", "value": "949f086c40cfc5144243a24688961414", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410929", "to_ids": true, "type": "md5", "uuid": "3c08921d-94a8-42bf-9fdf-c2c2101aef4e", "value": "9636309c41e8a33507c349b8e9053c49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410931", "to_ids": true, "type": "md5", "uuid": "2c4dcad1-847a-40d4-b153-e1928eba2bd9", "value": "9bf2e34511619b7c4573c3974bdbaa39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410932", "to_ids": true, "type": "md5", "uuid": "e5053faf-3ff0-4347-8d36-0dfcbf731f08", "value": "9e8a08fcddb10db8d58e17b544d81bff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410933", "to_ids": true, "type": "md5", "uuid": "ec83b7d1-73d9-473a-ab94-ed9095d14c52", "value": "a009b341aa6f5bda61300dc5e7822480", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410934", "to_ids": true, "type": "md5", "uuid": "b897d05f-c961-471b-b428-e2dc6d2e0aaa", "value": "a7b20338dd9ed5462ddff312b67556e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410936", "to_ids": true, "type": "md5", "uuid": "1de79964-3d09-4a31-84e3-2fe331a99ff8", "value": "ad216eaf11500eb73c6cdafc18cb49d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410937", "to_ids": true, "type": "md5", "uuid": "cf351e56-320e-4ca9-9279-9d884d53b925", "value": "b0c315c5dcda6e4442280c07b11d1ba5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410938", "to_ids": true, "type": "md5", "uuid": "0471113c-6751-47d1-93bc-f240df42b1f1", "value": "b37917ea3849607d02d330130a823567", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410939", "to_ids": true, "type": "md5", "uuid": "3f3d7ce5-3bc8-43bd-826a-2c717c8f145a", "value": "b3f8f1272813bff80630b9caab6e5089", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410940", "to_ids": true, "type": "md5", "uuid": "fbd0571a-1fd4-41be-91ba-f9b39f4ef9b1", "value": "b5c46f829fed11b4ddc2e155dc5cf974", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410941", "to_ids": true, "type": "md5", "uuid": "5a8f5e95-2fd9-47e5-805e-52e50aba119c", "value": "bc36b1be438f92fe5f9a47f13244503e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410942", "to_ids": true, "type": "md5", "uuid": "5b92f5fc-5dd5-44cc-b000-3ebf2fb22da8", "value": "bd6b8574738c7589887b61d4fad68fce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410943", "to_ids": true, "type": "md5", "uuid": "492110d5-a493-4892-ad21-703f769ac4a3", "value": "bdd68e7733c09fad48d4642689741ea4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410945", "to_ids": true, "type": "md5", "uuid": "b127f22c-0841-4f62-962e-c8fa199e1787", "value": "be15a198f05eb39277720defa9188f62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410946", "to_ids": true, "type": "md5", "uuid": "889324ef-5660-44fb-8d3a-1b54fd5db541", "value": "c4579aa972d32e946752357ca56ee501", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410947", "to_ids": true, "type": "md5", "uuid": "b2e0a8a9-80bc-4220-8931-1c29ba153880", "value": "c555cc05f9d16b9e9222693e523e0ba5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410948", "to_ids": true, "type": "md5", "uuid": "b46292c6-8d0e-4060-85e6-2ae3225cef07", "value": "c89a4a106619c67b8410efa695d78ef3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410950", "to_ids": true, "type": "md5", "uuid": "77869520-58d2-47ac-9722-7adc8e8004c4", "value": "ca7dc49e80b2a77677718c72f3cc6bc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410951", "to_ids": true, "type": "md5", "uuid": "a3ffd383-5ea6-477c-adb4-dcb675f74f29", "value": "cbc36deadef17a4c315cbbff3f74439f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409136", "to_ids": true, "type": "md5", "uuid": "e454a1a4-5b76-4345-83b7-8faa9f8cd921", "value": "d35635e8d07b923d1e89f541d4f03b90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409179", "to_ids": true, "type": "md5", "uuid": "0f488343-25d8-45cd-9495-fdb26ede0211", "value": "d494efc086447c543d0c3c7beecf2bc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409244", "to_ids": true, "type": "md5", "uuid": "ca4620f4-bbd7-4d6c-a7cf-ae00884b005e", "value": "dded5d108b6a9ee50d629148d8ed4ec5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409265", "to_ids": true, "type": "md5", "uuid": "2690473f-5c04-4950-9bf4-aebeed9a2f29", "value": "df6f5f4b7b8ba3c2c0ddc00d47e33218", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409308", "to_ids": true, "type": "md5", "uuid": "8dd6b5c3-f1fa-44c4-b6df-2787c0315f15", "value": "e32020ab02e11a995effb7781aabd92f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409329", "to_ids": true, "type": "md5", "uuid": "3f594333-daff-4f2b-8069-ad39221537d6", "value": "e6ef56c91bd735542775dfef277e0cc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409373", "to_ids": true, "type": "md5", "uuid": "7ee66753-6f8c-4d1c-a7d3-a1e5588f8ae2", "value": "e91991304abf5d881545bc127e7fb324", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409396", "to_ids": true, "type": "md5", "uuid": "b9b2dc3e-76c8-4799-a666-817bbc0e07a9", "value": "eb9419aa5c6fee96defad140450a9633", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409417", "to_ids": true, "type": "md5", "uuid": "2560322c-8311-4271-a343-a8970118f71b", "value": "ec0bdf52c113487e803028dbc52e8173", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409460", "to_ids": true, "type": "md5", "uuid": "439fd406-5fba-49fc-9479-099589e9e896", "value": "f9e461cc83076d5f597855165e89f0db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409723", "to_ids": true, "type": "md5", "uuid": "05496077-5335-4f67-a81e-883d4d40814f", "value": "02477e031f776539c8118b8e0e6663b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409868", "to_ids": true, "type": "md5", "uuid": "2b8f6aca-951a-4b79-9d21-600406bf4473", "value": "15962f79997a308ab3072c10e573e97c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409911", "to_ids": true, "type": "md5", "uuid": "3ebb5afb-c7b4-4cd3-988c-79109ccc09ac", "value": "172ee543d8a083177fc1832257f6d57d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409932", "to_ids": true, "type": "md5", "uuid": "3fa16823-e76a-46d9-ba1a-acf3c8fcd08a", "value": "1fe3885dea6be2e1572d8c61e3910d19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741409953", "to_ids": true, "type": "md5", "uuid": "450ff4d4-8fba-42c6-815d-a5ea371f61fb", "value": "249f568f8b8709591e7afd934ebea299", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410018", "to_ids": true, "type": "md5", "uuid": "0626071f-3341-426f-9620-4ee369d3104c", "value": "3ec20285d88906336bd4119a74d977a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410039", "to_ids": true, "type": "md5", "uuid": "cc9a1d9d-ab8f-4b3d-a2e6-9a25228fa617", "value": "43156787489e6aa3a853346cded3e67b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410060", "to_ids": true, "type": "md5", "uuid": "a528322f-9354-483c-830c-d04b7e9cab5a", "value": "46630065be23c229adff5e0ae5ca1f48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410104", "to_ids": true, "type": "md5", "uuid": "738b6043-8db3-4338-ad70-5d44817b6eb2", "value": "5be46b50cac057500ea3424be69bf73a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410168", "to_ids": true, "type": "md5", "uuid": "bbd1802f-1387-434e-a696-ff3c0c6d4cd0", "value": "635f3617050e4c442f2cbd7f147c4dcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410190", "to_ids": true, "type": "md5", "uuid": "9d9a45c6-ac07-4a98-a951-35889c1f0773", "value": "675a113cdbcce171e1ff172834b5f740", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410211", "to_ids": true, "type": "md5", "uuid": "d001f6d3-f8a9-4350-8d15-c697adc5b2fb", "value": "68a27f7ccbfa7d3b958fad078d37e299", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410276", "to_ids": true, "type": "md5", "uuid": "a499a2df-2a4d-4008-9a29-50edf582fe00", "value": "7ac3ebac032c4afd09e18709d19358ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410363", "to_ids": true, "type": "md5", "uuid": "3f2d816e-7345-44bc-a004-ba498770bdc7", "value": "9d34d83e4671aaf23ff3e61cb9daa115", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410384", "to_ids": true, "type": "md5", "uuid": "931fb543-fd5a-475b-b0ef-04a6d63642c4", "value": "a935ef1151d45c7860bfe799424bea4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410448", "to_ids": true, "type": "md5", "uuid": "31fa50e6-39fa-4011-b9e3-845c8918d225", "value": "ebc0809580940e384207aa1704e5cc8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410470", "to_ids": true, "type": "md5", "uuid": "976fadc3-847c-4fcd-867c-baac8228d561", "value": "eca08239da3acaf0d389886a9b91612a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741410513", "to_ids": true, "type": "md5", "uuid": "f1482f0e-87b2-499a-b7c4-76c0330c2766", "value": "fb8dc76a0cb0a5d32e787a1bb21f92d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 82", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "14c8e97b-fc3c-4f43-91b6-6ff55b33fc9a", "value": "101.33.243.31|82" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "3f6d967f-df33-48ef-8424-506e5074f7a8", "value": "43.154.238.130|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "aab938b6-127d-45e8-a644-20107a6765cb", "value": "134.122.137.252|6000" }, { "category": "Network activity", "comment": "On port 8081", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "f1ab0b7e-7e21-4442-8806-fd95b67da3ec", "value": "43.154.238.130|8081" }, { "category": "Network activity", "comment": "On port 8081", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "5b11db9b-3ad3-4b1e-89a4-35ebfc85fc25", "value": "111.230.93.174|8081" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "e31b4bcb-39cd-4627-9726-13729a5da151", "value": "43.159.192.196|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "4b4c409a-981c-4bcf-ac94-a152c9191aae", "value": "43.138.199.241|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "aed5006d-d347-45a0-8b95-c50b622cbfab", "value": "175.178.166.216|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "395515f3-4778-4062-9d96-e51522c44899", "value": "43.139.35.42|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "97f02c6e-caf1-4b1d-b609-791fd5718e9d", "value": "43.139.101.11|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "ed9d3db9-7e12-439f-bb42-843b1fcfa156", "value": "81.71.1.107|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "bc3315f3-ba90-4528-b57f-7b715fdf5a3c", "value": "175.178.89.24|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "c3d9f257-ff01-4c70-9d9c-aface7e7525f", "value": "106.52.216.112|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "25893477-a85c-42c0-956d-4857ca8c4584", "value": "43.154.68.193|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "11af640b-bcda-4c48-9278-5e855dc3c9db", "value": "107.148.54.105|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "77b9cf5d-733b-4059-906c-b5a67e967a55", "value": "47.106.224.107|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "ff1dd5d7-c589-454e-a1cf-c54243c6202f", "value": "154.39.238.101|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "5ae291ba-7327-40ee-b9c9-beb6cd725005", "value": "206.233.130.141|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "b4faf90d-a9c0-479c-ae44-830e1c5fd46e", "value": "107.148.50.116|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "888aaa59-5cff-45af-ae25-0da14de86367", "value": "103.144.29.211|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "884594b8-3f31-4b66-97de-1f324de5225e", "value": "107.148.52.241|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "68210810-7241-4c0f-89d6-1907b632c7e2", "value": "107.148.50.112|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "676ca249-467e-4dca-bf8a-ea96fcdf6ec7", "value": "107.148.52.242|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "984e4427-d7b3-47f6-a38a-1de9533db82e", "value": "111.230.10.93|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "6758b15e-f7f9-4cc7-b6b8-c5434dbd6588", "value": "111.230.32.52|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "e4291477-6789-4529-bc2b-203c6d1ba783", "value": "107.148.50.113|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "b0193c1e-6db6-4d61-afae-f321808ffd3e", "value": "111.230.108.14|6000" }, { "category": "Network activity", "comment": "On port 8081", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "7dc96fff-1ac0-451a-938e-9c3708682f17", "value": "175.178.96.9|8081" }, { "category": "Network activity", "comment": "On port 8081", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "d2d0d5a1-eb43-46c1-acca-0ba3f8b2b767", "value": "1.12.37.113|8081" }, { "category": "Network activity", "comment": "On port 8081", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "2abed3df-f847-4dda-9a84-7ab05cf4d403", "value": "111.230.15.48|8081" }, { "category": "Network activity", "comment": "On port 8081", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "7da485f8-1e74-4ad4-8d37-f4e7e5eddb7b", "value": "111.230.91.145|8081" }, { "category": "Network activity", "comment": "On port 8081", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "b9eea07e-6b90-434d-939f-4a5e30e0c9ea", "value": "111.230.45.217|8081" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "827f57f9-61bc-4d37-83d8-1dc5fcd70c30", "value": "154.91.227.32|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "b799745b-0092-44fd-b944-58bef51e620c", "value": "82.156.145.216|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "a53f22c0-c608-46b9-a93a-8349dcc2e3e8", "value": "122.152.231.146|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "cb292db2-8e7b-48a6-9a84-030d077f77b0", "value": "154.206.236.9|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "e7cc03cd-70d9-4806-8afb-b61f814a828d", "value": "119.29.219.211|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "e3bde7a4-155a-4910-b4d0-9a099752b199", "value": "107.148.52.176|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "04f6fd82-38ce-4ed6-8446-f78dd18d51b2", "value": "120.78.173.89|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "a82776ff-dbae-4d76-8caf-88e69804d053", "value": "120.79.91.168|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "ee440d98-396a-4daf-a7ec-dc60487b8700", "value": "114.132.46.48|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "700f9875-f4a8-4277-9bb6-d83c48e61eab", "value": "123.207.35.145|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "007baa8f-8edf-4681-a50d-61a4e390dd14", "value": "8.217.0.16|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "bf74da0e-46aa-4ef6-af4f-f1c663d5ed09", "value": "123.207.1.145|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "6dd3530f-5d70-4196-97cb-5947f477c587", "value": "114.132.56.175|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "ae0a4a3f-4080-416c-9664-65ad4bc8bb6c", "value": "119.29.235.38|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "44d2da12-0ff7-4e26-8689-117ff6aa0f5e", "value": "123.207.79.195|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "1d223ea5-5019-4c81-b439-7d982e9d3218", "value": "139.199.168.63|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "f6d5c9dc-904c-4560-956f-75aba2783ae8", "value": "123.207.55.60|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "bae0a63b-c39c-4541-af05-83e2af05b302", "value": "43.138.176.5|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "4dbf9acb-0e67-47ca-af19-84febe8e0fb2", "value": "123.207.16.43|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "b3baf7bb-7ebe-40ab-a34e-4c3970c3e7ab", "value": "123.207.58.147|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "7ef3b1aa-ca5e-4ad8-be71-986bf6a0e660", "value": "103.144.29.123|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "d922d218-532d-4d6d-859f-4b9bd473325d", "value": "156.236.67.181|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "29315537-ef1f-4741-82a3-f1b85a8cd3a1", "value": "123.207.44.193|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "e339b9c3-84ab-41cd-9057-be8cff570e89", "value": "123.207.8.204|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "093f4858-a033-48cf-af47-ce026413bb06", "value": "114.132.121.130|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "7906aada-5d59-4106-84ea-028503dfda4f", "value": "154.197.6.103|6000" }, { "category": "Network activity", "comment": "On port 6000", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "9f681b44-b813-4f7e-b0bd-ab3a4e7bf7ec", "value": "42.193.242.180|6000" }, { "category": "Network activity", "comment": "On port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1741402101", "to_ids": true, "type": "ip-dst|port", "uuid": "2fe60761-b07b-469e-bd33-613ef857c4fe", "value": "47.57.68.157|8080" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411117", "to_ids": true, "type": "domain", "uuid": "dc6121f6-3134-4104-9fdb-744e17f06bc5", "value": "microsoftmiddlename.tk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411139", "to_ids": true, "type": "domain", "uuid": "b7d5f877-6362-48b7-ba11-dd969a873676", "value": "cloudservicesdevc.tk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411161", "to_ids": true, "type": "domain", "uuid": "0feeaf26-f202-4c24-a4a6-df8302f967f8", "value": "novadector.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411183", "to_ids": true, "type": "domain", "uuid": "693877f2-24f5-4c90-9981-525110268804", "value": "microsoftupdatesoftware.ga", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411205", "to_ids": true, "type": "domain", "uuid": "78ec5f4b-16ef-4dd4-9600-8a2fd29c22af", "value": "0a305ffb2a1d41f6870eac02f9afce89.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411229", "to_ids": true, "type": "domain", "uuid": "c6046643-5027-41db-b8da-f97d0ead0977", "value": "xindajiema.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411251", "to_ids": true, "type": "domain", "uuid": "ed3d7df8-4d25-4550-bbb1-e7322b378cea", "value": "vip033324.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411273", "to_ids": true, "type": "hostname", "uuid": "ce474a94-5d62-4e70-a0eb-f6c707f936a4", "value": "101.kkftodesk101.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411295", "to_ids": true, "type": "hostname", "uuid": "b5e71003-a5bf-4f31-ab37-4774ea490b26", "value": "102.kkftodesk102.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411317", "to_ids": true, "type": "hostname", "uuid": "9268fb6e-a08c-43e7-ad14-395a2dbcdd1d", "value": "104.kkftodesk104.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411338", "to_ids": true, "type": "hostname", "uuid": "c4c1a97a-1317-40dd-9aba-54f3f55f049a", "value": "105.kkftodesk105.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411360", "to_ids": true, "type": "hostname", "uuid": "089c4060-874b-4610-97d6-96efe1659ac0", "value": "106.kkftodesk106.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411382", "to_ids": true, "type": "hostname", "uuid": "8a3cd27f-c767-4ace-a639-27d71734fabe", "value": "107.kkftodesk107.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411404", "to_ids": true, "type": "hostname", "uuid": "65c619e5-73d1-4b23-83b8-ebc8edfcf8a1", "value": "108.kkftodesk108.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411426", "to_ids": true, "type": "hostname", "uuid": "1b93ceda-6d45-4531-b97a-db6f232cc3e1", "value": "109.kkftodesk109.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411448", "to_ids": true, "type": "hostname", "uuid": "7f8ebaab-6c26-4ccd-b166-b00700cc5795", "value": "110.kkftodesk110.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741411470", "to_ids": true, "type": "hostname", "uuid": "5fa0637d-8c60-4188-8f84-89bb2524c09b", "value": "34.kosdage.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411491", "to_ids": true, "type": "url", "uuid": "45928527-013d-4fa7-a015-aa8b13494139", "value": "http://note.youdao.com/yws/api/note/4b2eead06fc72ee2763ef1f653cdc4ae", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411514", "to_ids": true, "type": "url", "uuid": "58335d57-0867-46a2-9e34-e2d2cb42fbdd", "value": "http://note.youdao.com/yws/api/note/1eaac14f58d9eff03cf8b0c76dcce913", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411536", "to_ids": true, "type": "url", "uuid": "665bf4a2-3cf1-4176-83a6-d48f5c41eae2", "value": "http://11-1318622059.cos.ap-nanjing.myqcloud.com/DLL2auto.