{ "Event": { "analysis": "2", "date": "2018-02-20", "extends_uuid": "", "info": "[Threat Intel] A Slice of 2017 Sofacy Activity", "protected": false, "publish_timestamp": "1780039833", "published": true, "threat_level_id": "1", "timestamp": "1772901981", "uuid": "8b442a0f-02e2-4f4a-a9f3-961ebfd751ae", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Zebrocy (AutoIT)\"", "relationship_type": "" }, { "colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": "" }, { "colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#20962d", "local": false, "name": "misp-galaxy:target-information=\"Finland\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": "" }, { "colour": "#72ab92", "local": false, "name": "misp-galaxy:target-information=\"Lithuania\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#d9dfae", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": "" }, { "colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": "" }, { "colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": "" }, { "colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Engineering\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"NGO\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740396557", "to_ids": false, "type": "link", "uuid": "ff905230-500d-4b2a-aad1-f8db0363b65c", "value": "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507165", "to_ids": true, "type": "md5", "uuid": "1f306db5-b298-4f9d-a493-074e3d0f87dc", "value": "8f9f697aa6697acee70336f66f295837", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507169", "to_ids": true, "type": "md5", "uuid": "063b6143-df04-46ba-b4fd-c32372b28644", "value": "1a4b9a6b321da199aa6d10180e889313", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507174", "to_ids": true, "type": "md5", "uuid": "6ea71502-4367-47c8-b4a2-c80c06a971ad", "value": "57601d717fcf358220340675f8d63c8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507181", "to_ids": true, "type": "md5", "uuid": "5568b19b-ad5a-451c-8d8c-916c647f50fe", "value": "85cd38f9e2c9397a18013a8921841a04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507191", "to_ids": true, "type": "md5", "uuid": "efcdf824-9ab8-44de-84aa-6cd5ebf71d46", "value": "aa2aac4606405d61c7e53140d35d7671", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507195", "to_ids": true, "type": "md5", "uuid": "3877742a-85cf-4497-942c-4ee08700f248", "value": "16e1ca26bc66e30bfa52f8a08846613d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507199", "to_ids": true, "type": "md5", "uuid": "02c42a9c-596a-4b6e-aa80-a312c97b0d24", "value": "237e6dcbc6af50ef5f5211818522c463", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507202", "to_ids": true, "type": "md5", "uuid": "0b12cc90-e69c-4f7b-a452-ae4eb8277943", "value": "b6f77273cbde76896a36e32b0c0540e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507204", "to_ids": true, "type": "md5", "uuid": "85fa770d-c057-424e-87cf-7d2192742dad", "value": "139c9ac0776804714ebe8b8d35a04641", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507207", "to_ids": true, "type": "md5", "uuid": "dbb0c8ab-5497-4c88-a3fd-6f34182fa21b", "value": "9a975e0ddd32c0deef1318c485358b20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507216", "to_ids": true, "type": "md5", "uuid": "e0f08cda-9dc9-40af-8c26-6ff6580bf62f", "value": "529424eae07677834a770aaa431e6c54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507225", "to_ids": true, "type": "md5", "uuid": "ba20509b-67b7-4b71-8227-20d13c2c4bf4", "value": "4cafde8fa7d9e67194d4edd4f2adb92b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746507230", "to_ids": true, "type": "md5", "uuid": "3c849e01-5c9a-4f55-876c-1cde14d5745a", "value": "86b607fe63c76b3d808f84969cb1a781", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507452", "to_ids": true, "type": "domain", "uuid": "00f08030-5702-4978-b26f-5369974ae718", "value": "nethostnet.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507473", "to_ids": true, "type": "domain", "uuid": "f381bdc2-a841-4554-b0ea-ac6d1856ca36", "value": "hostsvcnet.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507494", "to_ids": true, "type": "domain", "uuid": "a9a1f145-62cb-449c-8818-528470bebc12", "value": "etcrem.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507515", "to_ids": true, "type": "domain", "uuid": "df228e76-4076-482a-8d61-b43a7556e242", "value": "movieultimate.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507536", "to_ids": true, "type": "domain", "uuid": "d614c8e4-2b14-40d2-ba15-7a11be8d4b39", "value": "newfilmts.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507557", "to_ids": true, "type": "domain", "uuid": "e36a7ae5-b15a-4903-8a0c-f4d8e5a3b7e0", "value": "fastdataexchange.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507579", "to_ids": true, "type": "domain", "uuid": "998f8c89-4735-476d-92fc-408e0edb60e4", "value": "liveweatherview.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507600", "to_ids": true, "type": "domain", "uuid": "92416ca2-0dd7-44ca-b996-2ad3aa91ecec", "value": "analyticsbar.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507622", "to_ids": true, "type": "domain", "uuid": "1e1afcb2-1b70-427a-8841-30c5d3c9dba0", "value": "analyticstest.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507643", "to_ids": true, "type": "domain", "uuid": "3123cfa2-5dcc-4330-a06a-36d58599a6d4", "value": "lifeofmentalservice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507664", "to_ids": true, "type": "domain", "uuid": "5bd658f1-80e2-4a9a-905b-8b68a118601f", "value": "meteost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507685", "to_ids": true, "type": "domain", "uuid": "8126e972-c62e-4355-9c7a-a287884d0c89", "value": "righttopregnantpower.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507706", "to_ids": true, "type": "domain", "uuid": "27504e14-48a9-4195-bce8-4fcb3c3a718a", "value": "kiteim.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507727", "to_ids": true, "type": "domain", "uuid": "fbe6a773-1cc5-4b4e-a7e2-1241ddf3bdb8", "value": "adobe-flash-updates.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507748", "to_ids": true, "type": "domain", "uuid": "91f1bd43-8e95-4489-8fe0-fb63a1d42c0a", "value": "generalsecurityscan.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507769", "to_ids": true, "type": "domain", "uuid": "c89f3c08-4094-48c0-8b92-3794fc3c5ddc", "value": "globalresearching.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507791", "to_ids": true, "type": "domain", "uuid": "74d10a1a-68a2-4dc2-a959-861bed4f64f4", "value": "lvueton.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507812", "to_ids": true, "type": "domain", "uuid": "320b6be4-a3bd-458b-a194-c1753ecd72bb", "value": "audiwheel.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507833", "to_ids": true, "type": "domain", "uuid": "cdad7beb-2740-43b8-849d-c70fa7b88194", "value": "online-reggi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507854", "to_ids": true, "type": "domain", "uuid": "e3d64055-cb63-43f5-8d81-f46b62f0093f", "value": "fsportal.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507875", "to_ids": true, "type": "domain", "uuid": "e714ab60-4390-4bed-96bc-028236bb92ee", "value": "netcorpscanprotect.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507896", "to_ids": true, "type": "domain", "uuid": "ac48a450-5268-4f33-afe3-21d118b597ee", "value": "mvband.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507917", "to_ids": true, "type": "domain", "uuid": "bf747999-1483-4b68-91bc-d63c4796be29", "value": "mvtband.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507938", "to_ids": true, "type": "domain", "uuid": "636eeef2-d5e2-4a71-864f-0906d6cd9dba", "value": "viters.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507959", "to_ids": true, "type": "domain", "uuid": "492eeb28-fdec-4b24-85bd-14edefe8887b", "value": "treepastwillingmoment.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746507980", "to_ids": true, "type": "domain", "uuid": "bb12f132-eda1-4cb5-9ce4-02ed35667df1", "value": "sendmevideo.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508001", "to_ids": true, "type": "domain", "uuid": "a3ecd949-65f5-422c-9f63-6ce278a4b82f", "value": "satellitedeluxpanorama.