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411558", "to_ids": true, "type": "url", "uuid": "b598b773-92f9-4435-b12c-58b89e966a3d", "value": "http://11-1318622059.cos.ap-nanjing.myqcloud.com/DLL.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411579", "to_ids": true, "type": "url", "uuid": "1ec266cf-1a30-4019-89e6-2b76ebd58903", "value": "http://11-1318622059.cos.ap-nanjing.myqcloud.com/DLL2.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411602", "to_ids": true, "type": "url", "uuid": "84d40a9b-8760-4fe2-b38c-4a880cc4a77d", "value": "http://11-1318622059.cos.ap-nanjing.myqcloud.com/FANGAOtest.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411624", "to_ids": true, "type": "url", "uuid": "730b2abc-de5e-455b-8860-2dbd426bbcf1", "value": "http://11-1318622059.cos.ap-nanjing.myqcloud.com/BEFORE.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411646", "to_ids": true, "type": "url", "uuid": "ff211aa2-7b82-468d-9f66-36d594f1e094", "value": "http://11-1318622059.cos.ap-nanjing.myqcloud.com/FANGAO.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411668", "to_ids": true, "type": "url", "uuid": "f1686d0d-479f-4555-9715-912c78deb66e", "value": "http://todesk-1316713808.cos.ap-nanjing.myqcloud.com/DLL.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411690", "to_ids": true, "type": "url", "uuid": "60212565-0d04-4719-b335-15ee1bd0454c", "value": "http://todesk-1316713808.cos.ap-nanjing.myqcloud.com/DLL2.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411712", "to_ids": true, "type": "url", "uuid": "1a7fdeed-83f5-473b-8440-6d090dc97eee", "value": "http://todesk-1316713808.cos.ap-nanjing.myqcloud.com/BEFORE.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411734", "to_ids": true, "type": "url", "uuid": "5b06bcdc-0bd5-468f-b6ce-4d43a1bf86fe", "value": "http://mytodesktest-1257538800.cos.ap-nanjing.myqcloud.com/DLL.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411756", "to_ids": true, "type": "url", "uuid": "d8b5f14a-c6f8-4570-b5d2-8dffb1d2bdfd", "value": "http://yuehai-1316713808.cos.ap-nanjing.myqcloud.com/DLL.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411779", "to_ids": true, "type": "url", "uuid": "09bef3bb-aab9-4f3c-a89e-e873286ccee2", "value": "http://yuehai-1316713808.cos.ap-nanjing.myqcloud.com/FANGAO.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411801", "to_ids": true, "type": "url", "uuid": "5f667828-95f5-4917-bcfa-0d3494f5983c", "value": "http://yuehai-1316713808.cos.ap-nanjing.myqcloud.com/before1/BEFORE.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411823", "to_ids": true, "type": "url", "uuid": "f3cb4170-71c9-4d6b-9cc1-54b525b759ef", "value": "http://yuehai-1316713808.cos.ap-nanjing.myqcloud.com/before2/BEFORE.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411845", "to_ids": true, "type": "url", "uuid": "78d81d0c-05d4-46e4-ae9e-2ae7ef21f32d", "value": "http://526-1316713808.cos.ap-nanjing.myqcloud.com/FANGAO.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411867", "to_ids": true, "type": "url", "uuid": "0b3589f3-5a69-435c-875d-6ff74af03b30", "value": "http://526-1316713808.cos.ap-nanjing.myqcloud.com/BEFORE.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411890", "to_ids": true, "type": "url", "uuid": "6e40adf6-842d-4afa-9a7c-44591728685b", "value": "http://526-1316713808.cos.ap-nanjing.myqcloud.com/DLL2.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411912", "to_ids": true, "type": "url", "uuid": "e62973e5-48ca-4411-93e5-00291e234eae", "value": "http://526-1316713808.cos.ap-nanjing.myqcloud.com/DLL.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411934", "to_ids": true, "type": "url", "uuid": "ff5cb1d0-7373-46ba-8c05-51725c7ea9ad", "value": "http://529-1316713808.cos.ap-nanjing.myqcloud.com/BEFORE.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411955", "to_ids": true, "type": "url", "uuid": "7fd38879-9f9a-4a07-beb4-a53536a0aac8", "value": "http://529-1316713808.cos.ap-nanjing.myqcloud.com/DLL2.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411977", "to_ids": true, "type": "url", "uuid": "62252339-d171-44e5-9341-fff908126257", "value": "http://529-1316713808.cos.ap-nanjing.myqcloud.com/FANGAO.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "URLs of malicious files on legitimate services", "deleted": false, "disable_correlation": false, "timestamp": "1741411999", "to_ids": true, "type": "url", "uuid": "5f6578e8-cc56-4607-9818-063881619f62", "value": "http://530-1316713808.cos.ap-nanjing.myqcloud.com/FANGAO.dll", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Other", "comment": "The malware then reads the online value from the C:\\Users\\Public\\vanconfig.ini configuration file created by Before.dll and decrypts it using xor with the 0x58 key", "deleted": false, "disable_correlation": false, "timestamp": "1741407154", "to_ids": false, "type": "text", "uuid": "8ac84207-0dc2-4ba6-90a2-e1b76b274c62", "value": "0x58" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770863052", "to_ids": false, "type": "comment", "uuid": "2b0b0d3f-0731-49df-86c8-6ce29f98fe58", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2025/250224-Operation-SalmonSlalom/10.png" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910485", "uuid": "cebbdc25-f4cd-4768-ade6-2e40a0d4767f", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741412021", "to_ids": true, "type": "md5", "uuid": "e1de898e-be61-4e1f-9c5d-a1b30a7d8bf0", "value": "033a8d6ec5a738a1a90dd4a86c7259c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407342", "to_ids": true, "type": "sha1", "uuid": "04fc6d6d-398d-4616-b801-e902ace07ed6", "value": "ae0af47cb118fb63bc509ba1862c7c8de8b7e92c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407342", "to_ids": true, "type": "sha256", "uuid": "aca5263e-236b-4e60-973b-13ba0d49c318", "value": "0304dcc1f7a5add148bfb0199e392abd4ce410c6b5f5cb8dca17bb2dc83606dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407341", "to_ids": true, "type": "ssdeep", "uuid": "a8d92846-bc02-4dde-847a-a3a9fedd59da", "value": "6144:9IosVad7yxiVqKYkTzlGz9gOUb2GBqoOkR6loMnKXAOUEfR5/FP6LbhOhokIkFzC:9rB9+iwK/lGRgOUqmq9kR6lhKXRF7F/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407341", "to_ids": false, "type": "size-in-bytes", "uuid": "28fa389d-e4ef-42f7-9817-4d592a79f392", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407341", "to_ids": true, "type": "vhash", "uuid": "6d5bc03d-bfbf-44d6-bc39-0e87c9f8724f", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407341", "to_ids": true, "type": "filename", "uuid": "b926d3ca-a7cb-473e-801e-7cfc0f3432fd", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407341", "to_ids": false, "type": "text", "uuid": "ff09eed6-ed7e-4c0f-acac-3f7f4cf76a1b", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze\nVT Total Detection:59/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910485", "to_ids": false, "type": "text", "uuid": "6d209eb0-ccc3-4cba-b56c-3355edca890b", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze\nVT Total Detection:59/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910485", "to_ids": true, "type": "ssdeep", "uuid": "ee39f5e5-12cf-43a4-9c8f-e121d858765c", "value": "6144:9IosVad7yxiVqKYkTzlGz9gOUb2GBqoOkR6loMnKXAOUEfR5/FP6LbhOhokIkFzC:9rB9+iwK/lGRgOUqmq9kR6lhKXRF7F/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910485", "to_ids": false, "type": "size-in-bytes", "uuid": "c09a14d1-0b06-4d39-887e-6ef4494a12f4", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910485", "to_ids": true, "type": "vhash", "uuid": "051a9215-be3e-4865-a394-c043f8dd2c05", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910485", "to_ids": true, "type": "filename", "uuid": "26792d97-5e41-46a3-84bd-ea0fd1c78523", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910507", "uuid": "0e340988-e4e8-4a01-b95d-de8c21f8c224", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741484895", "to_ids": true, "type": "md5", "uuid": "85dfcae7-05a8-4862-ad6f-3a1407a772f0", "value": "0c33792c6ed37452f44ca94ce7385250", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407500", "to_ids": true, "type": "sha1", "uuid": "6ad2b57a-404f-49c2-9cca-2c4e952a7641", "value": "7af06d64c76e486b021034038120e515c8f44aed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407501", "to_ids": true, "type": "sha256", "uuid": "21b938cb-aa86-422f-9913-cfd5fdf8a96a", "value": "7ad450932e55d2bb6c81dd01cb36a3134c12cf4ba51c743f3a88eb955868c1f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407500", "to_ids": true, "type": "ssdeep", "uuid": "70e1b7cd-036b-4e79-8842-5f86ec2a2ab7", "value": "6144:uNYzsmvKYkTzlGz9gOUb2GBqoOkR6loMnKXAOKTYE3mqkgicpvGZROD6ELZUoBVu:kYRK/lGRgOUqmq9kR6lhKXYTYE3PJjp0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407500", "to_ids": false, "type": "size-in-bytes", "uuid": "3339a3ce-c464-4080-94c2-1e6f5c1f947d", "value": "356352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407500", "to_ids": true, "type": "vhash", "uuid": "c72932ed-b5db-4b46-acfe-088b7910351c", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407500", "to_ids": true, "type": "filename", "uuid": "d462b935-4535-4c7f-a25e-bfacc90abed9", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407500", "to_ids": false, "type": "text", "uuid": "a2492200-4595-415c-8904-79301fe001d6", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:54/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910507", "to_ids": false, "type": "text", "uuid": "3693d1b4-6c10-416e-9800-ca0888dc1c3a", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:53/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910507", "to_ids": true, "type": "ssdeep", "uuid": "b7c574a6-d3bf-47ca-83f2-5e5c5b9dfeaf", "value": "6144:uNYzsmvKYkTzlGz9gOUb2GBqoOkR6loMnKXAOKTYE3mqkgicpvGZROD6ELZUoBVu:kYRK/lGRgOUqmq9kR6lhKXYTYE3PJjp0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910507", "to_ids": false, "type": "size-in-bytes", "uuid": "28bd1415-8364-4b23-ba33-cfcc62e8a020", "value": "356352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910507", "to_ids": true, "type": "vhash", "uuid": "e273d4e9-1aa8-458b-becf-b244e863f2b0", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910507", "to_ids": true, "type": "filename", "uuid": "904a6b11-3d41-4f53-8087-989878144e9c", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910528", "uuid": "aa54e70f-8d58-4ebc-86fb-d1e583d2f37e", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741484917", "to_ids": true, "type": "md5", "uuid": "0363573f-77a7-42ac-8781-38ff70477d40", "value": "1c79abe9f52cbe92f042615a9f6b6f10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407565", "to_ids": true, "type": "sha1", "uuid": "d22fdcf4-cbb6-42d3-a686-c05272476883", "value": "bb43bc470796a5cc1aadcd38507cbfea89a9cc85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407565", "to_ids": true, "type": "sha256", "uuid": "c160f60d-0909-4e06-8f61-1caf5dbdb402", "value": "4f322581c0db0ca651558cb11707f7e310127b99c184af02f668a6d70ff4f1af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407564", "to_ids": true, "type": "ssdeep", "uuid": "424034f4-6237-4f47-a4ad-65268da23e1a", "value": "1536:plL9AgRqfGccceuIFYKXH2mgsRVTSNgymQ7kN:3L9yeYeuoXdgf3mQ7kN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407564", "to_ids": false, "type": "size-in-bytes", "uuid": "d60254ea-05c5-4cc7-9d62-aa96a02a6a14", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407564", "to_ids": true, "type": "vhash", "uuid": "f3eb67a1-5ebe-4315-a59b-b61f7dbad335", "value": "06503e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407564", "to_ids": true, "type": "filename", "uuid": "75098f8e-5aed-4de9-8ac4-518dd7bc8ae0", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407564", "to_ids": false, "type": "text", "uuid": "7c8cb565-8891-46dd-9146-c46b5f987a14", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:58/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910528", "to_ids": false, "type": "text", "uuid": "a2628027-56ec-4f1a-a078-3510d617420e", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910528", "to_ids": true, "type": "ssdeep", "uuid": "c64388d8-0c51-41f4-bc0a-3770054a3716", "value": "1536:plL9AgRqfGccceuIFYKXH2mgsRVTSNgymQ7kN:3L9yeYeuoXdgf3mQ7kN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910528", "to_ids": false, "type": "size-in-bytes", "uuid": "bd66b6cd-f91c-4c5e-bb84-0b528aeb5b66", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910528", "to_ids": true, "type": "vhash", "uuid": "d4f1f623-036f-4417-979f-664e1692dc7a", "value": "06503e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910528", "to_ids": true, "type": "filename", "uuid": "f5b4e868-258d-4481-b9cf-44aaae8ba9ca", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910550", "uuid": "f0670a14-176c-45e2-8a8c-220daee191d5", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741484938", "to_ids": true, "type": "md5", "uuid": "12abc92a-614a-4b5c-983c-b08c2adcf7ee", "value": "28231ce260ce66388d58ce536d7ed201", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407673", "to_ids": true, "type": "sha1", "uuid": "57a56bc9-028b-486b-9645-0023299eef1e", "value": "8a6b6d6e13a89fe452c7472f522896dd8b3a9f00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407673", "to_ids": true, "type": "sha256", "uuid": "ec5b02db-a20c-4127-a0f6-4f7843b5e296", "value": "c2448f1009aa89bd6835b76229578f642ac908d4f54e7eca6326bca0f16aa7e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407672", "to_ids": true, "type": "ssdeep", "uuid": "da5e4e1a-d398-4ab3-b864-c256b0d9fb35", "value": "1536:7lLoAgRqfGccceuIFYKXH2mgsRVTSNgymQ1tt:xLoyeYeuoXdgf3mQ1tt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407672", "to_ids": false, "type": "size-in-bytes", "uuid": "e5965246-034e-425c-983a-b88a3bb44307", "value": "56320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407672", "to_ids": true, "type": "vhash", "uuid": "6d90fd8d-a8b3-40d3-ba32-fb39d204cb20", "value": "05403e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407672", "to_ids": true, "type": "filename", "uuid": "1b735300-9f62-4ab2-a7e4-00073c7f3b81", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407672", "to_ids": false, "type": "text", "uuid": "02a6e4f8-0f90-4c18-83a5-d53c93734b01", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910550", "to_ids": false, "type": "text", "uuid": "f73907d7-f111-4284-a01b-e90d4481d313", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:57/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910550", "to_ids": true, "type": "ssdeep", "uuid": "0300b30e-8086-46b7-a99c-f862df136b7c", "value": "1536:7lLoAgRqfGccceuIFYKXH2mgsRVTSNgymQ1tt:xLoyeYeuoXdgf3mQ1tt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910550", "to_ids": false, "type": "size-in-bytes", "uuid": "e69974e5-b840-47bc-b1e2-068e190c6541", "value": "56320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910550", "to_ids": true, "type": "vhash", "uuid": "526f17e6-89fc-4dd3-a375-287a916ab210", "value": "05403e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910550", "to_ids": true, "type": "filename", "uuid": "bde000c3-da87-4208-9a2a-f2566c861a00", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910571", "uuid": "380844dc-ffc1-406c-9971-e0bb03bc302a", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741484959", "to_ids": true, "type": "md5", "uuid": "a880a220-4404-483d-9190-15b45aa1b56a", "value": "3883957530482a399abb5e1f06e4581f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407803", "to_ids": true, "type": "sha1", "uuid": "bad72b12-fcb2-4b79-9aa1-b60e89c43fc2", "value": "3aeb300141b5130443edf28007867d2b76ae9c5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407803", "to_ids": true, "type": "sha256", "uuid": "38c25921-49f0-4802-b48d-268c4338a3de", "value": "03045010bd0d618e7aa872e952abb987891befdc5ab70b7f82be30d4f64f6f93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407802", "to_ids": true, "type": "ssdeep", "uuid": "e98ebe5c-c7ec-4866-8cab-f4c61e3e45a9", "value": "6144:pIosVad7yxiVqKYkTzlGz9gOUb2GBqoOkR6loMnKXAOUEfR5/FP6LbhOhokIkFzC:prB9+iwK/lGRgOUqmq9kR6lhKXRF7F/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407802", "to_ids": false, "type": "size-in-bytes", "uuid": "20751660-2b75-4f88-8bb7-2247f5c40474", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407802", "to_ids": true, "type": "vhash", "uuid": "e26687a8-f4ae-4dbf-ad3b-9bb3738410a0", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407802", "to_ids": true, "type": "filename", "uuid": "aa7e8629-0288-46ab-91d8-deb699181edb", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407802", "to_ids": false, "type": "text", "uuid": "57c399c7-e147-4346-b2fd-12d2f35426bf", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze!rfn\nVT Total Detection:56/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910571", "to_ids": false, "type": "text", "uuid": "b339aa18-7855-4cc7-890e-964dba1edb07", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze!rfn\nVT Total Detection:56/74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910571", "to_ids": true, "type": "ssdeep", "uuid": "6510cca5-c67d-4718-a482-f4f21ff24ecd", "value": "6144:pIosVad7yxiVqKYkTzlGz9gOUb2GBqoOkR6loMnKXAOUEfR5/FP6LbhOhokIkFzC:prB9+iwK/lGRgOUqmq9kR6lhKXRF7F/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910571", "to_ids": false, "type": "size-in-bytes", "uuid": "09e8f651-eb31-486a-bddb-82f717162af2", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910571", "to_ids": true, "type": "vhash", "uuid": "12fbb847-7b41-409a-8e33-0b41c3931cbf", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910571", "to_ids": true, "type": "filename", "uuid": "7a2e5b24-a59c-4303-bb93-53c8f083a854", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910592", "uuid": "65712dab-fde9-4b9c-9137-f89ed02f1e4e", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741484980", "to_ids": true, "type": "md5", "uuid": "032a9028-05d7-4454-b5c0-244749fa1c45", "value": "3b32fc9115c224653f5afba793c0bbef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407824", "to_ids": true, "type": "sha1", "uuid": "202f4e11-714f-4cfc-9a93-ee1a83ea3107", "value": "0457cdafa241049022b9750ad03c3c2b15770322", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407825", "to_ids": true, "type": "sha256", "uuid": "8b5f2733-0d6b-4368-9e89-93da500f3a3b", "value": "ba7285e8face8bedaac307fa85bf58492df2f7c0e70b9a93db2893b571c33de5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407824", "to_ids": true, "type": "ssdeep", "uuid": "c4f48756-1e47-4cb1-b5d6-080c97f09629", "value": "6144:3NYzsmvKYkTzlGz9gOUb2GBqoOkR6loMnKXAOKTYE3mqkgicpvGZROD6ELZUoBVu:dYRK/lGRgOUqmq9kR6lhKXYTYE3PJjp0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407824", "to_ids": false, "type": "size-in-bytes", "uuid": "e7edc550-9314-4a25-a334-f926cb50dd79", "value": "356352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407824", "to_ids": true, "type": "vhash", "uuid": "5a51e818-6969-4403-ad03-43541fcc7e4f", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407824", "to_ids": true, "type": "filename", "uuid": "0b8b872e-d5f6-4f49-ac06-c14d98349bbc", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407824", "to_ids": false, "type": "text", "uuid": "68a67103-6f22-4c8e-9906-f87fef12dfef", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910592", "to_ids": false, "type": "text", "uuid": "29093c04-0458-42ba-ad47-90a668cd1e63", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:57/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910592", "to_ids": true, "type": "ssdeep", "uuid": "b9f91616-bead-4704-9649-d8fbf88a506f", "value": "6144:3NYzsmvKYkTzlGz9gOUb2GBqoOkR6loMnKXAOKTYE3mqkgicpvGZROD6ELZUoBVu:dYRK/lGRgOUqmq9kR6lhKXYTYE3PJjp0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910592", "to_ids": false, "type": "size-in-bytes", "uuid": "f3498a09-6ac7-408f-b689-befb4f6f8084", "value": "356352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910592", "to_ids": true, "type": "vhash", "uuid": "90e59b7f-91e6-465e-9566-c884ceac864a", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910592", "to_ids": true, "type": "filename", "uuid": "0e105831-5742-4d8d-84d1-03684fa66af7", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910614", "uuid": "5f5cdb86-7374-4373-8d44-f086745fa741", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485002", "to_ids": true, "type": "md5", "uuid": "57086516-e732-49f1-8e36-b9ebf8f791d0", "value": "3ca82fd8d12967c32388ad18e9727fac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407846", "to_ids": true, "type": "sha1", "uuid": "55dc0df3-1f59-4f3b-91ab-962f6a36ee2b", "value": "4d2e56c0885355dda6c45355667951eb0069fd20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407846", "to_ids": true, "type": "sha256", "uuid": "c466c67a-966d-4951-a210-b1daadb8d3f7", "value": "48e65575ae65828220335101164f2517291be4174a0427b1ca96289d5ac34187", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407846", "to_ids": true, "type": "ssdeep", "uuid": "deb41556-5144-45b4-89a3-3be12a377a4e", "value": "192:gnEs18r4PXJHOjzFQtZx4FNc2uP1JWLGu7miNaMZ:0Qr4P5HOj5QtWiltJ8GuCiNa0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407846", "to_ids": false, "type": "size-in-bytes", "uuid": "11ca04c6-b980-4218-aa9e-59fe96686b22", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407846", "to_ids": true, "type": "vhash", "uuid": "3ceb8410-fc6a-453a-a58e-7edcff459b84", "value": "065036071d1\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407846", "to_ids": true, "type": "filename", "uuid": "442fab5d-4921-4099-8920-9e2694846034", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407846", "to_ids": false, "type": "text", "uuid": "da14fac0-3a71-4408-9b0c-a4d67e003826", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:44/71" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910614", "to_ids": false, "type": "text", "uuid": "7bddd5c2-4893-493a-9e26-8cc8bd011d73", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:44/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910614", "to_ids": true, "type": "ssdeep", "uuid": "a3e25c23-eb50-41e8-96b8-399c41d44cca", "value": "192:gnEs18r4PXJHOjzFQtZx4FNc2uP1JWLGu7miNaMZ:0Qr4P5HOj5QtWiltJ8GuCiNa0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910614", "to_ids": false, "type": "size-in-bytes", "uuid": "b4f4ae23-3685-42d6-b960-24653f306a07", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910614", "to_ids": true, "type": "vhash", "uuid": "3f648616-60b9-46cf-9111-a7dd0bd73839", "value": "065036071d1\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910614", "to_ids": true, "type": "filename", "uuid": "34ec5243-a80e-43ff-a7f1-c24f1ca5f455", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910636", "uuid": "2aeaa87c-ab68-4f49-ae17-f439d0a6018e", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485023", "to_ids": true, "type": "md5", "uuid": "7bccc414-294a-4926-8ba5-a3d80fcc5ceb", "value": "4fc6dbb9beeecb2d60f3fef356c6df01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407889", "to_ids": true, "type": "sha1", "uuid": "f5232662-91c7-4f4a-8f20-1a473a6c9836", "value": "c7162238ee68b81ec48c518d4f7caa52c0427c08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407890", "to_ids": true, "type": "sha256", "uuid": "5f38838b-95ee-439f-a177-1444a12a528e", "value": "40eb00e7ec49858e803d894b978afb9375b7e0e2010af2b85674a3d4d082f1ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407889", "to_ids": true, "type": "ssdeep", "uuid": "e788a684-5478-4279-86ed-7f71dcea9012", "value": "1536:plL9AgRqfGccceuIFYKXH2mgsRVTSNgymQaQsr:3L9yeYeuoXdgf3mQEr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407889", "to_ids": false, "type": "size-in-bytes", "uuid": "2ba38478-03d4-4ffa-ae2f-4b122edc2475", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407889", "to_ids": true, "type": "vhash", "uuid": "6c0261c5-95fa-4089-a027-ed480b5c5606", "value": "06503e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407889", "to_ids": true, "type": "filename", "uuid": "73b0c4ac-371f-4672-8003-e07d2fb8e372", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407889", "to_ids": false, "type": "text", "uuid": "cfef49b8-380e-42ed-a97e-08c200067744", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:56/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910636", "to_ids": false, "type": "text", "uuid": "16216d4e-d781-44fa-9f8a-3f893182f403", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:57/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910636", "to_ids": true, "type": "ssdeep", "uuid": "505be079-16be-457c-98a7-0f2e6c15e807", "value": "1536:plL9AgRqfGccceuIFYKXH2mgsRVTSNgymQaQsr:3L9yeYeuoXdgf3mQEr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910636", "to_ids": false, "type": "size-in-bytes", "uuid": "fa37b7f3-fc55-47ed-bfce-72e6858fa42f", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910636", "to_ids": true, "type": "vhash", "uuid": "7cd4a5c8-92be-4dd0-b32b-1c6d6fc611ea", "value": "06503e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910636", "to_ids": true, "type": "filename", "uuid": "1572af21-9115-4784-803b-c44d8acd3569", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910659", "uuid": "649ab687-710d-45c4-ac69-5c2832f06932", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485045", "to_ids": true, "type": "md5", "uuid": "9f30fee0-b45b-411b-8d15-562e601c8afa", "value": "50d29ee29b54685bd10b8d2917696413", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741407954", "to_ids": true, "type": "sha1", "uuid": "bb785258-bd62-49da-8eb8-7ef967881a07", "value": "c5f8fc918e767fa7594d55ed5285308406305e32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741407954", "to_ids": true, "type": "sha256", "uuid": "f9c64130-a975-4f4c-8755-07fb117672ee", "value": "c7afea49507edaa8a31b8c0a33a1c3332cb2a7fae70f43f603200f6f775fa597", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741407953", "to_ids": true, "type": "ssdeep", "uuid": "16296592-0419-402f-94f4-ec9334706eee", "value": "1536:BpsisGVRb/M+IAYepdcE48a4j9r9H1VT20xAF/IbsZFAyv8krf4qqv:BpLsaRLM++udcz4Jr9GN+Ba8krf4qw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741407953", "to_ids": false, "type": "size-in-bytes", "uuid": "2dbe7280-1a7d-4cea-b294-5edd419d13b9", "value": "113776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741407953", "to_ids": true, "type": "vhash", "uuid": "4ece8c9f-addb-4dbe-a41e-07f0eca1fb42", "value": "015056655d1515bz4frz4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741407953", "to_ids": true, "type": "filename", "uuid": "b871c504-ec25-40a9-8736-a957eff62868", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741407953", "to_ids": false, "type": "text", "uuid": "dfbc6008-81ee-48e2-b4dd-7cf9b6ca4b64", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:50/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910659", "to_ids": false, "type": "text", "uuid": "beb7a4dc-d6ec-452a-9f61-f30026b2f6a6", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:49/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910659", "to_ids": true, "type": "ssdeep", "uuid": "fba51cf5-bb8e-4fdf-8afd-308d9f816c62", "value": "1536:BpsisGVRb/M+IAYepdcE48a4j9r9H1VT20xAF/IbsZFAyv8krf4qqv:BpLsaRLM++udcz4Jr9GN+Ba8krf4qw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910659", "to_ids": false, "type": "size-in-bytes", "uuid": "1dd13aaa-5011-4b41-b85c-c64bb62374e1", "value": "113776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910659", "to_ids": true, "type": "vhash", "uuid": "92c50e18-c42b-464a-87ec-a4dad08919a6", "value": "015056655d1515bz4frz4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910659", "to_ids": true, "type": "filename", "uuid": "9ca80e40-5874-427c-8912-57ea867af767", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910681", "uuid": "552ed50d-daa9-4c1a-8ca5-1465bc65b503", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485067", "to_ids": true, "type": "md5", "uuid": "dcc34e54-e3d9-40f8-aada-f0ec8c38e48f", "value": "5c1de870ea1e08b25e7ce4397372f5a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408062", "to_ids": true, "type": "sha1", "uuid": "29cb90ae-5d2d-41f4-bb63-2f5071e7e68e", "value": "6d3f6b681b991275905bc7748c1ae15a9000cee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408062", "to_ids": true, "type": "sha256", "uuid": "39c82208-edd2-4858-a9f7-b0d5796960a0", "value": "571c522fa1d3418bfb18be8c5e0ab35a5104a42fb82bfffc97ff7e9144fd156f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408061", "to_ids": true, "type": "ssdeep", "uuid": "a0e32417-f720-4d94-817d-7c085a237ff1", "value": "6144:F4zIIwOO0dDa9KYkTzlGz9gOUb2GBqoOkR6loMnKXAOUaQdv4RI1dohpqMJGM/aZ:F4MIBOu2K/lGRgOUqmq9kR6lhKXFK4RI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408061", "to_ids": false, "type": "size-in-bytes", "uuid": "81a80652-b411-4a59-b21b-bb9457a31cfa", "value": "354304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408061", "to_ids": true, "type": "vhash", "uuid": "a5695be8-fabc-4cce-8a65-c5e90200477b", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408061", "to_ids": true, "type": "filename", "uuid": "96ebbb2e-db60-4898-ba81-3edd71177c11", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408061", "to_ids": false, "type": "text", "uuid": "cd23f8c0-f47d-4b62-b1f2-3a86d398055a", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:52/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910681", "to_ids": false, "type": "text", "uuid": "aedbca98-3029-4732-a073-b9ac09a5332f", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:52/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910681", "to_ids": true, "type": "ssdeep", "uuid": "5c14a565-1d76-46f3-83e4-4ef18497b686", "value": "6144:F4zIIwOO0dDa9KYkTzlGz9gOUb2GBqoOkR6loMnKXAOUaQdv4RI1dohpqMJGM/aZ:F4MIBOu2K/lGRgOUqmq9kR6lhKXFK4RI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910681", "to_ids": false, "type": "size-in-bytes", "uuid": "ea19767b-92bf-4906-a7e6-8cd9a0ce4cdb", "value": "354304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910681", "to_ids": true, "type": "vhash", "uuid": "ff863231-1b11-4f84-b707-1d3dd7631437", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910681", "to_ids": true, "type": "filename", "uuid": "f9caa60e-2acd-47c2-957f-f6e32679e732", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910703", "uuid": "b1f6a373-84d5-4245-9e9e-477ad3618ed7", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485088", "to_ids": true, "type": "md5", "uuid": "64d44691-b418-4e10-a5ef-c0f0c80c84f7", "value": "632c0808e4d0c7b293642e4c4ae8e2a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408108", "to_ids": true, "type": "sha1", "uuid": "6b93ff9a-a33a-4b26-8abe-67dd164f282f", "value": "58f17752124b828a4dc6d153c201e10258bc8747", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408108", "to_ids": true, "type": "sha256", "uuid": "08f1e6ce-c4b4-4313-b9d9-3163e34d8a3a", "value": "9f61bc02326bca563f45642167f5d40a2db0bc40b137bafb3e8c3318db852199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408108", "to_ids": true, "type": "ssdeep", "uuid": "a54c9692-a4b5-4a4a-abbf-a1daa4f4f121", "value": "6144:54zIIwOO0dDa9KYkTzlGz9gOUb2GBqoOkR6loMnKXAOUaQdv4RI1dohpqMJGM/aZ:54MIBOu2K/lGRgOUqmq9kR6lhKXFK4RI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408108", "to_ids": false, "type": "size-in-bytes", "uuid": "62a5a400-c57b-47bc-a163-b3d3e35b1409", "value": "354304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408108", "to_ids": true, "type": "vhash", "uuid": "b1f96029-944c-461a-bc45-d4f62f9b4f53", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408108", "to_ids": true, "type": "filename", "uuid": "71b3a41c-11e4-45f0-b8b0-d0d405637819", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408108", "to_ids": false, "type": "text", "uuid": "aac5891e-71d0-421d-98af-2a965f729ff1", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:56/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910703", "to_ids": false, "type": "text", "uuid": "02d21d65-77c0-435e-acf9-f32c6ea63f69", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:56/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910703", "to_ids": true, "type": "ssdeep", "uuid": "fe857fd3-afbb-43ae-b8e2-c9ff1351a50c", "value": "6144:54zIIwOO0dDa9KYkTzlGz9gOUb2GBqoOkR6loMnKXAOUaQdv4RI1dohpqMJGM/aZ:54MIBOu2K/lGRgOUqmq9kR6lhKXFK4RI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910703", "to_ids": false, "type": "size-in-bytes", "uuid": "d690a801-9ab2-4e2e-a097-a65a3ed77219", "value": "354304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910703", "to_ids": true, "type": "vhash", "uuid": "7428b56c-0cd9-4d5e-b15b-7398ae6e793d", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910703", "to_ids": true, "type": "filename", "uuid": "a4343023-dbff-42e7-8ebd-ed4580bff723", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910724", "uuid": "77c9a7ae-ab4c-41fc-8286-6c941510dd2c", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485109", "to_ids": true, "type": "md5", "uuid": "96112463-342e-42e3-8e82-0faf3efb27ee", "value": "64d72e8d0539e6a0b74fb1c6e5127c05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408197", "to_ids": true, "type": "sha1", "uuid": "3b56aeff-ccae-4f79-b0b5-3ba0c3b00ec3", "value": "7362835a36427aed760dc5837ca1c793a109c988", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408198", "to_ids": true, "type": "sha256", "uuid": "a171624a-0393-4316-8b6c-86dbe64519dc", "value": "a78f59090ddc648f6765b731f45fb0797413cba59fd956eab3d51cf840fb1fea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408197", "to_ids": true, "type": "ssdeep", "uuid": "650ce18b-c664-44d4-994c-52205c9a7d83", "value": "1536:gyNAcQ2sbj8W26rV1nxIK/FaNKeN7LOytnwv6Va9Eg/10S5MThi+ZtBfI:/AcQ2sbosVD9cd7LOxv6Vsj/KYkR7N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408197", "to_ids": false, "type": "size-in-bytes", "uuid": "fd12c2dc-c567-43fc-ae1c-c062c1018791", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408197", "to_ids": true, "type": "vhash", "uuid": "9f0b2ef4-67fe-41ea-b513-73de13eba3d5", "value": "03507f7f7f7f5f0f1fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408197", "to_ids": true, "type": "filename", "uuid": "bb9c0136-7044-4715-be9a-cb610d5d0d45", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408197", "to_ids": false, "type": "text", "uuid": "28d1e6dc-992e-43ca-b0f1-f99deda9a2c4", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:45/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910724", "to_ids": false, "type": "text", "uuid": "802731c2-5eef-49ab-8358-8203410d5bde", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:44/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910724", "to_ids": true, "type": "ssdeep", "uuid": "ecd83489-6e56-4dfa-b4f1-2f1d05254120", "value": "1536:gyNAcQ2sbj8W26rV1nxIK/FaNKeN7LOytnwv6Va9Eg/10S5MThi+ZtBfI:/AcQ2sbosVD9cd7LOxv6Vsj/KYkR7N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910724", "to_ids": false, "type": "size-in-bytes", "uuid": "9285e3bf-16c3-4cf4-9b7b-a354e35fdb07", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910724", "to_ids": true, "type": "vhash", "uuid": "2c807e57-625c-4651-93a0-73a03d6be723", "value": "03507f7f7f7f5f0f1fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910724", "to_ids": true, "type": "filename", "uuid": "aef9ebdf-3d14-4400-bf51-74d72fd01471", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910746", "uuid": "fed34899-f821-4ad3-95a4-6ebe1f6dc43f", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485131", "to_ids": true, "type": "md5", "uuid": "b85d482d-7f23-482f-94c6-cecf2246df5c", "value": "7081b6781e66bdceb2b119a783b6c7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408304", "to_ids": true, "type": "sha1", "uuid": "94b38a40-6a8f-4584-9b35-af3856d7f1bc", "value": "72524bb6e32ea188fffa7945489552af431713fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408304", "to_ids": true, "type": "sha256", "uuid": "ac71e007-95aa-45e1-8e2a-056caaf1841a", "value": "fd1a608a9e1bfcb845f59fa6b89aa6d27511517d4fb42d3f970f7404dc6ef138", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408304", "to_ids": true, "type": "ssdeep", "uuid": "6545d950-0722-403b-b0f7-93581b88eb15", "value": "6144:AIosVad7yxiVqKYkTzlGz9gOUb2GBqoOkR6loMnKXAOUEfR5/FP6LbhOhokIkFzC:ArB9+iwK/lGRgOUqmq9kR6lhKXRF7F/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408304", "to_ids": false, "type": "size-in-bytes", "uuid": "06843104-1431-4890-90d1-8362a08c837f", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408304", "to_ids": true, "type": "vhash", "uuid": "fb42617f-4a57-4900-b8f4-2170b9ec7deb", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408304", "to_ids": true, "type": "filename", "uuid": "8b4d7cdf-7910-47a8-9187-0ef6dd8c3505", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408304", "to_ids": false, "type": "text", "uuid": "9c7248e3-8295-44ba-85c5-9a0d591faed5", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:55/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910746", "to_ids": false, "type": "text", "uuid": "3be7f307-2b72-42cd-949c-f98d6b08186b", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:55/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910746", "to_ids": true, "type": "ssdeep", "uuid": "bc673666-31d6-42af-9c5f-f9382d3fbf4e", "value": "6144:AIosVad7yxiVqKYkTzlGz9gOUb2GBqoOkR6loMnKXAOUEfR5/FP6LbhOhokIkFzC:ArB9+iwK/lGRgOUqmq9kR6lhKXRF7F/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910746", "to_ids": false, "type": "size-in-bytes", "uuid": "14243792-0f13-487c-9b46-585cc8ed3747", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910746", "to_ids": true, "type": "vhash", "uuid": "59694cbc-614f-4513-902b-c878c8b1fe7c", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910746", "to_ids": true, "type": "filename", "uuid": "378dea35-c464-4b88-8bb2-c2399b91a098", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910767", "uuid": "f3951919-fe18-4d5e-8e72-b698e34475d2", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485152", "to_ids": true, "type": "md5", "uuid": "e4bef5b7-76d8-462c-8fb2-e4fe8ccf523e", "value": "991cb5f8476edbc73223d1331704a9fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408601", "to_ids": true, "type": "sha1", "uuid": "afe1f73c-1d1e-417e-812f-e566257c8a3b", "value": "c765b7c959cb47015ab795e47f2082bb2729a19a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408601", "to_ids": true, "type": "sha256", "uuid": "590124c6-f4b8-49ec-8dec-87fd24b0d93e", "value": "9b71dcccad8e279ebe284c4d91a840261b85691c4e4bb405984eec3b2fe34335", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408601", "to_ids": true, "type": "ssdeep", "uuid": "2499ae55-7eb1-4e46-92c9-3cf0deb6fc95", "value": "12288:9NNRG9K/lGRgOUqmq9kR6lhKXYTYE3PJjpY+LZXCg4:9N69K/cRgOnmq9g6pTYyPJjpY+LtCg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408601", "to_ids": false, "type": "size-in-bytes", "uuid": "7b04182a-decb-4df3-9aa3-d5e0d0f94850", "value": "450560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408601", "to_ids": true, "type": "vhash", "uuid": "24bad2dd-c7d0-4e2a-bde0-1642ae5f3455", "value": "04507f6f5f1f1f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408601", "to_ids": true, "type": "filename", "uuid": "c49789c0-2517-4b1e-92fb-31cfa0974915", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408601", "to_ids": false, "type": "text", "uuid": "71bcd3bc-97e9-43ed-8504-19997da42ac0", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:55/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910767", "to_ids": false, "type": "text", "uuid": "dbcd0b5a-dc9c-4c73-8b21-daa60435cf15", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:56/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910767", "to_ids": true, "type": "ssdeep", "uuid": "174e87cd-4cd1-4871-b83f-9220425c8719", "value": "12288:9NNRG9K/lGRgOUqmq9kR6lhKXYTYE3PJjpY+LZXCg4:9N69K/cRgOnmq9g6pTYyPJjpY+LtCg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910767", "to_ids": false, "type": "size-in-bytes", "uuid": "1a97e5f7-653e-4028-b778-31f506c819c1", "value": "450560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910767", "to_ids": true, "type": "vhash", "uuid": "19c7e167-0982-4a95-b7ad-40e7f5880f80", "value": "04507f6f5f1f1f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910767", "to_ids": true, "type": "filename", "uuid": "a4a39c4f-113c-4421-9714-1471d59961fd", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910789", "uuid": "7c09ba7e-33a0-43c4-bcb7-e967017a9c53", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485174", "to_ids": true, "type": "md5", "uuid": "dfca1c04-20a0-4187-bb93-2e52c63a285a", "value": "9bb22b91b5ad59972130a3a428f7b5bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408623", "to_ids": true, "type": "sha1", "uuid": "402829a6-28ec-4e3e-ae13-0e8b2d922a2c", "value": "4d1f10a1166f69d55c44973e552ab9ae94ae3638", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408623", "to_ids": true, "type": "sha256", "uuid": "eac00626-e69a-483f-b851-69ea8da9da7a", "value": "d76b88db043c82cfb1c13fa46edb1e6a6a88f2c2171ffcd501b4923b377ddffe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408622", "to_ids": true, "type": "ssdeep", "uuid": "a5adf9ef-c7f4-44e3-af37-0419edff894b", "value": "6144:05ZAKYkTzlGz9gOUb2GBqoOkR6loMnKXAOOF5HNLPVIRliWeMKZpiE4E:sZAK/lGRgOUqmq9kR6lhKXgfzwliWpwP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408622", "to_ids": false, "type": "size-in-bytes", "uuid": "c418ac9a-811d-493e-be0f-131054c05637", "value": "354816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408622", "to_ids": true, "type": "vhash", "uuid": "4a61190c-e805-42f7-8dac-ff16dc391089", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408622", "to_ids": true, "type": "filename", "uuid": "bd6b7af3-8193-4e54-88d5-d047c2f778a9", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408622", "to_ids": false, "type": "text", "uuid": "0a3611e5-ec76-4e8e-942b-210dd48a18e5", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze!rfn\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910789", "to_ids": false, "type": "text", "uuid": "09a01cc6-ff4b-4ed4-aa04-1fb09238280d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze!rfn\nVT