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508023", "to_ids": true, "type": "domain", "uuid": "2dad8abf-b2cb-4960-a8d7-417d1d954003", "value": "ppcodecs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508044", "to_ids": true, "type": "domain", "uuid": "9f9bd8fd-6140-467d-b0be-b036fd11db2e", "value": "encoder-info.tk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508065", "to_ids": true, "type": "domain", "uuid": "3f86da0b-7efb-4324-938b-2ac5de32f1bb", "value": "wmdmediacodecs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508086", "to_ids": true, "type": "domain", "uuid": "dda86b58-6265-43e0-a995-7e68a539a691", "value": "postlkwarn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508107", "to_ids": true, "type": "domain", "uuid": "dca1dc33-3f6f-4ef2-b302-c38a9336255d", "value": "shcserv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508128", "to_ids": true, "type": "domain", "uuid": "cfc076c1-7671-4d27-8b9e-8a73de9401cd", "value": "versiontask.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508149", "to_ids": true, "type": "domain", "uuid": "84212cc8-8e74-4c55-9178-8e5a6fdb37fd", "value": "webcdelivery.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508170", "to_ids": true, "type": "domain", "uuid": "bef776bb-0b2d-4748-9fba-dd99410adc5a", "value": "miropc.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508191", "to_ids": true, "type": "domain", "uuid": "9b358429-1299-49f4-863a-116d37ce59f9", "value": "securityprotectingcorp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508212", "to_ids": true, "type": "domain", "uuid": "d874c07b-411d-4e15-9661-a249f39b407d", "value": "uniquecorpind.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508233", "to_ids": true, "type": "domain", "uuid": "f7fc22c2-ff64-45e4-984f-b5dfe7fa62d3", "value": "appexsrv.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746508254", "to_ids": true, "type": "domain", "uuid": "b3cc4e8b-56d7-4c8b-ab85-4f99b4ee6b99", "value": "adobeupgradeflash.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508275", "uuid": "ead8508c-8445-45cb-b22b-5d9b81f96629", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508275", "to_ids": true, "type": "md5", "uuid": "1b59683d-a6b9-45cb-924a-bb60cae1c532", "value": "842454b48f5f800029946b1555fba7fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505048", "to_ids": true, "type": "sha1", "uuid": "ee7a1d5d-39f2-42be-8a5d-5db129751dc5", "value": "7672749796e3fbbdd9ad5f4d806e3e84ccab4ee8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505048", "to_ids": true, "type": "sha256", "uuid": "96fe9add-1ca4-49a6-9b12-3d12923481ea", "value": "8af8c97f90b1c3c84d33af94b52d336a7b3668870a73af2cbcce7cda195cbaab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505047", "to_ids": true, "type": "ssdeep", "uuid": "eb4486b7-4f1b-45d4-a24f-6e8d9c0d8818", "value": "6144:E21appxPC1GCbvSqKmuNTjYaQqLo8PjzeyC5:E2iY1GCbvHKmu/zW5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505047", "to_ids": false, "type": "size-in-bytes", "uuid": "c1380533-781b-45af-aefd-976853226f0c", "value": "335872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505047", "to_ids": true, "type": "vhash", "uuid": "4d39bff5-9c82-42e2-bb35-49dab2d11d12", "value": "135066655d1555151098z617z1077z21z31z61z26z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505047", "to_ids": true, "type": "filename", "uuid": "2c3f35e4-f6fc-4c03-aa82-7a7559544a9a", "value": "adruncfm.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505047", "to_ids": false, "type": "text", "uuid": "79b32cf0-3b7c-4bb0-952f-f5693bc67584", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:37/72\nFirst Submission:2024-06-24T20:40:06.000000+00:00\nLast Submission:2024-06-24T20:40:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508297", "uuid": "7b233719-39b1-4108-b511-68adeb6f0853", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508297", "to_ids": true, "type": "md5", "uuid": "20afe2cb-1e65-4ce3-afba-16718a23d78c", "value": "d4a5d44184333442f5015699c2b8af28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505069", "to_ids": true, "type": "sha1", "uuid": "2d89bc4b-ad61-4694-9025-644b17bd47fc", "value": "fec29b4f4dccc59770c65c128dfe4564d7c13d33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505069", "to_ids": true, "type": "sha256", "uuid": "507f9561-fd28-4394-8882-13db87149ec5", "value": "82fc44696d1c5ddfdd5338fcafb6a9dcf7a0796235cd58184d05a2f388ed7e9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505068", "to_ids": true, "type": "ssdeep", "uuid": "bebc22f1-8acb-49d8-883f-d4b6ac1f4564", "value": "6144:321PpCXvSl6Oo3J6NNT2i7J203PejjlluDwGJie:32nCX6l6OoZ6NEXwDwGce" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505068", "to_ids": false, "type": "size-in-bytes", "uuid": "8abd1109-9954-4c37-b054-e92cc671324d", "value": "335360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505068", "to_ids": true, "type": "vhash", "uuid": "fd46b6d0-24ef-446a-8860-f21e073f7e4d", "value": "135066655d1555151098z617z1077z21z31z61z26z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505068", "to_ids": true, "type": "filename", "uuid": "1ca0a159-8d4c-4fba-b2ad-43cccb76791a", "value": "mmdivx.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 20/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505068", "to_ids": false, "type": "text", "uuid": "a8dc4fca-8ceb-435a-9811-672feeaec378", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.C82\nVT Total Detection:55/73\nFirst Submission:2017-07-13T13:52:06.000000+00:00\nLast Submission:2024-05-23T08:27:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508318", "uuid": "628e2323-05aa-492d-945f-640e51edad32", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508318", "to_ids": true, "type": "md5", "uuid": "d322ed64-d09f-4c1a-8a3d-3fee0990b2cd", "value": "1421419d1be31f1f9ea60e8ed87277db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505090", "to_ids": true, "type": "sha1", "uuid": "655a06b8-5c73-4c44-b4bd-7148de026a09", "value": "f9fd3f1d8da4ffd6a494228b934549d09e3c59d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505090", "to_ids": true, "type": "sha256", "uuid": "e72cefac-514b-4845-ab09-da6d4653974c", "value": "8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505090", "to_ids": true, "type": "ssdeep", "uuid": "85d35a67-2658-4198-a4fa-f139cd951677", "value": "768:VAGqIPXBLp19Evz7SxN4+9tvpG/VBpTOmyx:VAGqIPRLZfN4m6BpTOlx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505090", "to_ids": false, "type": "size-in-bytes", "uuid": "85cff429-7faa-4fc7-9503-da41cc24908c", "value": "30208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505090", "to_ids": true, "type": "vhash", "uuid": "cb418a6a-5c47-437a-a3ee-ffcad8221bab", "value": "134056655d05155053z22z327z17z103010a1z91z46z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505090", "to_ids": true, "type": "filename", "uuid": "997fc471-6cc8-42f3-b2ad-90bf0cbe8ea9", "value": "mvtband.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 29/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505090", "to_ids": false, "type": "text", "uuid": "ea3fb0c1-2db9-4bad-b06a-e3f38783a228", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Foosace.M!dha\nVT Total Detection:64/73\nFirst Submission:2017-07-17T21:56:47.000000+00:00\nLast Submission:2024-07-16T07:45:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508338", "uuid": "58d8f906-1d8b-4d04-9c78-166d7ffbed49", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508338", "to_ids": true, "type": "md5", "uuid": "fecba734-7da8-4e71-8a5d-edf25106052f", "value": "b1d1a2c64474d2f6e7a5db71ccbafa31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505111", "to_ids": true, "type": "sha1", "uuid": "91c9b6e7-5687-4425-a104-afeffdc9ede0", "value": "91d8e6f993e8b294924811df052e96cbec0545ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505111", "to_ids": true, "type": "sha256", "uuid": "0ee0f2c3-fa73-4858-8009-3ba40ccbd506", "value": "58b223f74992f371cab8f1df7c03b9b66f2ea9e3c9e22122898a9be62a05c0b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505111", "to_ids": true, "type": "ssdeep", "uuid": "d709e775-af53-49d4-a396-a5e6059c13cc", "value": "768:8DNt/iTHsUOeDhlBkk7UEDhVn7CIxdy8VY+MLG8WrbEFv6aqwlVa+hNoiL0Kp4Vw:8hITMGF3kWR7CJ8V8OrbS5wKpSg73Pr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505111", "to_ids": false, "type": "size-in-bytes", "uuid": "d65de157-318c-4005-ad03-2439c473d1d3", "value": "70656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505111", "to_ids": true, "type": "vhash", "uuid": "c2335b4f-0aed-4932-9e1f-919f5fdf3f0a", "value": "174056655d65551028z3a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505111", "to_ids": true, "type": "filename", "uuid": "b0ace56f-7d8a-4985-9f8a-75e7f71d916f", "value": "test" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505111", "to_ids": false, "type": "text", "uuid": "eb671358-c211-4e35-ba83-60dd90c5d800", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/CryptInject\nVT