Total Detection:57/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910789", "to_ids": true, "type": "ssdeep", "uuid": "6a43a26f-cf71-438d-bdfb-ce58865f9b1b", "value": "6144:05ZAKYkTzlGz9gOUb2GBqoOkR6loMnKXAOOF5HNLPVIRliWeMKZpiE4E:sZAK/lGRgOUqmq9kR6lhKXgfzwliWpwP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910789", "to_ids": false, "type": "size-in-bytes", "uuid": "f7e0a079-0715-4843-a7e8-f107b95bf4b3", "value": "354816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910789", "to_ids": true, "type": "vhash", "uuid": "9833add9-3bfc-45c7-be00-b837bbb336f7", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910789", "to_ids": true, "type": "filename", "uuid": "aff034a9-d57c-4b3c-ac05-4bf39c2b184b", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910810", "uuid": "e26ea55f-28d2-4ff3-a106-19ed6bf73af7", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485197", "to_ids": true, "type": "md5", "uuid": "3cdc81da-aea7-4487-ad86-e31ab8df0380", "value": "ab5f57681299933c1f70b938caa526d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408730", "to_ids": true, "type": "sha1", "uuid": "c694361d-e69a-4442-ad11-5c99296c8a93", "value": "ad49f63ac27cab2a5ee08a036a6b64e12ce4402b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408730", "to_ids": true, "type": "sha256", "uuid": "41dd26dd-cb55-4da1-b312-197a6e07a4eb", "value": "3fd58dd86c4229deaaade4ddb08c7332667299a9b9a8478b08deaf9b6ca91cf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408729", "to_ids": true, "type": "ssdeep", "uuid": "bea57f54-1d16-4c81-9114-083116d9bda6", "value": "1536:elL9AgRqfGccceuIFYKXH2mgsRVTSNgymQgQxq:YL9yeYeuoXdgf3mQzq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408729", "to_ids": false, "type": "size-in-bytes", "uuid": "3c7fc6b0-4313-45cb-93f3-4368437c59f0", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408729", "to_ids": true, "type": "vhash", "uuid": "4dc2df1f-1261-4c58-9876-1180f4394bc8", "value": "06503e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408729", "to_ids": true, "type": "filename", "uuid": "3e63dd09-7294-4696-8184-cba927babb22", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408729", "to_ids": false, "type": "text", "uuid": "f5fd9b6f-a987-4646-9584-17641fdf8ef3", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910810", "to_ids": false, "type": "text", "uuid": "91a145dd-de56-4e3c-9b4b-a0a089fb5188", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910810", "to_ids": true, "type": "ssdeep", "uuid": "9542cf6b-8270-42d5-86ed-6cd65641f7ea", "value": "1536:elL9AgRqfGccceuIFYKXH2mgsRVTSNgymQgQxq:YL9yeYeuoXdgf3mQzq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910810", "to_ids": false, "type": "size-in-bytes", "uuid": "76526ed8-f4c6-4395-a25f-f9e22ec3108c", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910810", "to_ids": true, "type": "vhash", "uuid": "84ae030d-1fee-416c-bdb1-3e3c5f50b6a0", "value": "06503e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910810", "to_ids": true, "type": "filename", "uuid": "5a5ecb8b-2a54-407d-b924-26ee9ac723ef", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910831", "uuid": "96ad902c-f9c4-46c9-9123-8e7e8ede3308", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485218", "to_ids": true, "type": "md5", "uuid": "24c1e360-2255-471d-8161-32675555080d", "value": "ac3fbdbfbc08f41e4ad1c004180093f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408752", "to_ids": true, "type": "sha1", "uuid": "3e057968-bee9-4262-adfc-a3c0f92d3fc0", "value": "2284da9f2269d3b09fb95aba290abe832d1d5992", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408752", "to_ids": true, "type": "sha256", "uuid": "6330fe54-dc82-4594-b97c-152e05540d6b", "value": "d3906282c0ebe9541c6e1bc6617787083e8c3bffff714c1d0b47660b9017823e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408751", "to_ids": true, "type": "ssdeep", "uuid": "861fd807-7f49-401e-b169-d068d69dfcee", "value": "1536:0l79AtjGY+IkEghQ2yBF2Lu9F9nNwMMwt:W796jGQOuOuP9nU6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408751", "to_ids": false, "type": "size-in-bytes", "uuid": "77b45204-1b59-4413-aee3-872f5db2c23b", "value": "56320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408751", "to_ids": true, "type": "vhash", "uuid": "5651e3d0-d34e-4767-82e9-bb5699dcc9b4", "value": "05403e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408751", "to_ids": true, "type": "filename", "uuid": "b3c4fcd0-6e0b-4436-a409-43689cc1d9a4", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408751", "to_ids": false, "type": "text", "uuid": "07df7fc8-28b2-4dc4-b62d-985bd0d40e87", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:58/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910831", "to_ids": false, "type": "text", "uuid": "0f8bc367-cbd7-473d-ae27-5c688cb3829d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910831", "to_ids": true, "type": "ssdeep", "uuid": "fa1f1292-e661-4db5-ae20-08708436b838", "value": "1536:0l79AtjGY+IkEghQ2yBF2Lu9F9nNwMMwt:W796jGQOuOuP9nU6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910831", "to_ids": false, "type": "size-in-bytes", "uuid": "58f4be6a-b825-41cb-aa93-39ed31f10974", "value": "56320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910832", "to_ids": true, "type": "vhash", "uuid": "484315f8-86a3-42a3-8436-a7a9cb8231a4", "value": "05403e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910832", "to_ids": true, "type": "filename", "uuid": "ebfbccef-2ab4-43b3-bff6-8fdc9a53e268", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910853", "uuid": "23e74979-b08a-4a49-9dc9-a68e42012482", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485242", "to_ids": true, "type": "md5", "uuid": "0521e301-93bd-4404-bc96-b9b2efe6af67", "value": "ae735b1d9b7e9dd496d22409ceaeda66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408795", "to_ids": true, "type": "sha1", "uuid": "5697d2db-7f6a-4525-a704-1820e48d6ed3", "value": "ad7644febb80b5e4007cb67a357d5bad0f3d1f78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408796", "to_ids": true, "type": "sha256", "uuid": "ebe63677-a48a-4e9f-a4c2-0f5e9a3ca05d", "value": "814b0eb297fa98c879a494111b7afb7420a2d8e78cb0b89bdedcea41d5e8ace3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408795", "to_ids": true, "type": "ssdeep", "uuid": "11cf956a-695c-4ef6-aa37-23877f0d4a2a", "value": "1536:PlL9AgRqfGccceuIFYKXH2mgsRVTSNgymQ7G:dL9yeYeuoXdgf3mQ7G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408795", "to_ids": false, "type": "size-in-bytes", "uuid": "210f7866-64ca-4db3-8b5e-18bb815a942b", "value": "62976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408795", "to_ids": true, "type": "vhash", "uuid": "b21d14de-dd34-46dd-83b2-8d4564776b81", "value": "06403e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408795", "to_ids": true, "type": "filename", "uuid": "5009728a-34f5-4f63-9596-0618b08eb2d2", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408795", "to_ids": false, "type": "text", "uuid": "7e533952-6186-44d9-ac10-ad2a89e719b0", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:56/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910853", "to_ids": false, "type": "text", "uuid": "f3f1597a-56c6-40e9-bd0b-e791dfe77faf", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:57/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910853", "to_ids": true, "type": "ssdeep", "uuid": "e65d213e-1b59-4ffa-a73d-ce8d8985dbbc", "value": "1536:PlL9AgRqfGccceuIFYKXH2mgsRVTSNgymQ7G:dL9yeYeuoXdgf3mQ7G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910853", "to_ids": false, "type": "size-in-bytes", "uuid": "c4337084-3295-45f6-b1d5-89090f4e6600", "value": "62976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910853", "to_ids": true, "type": "vhash", "uuid": "279d75f9-bc6c-4b6c-bf1f-43607c3e8933", "value": "06403e0f7d1bz6rz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910853", "to_ids": true, "type": "filename", "uuid": "e8c40b89-3ccf-4b82-8984-c4686d882939", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910874", "uuid": "01158291-dfab-49e5-9e9c-a487a6190a2e", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485268", "to_ids": true, "type": "md5", "uuid": "d5b7701b-7db7-4434-8fcf-5186b3b466b1", "value": "b1ad89be2632933350683b91011a4aee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741408838", "to_ids": true, "type": "sha1", "uuid": "9e1e70d2-0831-43a9-af4d-a9375d5d0402", "value": "27f5f8c34b3ce411ad5280b2ce72d46445fbcf22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741408839", "to_ids": true, "type": "sha256", "uuid": "4e39d92d-0029-4110-a603-3f67ae877ad5", "value": "6823b6d1f0ccbc346b061fabcbb556f219ad58e612aaea475178df84a1a9b60c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741408838", "to_ids": true, "type": "ssdeep", "uuid": "886f286d-19da-46ed-9dd8-6bdcb6b97eac", "value": "6144:H5ZAKYkTzlGz9gOUb2GBqoOkR6loMnKXAOOF5HNLPVIRliWeMKZpiE4E:ZZAK/lGRgOUqmq9kR6lhKXgfzwliWpwP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741408838", "to_ids": false, "type": "size-in-bytes", "uuid": "9a7870f1-0898-41fc-b1f3-c68526460319", "value": "354816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741408838", "to_ids": true, "type": "vhash", "uuid": "bffd45cb-1d4b-46ef-891a-12bbcaf740ff", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741408838", "to_ids": true, "type": "filename", "uuid": "20a689b9-1775-4983-8950-81bdcbb6a9a4", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741408838", "to_ids": false, "type": "text", "uuid": "e0e4748f-ed6a-428f-99a7-6689b25b62e1", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:55/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910874", "to_ids": false, "type": "text", "uuid": "07beb48b-5bfc-410f-9683-bd06fd0591b9", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:55/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910874", "to_ids": true, "type": "ssdeep", "uuid": "585604b0-a6e1-4be1-90e1-6f46c4d02fc4", "value": "6144:H5ZAKYkTzlGz9gOUb2GBqoOkR6loMnKXAOOF5HNLPVIRliWeMKZpiE4E:ZZAK/lGRgOUqmq9kR6lhKXgfzwliWpwP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910874", "to_ids": false, "type": "size-in-bytes", "uuid": "9fcdbc9e-0600-4a87-990a-a4f929b68328", "value": "354816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910874", "to_ids": true, "type": "vhash", "uuid": "297cbe7c-141c-423d-a961-672bf46b1196", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910874", "to_ids": true, "type": "filename", "uuid": "4b08271a-c41c-421f-9c3c-80b612b9785b", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910896", "uuid": "5453dd8a-45e8-443d-bacc-cc159b13d5ff", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485291", "to_ids": true, "type": "md5", "uuid": "9812da7d-132f-41bd-82b8-6fb6a0195834", "value": "d413cf08ef7c6357dd0215b8b9ebe6f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409138", "to_ids": true, "type": "sha1", "uuid": "3a52fe58-be5f-4bc7-926b-bbb2cc25d93a", "value": "27b333dfab9a6783cc29a0873fe1eaef35cd4555", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409138", "to_ids": true, "type": "sha256", "uuid": "11122b60-8577-42a5-9269-0e6ccb1cd4f7", "value": "a46b8a14d6e95b3c57ddf7c811092672095563bd2e1336598b74c6d314b82e19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409137", "to_ids": true, "type": "ssdeep", "uuid": "e9e4738b-de56-4198-bdd4-23a9a715f324", "value": "1536:DR6JlDPegz74WYdhTcE404aEI49MKh1U0VxV5F/b+s4wNZC7oBQl3:DRqNPegPQDTcRIgMK39RLQ7oGl3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409137", "to_ids": false, "type": "size-in-bytes", "uuid": "798f7f50-5e83-4b33-8e50-ebaefb6d5536", "value": "115712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409137", "to_ids": true, "type": "vhash", "uuid": "9856732b-4766-41fe-9a0c-4c0c113219d4", "value": "01507f6f5f1f1f0f1f1az4frz4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409137", "to_ids": true, "type": "filename", "uuid": "3aabd0f4-7dca-4a3d-9400-8dead6c0d115", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409137", "to_ids": false, "type": "text", "uuid": "89976af6-4ef0-4b9a-9b15-4b0726501b89", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Multiverze\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910896", "to_ids": false, "type": "text", "uuid": "f12d9757-4b2f-4a73-9f25-8968f1d8312a", "value": "Type Description: Win32 EXE\n\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910896", "to_ids": true, "type": "ssdeep", "uuid": "26ffab2e-f14b-43a5-84a6-dfd10bae3336", "value": "1536:DR6JlDPegz74WYdhTcE404aEI49MKh1U0VxV5F/b+s4wNZC7oBQl3:DRqNPegPQDTcRIgMK39RLQ7oGl3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910896", "to_ids": false, "type": "size-in-bytes", "uuid": "7a140dd9-eca5-4bbe-ba65-4bae9e03c676", "value": "115712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910896", "to_ids": true, "type": "vhash", "uuid": "115a2c4a-261d-4f86-a644-d672eb71807b", "value": "01507f6f5f1f1f0f1f1az4frz4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910896", "to_ids": true, "type": "filename", "uuid": "bb0c1b6e-4bdc-4f7d-a8dd-e9cec35acf26", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910918", "uuid": "31449ee2-9df6-4701-8af7-6284fa213149", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485312", "to_ids": true, "type": "md5", "uuid": "6de4b547-4a52-499a-a992-2adfcf5380a6", "value": "d6bda8be4ba9563844b3b9367b73bd2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409181", "to_ids": true, "type": "sha1", "uuid": "f5964f11-0bcc-464f-a2b0-de40e0b3f777", "value": "b9f0a9df6d23afda103f289c07ff286269d463fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409181", "to_ids": true, "type": "sha256", "uuid": "b8bb328e-6f0c-4ed6-a045-a95397ba8043", "value": "7fa57b62a2ade518103a4387a8372ed45ab354ce5432978aefff05fac1552c8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409180", "to_ids": true, "type": "ssdeep", "uuid": "7542e460-3f2f-47eb-891f-c58c44d8126d", "value": "3072:RpLsZRLM++udcz4Jr9GN+Bpg8krZ0BTt5+outkF7xx4:0Ztp+udcz4i+4r6Jv+oS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409180", "to_ids": false, "type": "size-in-bytes", "uuid": "3cd6827d-c41e-4b28-b8d6-7ce45888f4f5", "value": "167424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409180", "to_ids": true, "type": "vhash", "uuid": "0991d6d4-180c-49be-8526-a9eaf8d5886a", "value": "01505e6f1d1d1d6az4frz4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409180", "to_ids": true, "type": "filename", "uuid": "c8548f71-6ccb-442b-a0c5-c0d0c588b522", "value": "Redis.exe.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409180", "to_ids": false, "type": "text", "uuid": "95520f87-e73b-4ad2-a740-bdc8c63a0e01", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:59/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910918", "to_ids": false, "type": "text", "uuid": "9972df5e-cf14-439e-a6fd-4af8aa23a8f7", "value": "Type Description: Win32 EXE\n\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:59/72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910918", "to_ids": true, "type": "ssdeep", "uuid": "7b03d8a8-379d-4368-bed2-cb75c7bda627", "value": "3072:RpLsZRLM++udcz4Jr9GN+Bpg8krZ0BTt5+outkF7xx4:0Ztp+udcz4i+4r6Jv+oS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910918", "to_ids": false, "type": "size-in-bytes", "uuid": "c664963f-eadb-4f8f-af4c-7fe88ea1723d", "value": "167424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910918", "to_ids": true, "type": "vhash", "uuid": "5c7ca846-cbf2-41a5-8411-8a7345ed3bb1", "value": "01505e6f1d1d1d6az4frz4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910918", "to_ids": true, "type": "filename", "uuid": "f666c8c9-c511-4fce-8d35-c88c7ba01b51", "value": "Redis.exe.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910939", "uuid": "93b5f4b1-2cfa-4530-a123-396c4bea74be", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485334", "to_ids": true, "type": "md5", "uuid": "18ddea6c-0268-4988-a4d2-cd85ce1a7f16", "value": "dc2676b0c54b31a017ada4f62693de54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409203", "to_ids": true, "type": "sha1", "uuid": "122283eb-d91d-4fa2-9b56-3d8c0fb557cf", "value": "d1132b1eae6d94c4bb1680874527593de3709a78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409203", "to_ids": true, "type": "sha256", "uuid": "bafb599c-7ffe-4a50-9d4e-141a8124e418", "value": "e9c25395e7f70f3f649eb25794a477f347cfcb9498c8de312262d385d94300bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409202", "to_ids": true, "type": "ssdeep", "uuid": "5bb003f8-fec3-4b50-89e1-91e1725c5f66", "value": "6144:VBDspp0MzdKYkTzlGz9gOUb2GBqoOkR6loMnKXAOvL/sxZ45Df7tD6oXhTSZ:VqppzzdK/lGRgOUqmq9kR6lhKXRL/uZn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409202", "to_ids": false, "type": "size-in-bytes", "uuid": "5900d7a7-be1c-411f-a05d-402dec995819", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409202", "to_ids": true, "type": "vhash", "uuid": "a966a505-f8fc-4e1e-98f2-e1c7b11428e0", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409202", "to_ids": true, "type": "filename", "uuid": "1d107a36-2ae5-4b34-98a2-06224b936fd8", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409202", "to_ids": false, "type": "text", "uuid": "ddb59970-3fb0-4b2f-984d-eea74735bcf2", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze\nVT Total Detection:56/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910939", "to_ids": false, "type": "text", "uuid": "ed2aaf38-62b6-4a6a-a736-b89d2a9d0ae9", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze\nVT Total Detection:56/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910939", "to_ids": true, "type": "ssdeep", "uuid": "0f580a30-6b6c-4c9b-b909-3851dab5e620", "value": "6144:VBDspp0MzdKYkTzlGz9gOUb2GBqoOkR6loMnKXAOvL/sxZ45Df7tD6oXhTSZ:VqppzzdK/lGRgOUqmq9kR6lhKXRL/uZn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910939", "to_ids": false, "type": "size-in-bytes", "uuid": "2e473582-7894-4344-a03e-c8ea9da1fa48", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910939", "to_ids": true, "type": "vhash", "uuid": "e19352b0-c2ea-41e3-bf41-6cc8c440a663", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910939", "to_ids": true, "type": "filename", "uuid": "2996c509-20b1-4ea1-a7d9-574e84cfc5f7", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910961", "uuid": "8438471f-1f73-4b87-9bbe-f5be26abc968", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485356", "to_ids": true, "type": "md5", "uuid": "c5a0fe5f-cfc7-41e1-a0ce-c9866d1de7d1", "value": "e0d5b46dffee56c337fdc172ce617850", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409267", "to_ids": true, "type": "sha1", "uuid": "dd8fff08-ecd3-4b86-9d0c-1ae2fe4063db", "value": "1785e9c1b82a4b268b1055457cce5ed23afd8817", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409267", "to_ids": true, "type": "sha256", "uuid": "d21d5b02-b56f-4e9c-b8a5-8acb34424dc5", "value": "58ed95527d5dae930308dc5862934ba6811216f4cd68f7aac30ed8df0b180eda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409266", "to_ids": true, "type": "ssdeep", "uuid": "829182a1-b69b-469d-8699-a1106e5b9efc", "value": "6144:Y5ZAKYkTzlGz9gOUb2GBqoOkR6loMnKXAOOF5HNLPVIRliWeMKZpiE4E:oZAK/lGRgOUqmq9kR6lhKXgfzwliWpwP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409266", "to_ids": false, "type": "size-in-bytes", "uuid": "0ae3da3c-35e1-45c5-8d8d-8d37ff792256", "value": "354816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409266", "to_ids": true, "type": "vhash", "uuid": "dae65ca7-be2b-4334-b54c-ed012940612e", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409266", "to_ids": true, "type": "filename", "uuid": "4ae25871-5eaa-4cc8-accb-7fd4f1ce25aa", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409266", "to_ids": false, "type": "text", "uuid": "af180754-7760-4eac-aa73-4dbca9df8aa8", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:53/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910961", "to_ids": false, "type": "text", "uuid": "7f098f18-b280-4cec-84f5-035cc5827bf0", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:54/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910961", "to_ids": true, "type": "ssdeep", "uuid": "d35f40f6-2267-42f2-92bd-6c82864c0d45", "value": "6144:Y5ZAKYkTzlGz9gOUb2GBqoOkR6loMnKXAOOF5HNLPVIRliWeMKZpiE4E:oZAK/lGRgOUqmq9kR6lhKXgfzwliWpwP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910961", "to_ids": false, "type": "size-in-bytes", "uuid": "b160c8f1-499b-4967-8697-8ac8990f0162", "value": "354816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910961", "to_ids": true, "type": "vhash", "uuid": "dbdcb9dc-6df8-417c-8230-2c6e4cfc3291", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910961", "to_ids": true, "type": "filename", "uuid": "253f385e-8370-4e9a-a9e9-d560e5c57b82", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741910982", "uuid": "cdf6957f-c07d-4b74-adf3-b65e4aee22b3", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485379", "to_ids": true, "type": "md5", "uuid": "d008128b-c671-4029-9054-6250e2ae70b2", "value": "e8204900e8acb502ca6e008f9532b35e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409331", "to_ids": true, "type": "sha1", "uuid": "b848028b-fc70-4b32-b7d5-a49e78657550", "value": "182e599b5daf3aa57672a70f4491f6eafa46215a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409331", "to_ids": true, "type": "sha256", "uuid": "2ad0d299-4365-4c56-8b88-84fbf19bc4cf", "value": "cbdb5e1f7e43fdd10ee59a51d8622292507473b1f434ae63d9d307bbc4a27134", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409330", "to_ids": true, "type": "ssdeep", "uuid": "acf8e720-bc1e-4b47-8442-dc46b4c8cd4c", "value": "6144:tx7gb/HatyKYkTzlGz9gOUb2GBqoOkR6loMnKXAOABu5UAb9Fs5c2yApxP34872f:txy6tyK/lGRgOUqmq9kR6lhKXiB3a9FR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409330", "to_ids": false, "type": "size-in-bytes", "uuid": "29495316-4bb5-4135-9fa9-59275d15a622", "value": "354304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409330", "to_ids": true, "type": "vhash", "uuid": "a8831aad-84bc-4272-993c-fb8f2493dcf4", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409330", "to_ids": true, "type": "filename", "uuid": "802c3802-8752-4581-9875-257e958ce4e8", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409330", "to_ids": false, "type": "text", "uuid": "3fc1789a-47ac-4643-8b2a-ebba6e683578", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze!rfn\nVT Total Detection:56/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741910982", "to_ids": false, "type": "text", "uuid": "6daf38e0-1d81-4aed-805f-ab51c206f3e5", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze!rfn\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741910982", "to_ids": true, "type": "ssdeep", "uuid": "067acdae-3876-485c-859c-2564e1c7d6e5", "value": "6144:tx7gb/HatyKYkTzlGz9gOUb2GBqoOkR6loMnKXAOABu5UAb9Fs5c2yApxP34872f:txy6tyK/lGRgOUqmq9kR6lhKXiB3a9FR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741910982", "to_ids": false, "type": "size-in-bytes", "uuid": "0ad7e6c4-c6c4-4b80-920a-999d44982733", "value": "354304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741910982", "to_ids": true, "type": "vhash", "uuid": "256123ef-b777-4eb5-9caf-e3d6188ebdfe", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741910982", "to_ids": true, "type": "filename", "uuid": "b166d030-2304-4e59-a3d3-6453871111bd", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911004", "uuid": "38f238f5-6f05-4cbd-aa2d-a2e289f27e3d", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485401", "to_ids": true, "type": "md5", "uuid": "4ec9d1bd-c1a3-4c11-ba59-6167d2549ded", "value": "ed036740be0a8e3203a54edd4d4b735c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409419", "to_ids": true, "type": "sha1", "uuid": "8a17e502-aca9-4a06-ba22-69f4f6aae003", "value": "dec135388e2e609b4e72178ec9b289eceba1ed4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409419", "to_ids": true, "type": "sha256", "uuid": "9cd16a24-2978-4174-a76a-d250479bb04e", "value": "1eb675275a4f07ab6a208453aa64d44fbba055516d9b1fc670073be0f3b91b44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409418", "to_ids": true, "type": "ssdeep", "uuid": "242dfeb5-eee2-4fa5-bd14-bc246dad31b4", "value": "6144:vP+lzW5eyh33XuLLdKYkTzlGz9gOUb2GBqoOkR6loMnKXAOuAkLXKnvr1rXsrJAf:vtxnuLLdK/lGRgOUqmq9kR6lhKX76XYB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409418", "to_ids": false, "type": "size-in-bytes", "uuid": "ee60f40a-b520-45ee-a66f-51511d4a22e8", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409418", "to_ids": true, "type": "vhash", "uuid": "67a0f9c8-ebe0-451c-a993-f10be83192d7", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409418", "to_ids": true, "type": "filename", "uuid": "bad486de-3337-4522-80a5-6dee2db0c1e1", "value": "modeGameT.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409418", "to_ids": false, "type": "text", "uuid": "f90be1d8-3201-4996-ba97-9733a458f4c7", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Multiverze!rfn\nVT Total Detection:55/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911004", "to_ids": false, "type": "text", "uuid": "25e48deb-464d-4de7-b0ba-585d6fb556c4", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDownloader:Win32/Multiverze!rfn\nVT Total Detection:56/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911004", "to_ids": true, "type": "ssdeep", "uuid": "fcfd488e-ec33-44ae-b09f-97074f61d912", "value": "6144:vP+lzW5eyh33XuLLdKYkTzlGz9gOUb2GBqoOkR6loMnKXAOuAkLXKnvr1rXsrJAf:vtxnuLLdK/lGRgOUqmq9kR6lhKX76XYB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911004", "to_ids": false, "type": "size-in-bytes", "uuid": "7328d8c3-a114-48f8-b2c7-de18d6e65ea0", "value": "355328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911004", "to_ids": true, "type": "vhash", "uuid": "a4b63023-57fe-4f72-80fc-67b97d3b4af6", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911004", "to_ids": true, "type": "filename", "uuid": "0ec4f044-d407-41d9-97e9-b8bac96bd5e7", "value": "modeGameT.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911025", "uuid": "ad6d68c2-b5e4-4415-9b54-a015035640a4", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485426", "to_ids": true, "type": "md5", "uuid": "d31f1e5a-0204-4cc7-91b7-da4f75cc1cd0", "value": "fdc35392af34ef43291b8f7f959ef501", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409462", "to_ids": true, "type": "sha1", "uuid": "14628a80-9b01-4a70-9066-ba06b77a0e98", "value": "449cf6ef42be193c6eaffb51c0264b89423adcbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409462", "to_ids": true, "type": "sha256", "uuid": "d1915180-89a8-4d20-9846-7f74da63e600", "value": "55dcd01848a03db4d71876e45397c5395391f708c2445549d26a169a72d9f295", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409461", "to_ids": true, "type": "ssdeep", "uuid": "02c6bdd3-ec8d-43bd-ac01-71f743f4fb76", "value": "6144:bNYzsmvKYkTzlGz9gOUb2GBqoOkR6loMnKXAOKTYE3mqkgicpvGZROD6ELZUoBVu:JYRK/lGRgOUqmq9kR6lhKXYTYE3PJjp0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409461", "to_ids": false, "type": "size-in-bytes", "uuid": "8205454e-1ba3-4a2a-abdc-cfbcb54b5baa", "value": "356352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409461", "to_ids": true, "type": "vhash", "uuid": "fbff33c5-f396-43e2-9c21-35e3ce9c572f", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409461", "to_ids": true, "type": "filename", "uuid": "77e5c2d1-8dcb-4c44-aa56-45652f84f957", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409461", "to_ids": false, "type": "text", "uuid": "6a32704e-c578-4a7b-8578-3a6450f800fe", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:54/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911025", "to_ids": false, "type": "text", "uuid": "9de2f9b4-f27e-497d-8856-6d1bcd13526e", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:53/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911025", "to_ids": true, "type": "ssdeep", "uuid": "df11c6e4-f29b-4592-bf77-f09014a97fb6", "value": "6144:bNYzsmvKYkTzlGz9gOUb2GBqoOkR6loMnKXAOKTYE3mqkgicpvGZROD6ELZUoBVu:JYRK/lGRgOUqmq9kR6lhKXYTYE3PJjp0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911025", "to_ids": false, "type": "size-in-bytes", "uuid": "3d37290c-d303-4193-aa64-f871b385ca64", "value": "356352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911025", "to_ids": true, "type": "vhash", "uuid": "20cb8a14-8445-4fba-b2c2-e6dd817b4241", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911025", "to_ids": true, "type": "filename", "uuid": "d9416eab-5f2f-43c6-8b27-b1debbbd6116", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911047", "uuid": "028c5e6c-b7de-46ed-8054-533a857c1ce8", "Attribute": [ { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485448", "to_ids": true, "type": "md5", "uuid": "5b15775d-8985-4218-bc6b-ba7b91410d01", "value": "feb8e6059a234ea689404d3d4336e8af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409485", "to_ids": true, "type": "sha1", "uuid": "c0505ab8-2640-4f7c-bc12-4e2512ea1baa", "value": "d157ef263d2c99bf9407214228f34e6ba6cf4e1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "first stage loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409485", "to_ids": true, "type": "sha256", "uuid": "c4f46497-b400-49c8-ba2f-78e8fd03d58f", "value": "834641ea7846f5c9d27950ad56b26bfaf98ac4801c1dc36c34282f24a8d0d8eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409484", "to_ids": true, "type": "ssdeep", "uuid": "f6e5a3d6-375e-45ad-9443-bd42695f2a7c", "value": "6144:04zIIwOO0dDa9KYkTzlGz9gOUb2GBqoOkR6loMnKXAOUaQdv4RI1dohpqMJGM/aZ:04MIBOu2K/lGRgOUqmq9kR6lhKXFK4RI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409484", "to_ids": false, "type": "size-in-bytes", "uuid": "fa88c210-bbfb-44a1-b103-72f361449ca7", "value": "354304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409484", "to_ids": true, "type": "vhash", "uuid": "e8b09985-1982-413f-bea4-3b7601743cd8", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409484", "to_ids": true, "type": "filename", "uuid": "f21dd96a-25f3-4437-8d86-e1fd27126c5a", "value": "modeGame.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409484", "to_ids": false, "type": "text", "uuid": "ad91319b-a4dc-4044-9f6e-15cb2dd4dd89", "value": "first stage loader\r\nType Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze!rfn\nVT Total Detection:56/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911047", "to_ids": false, "type": "text", "uuid": "e924a341-8167-40ce-9b19-93ed529e829f", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Multiverze!rfn\nVT Total Detection:55/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911047", "to_ids": true, "type": "ssdeep", "uuid": "4b95dc81-900a-4a27-be83-5c4615bb0fe4", "value": "6144:04zIIwOO0dDa9KYkTzlGz9gOUb2GBqoOkR6loMnKXAOUaQdv4RI1dohpqMJGM/aZ:04MIBOu2K/lGRgOUqmq9kR6lhKXFK4RI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911047", "to_ids": false, "type": "size-in-bytes", "uuid": "b7ffd2a5-d0bf-454f-8208-18a9c21b9069", "value": "354304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911047", "to_ids": true, "type": "vhash", "uuid": "4b096e87-0e2a-46ab-a745-64d5379ea6dd", "value": "03507f7f7f7f5f0f7fcz39z1fz1bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911047", "to_ids": true, "type": "filename", "uuid": "e752915e-495d-4071-9177-78ca2071137b", "value": "modeGame.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911069", "uuid": "f2414884-2bbd-4672-8d12-584a5e45aa58", "Attribute": [ { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485469", "to_ids": true, "type": "md5", "uuid": "95eb1da7-da73-493c-85ec-43f23a17a1ce", "value": "4e40c9945cc8b62c123e5636155e96a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409506", "to_ids": true, "type": "sha1", "uuid": "f6894f78-c94d-4ab1-8ae2-bd2fa28e68f9", "value": "061d58ef685fb31f7ae10029667d177a91a87576", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409507", "to_ids": true, "type": "sha256", "uuid": "026e1b4b-6eb0-46bd-998e-d88e33b70fc2", "value": "36c69d8133ce8169219f0bee80dbf5e61bab7e903b6275a13d15a99d294cee60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409506", "to_ids": true, "type": "ssdeep", "uuid": "4de86408-b9a4-4137-b55a-7e63e7aa75fb", "value": "6144:XXW6fki4s8CneJ7Zkt1FH7iXQ8zGrQ/D8j2/:XG6ci48eJ7ZkT8XQOt/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409506", "to_ids": false, "type": "size-in-bytes", "uuid": "bdd50228-da40-41d3-aa84-e3644dcaa48e", "value": "204807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409506", "to_ids": true, "type": "filename", "uuid": "99bdb3de-585a-4838-8317-e0bb44b165ef", "value": "BEFORE.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409506", "to_ids": false, "type": "text", "uuid": "906231bd-c2c7-4539-a34c-801b8897be0f", "value": "configurator (before.dll)\r\nType Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/61" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911069", "to_ids": false, "type": "text", "uuid": "f767f910-4ef6-45b3-aac9-dc74c2cecc43", "value": "Type Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911069", "to_ids": true, "type": "ssdeep", "uuid": "dd8856c7-5aa8-4694-bb39-086203ab69ab", "value": "6144:XXW6fki4s8CneJ7Zkt1FH7iXQ8zGrQ/D8j2/:XG6ci48eJ7ZkT8XQOt/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911069", "to_ids": false, "type": "size-in-bytes", "uuid": "51e6a5b9-4748-484f-babf-6775ac7faf28", "value": "204807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911069", "to_ids": true, "type": "filename", "uuid": "2b12a254-eac7-4b28-9833-44fed44c4bf3", "value": "BEFORE.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911090", "uuid": "d6acc75f-9bab-4d88-aadb-fff952b13444", "Attribute": [ { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485491", "to_ids": true, "type": "md5", "uuid": "e25c6078-fa93-40bc-a6be-e66da62f522c", "value": "6bfe01cd9c038aa90bcd600d49657c21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409528", "to_ids": true, "type": "sha1", "uuid": "eea62197-8118-4552-a444-0035264ec71e", "value": "11bfa01f8d3d79ce48080f1f24d8b21438f1355e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409528", "to_ids": true, "type": "sha256", "uuid": "f8cc3e4a-bdc7-4723-b0ed-65e6ae9fea50", "value": "5a22e9170bbcd11bc992ae8dd2d51d43c1302a12371208c801c72055d25b9d3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409527", "to_ids": true, "type": "ssdeep", "uuid": "cd89efe8-4600-4eb8-aabd-ccbd92e0ea50", "value": "6144:TJgpDL4ThQ3ufKdLx8aZzCPBdAOgMK6jF6p:T2WK3ufKX0dyoF6p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409527", "to_ids": false, "type": "size-in-bytes", "uuid": "8dfa88ec-c0d6-4cce-8a48-4287f9172a1d", "value": "268807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409527", "to_ids": true, "type": "vhash", "uuid": "b2c611ce-8225-43b6-b97e-d75874f0086f", "value": "125056655d15556038z5iz13z1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409527", "to_ids": true, "type": "filename", "uuid": "80cb3da4-21da-479c-adc4-6ac625082e52", "value": "BEFORE.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409527", "to_ids": false, "type": "text", "uuid": "e7cffdea-66fe-43af-84cd-ef901aa71bed", "value": "configurator (before.dll)\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:50/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911090", "to_ids": false, "type": "text", "uuid": "ccba7532-075c-4157-9007-890b38d8cdc5", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:51/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911090", "to_ids": true, "type": "ssdeep", "uuid": "fa9bbd42-87e0-466f-9aaf-4d8bf0f033fe", "value": "6144:TJgpDL4ThQ3ufKdLx8aZzCPBdAOgMK6jF6p:T2WK3ufKX0dyoF6p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911090", "to_ids": false, "type": "size-in-bytes", "uuid": "78f1ca6e-7df2-480c-882c-446c69cc14ee", "value": "268807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911090", "to_ids": true, "type": "vhash", "uuid": "b669d07d-df42-4479-a0d7-cb7ac749774a", "value": "125056655d15556038z5iz13z1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911090", "to_ids": true, "type": "filename", "uuid": "edd3b173-6bf0-44de-94d5-3356b5cce4c4", "value": "BEFORE.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911112", "uuid": "a7f0c574-95af-4ade-9caf-37bc6eb10ebb", "Attribute": [ { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485512", "to_ids": true, "type": "md5", "uuid": "99fb64b1-cd66-491a-9af8-e5c612934968", "value": "80c7667c14df5b92ab206b2ea9b42aff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409550", "to_ids": true, "type": "sha1", "uuid": "8713cc5e-6051-49ad-85d1-4cb0c1037119", "value": "2486b96a5e27f091ec4b6a480f3d9917ad610997", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409550", "to_ids": true, "type": "sha256", "uuid": "37465c35-0803-4760-8439-f54f88b1be4e", "value": "c2eb7eb7d989a13d8d2c13789c8aa6707434041199715a43bed21e1938187dd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409549", "to_ids": true, "type": "ssdeep", "uuid": "dc073f5c-475d-423b-a3a0-48d9ef34041b", "value": "6144:SHHyQOy66S6nnLgN0tolxsBPzmWuCcs1DrIhbhVxrIrBIU6vOKs1C:Ssy66SCzmWXrIh/FgaU6vOR0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409549", "to_ids": false, "type": "size-in-bytes", "uuid": "9d0da43d-6883-4f78-a900-0771a29a6740", "value": "279559" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409549", "to_ids": true, "type": "filename", "uuid": "6a0fd971-0139-4c57-9179-ac1656aa3e96", "value": "BEFORE.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409549", "to_ids": false, "type": "text", "uuid": "dca0459e-9b71-4821-946a-52d3707e54da", "value": "configurator (before.dll)\r\nType Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/61" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911112", "to_ids": false, "type": "text", "uuid": "b3317e5d-9973-473d-bd2d-7c556b0295df", "value": "Type Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911112", "to_ids": true, "type": "ssdeep", "uuid": "25de7ef5-ec05-4ac5-8f9f-cf8af841c079", "value": "6144:SHHyQOy66S6nnLgN0tolxsBPzmWuCcs1DrIhbhVxrIrBIU6vOKs1C:Ssy66SCzmWXrIh/FgaU6vOR0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911112", "to_ids": false, "type": "size-in-bytes", "uuid": "95c6cb08-d19c-4e65-91f9-6942d684d71d", "value": "279559" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911112", "to_ids": true, "type": "filename", "uuid": "2a334c23-220c-41f0-8079-98a5851ebfb3", "value": "BEFORE.