Total Detection:58/72\nFirst Submission:2017-07-17T21:56:43.000000+00:00\nLast Submission:2024-05-23T08:09:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508359", "uuid": "151a6478-d9b0-4b11-87e2-6fb513c44389", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508359", "to_ids": true, "type": "md5", "uuid": "0eda9c1e-7316-4da7-8f27-0ce1aec818e6", "value": "953c7321c4959655fdd53302550ce02d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505132", "to_ids": true, "type": "sha1", "uuid": "7a08973f-bd84-44ce-99e5-79fa4f1a1d14", "value": "ccb907f3ce245b3ca49e922d97fb7e9ed98ae1bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505133", "to_ids": true, "type": "sha256", "uuid": "3687edff-aaa6-4f3c-89fb-da130255aa19", "value": "e5d5a6fa74c229d81cb64781556b61ed0148c50c089ea638e7761bf97fe46d40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505132", "to_ids": true, "type": "ssdeep", "uuid": "02d0d6e0-37a6-47e7-8d52-477c655c477a", "value": "6144:emoPKRTWLdqtCEmkj3p2TR0b0cPxon9nEnDqWnTnvnYnFnSnCTy:emDW8tCEtbp1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505132", "to_ids": false, "type": "size-in-bytes", "uuid": "0ce94710-3440-4b87-a321-90abcabed896", "value": "333312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505132", "to_ids": true, "type": "vhash", "uuid": "43d57ffb-752b-454a-8573-62bcefc0b397", "value": "135066655d1555151098z5fnz35z26z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505132", "to_ids": true, "type": "filename", "uuid": "50acf0d0-22de-4ca2-8d4e-eb45d68347fd", "value": "ccfm.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505132", "to_ids": false, "type": "text", "uuid": "2427ea22-c952-4d4b-8cd5-ce15dc02544c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:55/74\nFirst Submission:2018-02-20T17:48:52.000000+00:00\nLast Submission:2024-05-23T09:20:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508381", "uuid": "a75d2575-158f-471c-8148-2b72cba8f898", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508381", "to_ids": true, "type": "md5", "uuid": "b7ac463d-2fcc-4a89-97b3-2b4e9cef379e", "value": "02b79c468c38c4312429a499fa4f6c81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505175", "to_ids": true, "type": "sha1", "uuid": "af127026-0271-4b6f-9a1c-a301829b8dbd", "value": "57d7f3d31c491f8aef4665ca4dd905c3c8a98795", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505175", "to_ids": true, "type": "sha256", "uuid": "0b647385-fa8f-488d-be67-e67011de9f02", "value": "8646a5330f516adce0c05ad019cf041cf79c1ca069048c3f8db94dcbdb00c408", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505175", "to_ids": true, "type": "ssdeep", "uuid": "a1d969bd-2332-4d27-8dac-deb1d3e79244", "value": "6144:9Cd9KlXymjpbO4pvmMHuaT3zybcutjORez0hANl1Rb8BsiC+MA:9CHTmj1O4plHuI+AAIANl1Rb8Bd9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505175", "to_ids": false, "type": "size-in-bytes", "uuid": "9fb71d05-b591-4361-9dcc-f4433dd41c80", "value": "337920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505175", "to_ids": true, "type": "vhash", "uuid": "baa2800e-47ae-433f-bbdd-79a40401c913", "value": "135066655d1555151088z5b9z7bz35z26z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505175", "to_ids": true, "type": "filename", "uuid": "d921acc2-4e3a-4080-9683-feb78179d871", "value": "ccfm.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505175", "to_ids": false, "type": "text", "uuid": "38b5e52d-ca25-440e-bdb7-b587fb1c7f18", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:54/74\nFirst Submission:2017-10-18T13:39:09.000000+00:00\nLast Submission:2024-05-23T08:27:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508401", "uuid": "7b9cdc96-b90f-4906-86d4-67c9a90bc5a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508401", "to_ids": true, "type": "md5", "uuid": "e1e04ee8-d0a7-4130-98ba-e09310314c88", "value": "f8e92d8b5488ea76c40601c8f1a08790", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505218", "to_ids": true, "type": "sha1", "uuid": "db20ef49-21a8-4d57-b566-0a0e736dc18d", "value": "d5235d136cfcadbef431eea7253d80bde414db9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505218", "to_ids": true, "type": "sha256", "uuid": "d38dec10-310e-4217-9ddb-8b3b1df58a6c", "value": "91acb0d56771af0196e34ac95194b3d0bf3200bc5f6208caf3a91286958876f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505217", "to_ids": true, "type": "ssdeep", "uuid": "06ce249f-368e-4cc7-84eb-16f77450baaa", "value": "6144:x9xUBwNi8X0Dv0xrIb0f59TRkjj3siJwXT5:/xUYi8X0DvSHQZaF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505217", "to_ids": false, "type": "size-in-bytes", "uuid": "a9abb8a0-ef9e-466f-83b6-0c65f63d1c1c", "value": "268950" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505217", "to_ids": true, "type": "vhash", "uuid": "e602db6b-eb5e-4bc7-9bae-767bf58b4c07", "value": "d860873113f81dfd8bdf8c3c47c3455e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505217", "to_ids": true, "type": "filename", "uuid": "dbc4bb6e-17a6-49cb-bd2d-e76cd4c8b420", "value": "91acb0d56771af0196e34ac95194b3d0bf3200bc5f6208caf3a91286958876f9.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505217", "to_ids": false, "type": "text", "uuid": "b36e8edc-36e3-44e5-8506-3c7af174fc82", "value": "Type Description: Office Open XML Document\nMicrosoft: Ransom:Win32/CVE\nVT Total Detection:40/66\nFirst Submission:2017-04-18T13:41:44.000000+00:00\nLast Submission:2024-12-02T19:24:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508422", "uuid": "7c01a695-8e7d-4852-b128-3b70390431e8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508422", "to_ids": true, "type": "md5", "uuid": "bb7cb019-5bc1-43b0-99f1-db8a9be78ce7", "value": "66b4fb539806ce27be184b6735584339", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505240", "to_ids": true, "type": "sha1", "uuid": "e1fa6625-bdb0-4024-b7b9-c13c7d381130", "value": "51ae516792570bcd069a657c27859cd3fdc07d00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505240", "to_ids": true, "type": "sha256", "uuid": "86e3eede-1c5e-4def-82fb-fc4b15e5d883", "value": "11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505239", "to_ids": true, "type": "ssdeep", "uuid": "dd21f95b-006f-49eb-bb09-f2500df58b57", "value": "12288:ejB22NVDHZckwuqvnaD9Stpba+BN1qfWmQxL5zFvgHGx/+01qKkcskyWC/:U2QHZcXlva5abXBafWmQxLtdjRkcskg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505239", "to_ids": false, "type": "size-in-bytes", "uuid": "4f2a6420-2c91-4aba-bf9a-ed0b92a4c666", "value": "784896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505239", "to_ids": true, "type": "vhash", "uuid": "5c426f2d-e32b-40f1-b241-7bbfa3c01908", "value": "075096666d5c0d5c0515603142z41002c1z25z35z23z50301bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505239", "to_ids": true, "type": "filename", "uuid": "5c6c5f9a-7f8f-4a90-916a-9ce53a8cde73", "value": "test" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 20/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505239", "to_ids": false, "type": "text", "uuid": "a98a4f39-ed2f-4da3-b206-28bf101c63e8", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Zebrocy\nVT Total Detection:60/73\nFirst Submission:2017-08-30T09:39:54.000000+00:00\nLast Submission:2024-05-23T06:53:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508443", "uuid": "dbd5e21f-2405-472f-b141-8b4c198cecbf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508443", "to_ids": true, "type": "md5", "uuid": "4325e26b-7208-4e5d-87be-901388fba78c", "value": "e8e1fcf757fe06be13bead43eaa1338c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505262", "to_ids": true, "type": "sha1", "uuid": "8a7d12e9-fba2-465a-b59b-31a11cfd3385", "value": "7a976e6b79c78d0bdc2140f7a0aab45ccc848c0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505263", "to_ids": true, "type": "sha256", "uuid": "23714c38-9f77-4aa2-8920-1247ee6609c0", "value": "dea3a99388e9c962de9ea1008ff35bc2dc66f67a911451e7b501183e360bb95e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505262", "to_ids": true, "type": "ssdeep", "uuid": "f73e6564-d041-46e1-8f2d-003c987eabb4", "value": "6144:bRGF50eRU9YdT/d05hAhTpYJbKIAtoSmsXh0jo1O50zbp0Z0jo58m:bRY0sUKdba5hAHiZZom" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505262", "to_ids": false, "type": "size-in-bytes", "uuid": "be0d53ed-b104-4140-8a5c-84da53d8dd2b", "value": "331776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505262", "to_ids": true, "type": "vhash", "uuid": "a8793d7e-e7bb-464e-80b5-7c05af5d663f", "value": "035066655d1555151098z5dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505262", "to_ids": true, "type": "filename", "uuid": "e43bc099-d250-4f76-9f88-442d7dae1937", "value": "ctlnetw.