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911133", "uuid": "334903c2-7984-41c0-8ee4-178119809d90", "Attribute": [ { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485533", "to_ids": true, "type": "md5", "uuid": "d4f068aa-2ecc-4c0c-9a50-51451a5ec2a7", "value": "eb53df9fe23d469350885164aa82215e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409572", "to_ids": true, "type": "sha1", "uuid": "80a7d901-97f8-4e9d-a209-7d7381b2c2b9", "value": "12d416b29e72916a1069a9a7fc93b670e1c6210b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "configurator (before.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409573", "to_ids": true, "type": "sha256", "uuid": "b7014dfd-4f76-4879-959e-075e81f95be8", "value": "d955de9af0276c0a4fcdb1783265ee9538fe19ac4cee2484e271add0fce402dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409572", "to_ids": true, "type": "ssdeep", "uuid": "e04866fc-2de7-41a8-8e27-b8a562076983", "value": "3072:EuKut2YLyRWR/5TDrChvUwm5bWtdeTJDtjiDcmfytg0osZxXQMq3:EdG2QFhChvlsbWtdGnmfyt5oiBQMk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409572", "to_ids": false, "type": "size-in-bytes", "uuid": "bfe38429-ad86-4e81-8d53-b04e836e9f5e", "value": "196615" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409572", "to_ids": true, "type": "filename", "uuid": "dd49dfb9-c5be-4ad4-898d-83b49724910d", "value": "BEFORE.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409572", "to_ids": false, "type": "text", "uuid": "09533b03-ebaa-4f74-b66d-f4f4b9743a63", "value": "configurator (before.dll)\r\nType Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/61" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911133", "to_ids": false, "type": "text", "uuid": "7ce6d1a6-5bac-435f-bfe6-6fdfc03de58f", "value": "Type Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911133", "to_ids": true, "type": "ssdeep", "uuid": "b9efe0e4-5af4-4e46-984f-90210c700cb6", "value": "3072:EuKut2YLyRWR/5TDrChvUwm5bWtdeTJDtjiDcmfytg0osZxXQMq3:EdG2QFhChvlsbWtdGnmfyt5oiBQMk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911133", "to_ids": false, "type": "size-in-bytes", "uuid": "0fa1f336-c0f5-4eae-9c74-11a0eb9bf3cf", "value": "196615" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911133", "to_ids": true, "type": "filename", "uuid": "22bbb8c3-d772-4e09-9ed3-7844f56f55e8", "value": "BEFORE.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911155", "uuid": "1e12c1d7-28fd-423b-bdc1-dda51b4cebb8", "Attribute": [ { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485554", "to_ids": true, "type": "md5", "uuid": "457d5411-49c9-4408-a2c7-a2f090420856", "value": "32c105c5229843aaebf12621359195a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409594", "to_ids": true, "type": "sha1", "uuid": "943a9344-015f-453c-b438-b7eeb17844f6", "value": "536b04f939cee8818ba0f4ce1e838a1681762167", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409595", "to_ids": true, "type": "sha256", "uuid": "72a50c95-e328-4684-a80d-aaa8f3a3cdfb", "value": "a40c897c1404b6b5e49b84d8150b222cacf90e12f549737f0da175709082143e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409594", "to_ids": true, "type": "ssdeep", "uuid": "4c2f99ca-eeb5-4b40-8806-7d29dadb9f5a", "value": "98304:P0ckVoWuBG1xSbigqskoDGIFmA9offKBenKugwQ6cq6:PjkVoWuBIlskoDGUmA95lr0cN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409594", "to_ids": false, "type": "size-in-bytes", "uuid": "fbd7b09b-7122-4905-a3c0-46a617b05e9f", "value": "4870663" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409594", "to_ids": true, "type": "filename", "uuid": "5bc01058-6fa6-437b-985f-266f899a6ede", "value": "FANGAO.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409594", "to_ids": false, "type": "text", "uuid": "b9c4ccd7-7df2-40f8-a882-fedc82197414", "value": "second stage loader (fangao.dll)\r\nType Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/61" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911155", "to_ids": false, "type": "text", "uuid": "b131cde8-7d29-43f6-9240-07b8e636d69f", "value": "Type Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911155", "to_ids": true, "type": "ssdeep", "uuid": "6d58d5a4-7e8f-4caa-af55-a9ff77719443", "value": "98304:P0ckVoWuBG1xSbigqskoDGIFmA9offKBenKugwQ6cq6:PjkVoWuBIlskoDGUmA95lr0cN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911155", "to_ids": false, "type": "size-in-bytes", "uuid": "62f6cd64-2c91-49f3-8e8f-ba0f631a6c4e", "value": "4870663" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911155", "to_ids": true, "type": "filename", "uuid": "dad0abca-f230-42b3-8fc1-19f09549f6ab", "value": "FANGAO.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911176", "uuid": "3e84c61c-dcb2-4502-be6b-3f174c52093b", "Attribute": [ { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485575", "to_ids": true, "type": "md5", "uuid": "270be58b-f831-4d47-9ed0-225a1ae71494", "value": "34b29454676e780d81d8bba066d7d94f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409616", "to_ids": true, "type": "sha1", "uuid": "b5f8c1a9-0dfe-40c7-9c76-fe6794de6eea", "value": "333eff7ceb60065356c0998a3e53f2e724918a1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409616", "to_ids": true, "type": "sha256", "uuid": "e786518a-bf06-464a-9be3-c454461da25a", "value": "b16718f21d9d8b4c7d8bc9270926a00ce362908b522a56295c073e0d852c1ca1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409615", "to_ids": true, "type": "ssdeep", "uuid": "c4fa4ba9-7bd7-48e4-9b5a-e7611aa39f06", "value": "24576:vSBMj3MIFzcHm6wxgWQYgZbOv5OL52+RPLpa8hXDErnPPUQVQQG3W+5zIzvsoZ7W:6gMIhQm6whQXbOwm8ZSPcCQQ05Pox5Gl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409615", "to_ids": false, "type": "size-in-bytes", "uuid": "b3f5fa25-e08d-4d77-a48f-bfc191f92255", "value": "1548295" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409615", "to_ids": true, "type": "filename", "uuid": "5bd9e23d-26ed-4bf1-8501-60e97745bf40", "value": "FANGAO.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409615", "to_ids": false, "type": "text", "uuid": "073d16aa-04cb-4da7-ae82-eee1e790d76c", "value": "second stage loader (fangao.dll)\r\nType Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/61" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911176", "to_ids": false, "type": "text", "uuid": "961f257f-f88d-4df5-8e9b-13de85697309", "value": "Type Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911176", "to_ids": true, "type": "ssdeep", "uuid": "ebfcd030-69d2-4785-b58a-50f9e9486d25", "value": "24576:vSBMj3MIFzcHm6wxgWQYgZbOv5OL52+RPLpa8hXDErnPPUQVQQG3W+5zIzvsoZ7W:6gMIhQm6whQXbOwm8ZSPcCQQ05Pox5Gl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911176", "to_ids": false, "type": "size-in-bytes", "uuid": "d51a8f2a-ecbb-4a0b-b99c-0f70f375741c", "value": "1548295" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911176", "to_ids": true, "type": "filename", "uuid": "73a07c58-d4f3-493a-b175-a47352a1855e", "value": "FANGAO.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911198", "uuid": "05e1a9a3-cfc4-4f34-9658-a0539a158de2", "Attribute": [ { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485596", "to_ids": true, "type": "md5", "uuid": "6fb688ee-6700-433c-8386-a9e524d397f1", "value": "8577438ecff5753ddcf427b93c5976c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409638", "to_ids": true, "type": "sha1", "uuid": "86a473c7-81ee-47fc-b69c-459352787e3f", "value": "21ede3949e0400578e78682979879d8ae2bf61b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409638", "to_ids": true, "type": "sha256", "uuid": "fb9f7e5e-e483-4a5c-a90e-8df98789978f", "value": "559861ad0be5526819650d26566ad6ca25dd0f54df0a81352006e75a5da3d92b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409637", "to_ids": true, "type": "ssdeep", "uuid": "2af74f98-30d6-4d98-ad86-cb78b72ea0ff", "value": "98304:sxZhmQGf7B3gz+jirakqDYndq9hx67LliGGd6:sZmQGf7SwkqDM49hxcLliGGE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409637", "to_ids": false, "type": "size-in-bytes", "uuid": "60fa966a-5391-4fb3-92fa-7bdfeb0cdbe2", "value": "4870663" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409637", "to_ids": true, "type": "vhash", "uuid": "165c0fdf-6538-40da-84a8-5228b59aa84b", "value": "146056655d15756038z72hz33ze1z41z86z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409637", "to_ids": true, "type": "filename", "uuid": "ce5aba12-d1df-4047-9059-3d07448719d9", "value": "8577438ecff5753ddcf427b93c5976c8.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409637", "to_ids": false, "type": "text", "uuid": "83741383-1aca-4d64-bf2a-193b637aced4", "value": "second stage loader (fangao.dll)\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:50/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911198", "to_ids": false, "type": "text", "uuid": "5f39a7bd-129e-4b42-bf47-b717015e3f3a", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:49/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911198", "to_ids": true, "type": "ssdeep", "uuid": "f9240152-1535-4f03-b9c4-6b6a0ae5df54", "value": "98304:sxZhmQGf7B3gz+jirakqDYndq9hx67LliGGd6:sZmQGf7SwkqDM49hxcLliGGE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911198", "to_ids": false, "type": "size-in-bytes", "uuid": "b9ce6645-c1ed-4b82-bb57-d90a67294860", "value": "4870663" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911198", "to_ids": true, "type": "vhash", "uuid": "3440ec0d-d568-4043-a620-6ef9c5beed4b", "value": "146056655d15756038z72hz33ze1z41z86z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911198", "to_ids": true, "type": "filename", "uuid": "2ec8fc1b-dbe1-4d67-b0c2-ca61faf9dfa6", "value": "8577438ecff5753ddcf427b93c5976c8.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911223", "uuid": "d6c31c48-f9ce-49fd-a8be-94f3fe12f73a", "Attribute": [ { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485618", "to_ids": true, "type": "md5", "uuid": "993be702-a4d6-44d4-b586-79ce97f99b04", "value": "f481a67933055956e8dd77b4b2bde9ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409660", "to_ids": true, "type": "sha1", "uuid": "8ec12e40-e8f1-47f8-a34a-083006dbe1f8", "value": "7bd5cd556364a846d86df6352e172c1c005480c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "second stage loader (fangao.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409660", "to_ids": true, "type": "sha256", "uuid": "e6823c52-856c-4cae-b283-492606e042b0", "value": "41cf63c0d5e3358bc2cf77439a2c76057590d45a194205e251ff97c5ea1d3903", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409659", "to_ids": true, "type": "ssdeep", "uuid": "1b5460b5-b19d-4cad-8b92-fdea59fecd4a", "value": "24576:L0OMiFc0VAmDvys8MOlJuqrhVXxRwfM6S7St64pCj6nhNWCzcFoOoNBuj+dvyskm:LFVvi3xh5864pCQ+CQForBujL2K9Ex" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409659", "to_ids": false, "type": "size-in-bytes", "uuid": "da90d6cb-fcde-4a57-a337-5344b6bea20d", "value": "1548295" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409659", "to_ids": true, "type": "filename", "uuid": "3dd3e380-a1de-4c96-8aff-e24b947ceea2", "value": "FANGAOtest.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409659", "to_ids": false, "type": "text", "uuid": "41333ef0-90a8-4d27-ab3b-c63f715ff194", "value": "second stage loader (fangao.dll)\r\nType Description: DOS EXE\n\nMicrosoft: None\nVT Total Detection:6/61" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911223", "to_ids": false, "type": "text", "uuid": "4f09e76a-d815-413c-a659-389234bed659", "value": "Type Description: DOS EXE\n\nMicrosoft: None\nVT Total Detection:6/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911223", "to_ids": true, "type": "ssdeep", "uuid": "3ccf3609-87bb-4b8a-9ee6-c799315a9a53", "value": "24576:L0OMiFc0VAmDvys8MOlJuqrhVXxRwfM6S7St64pCj6nhNWCzcFoOoNBuj+dvyskm:LFVvi3xh5864pCQ+CQForBujL2K9Ex" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911223", "to_ids": false, "type": "size-in-bytes", "uuid": "d593ec84-57e1-4a32-84eb-cbcb56ead359", "value": "1548295" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911223", "to_ids": true, "type": "filename", "uuid": "895479af-30a6-4387-992a-9c7b7b0515dd", "value": "FANGAOtest.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911245", "uuid": "d514d7fa-4d28-44e7-a784-296800884d43", "Attribute": [ { "category": "Payload delivery", "comment": "third stage loader (wke.dll)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485640", "to_ids": true, "type": "md5", "uuid": "b1193f33-ca0a-4c85-9af8-7077812c0ddf", "value": "f8136c909fb35457fc963d87b50bc158", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "third stage loader (wke.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409682", "to_ids": true, "type": "sha1", "uuid": "a6e334eb-e6d5-4528-9b22-24e3a621ff0e", "value": "80739b830455f691a4fe38518c700543f46a8e23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "third stage loader (wke.dll)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409682", "to_ids": true, "type": "sha256", "uuid": "56c01041-8733-4b4f-917b-a62802b8693e", "value": "1e4a88f7c96eea519fe2b51e62b38198e073a9e394ebe1756175ebdc4b8a9297", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409681", "to_ids": true, "type": "ssdeep", "uuid": "bcda3fa9-1205-4734-a6e8-b500251a0a13", "value": "12288:484EhCI5AAsS3CspzR3McXTj2Txc5+K/lGRgOUqmq9kR6lhKXJae/flS/ri:r4EEnAF/X7TjEK/cRgOnmq9g685/N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409681", "to_ids": false, "type": "size-in-bytes", "uuid": "685275e9-975f-492c-a5e2-f9b9e4cc2dbd", "value": "84612096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409681", "to_ids": true, "type": "vhash", "uuid": "a2dcd030-12c6-42a1-b494-8d33e1db6d93", "value": "18708f7f7f7f6f7f1f7fcz39z1bz11z19z7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409681", "to_ids": true, "type": "filename", "uuid": "573f47f8-4052-4ece-bb04-1281bc2d6323", "value": "wke.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409681", "to_ids": false, "type": "text", "uuid": "59efa915-8e10-4186-94bb-6f2a8102fb1c", "value": "third stage loader (wke.dll)\r\nType Description: Win32 DLL\n\nMicrosoft: None\nVT Total Detection:31/70" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911245", "to_ids": false, "type": "text", "uuid": "d0de7d35-80ba-4f7b-bd25-19866bc9bb82", "value": "Type Description: Win32 DLL\n\nMicrosoft: None\nVT Total Detection:32/71" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911245", "to_ids": true, "type": "ssdeep", "uuid": "f0fffdc9-33f4-4fbb-8c1a-4fd314a0d633", "value": "12288:484EhCI5AAsS3CspzR3McXTj2Txc5+K/lGRgOUqmq9kR6lhKXJae/flS/ri:r4EEnAF/X7TjEK/cRgOnmq9g685/N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911245", "to_ids": false, "type": "size-in-bytes", "uuid": "206439c8-6776-404c-9111-b14f803f1ab4", "value": "84612096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911245", "to_ids": true, "type": "vhash", "uuid": "0872e93a-046e-4847-8e25-f05bb1247070", "value": "18708f7f7f7f6f7f1f7fcz39z1bz11z19z7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911245", "to_ids": true, "type": "filename", "uuid": "4d5008a6-b60a-46a7-bbd0-bd1fca354a46", "value": "wke.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911267", "uuid": "dc095d70-8f9a-4db3-bd13-f391dd333069", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485661", "to_ids": true, "type": "md5", "uuid": "0c8b1d91-145d-4a87-a317-f52878090aeb", "value": "02d8c59e5e8a85a81ee75ce517609739", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409725", "to_ids": true, "type": "sha1", "uuid": "83114079-b2a0-4671-92c6-2ec14e29fd2c", "value": "6506355dfd495f4701b4ba6b40ebf6b05ac02921", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409725", "to_ids": true, "type": "sha256", "uuid": "ff5b844d-2e86-4f1a-be43-a02658db3487", "value": "d34216800d0b9bb0e2c39c846726928a97cc683f399af33dd2cfbdebaebb6f98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409724", "to_ids": true, "type": "ssdeep", "uuid": "43afe4d9-db76-4553-8366-f55695ca7dda", "value": "1536:01Pk0NR1wAJuATVg65YYloLx5c5xpp+awXmGVNuROFnToIf3srT5uDP56W25:YJuATOEYg5xP3wXmyN4OtTBfcra56WM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409724", "to_ids": false, "type": "size-in-bytes", "uuid": "7dcf966e-3c46-474b-9f71-ef918635773c", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409724", "to_ids": true, "type": "vhash", "uuid": "ee1c329f-10b3-4e0e-b01f-5b0c66b707d1", "value": "115046656d1570f8z3c265z6035z20200151z50106124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409724", "to_ids": true, "type": "filename", "uuid": "556c3ef5-584c-47c8-982b-fa3239851e94", "value": "02d8c59e5e8a85a81ee75ce517609739.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409724", "to_ids": false, "type": "text", "uuid": "b5f0c374-a2a5-47a7-ac3c-fef1ada17a87", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:58/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911267", "to_ids": false, "type": "text", "uuid": "4ac95161-9f29-4f33-9418-a91710eacb71", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:60/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911267", "to_ids": true, "type": "ssdeep", "uuid": "2751b5d4-b501-4c2b-a515-90fb3b3a93b9", "value": "1536:01Pk0NR1wAJuATVg65YYloLx5c5xpp+awXmGVNuROFnToIf3srT5uDP56W25:YJuATOEYg5xP3wXmyN4OtTBfcra56WM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911267", "to_ids": false, "type": "size-in-bytes", "uuid": "7ee78701-0cbc-46aa-9b57-30649e7b5aee", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911267", "to_ids": true, "type": "vhash", "uuid": "330334e1-6cb8-44ca-97e3-1c1ab5a451c0", "value": "115046656d1570f8z3c265z6035z20200151z50106124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911267", "to_ids": true, "type": "filename", "uuid": "8240d2ac-fc89-4784-8f3f-a7e0f29d1ec4", "value": "02d8c59e5e8a85a81ee75ce517609739.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911288", "uuid": "e7537ca8-8521-40a1-b7dd-e92e31c746e5", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485688", "to_ids": true, "type": "md5", "uuid": "3fed4fd2-379c-4d9b-99a7-efcab9f2555e", "value": "05c528a2b8bb20aad901c733d146d595", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409747", "to_ids": true, "type": "sha1", "uuid": "e0ad1c62-c12a-45a2-9f32-19f6b54abacc", "value": "ac8a2264d4adba9afd1944cd902923fcfa334e3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409747", "to_ids": true, "type": "sha256", "uuid": "9cae8059-0f43-4004-8e23-2a08d74cdbd3", "value": "7031c032fa8275a8c547fac187dc0a04041121a57c9c616fdc068c069ee460e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409746", "to_ids": true, "type": "ssdeep", "uuid": "ae36f39b-d835-40f5-9566-27c10633685a", "value": "3072:Lw0AGKwe5jCHKHbmE+xNTYzYorxsFUtTBfn398t5UfDE:806we5jWSmEWNTYzfuOtTBV8tiL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409746", "to_ids": false, "type": "size-in-bytes", "uuid": "b6e2a2a5-46c6-4791-8b4a-f124c3f89abb", "value": "163840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409746", "to_ids": true, "type": "vhash", "uuid": "f0af320d-399e-4129-8978-28024584e389", "value": "115046655d1500f8z4a2e5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409746", "to_ids": true, "type": "filename", "uuid": "9879b35d-8a64-4acb-8d0f-fe69fe3ffc29", "value": "7031c032fa8275a8c547fac187dc0a04041121a57c9c616fdc068c069ee460e8.sample" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409746", "to_ids": false, "type": "text", "uuid": "19d3aaae-d8fe-4ee1-a802-1d9e10312b9f", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:49/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911288", "to_ids": false, "type": "text", "uuid": "891adedf-a588-4540-a8f1-2f706b84f53c", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:50/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911288", "to_ids": true, "type": "ssdeep", "uuid": "5611a426-708a-4a0e-bc16-5a1ad1557295", "value": "3072:Lw0AGKwe5jCHKHbmE+xNTYzYorxsFUtTBfn398t5UfDE:806we5jWSmEWNTYzfuOtTBV8tiL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911288", "to_ids": false, "type": "size-in-bytes", "uuid": "06b52295-bb90-4a6a-9538-f0e77169e716", "value": "163840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911288", "to_ids": true, "type": "vhash", "uuid": "68add8c7-27a7-4af5-ba0a-71fb48d69f4f", "value": "115046655d1500f8z4a2e5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911288", "to_ids": true, "type": "filename", "uuid": "4a871adf-3688-4bf8-8c01-a3707b11c12e", "value": "7031c032fa8275a8c547fac187dc0a04041121a57c9c616fdc068c069ee460e8.sample" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911310", "uuid": "a06394c1-d1fb-42e9-a992-7c4ae8dc9605", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485709", "to_ids": true, "type": "md5", "uuid": "1d28c49f-1516-4de8-a4bc-f55ce74bce94", "value": "17278c3f4e8bf56d9c1054f67f19b82c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409869", "to_ids": true, "type": "sha1", "uuid": "718766a7-2c92-4dc3-a700-54c0b27a855d", "value": "116dd7d4698e38f7fe87ce04808148393b7d1b43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409869", "to_ids": true, "type": "sha256", "uuid": "18476a05-091d-4bf0-9f9a-42dfbcc77827", "value": "c1aa4886e64332097cbb38b945e216b027557a2dd5f870482b5abcd9a45fadea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409868", "to_ids": true, "type": "ssdeep", "uuid": "065d2097-8c74-4629-af96-0f9bbfb7cbbf", "value": "3072:ZwIlou75k4WvRcdqFfn7N1HGXyyf/dBWrr4IHtTBf9av9w956frbM:WKN75k1NFf7N1HGXyyN0IIHtTB41w9wD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409868", "to_ids": false, "type": "size-in-bytes", "uuid": "009f86da-de1b-4579-8c20-39a6cf6951a4", "value": "167888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409868", "to_ids": true, "type": "vhash", "uuid": "d43f59be-d2ee-4ab4-ba90-8315713ef178", "value": "115046656d5560f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409868", "to_ids": true, "type": "filename", "uuid": "1d539503-28d5-4fa3-b299-881bae40a3c8", "value": "rat.mem" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409868", "to_ids": false, "type": "text", "uuid": "eff8cf76-0da6-4988-be6e-995087e0d6ce", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911310", "to_ids": false, "type": "text", "uuid": "5084ad30-01ba-417b-bd4f-f284bd0d3d94", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:59/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911310", "to_ids": true, "type": "ssdeep", "uuid": "253ad41c-3764-41f4-923b-e60bb5182dc6", "value": "3072:ZwIlou75k4WvRcdqFfn7N1HGXyyf/dBWrr4IHtTBf9av9w956frbM:WKN75k1NFf7N1HGXyyN0IIHtTB41w9wD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911310", "to_ids": false, "type": "size-in-bytes", "uuid": "4fc6df82-b5d7-4c32-bc1b-0fd5fd40cf92", "value": "167888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911310", "to_ids": true, "type": "vhash", "uuid": "21d44752-303e-436e-8a01-e8cb45af89be", "value": "115046656d5560f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911310", "to_ids": true, "type": "filename", "uuid": "3666a62b-6be3-474e-ba27-a5335838cde9", "value": "rat.mem" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911332", "uuid": "7d16bb83-7409-4e7b-8406-21c95f375a2a", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485731", "to_ids": true, "type": "md5", "uuid": "ddde435c-7ba1-4ee7-b666-d44d4de87037", "value": "266bb19f9ceb1a4ccbf45577bbeaac1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409954", "to_ids": true, "type": "sha1", "uuid": "062dbee1-816c-4096-ab96-38e7c502d743", "value": "182ae8c8b94377a22faa27c2c19e6cf4d8264c22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409955", "to_ids": true, "type": "sha256", "uuid": "ccdbae1a-ce1e-498c-8dba-a69c577193e3", "value": "666981117291cc823e3f34a02f7af4fb3d31507f2a57c3d34391b05cdfcab020", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409954", "to_ids": true, "type": "ssdeep", "uuid": "7d94bade-961f-4df9-8585-bd0d2f60e775", "value": "3072:ZQ308wZ6x5FhOffcYZFqx56NlH8bydc/ar64ZtTBfCxv9wg15efro/:e3O4x5FhO/FqxsNlHmyuijZtTBw1wWsg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409954", "to_ids": false, "type": "size-in-bytes", "uuid": "40d0ffc4-abff-4e23-9614-667c1340b9f0", "value": "172032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409954", "to_ids": true, "type": "vhash", "uuid": "b3fdd242-2fb2-401a-a4ec-c516473a05c2", "value": "115046655d1550f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409954", "to_ids": true, "type": "filename", "uuid": "c00a1734-b9e5-4a5a-af3b-9dc7fb308cdc", "value": "266bb19f9ceb1a4ccbf45577bbeaac1a.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409954", "to_ids": false, "type": "text", "uuid": "d997d0cd-b04d-4c1f-90d0-e2d0f089bd2d", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911332", "to_ids": false, "type": "text", "uuid": "9f93163b-d601-4d02-960f-5c00a251b23d", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911332", "to_ids": true, "type": "ssdeep", "uuid": "2a53658f-b718-49cc-b4ad-2da2cb779249", "value": "3072:ZQ308wZ6x5FhOffcYZFqx56NlH8bydc/ar64ZtTBfCxv9wg15efro/:e3O4x5FhO/FqxsNlHmyuijZtTBw1wWsg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911332", "to_ids": false, "type": "size-in-bytes", "uuid": "88c2c7cf-0cab-4ba6-9f5d-4e11c7a5fe47", "value": "172032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911332", "to_ids": true, "type": "vhash", "uuid": "e9bccdf0-3919-457e-82ad-06f506df210d", "value": "115046655d1550f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911332", "to_ids": true, "type": "filename", "uuid": "2f07d6c1-3127-4487-ab2e-9189a6dffdbc", "value": "266bb19f9ceb1a4ccbf45577bbeaac1a.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911353", "uuid": "e56cae29-3452-4471-b8bc-ed9cdd589739", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485753", "to_ids": true, "type": "md5", "uuid": "8614b105-4f89-41b9-baf2-0e093c93f5aa", "value": "3c583e01eddd0ea6fe59a89aea4503b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741409976", "to_ids": true, "type": "sha1", "uuid": "f5d1eae9-2ea8-45b5-a0ed-44b303359d87", "value": "6b8060a638b5c530a7d50f7e1b4d6592042c71a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741409976", "to_ids": true, "type": "sha256", "uuid": "889f3d76-a199-4d5d-ae1b-c5e8ef4ed916", "value": "f2a386775e57d68fd5a86b3dae43bac8c064a6957d2de9a8f27fd655045538d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741409975", "to_ids": true, "type": "ssdeep", "uuid": "5131e9af-451a-4e46-a07f-c94ed473acab", "value": "6144:oT/bmrgblGEf87QDx5vRBr6Yy9e7Nk0sNFarCONtTBV8XiDY:on8OyWNk0sTarlNtTS7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741409975", "to_ids": false, "type": "size-in-bytes", "uuid": "b952bafe-4947-40a9-9fdb-f9406e414a68", "value": "208896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741409975", "to_ids": true, "type": "vhash", "uuid": "a6f7219a-321e-499d-af64-2b76d021a524", "value": "125046651d65bz2a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741409975", "to_ids": true, "type": "filename", "uuid": "51a993d2-147d-4ac7-baef-44d7e678db34", "value": "f2a386775e57d68fd5a86b3dae43bac8c064a6957d2de9a8f27fd655045538d5.sample" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741409975", "to_ids": false, "type": "text", "uuid": "48ee8733-3ddb-43dc-ab54-0949381a1363", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:50/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911353", "to_ids": false, "type": "text", "uuid": "dcd11c12-41a7-4d0a-8d0c-f614c52d3f80", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:55/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911353", "to_ids": true, "type": "ssdeep", "uuid": "4a24218e-5591-4738-b866-3bc0d8ce769b", "value": "6144:oT/bmrgblGEf87QDx5vRBr6Yy9e7Nk0sNFarCONtTBV8XiDY:on8OyWNk0sTarlNtTS7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911353", "to_ids": false, "type": "size-in-bytes", "uuid": "87a18334-caae-46d4-b95c-2acb4344b59f", "value": "208896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911353", "to_ids": true, "type": "vhash", "uuid": "aee7124f-0aed-452e-be05-7274232e8902", "value": "125046651d65bz2a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911353", "to_ids": true, "type": "filename", "uuid": "59e12966-5ee1-4016-a354-7e7373287b15", "value": "f2a386775e57d68fd5a86b3dae43bac8c064a6957d2de9a8f27fd655045538d5.sample" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911375", "uuid": "eae3ebfb-f30e-47b0-9616-52906c16fc06", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485774", "to_ids": true, "type": "md5", "uuid": "decee4f2-9d0f-48d2-9bd8-c2425aeca065", "value": "577e1a301e91440b920f24e7f6603d45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410062", "to_ids": true, "type": "sha1", "uuid": "7c7f156d-8bd1-45b1-ac33-60297076ff93", "value": "25b43ca3223bde4e288990105ee8e782fa8725cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410062", "to_ids": true, "type": "sha256", "uuid": "be634f01-9a7a-4f3a-9b19-e0aa3378838e", "value": "9fff774f7b884d713b79002830029c2d79913185b541badc05f1b73934033708", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410061", "to_ids": true, "type": "ssdeep", "uuid": "d9336fe3-b4f0-4cd7-942f-229505229cf8", "value": "3072:ZBHK5F/WP58F7zGcut4TnIN1HG89Cf/3B2rr4j1tTBfzZv9wo56frWg:X8F/e58tK4TIN1HG89CH0Ij1tTBF1woF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410061", "to_ids": false, "type": "size-in-bytes", "uuid": "1d69a54a-fe56-4439-ae7f-5fde489b07f5", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410061", "to_ids": true, "type": "vhash", "uuid": "364b8e35-988e-409d-a168-72d625fff835", "value": "115046656d5560f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410061", "to_ids": true, "type": "filename", "uuid": "a5ce6bf8-de58-4789-81bb-f3e729072dc7", "value": "Server.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410061", "to_ids": false, "type": "text", "uuid": "7f5fb8e0-4450-46bf-ae73-31824ae71bda", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:53/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911375", "to_ids": false, "type": "text", "uuid": "d56b133b-b9dd-476e-9d18-649280da9260", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:55/72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911375", "to_ids": true, "type": "ssdeep", "uuid": "f8080221-319e-49ac-9054-71abc20151f8", "value": "3072:ZBHK5F/WP58F7zGcut4TnIN1HG89Cf/3B2rr4j1tTBfzZv9wo56frWg:X8F/e58tK4TIN1HG89CH0Ij1tTBF1woF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911375", "to_ids": false, "type": "size-in-bytes", "uuid": "426c94b2-8d3c-4f0f-b92c-d1ddd43e7fa3", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911375", "to_ids": true, "type": "vhash", "uuid": "583dbedb-c8f1-47c6-8671-afc44e969c64", "value": "115046656d5560f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911375", "to_ids": true, "type": "filename", "uuid": "5d4c7280-95d0-43e5-bfe7-5b5ed8da4697", "value": "Server.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911396", "uuid": "7a273062-c0a8-4562-9546-748f19d89e2a", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485796", "to_ids": true, "type": "md5", "uuid": "0524c8b3-e37a-40da-a5cf-acc2f847b850", "value": "60a92d76e96aaa0ec79b5081ddcc8a24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410105", "to_ids": true, "type": "sha1", "uuid": "2b6e6b6f-024e-4d92-a976-d5e2efc1211a", "value": "295b298b02e247229ec17529222af34535be0fa1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410105", "to_ids": true, "type": "sha256", "uuid": "15144166-ca1c-473b-a1f5-ddf51c632b11", "value": "772b61b5751e5a541fca4fd970563c5382a579fc621fbff4d8c9ed93adbdab99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410104", "to_ids": true, "type": "ssdeep", "uuid": "7f121540-529f-46df-8fd5-ec97313a2e09", "value": "1536:qr53CYUR1wmJkoSA53IXn85c5I9yHT0eRddORQFnToIf2ryZuhPZ6m:qEIC25afeDdYQtTBf2rPZ6m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410104", "to_ids": false, "type": "size-in-bytes", "uuid": "598137c6-a0c1-403c-ac65-819f201c39f7", "value": "103936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410104", "to_ids": true, "type": "vhash", "uuid": "65e4a474-675a-4ef5-995d-171c44e7c0f7", "value": "115046656d5500f8z3c265z6035z20200151z50105124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410104", "to_ids": true, "type": "filename", "uuid": "12fa5ceb-34a6-4aed-9a29-c1e1a4fcdc89", "value": "10000000.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410104", "to_ids": false, "type": "text", "uuid": "a73f861e-e1e4-464d-8f8f-b804b5eacf02", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:59/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911396", "to_ids": false, "type": "text", "uuid": "fc0f943b-0dcf-4e4d-af4e-88dce52c97e8", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:60/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911396", "to_ids": true, "type": "ssdeep", "uuid": "7cc64d58-9482-4ec6-aa96-259cd223ecfc", "value": "1536:qr53CYUR1wmJkoSA53IXn85c5I9yHT0eRddORQFnToIf2ryZuhPZ6m:qEIC25afeDdYQtTBf2rPZ6m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911396", "to_ids": false, "type": "size-in-bytes", "uuid": "71d88855-523e-4f2a-94ae-2aa2bb45199c", "value": "103936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911396", "to_ids": true, "type": "vhash", "uuid": "b52d3eab-0175-4bb9-a690-1e9b7cdc4877", "value": "115046656d5500f8z3c265z6035z20200151z50105124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911396", "to_ids": true, "type": "filename", "uuid": "613db455-e4f7-4dc9-ab43-14514f9eb4a3", "value": "10000000.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911419", "uuid": "2821f6ba-14c1-4cc9-bd11-1ee633b4ed2e", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485818", "to_ids": true, "type": "md5", "uuid": "90130436-41da-4815-ab1b-1025daac1558", "value": "60dbc3ef17a50ea7726bdb94e96a1614", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410127", "to_ids": true, "type": "sha1", "uuid": "574e750a-50f8-4f26-949a-b92f4121fcb4", "value": "bc9fa125522118d19cd6c47b615b7c4cbbbb9b3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410127", "to_ids": true, "type": "sha256", "uuid": "755aa34d-362a-4217-a8fa-c14f0c2bf9a1", "value": "0106e61898b20359d27285b862b98cb4b8db4b8a8d682a1e7b4cc8d5b3572c82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410126", "to_ids": true, "type": "ssdeep", "uuid": "1c2cb796-f51a-4f93-a4d6-1011f39db898", "value": "3072:xYmbI+tZZM04727IgwJ6mONQLNyAaSl6sDF0hp+:2lkVX75wItG0p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410126", "to_ids": false, "type": "size-in-bytes", "uuid": "18671393-941b-4145-b559-794c74a27e60", "value": "200704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410126", "to_ids": true, "type": "vhash", "uuid": "a9802378-5dad-41fc-8bf3-05a7ebbf45a2", "value": "125046651d651az26?z1" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410126", "to_ids": false, "type": "text", "uuid": "11c3da1c-4235-43e2-8e72-646c41cba8c6", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:58/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 12/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911419", "to_ids": false, "type": "text", "uuid": "f1f515c1-d59d-490c-b6ee-3f6773c78329", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:57/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911419", "to_ids": true, "type": "ssdeep", "uuid": "1c6370c6-b9b6-44f6-9f06-dcbdf4a75bb2", "value": "3072:xYmbI+tZZM04727IgwJ6mONQLNyAaSl6sDF0hp+:2lkVX75wItG0p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911419", "to_ids": false, "type": "size-in-bytes", "uuid": "e116ea2a-b6a3-4e9c-82bd-9070a34ceae7", "value": "200704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911419", "to_ids": true, "type": "vhash", "uuid": "2d43e8a9-a6d7-48e1-acea-c208c5dd088c", "value": "125046651d651az26?z1" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911440", "uuid": "99d99c91-9164-4d56-8343-ddad450bec45", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485839", "to_ids": true, "type": "md5", "uuid": "bc11cde9-3112-4eb2-a744-928cf6ffdab8", "value": "73e49ddf4251924c66e3445a06250b10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410212", "to_ids": true, "type": "sha1", "uuid": "9974c340-2091-47fe-af30-df10fb341237", "value": "2b56cceb0cba3d05f6b45f7db48e1733fc1d179e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410212", "to_ids": true, "type": "sha256", "uuid": "c0d785c8-2595-4849-911c-47145303d034", "value": "f1e083da9fa1b9a6cbd63a3da0d445a3351478bf233b1495c45d2731a04d146c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410212", "to_ids": true, "type": "ssdeep", "uuid": "d9b8b4c9-1839-41d0-b009-4f5f2879e70d", "value": "3072:V0gmrg+KNLGEf87QDx5vRQ6r6Yy9e7ycpPk0C/NFarKXxOb/4StTBfn398X5UfLM:VbmrgblGEf87QDx5vRBr6Yy9e7Nk0sN3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410212", "to_ids": false, "type": "size-in-bytes", "uuid": "d4faba31-93c1-4a35-a3a6-01fddf41d574", "value": "156672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410212", "to_ids": true, "type": "vhash", "uuid": "d14d7e9a-0833-44a2-9c03-ecaf1e6dc967", "value": "115046656d5560f8z4a2e5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410212", "to_ids": true, "type": "filename", "uuid": "d42a4d93-215a-4254-879b-1a670e5f8dbc", "value": "f1e083da9fa1b9a6cbd63a3da0d445a3351478bf233b1495c45d2731a04d146c.sample" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410212", "to_ids": false, "type": "text", "uuid": "21fa3594-d8b9-4bc5-8522-39fa70b3244f", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:55/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911440", "to_ids": false, "type": "text", "uuid": "0ba02023-4965-4850-b32f-8635a9bc2e28", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911440", "to_ids": true, "type": "ssdeep", "uuid": "a32cc5bc-f3fa-46c5-ba8b-5fc1477185ff", "value": "3072:V0gmrg+KNLGEf87QDx5vRQ6r6Yy9e7ycpPk0C/NFarKXxOb/4StTBfn398X5UfLM:VbmrgblGEf87QDx5vRBr6Yy9e7Nk0sN3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911440", "to_ids": false, "type": "size-in-bytes", "uuid": "df2b782d-1a67-463d-9f5c-ba77e6d01e85", "value": "156672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911440", "to_ids": true, "type": "vhash", "uuid": "846bdc28-f693-46a4-9c08-8d9a7e7472b4", "value": "115046656d5560f8z4a2e5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911440", "to_ids": true, "type": "filename", "uuid": "06b26931-7808-45ef-9738-f708cf1030dc", "value": "f1e083da9fa1b9a6cbd63a3da0d445a3351478bf233b1495c45d2731a04d146c.sample" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911461", "uuid": "e3ef5d4e-e864-49a1-957f-254e894976f8", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485860", "to_ids": true, "type": "md5", "uuid": "18bb6de8-89e3-4c51-af7d-276ac5e511f8", "value": "787f2819d905d3fe684460143e01825c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410234", "to_ids": true, "type": "sha1", "uuid": "1b0b6208-c78f-4114-a4fb-c1b36d00baee", "value": "a95a908ac2a98fdadfea3d7b6002e9c712fa7865", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410234", "to_ids": true, "type": "sha256", "uuid": "c4a2b1e6-0b1e-4222-aa6a-4c1b1716ca9a", "value": "abb2cb43caecac0ca2dcba15ee1cdcc4499ffad18c06265de2ac2f811166d976", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410233", "to_ids": true, "type": "ssdeep", "uuid": "ba3cf8ca-fe1a-4730-88c2-226ee9a647bf", "value": "3072:YJuATOEYg5xP3wXmyN4EtTBfcra56WJH:YJuATXYg5xP3wXBFtTBkrawW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410233", "to_ids": false, "type": "size-in-bytes", "uuid": "7a0b4c8c-6921-498a-acf8-1fd3959963a3", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410233", "to_ids": true, "type": "vhash", "uuid": "bd93d2e1-8a3c-4c82-b865-0dfce0f46aae", "value": "115046656d1500f8z3c265z6035z20200151z50106124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410233", "to_ids": true, "type": "filename", "uuid": "f82dcd44-757a-493c-9ac9-cc5088b1e71d", "value": "787f2819d905d3fe684460143e01825c.