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505262", "to_ids": false, "type": "text", "uuid": "82b84b65-277a-45c3-bc43-6be85c7d9e68", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/Sednit\nVT Total Detection:61/72\nFirst Submission:2018-11-09T15:13:56.000000+00:00\nLast Submission:2025-03-12T19:11:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508464", "uuid": "308eb858-ae80-4da9-8998-7062c447ce9e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508464", "to_ids": true, "type": "md5", "uuid": "853fbde2-2008-42a5-9235-5796dcb6195c", "value": "b137c809e3bf11f2f5d867a6f4215f95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505326", "to_ids": true, "type": "sha1", "uuid": "0ed7a4e6-59c1-431d-8f12-61475e970039", "value": "18b7dd3917231d7bae93c11f915e9702aa5d1bbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505326", "to_ids": true, "type": "sha256", "uuid": "832da52b-3faa-44e6-b8a7-d2cc2c8178d2", "value": "2e75deac828111d224c2e6f08662a25e6ccf1c2b7aa938d8d35ae08560ae278a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505325", "to_ids": true, "type": "ssdeep", "uuid": "b828f17f-b8f5-4163-93cc-75a023ce8cb7", "value": "12288:yrIceYltqoNXZIE4qEndJd6kzU4FNCsOkitIbY181QIQ460OwgsjnyY2ELnTVlox:XQMn+Et0L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505325", "to_ids": false, "type": "size-in-bytes", "uuid": "0f161de2-8c75-4a28-a21a-b89bf29b3ded", "value": "694882" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505325", "to_ids": true, "type": "filename", "uuid": "03d05109-9473-4d63-8ae1-1d90f8367555", "value": "image1.eps" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505325", "to_ids": false, "type": "text", "uuid": "440a56cd-ae3e-4fcc-9be3-9dc20aa6088c", "value": "Type Description: PostScript\nMicrosoft: Exploit:O97M/Epsy!rfn\nVT Total Detection:34/61\nFirst Submission:2017-04-18T16:56:32.000000+00:00\nLast Submission:2025-02-04T15:03:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508485", "uuid": "60fce656-40a2-4d3a-a872-4499e9dd1d75", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508485", "to_ids": true, "type": "md5", "uuid": "d4e8a1d4-387a-4864-89b8-c17cdef8095a", "value": "88009adca35560810ec220544e4fb6aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505368", "to_ids": true, "type": "sha1", "uuid": "a766b334-56dc-4474-a698-666f02a3017e", "value": "e8370b8f4d54bf7af1c24121c26c519853af52af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505368", "to_ids": true, "type": "sha256", "uuid": "7c3bfe80-d28f-423a-8bc2-ae5b542d223b", "value": "588428bc9e00c26057af8ed6894255ca4b59a8a9b7ebb3d09c9406ff736c9454", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505368", "to_ids": true, "type": "ssdeep", "uuid": "0b0a755a-4075-4616-80ab-d6be2b3978cb", "value": "192:KA5JTHq8BU6SfsVeHW8k88EYvyn/dnvtg:KwJj29fsOC8dY2n1g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505368", "to_ids": false, "type": "size-in-bytes", "uuid": "6d4ad36f-529a-4b8d-aa4d-5c04a94b2be4", "value": "9216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505368", "to_ids": true, "type": "vhash", "uuid": "7127c9f5-e496-4db0-ba91-2455a119a52b", "value": "193046555d151az153z3gz16ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505368", "to_ids": true, "type": "filename", "uuid": "a9718395-a8bf-407e-a769-0f1d75f64c8b", "value": "2.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505368", "to_ids": false, "type": "text", "uuid": "536ed5f6-f3a0-4d89-849d-95bf1f5ff99e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Vigorf.A\nVT Total Detection:60/72\nFirst Submission:2017-04-26T18:43:38.000000+00:00\nLast Submission:2024-05-23T08:09:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508506", "uuid": "d049d080-d5b7-44b0-897e-f0b2742d0da7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508506", "to_ids": true, "type": "md5", "uuid": "5348f5d9-aa57-4594-971d-780a81177bd5", "value": "2163a33330ae5786d3e984db09b2d9d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505389", "to_ids": true, "type": "sha1", "uuid": "fb977a79-c4e8-4a86-8ead-dfbebea3273e", "value": "e338d49c270baf64363879e5eecb8fa6bdde8ad9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505389", "to_ids": true, "type": "sha256", "uuid": "82a65adf-ff53-4467-a67c-bf4c3e2449b5", "value": "c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505389", "to_ids": true, "type": "ssdeep", "uuid": "69fb0608-2f3d-4567-a0ff-56e5a2d2a7ee", "value": "768:HFqHeWeDIEwLrizK28yAttO0gsw6vhusw:HceWeDIjLn28yslw65pw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505389", "to_ids": false, "type": "size-in-bytes", "uuid": "a8bcf7ec-1395-475d-81dd-4f633ab1f2bd", "value": "30720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505389", "to_ids": true, "type": "vhash", "uuid": "c30e00a2-fecf-4c2f-803e-9c42e2eb3396", "value": "134056655d05155053z22z337z17z10301071z91z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505389", "to_ids": true, "type": "filename", "uuid": "caa5f391-c9d5-4a95-8694-817ffb13f811", "value": "apisecconnect.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505389", "to_ids": false, "type": "text", "uuid": "75dcae7f-464b-4788-866a-beaf54e68dd6", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Foosace.M!dha\nVT Total Detection:61/73\nFirst Submission:2017-05-10T07:29:06.000000+00:00\nLast Submission:2024-05-23T09:02:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508527", "uuid": "8b2fccbc-4612-448b-a6dc-a06084ff021a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508527", "to_ids": true, "type": "md5", "uuid": "02419da3-c0ad-42b1-a2ac-02705f029462", "value": "b88633376fbb144971dcb503f72fd192", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505411", "to_ids": true, "type": "sha1", "uuid": "933fd010-ab34-4b96-8603-580b0c5ef631", "value": "e19f753e514f6adec8f81bcdefb9117979e69627", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505411", "to_ids": true, "type": "sha256", "uuid": "96700c16-beff-4723-90df-a6f1a1978edc", "value": "c7661b27a06a3a8c471fbb060ab8cab25fa9546e0a4c5c1101fe8098b2ad11e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505410", "to_ids": true, "type": "ssdeep", "uuid": "5f740e00-152f-42cc-b1ff-1b038527af26", "value": "6144:URGF5jAJk4Zi4DuFG/SvhTpOlEre3gF6rmsfv8m:URgjukh4Ko/Sv+Lrq9m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505410", "to_ids": false, "type": "size-in-bytes", "uuid": "41e5f08c-ac99-440b-99db-35fc1461dcbb", "value": "331776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505410", "to_ids": true, "type": "vhash", "uuid": "511e5c22-bf81-4c27-b75e-edaad06b2083", "value": "035066655d1555151098z5dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505410", "to_ids": true, "type": "filename", "uuid": "52a9f78e-0401-40a6-a72c-52a68c49fba2", "value": "defupd.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505410", "to_ids": false, "type": "text", "uuid": "ed89c2c7-a778-47c7-b0f8-85c9ee1fb880", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:59/73\nFirst Submission:2017-11-03T08:08:39.000000+00:00\nLast Submission:2024-05-23T09:02:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508548", "uuid": "a2ec4e9c-4d77-406f-ae00-94062ca61916", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508548", "to_ids": true, "type": "md5", "uuid": "d88a5f1f-9bd0-4e06-bd5c-684db89e6930", "value": "9b10685b774a783eabfecdb6119a8aa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505453", "to_ids": true, "type": "sha1", "uuid": "af3730ee-b1fb-4155-aa33-3781fa7f50a7", "value": "f293a2bfb728060c54efeeb03c5323893b5c80df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505453", "to_ids": true, "type": "sha256", "uuid": "02637196-2f52-4cb7-a427-008eecb5c269", "value": "a4a455db9f297e2b9fe99d63c9d31e827efb2cda65be445625fa64f4fce7f797", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505452", "to_ids": true, "type": "ssdeep", "uuid": "23cd4ce5-885e-4c03-9154-aa5cf889836c", "value": "1536:009J0E4v13p/gL7Jj4P9bvzKGXpIiUvh23oKRO/HhcKmFoR:fb4v13pYL7J49bvr5Iias32Jc5FoR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505452", "to_ids": false, "type": "size-in-bytes", "uuid": "3799fbff-37f4-42d1-b503-870c1d75a935", "value": "78600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505452", "to_ids": true, "type": "vhash", "uuid": "21853e62-ecda-4304-98a9-945d17d6b37b", "value": "d7f55d30cecfb4c2ae01d152598970ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505452", "to_ids": true, "type": "filename", "uuid": "8a31c738-92a7-43e0-9ceb-d6951821eb1d", "value": "APT28Hospital.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505452", "to_ids": false, "type": "text", "uuid": "aba8f3cb-d5cc-404e-8f73-3708a9ca3864", "value": "Type Description: Office Open XML Document\nMicrosoft: Trojan:Win32/Bluteal!rfn\nVT Total Detection:49/67\nFirst Submission:2017-07-17T16:40:10.000000+00:00\nLast Submission:2024-11-06T10:04:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508569", "uuid": "3ed32737-a56b-4eef-9af2-10df6a930006", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508569", "to_ids": true, "type": "md5", "uuid": "2b920909-eb88-4d72-968d-87fd7f0ab75f", "value": "aa34fb2e5849bff4144a1c98a8158970", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505474", "to_ids": true, "type": "sha1", "uuid": "9699cd42-51a0-4159-86ec-6b0add2a16c3", "value": "faef1d1dc5ec2b059782d3cef7f250a386411038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505474", "to_ids": true, "type": "sha256", "uuid": "218121d6-a1ba-4793-9e6b-9b895c148046", "value": "5ca7f15275bf8a8109cd61d90f91bfef776b760d5b3292afd23900b9256145e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505474", "to_ids": true, "type": "ssdeep", "uuid": "eeee7aaa-babe-46d2-bb65-967d5ce902dd", "value": "768:NDNt/iTHsUOeDhlBkk7UEDhVn7CIxdyMfY+C+LG8W7ybEFI6Rd6lpauCBp41g7Ax:NhITMGF3kWR7CJMftOebQXSg7ABPr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505474", "to_ids": false, "type": "size-in-bytes", "uuid": "1a15355e-5ed3-4080-81bc-ae50fad00cea", "value": "70656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505474", "to_ids": true, "type": "vhash", "uuid": "aa9d201a-7289-4530-aba2-98fb298ed57f", "value": "174056655d65551028z3a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505474", "to_ids": true, "type": "filename", "uuid": "0849a4be-244b-49d9-aaf9-5153e04eac13", "value": "fvuldK.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505474", "to_ids": false, "type": "text", "uuid": "034ef563-9848-49ea-9fa3-6962b5049cea", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Foosace.M!dha\nVT Total Detection:58/72\nFirst Submission:2017-07-17T12:30:58.000000+00:00\nLast Submission:2024-05-23T08:09:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508590", "uuid": "26764a2e-af84-4fa1-ab60-15347e5af5d6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508590", "to_ids": true, "type": "md5", "uuid": "567fa6c8-b682-48e7-a6e1-1bcb4620afb5", "value": "aced5525ba0d4f44ffd01c4db2730a34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505495", "to_ids": true, "type": "sha1", "uuid": "c092525c-c64e-4a13-9e97-4423aff41457", "value": "476fc1d31722ac26b46154cbf0c631d60268b28a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505495", "to_ids": true, "type": "sha256", "uuid": "6180a07c-a2ce-44bf-b52d-a55e6ea298ae", "value": "1140c624fbfe28b9ef19fef2e9aa251adfbe8c157820d5f0356d88b4d80c2c88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505495", "to_ids": true, "type": "ssdeep", "uuid": "bb7661b9-f0aa-4d4a-9a81-655f45a99a7a", "value": "384:c2luNmqZQdY4fA6337hgpL5p4sENEKRbA8RP+TRi9N2Fu54bniJfJ86FxTwmovhx:ckGqIW0L/4sENEInpye8i4bnsxqy10" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505495", "to_ids": false, "type": "size-in-bytes", "uuid": "622c252a-7e30-4560-a839-5a0eb3c4d5ab", "value": "30208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505495", "to_ids": true, "type": "vhash", "uuid": "26779b54-adee-4353-a98c-a275ef99f626", "value": "134056655d05155053z22z327z17z103010a1z91z46z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505495", "to_ids": true, "type": "filename", "uuid": "0e429fc3-0683-45d1-a1ec-feb629828435", "value": "imxtray.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 29/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505495", "to_ids": false, "type": "text", "uuid": "8939867a-11d6-40d8-aabe-7a661f9bdee7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Foosace.M!dha\nVT Total Detection:61/73\nFirst Submission:2017-07-13T13:54:42.000000+00:00\nLast Submission:2024-05-23T06:52:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508611", "uuid": "6e4e188d-c6be-422b-9404-0f6f8a79637c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508611", "to_ids": true, "type": "md5", "uuid": "949d8dbb-d10f-4b95-88bf-c067f7ac398b", "value": "b924ff83d9120d934bb49a7a2e3c4292", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505517", "to_ids": true, "type": "sha1", "uuid": "cafe1a8e-1bd1-4470-86e7-f9f12718f354", "value": "bb10ed5d59672fbc6178e35d0feac0562513e9f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505517", "to_ids": true, "type": "sha256", "uuid": "fd66cdc0-b86a-4908-8f24-121a92297381", "value": "1d48aa232e6535fd9344f0f0b1741dbef2bdbc137a06fe5f2caa15ed36811c70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505516", "to_ids": true, "type": "ssdeep", "uuid": "2e5910e5-421c-4c7f-bd27-03a19555d884", "value": "6144:djKEORO/fS3mqXv1ajf3D5RlbxNFO2Gljlx0d3APHpGJ:4BsK2WcTVRlbxrO26jQaPHpO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505516", "to_ids": false, "type": "size-in-bytes", "uuid": "db1a6a5c-a804-4317-b20b-4f69bc5ad5f2", "value": "222449" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505516", "to_ids": true, "type": "vhash", "uuid": "31054140-9b8c-4ac5-bd8f-f75d0be08367", "value": "f3cd73f15fd676448f9a4957d47a529d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505516", "to_ids": true, "type": "filename", "uuid": "64898359-468f-4749-8299-95ba26687026", "value": "1d48aa232e6535fd9344f0f0b1741dbef2bdbc137a06fe5f2caa15ed36811c70.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505516", "to_ids": false, "type": "text", "uuid": "25549d8e-6f08-4280-a890-9641dae3cc06", "value": "Type Description: Office Open XML Document\nMicrosoft: Trojan:O97M/Donoff\nVT Total Detection:36/68\nFirst Submission:2017-07-21T08:34:34.000000+00:00\nLast Submission:2024-05-23T06:56:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508632", "uuid": "4403e2b0-80b7-4ea9-9dd3-4c5e4d30c7a0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508632", "to_ids": true, "type": "md5", "uuid": "37e6f56e-be3d-420c-8016-4e41f8f61876", "value": "cdb58c2999eeda58a9d0c70f910d1195", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505538", "to_ids": true, "type": "sha1", "uuid": "f1d71068-9991-49fd-8b62-4a19565b54e2", "value": "4c9c585f8b9ad045b3c29209b9dee717cdfe7652", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505538", "to_ids": true, "type": "sha256", "uuid": "9ea6f7a5-8da3-4012-b711-0f98254fb8f7", "value": "e2a850aeffc9a466c77ca3e39fd3ee4f74d593583666aea5b014aa6c50ca7af8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505538", "to_ids": true, "type": "ssdeep", "uuid": "6d5948fd-e6e2-427b-95fd-68f4734cd3e8", "value": "1536:flVgtbK9rQzbTIVgp7e/puWheyJm8+UFtWLWhLT0sSeR6kjAilk3iNDhn2748I:flV5rQz3IVTpRJ7tWLWhTp0tIs48I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505538", "to_ids": false, "type": "size-in-bytes", "uuid": "2838620a-86d8-41d8-b257-20017f71fdeb", "value": "111616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505538", "to_ids": true, "type": "vhash", "uuid": "351d380a-0a5e-4c78-a59c-369752f6bd41", "value": "115046655d151az45lz13z800136z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505538", "to_ids": true, "type": "filename", "uuid": "2c4205c9-487d-47bf-8b7b-f76508d2fe8f", "value": "connectsmd.