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410233", "to_ids": false, "type": "text", "uuid": "09cb9c83-2b30-4c48-b03e-c933015d9527", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:58/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911461", "to_ids": false, "type": "text", "uuid": "98c2d454-3fd9-44ce-be92-ad3cdd7fafc3", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:60/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911461", "to_ids": true, "type": "ssdeep", "uuid": "deafb7e4-ea5e-48a9-96fc-f5e0a1b53d8d", "value": "3072:YJuATOEYg5xP3wXmyN4EtTBfcra56WJH:YJuATXYg5xP3wXBFtTBkrawW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911461", "to_ids": false, "type": "size-in-bytes", "uuid": "073b1be9-d9a0-4222-a1bb-b2df021c8f14", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911461", "to_ids": true, "type": "vhash", "uuid": "c7321f95-1128-4cc2-9895-b5119cf0bee8", "value": "115046656d1500f8z3c265z6035z20200151z50106124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911461", "to_ids": true, "type": "filename", "uuid": "0a29e893-4b4b-43c7-9e6a-8c46281ccfaa", "value": "787f2819d905d3fe684460143e01825c.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911483", "uuid": "363649f7-3527-481c-8892-804f67244fb0", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485882", "to_ids": true, "type": "md5", "uuid": "34d240fb-2cdf-4a8c-9c56-de8c1bf83cdd", "value": "8f67a7220d36d5c233fc70d6ecf1ee33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410277", "to_ids": true, "type": "sha1", "uuid": "ca8ec667-3fa9-40e6-8042-2d7020dadcca", "value": "6a8b88e7aee3c0736c3936cf9dddaa19c58abe01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410277", "to_ids": true, "type": "sha256", "uuid": "d6685e6d-8d91-4346-8ae7-fae213a7aa3f", "value": "07272a51d1f6a7be8c45cc097bf821267d258eb2378d32c95c4601cd000366c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410276", "to_ids": true, "type": "ssdeep", "uuid": "bb46e044-1c41-479a-b21d-cb251ea50fca", "value": "3072:ZgIlou75k4WvRcdqFfn7N1HGXyyf/dBWrr4IHtTBf9av9w156frb:qKN75k1NFf7N1HGXyyN0IIHtTB41w1wD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410276", "to_ids": false, "type": "size-in-bytes", "uuid": "385f6fe4-1f42-4f3a-aabe-5b3d3958b1bf", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410276", "to_ids": true, "type": "vhash", "uuid": "e4f05d31-a758-43ab-92c2-58f6156aa63f", "value": "115046656d5560f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410276", "to_ids": true, "type": "filename", "uuid": "5c5def69-c8e4-4274-9613-d66076284987", "value": "8f67a7220d36d5c233fc70d6ecf1ee33.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410276", "to_ids": false, "type": "text", "uuid": "410d84e3-5ea9-4e44-ba28-c6024b79f8da", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 12/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911483", "to_ids": false, "type": "text", "uuid": "b7945646-3e07-4213-83d0-4bedcfbb385f", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911483", "to_ids": true, "type": "ssdeep", "uuid": "a6c67819-ed8e-452f-a2ad-f012fe2cc258", "value": "3072:ZgIlou75k4WvRcdqFfn7N1HGXyyf/dBWrr4IHtTBf9av9w156frb:qKN75k1NFf7N1HGXyyN0IIHtTB41w1wD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911483", "to_ids": false, "type": "size-in-bytes", "uuid": "3c5651dc-948b-410a-bb7d-e5b2381d4076", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911483", "to_ids": true, "type": "vhash", "uuid": "0eba9def-0839-43f4-9d4f-9642b5b963cb", "value": "115046656d5560f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911483", "to_ids": true, "type": "filename", "uuid": "67e82cdc-704a-43ca-8bde-4e6faf748904", "value": "8f67a7220d36d5c233fc70d6ecf1ee33.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911505", "uuid": "b4fdbf73-5d80-4dc5-a2ea-e7e02188600d", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485903", "to_ids": true, "type": "md5", "uuid": "609fb72a-88e4-4377-885f-005e13f02455", "value": "9b4d46177f24ca0a4881f0c7c83f5ef8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410299", "to_ids": true, "type": "sha1", "uuid": "4e9470ec-0e72-482e-825c-f5d89bb7e74f", "value": "1cf623b4412e729de543bd69990b580f4a6b8341", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410299", "to_ids": true, "type": "sha256", "uuid": "da65a338-4767-40fa-8668-488d9159c74d", "value": "4609f46c7a9f8fe01fe05eca4cde987e28f68fd9651de113ec87c4e6b03b52c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410298", "to_ids": true, "type": "ssdeep", "uuid": "238d46ed-b099-49e3-a74e-c0473c9c252f", "value": "3072:sPddTnH5Tk5PFKYcMPcjjtNJWCislj8otTBfd9kJZ6fT0:+ZnH5Tk5dKUcjZNJWCllPtTBrkJQ70" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410298", "to_ids": false, "type": "size-in-bytes", "uuid": "62822a21-31b3-4f4f-bd0f-785fd7575773", "value": "157184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410298", "to_ids": true, "type": "vhash", "uuid": "974f978b-fe59-413d-8eac-c136c3599e04", "value": "115046656d5560f8z492c5z6035z20300151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410298", "to_ids": true, "type": "filename", "uuid": "908c28db-e3d2-4bd1-8794-a4093bf42775", "value": "9b4d46177f24ca0a4881f0c7c83f5ef8.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410298", "to_ids": false, "type": "text", "uuid": "620854f1-0a99-42f8-8537-0a4ffb438761", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:56/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 12/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911505", "to_ids": false, "type": "text", "uuid": "381851d6-4f7a-4e0f-91eb-a44e0dafbcb6", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:58/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911505", "to_ids": true, "type": "ssdeep", "uuid": "91d982f0-363c-40cf-9d2e-f8b08f482242", "value": "3072:sPddTnH5Tk5PFKYcMPcjjtNJWCislj8otTBfd9kJZ6fT0:+ZnH5Tk5dKUcjZNJWCllPtTBrkJQ70" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911505", "to_ids": false, "type": "size-in-bytes", "uuid": "7ab59b2b-23a6-4de0-b660-815c863e5af2", "value": "157184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911505", "to_ids": true, "type": "vhash", "uuid": "119c3b11-aad3-4df0-9d0c-51a1ab3b73e3", "value": "115046656d5560f8z492c5z6035z20300151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911505", "to_ids": true, "type": "filename", "uuid": "f198e982-5b64-4a2b-b13d-d4a45b22a0c3", "value": "9b4d46177f24ca0a4881f0c7c83f5ef8.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911526", "uuid": "1a184c86-dd6e-425f-a985-840dbebf28bd", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485924", "to_ids": true, "type": "md5", "uuid": "2f1d91b3-0721-4639-8a94-02c36c4504ca", "value": "9c3f469a5b54fb2ec29ac7831780ed6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410321", "to_ids": true, "type": "sha1", "uuid": "96a8f1a0-447a-4aaf-8db0-f5d4ca459014", "value": "9e380cc51e33a9f1e6c3835eb77a1bf7e804e07b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410321", "to_ids": true, "type": "sha256", "uuid": "630cbfe9-b271-4d7f-8f5d-adf31216f517", "value": "a996e4c18ae4c4563db0767cb230b24279daeb3f62ee62b061d2ee076d81bdfd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410320", "to_ids": true, "type": "ssdeep", "uuid": "aa4f118a-ed2e-4637-bdf7-8c1dda395a0b", "value": "1536:01Pk0NR1wAJuATVg65YYloLx5c5xpp+awXmGVNuRcFnToIf3srTZuDP56W:YJuATOEYg5xP3wXmyN4ctTBfcrC56W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410320", "to_ids": false, "type": "size-in-bytes", "uuid": "06380fef-9aeb-46b5-b1a3-1c01522a56ca", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410320", "to_ids": true, "type": "vhash", "uuid": "1481ba66-539f-4a1c-ad4f-e673b57550e1", "value": "115046656d1500f8z3c265z6035z20200151z50106124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410320", "to_ids": true, "type": "filename", "uuid": "99c2bf57-2142-485a-b37f-db6cb4d41c19", "value": "9c3f469a5b54fb2ec29ac7831780ed6d.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410320", "to_ids": false, "type": "text", "uuid": "ca7b3fa4-c260-4fb6-9657-3877951e48ad", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 12/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911526", "to_ids": false, "type": "text", "uuid": "25ebf84e-39b1-489c-980b-032de209ece2", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:61/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911526", "to_ids": true, "type": "ssdeep", "uuid": "7232fa68-7681-4aee-a3ce-d94ab79eede8", "value": "1536:01Pk0NR1wAJuATVg65YYloLx5c5xpp+awXmGVNuRcFnToIf3srTZuDP56W:YJuATOEYg5xP3wXmyN4ctTBfcrC56W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911526", "to_ids": false, "type": "size-in-bytes", "uuid": "8782d7c9-9ee3-4cfe-935d-1c6c288aed10", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911526", "to_ids": true, "type": "vhash", "uuid": "f7eca2e3-a465-4995-acd5-c5ab9c822440", "value": "115046656d1500f8z3c265z6035z20200151z50106124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911526", "to_ids": true, "type": "filename", "uuid": "e50d7056-bbbe-4dc9-913b-c4f5997e2ed5", "value": "9c3f469a5b54fb2ec29ac7831780ed6d.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911548", "uuid": "b7990cd0-357d-4e92-ab15-c53771796694", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485946", "to_ids": true, "type": "md5", "uuid": "2b156095-2605-438e-ab12-dc5d67e3866e", "value": "bcec6b78adb3cf966fab9025dacb0f05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410385", "to_ids": true, "type": "sha1", "uuid": "696cde67-c491-4ecc-874f-c8e12dcaab18", "value": "de6d9449456e0ba6bf87358d05a91002ff931387", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410385", "to_ids": true, "type": "sha256", "uuid": "fc09032c-68af-452f-8b12-f5db527d3332", "value": "adc1cb4975fec64bf6992885e34ca2969a4e9011ab0b5a9b37bccf790204e7cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410384", "to_ids": true, "type": "ssdeep", "uuid": "aaaff058-1f91-45c3-b903-c3f40fbec507", "value": "3072:OP+xohMqHoN9kEfpUHkksrlDNFEf4L3IiLi4tjOQhfypRyJK15i:jxBqHoN9kE+Hkd9Niy4imqhfypTW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410384", "to_ids": false, "type": "size-in-bytes", "uuid": "18a97164-e684-4688-9790-907e85121bf0", "value": "204807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410384", "to_ids": true, "type": "filename", "uuid": "932bcc62-e295-46bd-8165-25583c9bccee", "value": "DLL.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410384", "to_ids": false, "type": "text", "uuid": "612da514-47cf-4627-877d-11ba983c3b2c", "value": "FatalRAT final payload\r\nType Description: unknown\n\nMicrosoft: None\nVT Total Detection:6/61" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911548", "to_ids": false, "type": "text", "uuid": "8c66d1a7-af35-4236-ba4d-66b64c0625b1", "value": "Type Description: unknown\n\nMicrosoft: None\nVT Total Detection:7/62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911548", "to_ids": true, "type": "ssdeep", "uuid": "de542dbb-2959-4180-8661-0c1acafff682", "value": "3072:OP+xohMqHoN9kEfpUHkksrlDNFEf4L3IiLi4tjOQhfypRyJK15i:jxBqHoN9kE+Hkd9Niy4imqhfypTW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911548", "to_ids": false, "type": "size-in-bytes", "uuid": "67eb6afb-78df-46be-b5fe-c004ed911067", "value": "204807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911548", "to_ids": true, "type": "filename", "uuid": "a6cf8cc7-611d-4694-bc1c-7b3706688ddf", "value": "DLL.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911569", "uuid": "bf2a7a73-bd74-49ca-b0ea-5cb5016c2cf1", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485967", "to_ids": true, "type": "md5", "uuid": "d5b78114-1c17-442d-988c-be66814021f6", "value": "d0d3efcff97ef59fe269c6ed5ebb06c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410407", "to_ids": true, "type": "sha1", "uuid": "844b1e1b-a91b-4bd4-b5cc-8ddc316cd58d", "value": "e6fb28356a436567a1053cae2e906b94ac981a5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410407", "to_ids": true, "type": "sha256", "uuid": "32de27e7-b21a-4046-8a26-3face843c741", "value": "20a418e0de5890e79c9a628eeebe1208244f5d90d12cf8124f4424c8720299ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410406", "to_ids": true, "type": "ssdeep", "uuid": "ad2950f3-9dda-4080-9cc3-3a3fe8ecb1fb", "value": "1536:q753CYUR1wmJkoSA53IXn85c5I9yHT0eRddOR/FnToIf2ryZuhPZ6m8gz:q0IC25afeDdY/tTBf2rPZ6m8+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410406", "to_ids": false, "type": "size-in-bytes", "uuid": "c28985d1-e1a1-4e91-91c6-4e92e6a3a379", "value": "103936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410406", "to_ids": true, "type": "vhash", "uuid": "2fa44f13-40e3-4172-8adf-933ce330d94f", "value": "115046656d5560f8z3c265z6035z20200151z50105124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410406", "to_ids": true, "type": "filename", "uuid": "006f4bdc-853c-4ede-8c26-19401b2c8b47", "value": "d0d3efcff97ef59fe269c6ed5ebb06c9.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410406", "to_ids": false, "type": "text", "uuid": "7133f52c-15ec-4f47-a3ba-e9dc8c449e91", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:59/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911569", "to_ids": false, "type": "text", "uuid": "b4962ec8-c772-4157-bb6e-19885de84953", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:62/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911569", "to_ids": true, "type": "ssdeep", "uuid": "8196ef61-ae13-4f88-a283-3aa1ec9e50b3", "value": "1536:q753CYUR1wmJkoSA53IXn85c5I9yHT0eRddOR/FnToIf2ryZuhPZ6m8gz:q0IC25afeDdY/tTBf2rPZ6m8+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911569", "to_ids": false, "type": "size-in-bytes", "uuid": "5a5be8cf-74ad-4e28-86d8-a7b17c734699", "value": "103936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911569", "to_ids": true, "type": "vhash", "uuid": "1c2bf0ab-1e2f-4968-9da4-73f7ef8c9ee2", "value": "115046656d5560f8z3c265z6035z20200151z50105124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911569", "to_ids": true, "type": "filename", "uuid": "67c50c20-74a3-41e5-baad-2c75c05702a5", "value": "d0d3efcff97ef59fe269c6ed5ebb06c9.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911591", "uuid": "24ee0462-87a5-4aae-b31d-e29dcc1eedd8", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741485989", "to_ids": true, "type": "md5", "uuid": "3b459a39-d711-4fab-adc6-1469f8fab8b4", "value": "ed6837f0e351aff09db3c8ee93fbcf06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410471", "to_ids": true, "type": "sha1", "uuid": "74ce1852-ae11-400a-bbd0-f1b7894bce02", "value": "9861b4bf6dc84a553b4c84de04262914b3453dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410471", "to_ids": true, "type": "sha256", "uuid": "3b5f7fd4-4f73-4661-9358-b1233e7f74ad", "value": "312dcfade140789f9f5ec30d66bfcb3614b4ec697c005b53db571c8bc8d90b91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410471", "to_ids": true, "type": "ssdeep", "uuid": "8835348d-2989-4170-b539-9a0b04e82ae8", "value": "1536:01Pk0NR1wAJuATVg65YYloLx5c5xpp+awXmGVNuR8FnToIf3srT5uDP56WSO:YJuATOEYg5xP3wXmyN48tTBfcra56WSO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410471", "to_ids": false, "type": "size-in-bytes", "uuid": "4276deae-fffd-4385-a7d5-d21fcab4b241", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410471", "to_ids": true, "type": "vhash", "uuid": "1b5421c5-ab8c-4685-a17e-c60814178852", "value": "115046656d1510f8z3c265z6035z20200151z50106124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410471", "to_ids": true, "type": "filename", "uuid": "59eb00ff-f36c-402e-bd02-2beaee271cf2", "value": "ed6837f0e351aff09db3c8ee93fbcf06.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410471", "to_ids": false, "type": "text", "uuid": "943ba5e2-a563-480d-b1a5-dbb6a66c135f", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911591", "to_ids": false, "type": "text", "uuid": "b6b5dbbb-1e09-4e04-a52f-76665ec0abc3", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:60/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911591", "to_ids": true, "type": "ssdeep", "uuid": "b9967e81-c202-4afe-b1e3-0f79e4e3f34f", "value": "1536:01Pk0NR1wAJuATVg65YYloLx5c5xpp+awXmGVNuR8FnToIf3srT5uDP56WSO:YJuATOEYg5xP3wXmyN48tTBfcra56WSO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911591", "to_ids": false, "type": "size-in-bytes", "uuid": "a6160ba5-64c8-4a9d-b3c6-664f1d21edb5", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911591", "to_ids": true, "type": "vhash", "uuid": "bbe5fc16-db06-43aa-a822-12fbfb8924ba", "value": "115046656d1510f8z3c265z6035z20200151z50106124z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911591", "to_ids": true, "type": "filename", "uuid": "aae8132d-c1ca-415b-a094-21e51fa14cbf", "value": "ed6837f0e351aff09db3c8ee93fbcf06.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741911612", "uuid": "052f6d35-6277-44e3-8355-f19212512470", "Attribute": [ { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741486010", "to_ids": true, "type": "md5", "uuid": "f9c7f56b-2595-44ed-a61f-2b5d00193e24", "value": "feb49021233524bd64eb6ce37359c425", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741410514", "to_ids": true, "type": "sha1", "uuid": "adb4a48d-3141-446f-a283-de94362d58d4", "value": "c9589bfc35950fd3d46f582ca428c987d819e27d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FatalRAT final payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741410515", "to_ids": true, "type": "sha256", "uuid": "f3b9fc07-1fb0-4f47-a8d5-85cc92628965", "value": "013a681ff8c09b5fab6218f4aa493627652c9ec7c6ba88291980b6e00e151201", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741410514", "to_ids": true, "type": "ssdeep", "uuid": "b65b60bc-d477-4b59-ac5d-90a16319f301", "value": "3072:ZKIloRj5k4WvRcdqFfn7N1HGXyyf/dBWrr4IHtTBf9av9wPZ6frb:EKaj5k1NFf7N1HGXyyN0IIHtTB41wPQD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741410514", "to_ids": false, "type": "size-in-bytes", "uuid": "a87ae716-96b3-4c30-9dcc-22fb4569b3c9", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741410514", "to_ids": true, "type": "vhash", "uuid": "be1ae417-d5b2-4f82-8dc7-4c8b498af36d", "value": "115046656d5560f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741410514", "to_ids": true, "type": "filename", "uuid": "9278e2ba-b353-40b4-902a-46ae131e6296", "value": "feb49021233524bd64eb6ce37359c425.virus" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741410514", "to_ids": false, "type": "text", "uuid": "9ee05ae7-8539-4f69-ba55-0d77ba93772e", "value": "FatalRAT final payload\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:57/72" }, { "category": "Other", "comment": "Checked: 14/03/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741911612", "to_ids": false, "type": "text", "uuid": "70ba63f5-bdf2-4309-995d-a88c7133a835", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:MSIL/Zegost.GG!MTB\nVT Total Detection:59/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741911612", "to_ids": true, "type": "ssdeep", "uuid": "c7343390-d861-4abc-841a-0d04a9da2f1e", "value": "3072:ZKIloRj5k4WvRcdqFfn7N1HGXyyf/dBWrr4IHtTBf9av9wPZ6frb:EKaj5k1NFf7N1HGXyyN0IIHtTB41wPQD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741911612", "to_ids": false, "type": "size-in-bytes", "uuid": "5e5ddae6-38ea-4845-abac-5d3d0985d02c", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741911612", "to_ids": true, "type": "vhash", "uuid": "c9924301-88b6-4791-b2c6-1ba2f87a67f3", "value": "115046656d5560f8z482c5z6035z20200151z501061b4z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741911612", "to_ids": true, "type": "filename", "uuid": "1589eadb-f436-4113-b982-f3ea1ea6d0d0", "value": "feb49021233524bd64eb6ce37359c425.virus" } ] } ] } }