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505538", "to_ids": false, "type": "text", "uuid": "863a9ac7-56a6-4f37-a5d5-f043de7316a8", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:48/73\nFirst Submission:2017-04-12T06:04:15.000000+00:00\nLast Submission:2024-05-23T09:19:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508653", "uuid": "93eb1c80-6a1e-437a-bf5f-b1fa71181fa2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508653", "to_ids": true, "type": "md5", "uuid": "2ec6a05f-386f-4975-9590-39a5a6ea5fa7", "value": "d6f2bf2066e053e58fe8bcd39cb2e9ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505559", "to_ids": true, "type": "sha1", "uuid": "dd77a8b9-9974-4970-9c32-0c875f168e7a", "value": "393516b2fee1c7c557868e74745e6c7656ab6810", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505559", "to_ids": true, "type": "sha256", "uuid": "117bee03-3893-4581-b0e9-ab6b87ebc3a5", "value": "35a4ba765653f05de95f51cd2cc2898dafdb2a82d750f51dd892c160eaf7fcd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505559", "to_ids": true, "type": "ssdeep", "uuid": "b675fb6f-7290-4cee-b1ce-42d57a2fa080", "value": "1536:VlVgtbK9rQzbTgkb/IHYJeaETVJ5JZAtl8Uw+dAmnZqDEUgAkAs7Dhb3awTR:VlV5rQz3gIJ0JGtOUXAAispDag" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505559", "to_ids": false, "type": "size-in-bytes", "uuid": "3dc86f9a-73ac-49f5-a6eb-f9a522b61194", "value": "107520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505559", "to_ids": true, "type": "vhash", "uuid": "3f98e7e7-9cb6-4419-9763-9a8de8899953", "value": "115046655d151az45lz13z700136z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505559", "to_ids": true, "type": "filename", "uuid": "72bd7238-2ea0-479c-bba1-32a2cd033969", "value": "35a4ba765653f05de95f51cd2cc2898dafdb2a82d750f51dd892c160eaf7fc.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505559", "to_ids": false, "type": "text", "uuid": "ae99c3c4-c29c-4094-b32f-0d79e96dd0d1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:51/72\nFirst Submission:2017-07-18T02:33:35.000000+00:00\nLast Submission:2025-02-27T18:28:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508674", "uuid": "9b452856-2abc-43bf-92af-e8b6d90a383f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508674", "to_ids": true, "type": "md5", "uuid": "cc44d7f4-b5a7-498b-815d-90fe2ce4b25c", "value": "34dc9a69f33ba93e631cd5048d9f2624", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505580", "to_ids": true, "type": "sha1", "uuid": "4a184d0d-cf2b-4a47-953f-b0f558bf8c8b", "value": "68c2809560c7623d2307d8797691abf3eafe319a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505581", "to_ids": true, "type": "sha256", "uuid": "5598bdca-88b9-4021-ac15-17c794367f93", "value": "759fb4c0091a78c5ee035715afe3084686a8493f39014aea72dae36869de9ff6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505580", "to_ids": true, "type": "ssdeep", "uuid": "9d2204e8-d536-4d15-996c-da1f5ba62975", "value": "1536:zIeqlO63yVoxdR/xyBJV8fRGsCoTeYRTI90DF0D0G8O70DE:1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505580", "to_ids": false, "type": "size-in-bytes", "uuid": "13f78949-969d-4d09-8aab-f1969525ec53", "value": "51046" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505580", "to_ids": true, "type": "vhash", "uuid": "421d8c1a-dc22-4bfc-b943-e59ae221d8a2", "value": "0a54cb58dfb99a8f2a81d1e4f5977533" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505580", "to_ids": true, "type": "filename", "uuid": "6b59aaec-a953-4a4f-b708-7ec8479f4341", "value": "prod.bat" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 29/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505580", "to_ids": false, "type": "text", "uuid": "1589aafe-4d05-4dfc-ad45-913e2fa37652", "value": "Type Description: Office Open XML Document\nMicrosoft: Exploit:O97M/DDEDownloader.B\nVT Total Detection:40/67\nFirst Submission:2017-11-01T07:08:45.000000+00:00\nLast Submission:2024-05-23T08:25:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981346", "uuid": "f6bd25c9-69a2-4849-843f-5bb89f811622", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981346", "to_ids": true, "type": "md5", "uuid": "8ae3966c-f733-484f-9540-bd9545c71a6a", "value": "1c6f8eba504f2f429abf362626545c79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505602", "to_ids": true, "type": "sha1", "uuid": "32a80d24-4a48-41d6-9568-8272491ccfc9", "value": "ab354807e687993fbeb1b325eb6e4ab38d428a1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505602", "to_ids": true, "type": "sha256", "uuid": "683e6a14-96ea-4b22-a550-e4cc8149b873", "value": "3ac11a74275725a22c233cd974229d2b167c336da667410f7262b4926dabd31b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505601", "to_ids": true, "type": "ssdeep", "uuid": "bab64a7e-cd9d-4e98-a242-66a762525f98", "value": "384:uKv7cHlUfg4Sw63w2yyCiNVIXnoJvuhvtOkuaEUTyi3eizDCNAGamtA4K8AatAC:uKwmbxziNYokh1O1UTyiJzD19ac" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505601", "to_ids": false, "type": "size-in-bytes", "uuid": "b982d3a5-5689-4b88-ac31-36b02ac08c8d", "value": "32256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505601", "to_ids": true, "type": "vhash", "uuid": "50e7dde0-24fc-49d5-815b-ee5858b57965", "value": "134056655d05156053z22z33hz13z61z91z46z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505601", "to_ids": true, "type": "filename", "uuid": "0d2d1e44-6a83-4f95-8eed-cd3fcead41fa", "value": "secnt.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505601", "to_ids": false, "type": "text", "uuid": "488abbe6-3fb4-4719-9916-99837f654a9d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Foosace.M!dha\nVT Total Detection:63/73\nFirst Submission:2017-11-02T13:15:30.000000+00:00\nLast Submission:2024-06-19T03:13:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508716", "uuid": "34177a18-1da6-4f28-a8fa-9764e140e701", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508716", "to_ids": true, "type": "md5", "uuid": "e24e204c-1d5a-489c-aac9-9484c9012469", "value": "e228cd74103dc069663bb87d4f22d7d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505644", "to_ids": true, "type": "sha1", "uuid": "f7078010-6572-4a47-acea-926721a3c77e", "value": "56671accf588b336be3dd3ce0b8ddb4ff373996c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505644", "to_ids": true, "type": "sha256", "uuid": "ee177a0f-f073-4ba2-94b6-a336c116d429", "value": "f205dd58e55d8eee210be0694cfe024ddccc81b1af2deab30f9bdf11dde2bf3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505643", "to_ids": true, "type": "ssdeep", "uuid": "985098f8-3cd7-4ad9-9771-f698fe3cc6ab", "value": "384:CmzUs72l4l9VE/6XCB5NM/+GEtjcu+/xOSPuL51CxnFJ3UCDlWqUziJfsE//w:HqlUhCBE+xuu+pi51CdFJ3UQlWziO1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505643", "to_ids": false, "type": "size-in-bytes", "uuid": "a34403ad-c2fa-455d-917b-f561c12d5aee", "value": "25570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505643", "to_ids": true, "type": "vhash", "uuid": "46c5b979-806b-448e-b70f-de7d3698c0a4", "value": "24933b9d71a7574fac5de17bfd815a44" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505643", "to_ids": true, "type": "filename", "uuid": "a34487d6-40d2-44c4-899a-f0f4eb9f1eba", "value": "f205dd58e55d8eee210be0694cfe024ddccc81b1af2deab30f9bdf11dde2bf3f.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505643", "to_ids": false, "type": "text", "uuid": "06dd01be-d083-4ec7-8db8-f13a293ab4fa", "value": "Type Description: Office Open XML Document\nMicrosoft: Trojan:O97M/Donoff!MSR\nVT Total Detection:35/67\nFirst Submission:2017-01-30T11:10:42.000000+00:00\nLast Submission:2024-05-23T09:21:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508738", "uuid": "3be914f6-61ec-4252-af1f-547edfc1a6dc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508738", "to_ids": true, "type": "md5", "uuid": "5f0123c1-bf0f-4cf3-9a69-bb8ff9a34542", "value": "bed5bc0a8aae2662ea5d2484f80c1760", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505665", "to_ids": true, "type": "sha1", "uuid": "863d792d-9f8c-42ab-9ce5-c4e7cc7efcbf", "value": "15201766bd964b7c405aeb11db81457220c31e46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505665", "to_ids": true, "type": "sha256", "uuid": "a0d496c9-f57d-4a98-bcb6-8aa8ad088163", "value": "73ea2ccec2cbf22d524f55b101d324d89077e5718922c6734fef95787121ff22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505665", "to_ids": true, "type": "ssdeep", "uuid": "a1b5c51e-3921-4e47-b6d9-4a0fa4b7891f", "value": "1536:8rcj4O7VR5B+zpmrnYA+QfK9j4H/+JiB9vMYXLxGtQcj+20J3Zpp+vYlID9aYlkY:JtY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505665", "to_ids": false, "type": "size-in-bytes", "uuid": "b3f417e1-21bb-4c75-9ca2-b183ed6f3b2a", "value": "102038" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505665", "to_ids": true, "type": "vhash", "uuid": "89edaa08-2907-4b10-be84-64df980ca3c1", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505665", "to_ids": true, "type": "filename", "uuid": "ea0ddd81-e7b4-4352-a091-5667b44bd6a9", "value": "73ea2ccec2cbf22d524f55b101d324d89077e5718922c6734fef95787121ff22.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505665", "to_ids": false, "type": "text", "uuid": "d7601073-e311-4b1d-ba72-53168c8e2e7b", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:34/63\nFirst Submission:2016-12-02T08:06:24.000000+00:00\nLast Submission:2024-05-23T08:25:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508759", "uuid": "5502db34-2cc3-4263-a9d4-e4ee118dfb4a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508759", "to_ids": true, "type": "md5", "uuid": "f8ee45b2-3adf-4c65-b793-b71e353279c9", "value": "8c3f5f1fff999bc783062dd50357be79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505686", "to_ids": true, "type": "sha1", "uuid": "ecbdab13-5a18-445b-a5ae-fcf64659d5f7", "value": "58e30c466d46706d32e0c8cc543a8abfa47af490", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505686", "to_ids": true, "type": "sha256", "uuid": "a8b07b6b-ed0f-4f74-9545-444da28e2f36", "value": "b3d6d931a4d27904abdfa81300724ae83069495cf49d1992507522a5aa0bafba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505686", "to_ids": true, "type": "ssdeep", "uuid": "c30dc2cf-3dcb-43d9-b6cd-cc2a8a9bf645", "value": "768:q1z3GGOIacAVbrGAOIBnRVmZoA3a9hcXER1Aa1obCJA5JGWHa9YIuxv8gZa9Yi7h:q6F5QAfUHyPus/wtoUSUOOh8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505686", "to_ids": false, "type": "size-in-bytes", "uuid": "d7a9dacb-99de-4f47-9f4c-04d215f362fd", "value": "207875" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505686", "to_ids": true, "type": "vhash", "uuid": "54ccb9d5-d369-4ae7-9358-67c2d08d79ba", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505686", "to_ids": true, "type": "filename", "uuid": "d570d2b5-54d0-4da8-a925-973958d2a9d1", "value": "OC_PSO_2017.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505686", "to_ids": false, "type": "text", "uuid": "22d20890-9c98-462e-9516-45d4467fb8f9", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:36/64\nFirst Submission:2016-12-02T09:16:46.000000+00:00\nLast Submission:2024-05-23T08:45:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508780", "uuid": "dd5e162f-c661-45b0-855d-f48248027950", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508780", "to_ids": true, "type": "md5", "uuid": "b2ad012a-49fa-42d9-b5fc-e4482c73301b", "value": "5882a8dd4446abd137c05d2451b85fea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505707", "to_ids": true, "type": "sha1", "uuid": "d651f565-61c8-4a30-9af3-b09989299c27", "value": "512bdfe937314ac3f195c462c395feeb36932971", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505707", "to_ids": true, "type": "sha256", "uuid": "c94227f1-1927-48c4-a47a-f4b18ea585bc", "value": "f6ad201d65b349b022f2ce4e4d436828b72eaa8c299e9924e51ee72f7c3257c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505707", "to_ids": true, "type": "ssdeep", "uuid": "9a323808-2d77-45a8-8eeb-7d56f5d4952b", "value": "768:q1z3GGOIacAVbrGAOIBnRVmZoA3a9hcXER1Aa1obCJA5JGWHa9YIuxv8gZa9Yi7b:q6F5QAfUHyPus/wtoUSUOOh0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505707", "to_ids": false, "type": "size-in-bytes", "uuid": "c4cd70eb-2ce8-4058-8e2a-c01b188d59de", "value": "207874" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505707", "to_ids": true, "type": "vhash", "uuid": "432445fd-ffb0-4630-a897-b1df03303b75", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505707", "to_ids": true, "type": "filename", "uuid": "d07776d0-c6a2-4fc4-ad7b-2d785e9bac2b", "value": "OC_PSO_2017.doc_" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505707", "to_ids": false, "type": "text", "uuid": "f111de22-86f3-4140-b057-bfe07b9dac2e", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:38/65\nFirst Submission:2016-12-02T11:13:08.000000+00:00\nLast Submission:2024-05-23T09:21:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508801", "uuid": "45d98a31-9006-4f5e-a1f6-84288eb20d5e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508801", "to_ids": true, "type": "md5", "uuid": "833fa290-6bdb-421e-a7a8-0c99752d9941", "value": "296c956fe429cedd1b64b78e66797122", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505729", "to_ids": true, "type": "sha1", "uuid": "70382aae-58b2-4429-99a2-b1a180eac3a5", "value": "ff1ecd429853ee0e33f7cdfa9624a2015a40e715", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505729", "to_ids": true, "type": "sha256", "uuid": "e0a7ef97-7116-4cd6-ae4f-93bbbe22e067", "value": "5809076ea5d97facb9cffabd2b44ea4f8de1af8a0c2c2df3807cb3a82ef99508", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505728", "to_ids": true, "type": "ssdeep", "uuid": "d376e44f-c3c6-49da-8b35-e4fe2844e95c", "value": "768:o1UXglJSN23XVwxZsSNwndVcx3hIji2BQpu2jH6fm1mLCCpzupAdXuwEpb2pAdXb:oNrwK6vY1MQuA2OwRB6D7H4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505728", "to_ids": false, "type": "size-in-bytes", "uuid": "0bd44cde-eeca-43ba-8046-91981df02d8b", "value": "206790" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505728", "to_ids": true, "type": "vhash", "uuid": "7ddc0d0f-f5db-4aae-845a-a4106008d0b8", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505728", "to_ids": true, "type": "filename", "uuid": "a2d1ad8f-7132-4b33-8e6b-bced1c7eb307", "value": "5809076ea5d97facb9cffabd2b44ea4f8de1af8a0c2c2df3807cb3a82ef99508.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505728", "to_ids": false, "type": "text", "uuid": "e474515f-3c87-4b83-8ea9-badf15d03170", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:39/64\nFirst Submission:2016-12-02T11:08:54.000000+00:00\nLast Submission:2024-05-23T08:09:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508822", "uuid": "a2f31ff3-bd9c-44a7-80a9-4ad122c0f441", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508822", "to_ids": true, "type": "md5", "uuid": "85e40ae8-7dca-4646-a9f5-d2f0091385ed", "value": "82f06d7157dd28a75f1fbb47728aea25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505750", "to_ids": true, "type": "sha1", "uuid": "554d0b0d-05a1-42f3-b2e0-edf5ca468564", "value": "8078e411fbe33864dfd8f87ad5105cc1fd26d62e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505750", "to_ids": true, "type": "sha256", "uuid": "98f2e7c0-fc52-49e3-ae60-d4354bfcd5f0", "value": "137185866649888b7b5b6554d6d5789f7b510acd7aff3070ac55e2250eb88dab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505749", "to_ids": true, "type": "ssdeep", "uuid": "5a0bb9a2-9439-4ea2-82c6-e32f3bcb536a", "value": "6144:gBKsDjGTq+u8CjZx8d+YxuLTuP4/gD6Lo72R7q3:sKpxhgOJ7P3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505749", "to_ids": false, "type": "size-in-bytes", "uuid": "34cac4a8-0feb-4d3e-8f4a-2a775ecff708", "value": "921352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505749", "to_ids": true, "type": "vhash", "uuid": "2e846d3b-78f3-458d-acf4-bb1c856ec437", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505749", "to_ids": true, "type": "filename", "uuid": "99e265b3-e4fa-44e0-a567-df266c6556fe", "value": "137185866649888b7b5b6554d6d5789f7b510acd7aff3070ac55e2250eb88dab.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505749", "to_ids": false, "type": "text", "uuid": "5a752a42-e71b-487a-91e8-3c7014cce06f", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:35/62\nFirst Submission:2016-12-01T14:16:12.000000+00:00\nLast Submission:2024-05-23T06:54:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508843", "uuid": "318d03f9-e410-45e5-919f-a56bf04eb2e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508843", "to_ids": true, "type": "md5", "uuid": "a4e7ccb2-2bd3-4e7d-91a4-d7721ac4d4f5", "value": "f6b2ef4daf1b78802548d3e6d4de7ba7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505834", "to_ids": true, "type": "sha1", "uuid": "6715f5db-53a6-4b53-9151-06183519e8c0", "value": "5d845614fe19e9b2a82bbe8df871f63a0b8b6418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505834", "to_ids": true, "type": "sha256", "uuid": "7ca08e44-e08e-466d-a8cc-c2c8b13139f8", "value": "cfc2c20a9da5ecd72591c461b36da6558395ad4029d6aa9d96948502995b4559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505833", "to_ids": true, "type": "ssdeep", "uuid": "862b5031-18fe-4de0-ba48-fdc452426e41", "value": "12288:Qo2TvxaazUSrS5BAnoex5m9j16qfyL7F5Zh9WngbpsxhZJlNVqsZiOZ:QoKvZroBAnoR9jyF3othZJl46" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505833", "to_ids": false, "type": "size-in-bytes", "uuid": "ea8b7741-edb2-4435-b72a-dc15b48b803e", "value": "1811783" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505833", "to_ids": true, "type": "vhash", "uuid": "6f15f105-2c96-40c7-8db1-7d639da364c1", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505833", "to_ids": true, "type": "filename", "uuid": "2fa21329-fe4b-47d6-b5bf-dbaba0777b31", "value": "f6b2ef4daf1b78802548d3e6d4de7ba7.rtf" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505833", "to_ids": false, "type": "text", "uuid": "87eb4d04-63ad-48bc-b577-38ac9c527bc2", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:33/64\nFirst Submission:2016-12-27T14:45:12.000000+00:00\nLast Submission:2024-10-27T23:17:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508864", "uuid": "7284f3a1-ec99-40eb-9bbf-945baa0a45c4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508864", "to_ids": true, "type": "md5", "uuid": "b80320a2-67ac-4749-afd2-f48027b22a85", "value": "ede5d82bb6775a9b1659dccb699fadcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505855", "to_ids": true, "type": "sha1", "uuid": "d8aa214d-df44-4cef-baff-b67e59966132", "value": "b6f7b17dd6590b4f5fe4d880cc86ae5761bb624e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505855", "to_ids": true, "type": "sha256", "uuid": "f82344d4-ca1c-4c96-adc0-127b2dad75db", "value": "ba870596bc3a1808d547607d2477678a6f5751b270ae1b93d0d1de29377d5958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505855", "to_ids": true, "type": "ssdeep", "uuid": "f5326cd7-7f58-42cf-b13b-9b68af25a81c", "value": "12288:Pn5kAXSA2tgleaOcAbq8zH6/rwyJV9R7:P5kAN2tglB2RHqwO3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505855", "to_ids": false, "type": "size-in-bytes", "uuid": "30f7f73b-e35b-4ec3-909d-c5a75a190d16", "value": "437760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505855", "to_ids": true, "type": "vhash", "uuid": "c728f4a8-c87e-40c4-8454-382d146d0196", "value": "fe43cc098163d8fb4f1b2b088de0949b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505855", "to_ids": true, "type": "filename", "uuid": "09df2e05-17c1-4678-bae2-def45b3fda9f", "value": "European Parliament Press Release.msg" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505855", "to_ids": false, "type": "text", "uuid": "f9cb4ba7-e8c5-4d48-904a-b6cab2f90d74", "value": "Type Description: Outlook\nMicrosoft: Exploit:Win32/CVE-2016-4117\nVT Total Detection:38/64\nFirst Submission:2016-08-24T06:54:47.000000+00:00\nLast Submission:2025-03-31T13:23:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508885", "uuid": "6f3ee7b6-5f59-4e43-9ba8-a3331eaa6521", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508885", "to_ids": true, "type": "md5", "uuid": "4b37e611-cb8b-4ef9-8ee1-8e21202891aa", "value": "116d2fc1665ce7524826a624be0ded1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505876", "to_ids": true, "type": "sha1", "uuid": "085ec3d7-6bd8-45cd-a6f2-09d190f42209", "value": "68064fc152e23d56e541714af52651cb4ba81aaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505876", "to_ids": true, "type": "sha256", "uuid": "ce1d6fbf-b3a7-4b8e-8d98-a8000c2f0227", "value": "dc2c3314ef4e6186b519af29a246679caa522acd0c44766ecb9df4d2d5f3995b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505876", "to_ids": true, "type": "ssdeep", "uuid": "7012ec11-c7b0-4e8e-adef-cea88d743b6f", "value": "12288:Vn5kAXSA2tgleaOcAbq8zH6/rwyJV9R7f:V5kAN2tglB2RHqwO35" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505876", "to_ids": false, "type": "size-in-bytes", "uuid": "209327c6-1024-4756-a092-eb69d2468626", "value": "407223" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505876", "to_ids": true, "type": "vhash", "uuid": "266ccfef-9a05-49f7-8357-56c7fbfa43c0", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505876", "to_ids": true, "type": "filename", "uuid": "87c85bff-934a-4a79-9613-8fe95bd1ef40", "value": "__substg1.0_37010102" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505876", "to_ids": false, "type": "text", "uuid": "fb3e80b4-4c85-493c-a199-ee61f23a077b", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/CVE-2016-4117\nVT Total Detection:38/63\nFirst Submission:2016-08-15T11:10:06.000000+00:00\nLast Submission:2024-05-23T09:04:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508907", "uuid": "2480e441-2c5a-4d2e-a2bf-253d0bb810d4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508907", "to_ids": true, "type": "md5", "uuid": "bce392f1-6293-420a-880a-35f9e53c76c9", "value": "20ff290b8393f006eaf4358f09f13e99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505897", "to_ids": true, "type": "sha1", "uuid": "cf389dc8-c46f-4247-ad1a-10029eec68f5", "value": "91e9d6346e308e3a5efc0bcf9866858fc604f66b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505897", "to_ids": true, "type": "sha256", "uuid": "feca1f7b-32f4-4149-ab3a-58d69421d9b7", "value": "6d5715c710a7bacfca5b3315e9bac4e934ab998d4451965f50bce917b13cbbbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505897", "to_ids": true, "type": "ssdeep", "uuid": "37b1b1eb-4cdb-4d11-8885-70fc5dc3a890", "value": "12288:Vn5kAXSA2tgleaOcAbq8zH6/rwyJV9L7P:V5kAN2tglB2RHqwO33" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505897", "to_ids": false, "type": "size-in-bytes", "uuid": "869bc5c8-8659-487d-81b5-39b34d7ca038", "value": "407224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505897", "to_ids": true, "type": "vhash", "uuid": "5640bd0b-c047-4f2b-b656-430843543936", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505897", "to_ids": true, "type": "filename", "uuid": "3700be1f-1fdc-4d1e-bc98-2b713757e423", "value": "notanewsample.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505897", "to_ids": false, "type": "text", "uuid": "028853a2-eb7b-4230-8cf7-6201e613b1e9", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Foosace.O!dha\nVT Total Detection:38/64\nFirst Submission:2016-10-24T17:44:38.000000+00:00\nLast Submission:2024-05-23T08:25:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508927", "uuid": "82d23aa4-ef27-4928-9024-1ac0cf51766c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508927", "to_ids": true, "type": "md5", "uuid": "3437a12a-bef7-4fc5-a0bf-28f971a5668e", "value": "4b02dfdfd44df3c88b0ca8c2327843a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505918", "to_ids": true, "type": "sha1", "uuid": "904aa603-2e8c-477a-a430-7cadc5ec940b", "value": "4173b29a251cd9c1cab135f67cb60acab4ace0c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505919", "to_ids": true, "type": "sha256", "uuid": "a6107619-1070-444c-a124-639e59ae841c", "value": "1579c7a1e42f9e1857a4d1ac966a195a010e1f3d714d68c598a64d1c83aa36e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505918", "to_ids": true, "type": "ssdeep", "uuid": "4053d8a9-5872-44d0-8d38-630922afb424", "value": "768:VF1Y5keRItydRItAM3cKboQZzE1OoGyg9uITsct+MKwx14u7cQZ2E1OoGyg9oIT9:VF6D9qhRACi2pFkAri39plQH/eXhAAv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505918", "to_ids": false, "type": "size-in-bytes", "uuid": "15de9450-1c38-42e1-8d06-123349f0c157", "value": "85677" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505918", "to_ids": true, "type": "vhash", "uuid": "0b9366cd-9c12-4e51-8d13-657d97a3f372", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505918", "to_ids": true, "type": "filename", "uuid": "37cce7bb-6e34-4bfa-a34a-1d1bfc832c46", "value": ".bat" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505918", "to_ids": false, "type": "text", "uuid": "0bdf4b97-4b1c-4fd3-9acf-0bc5aef856d9", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:35/63\nFirst Submission:2016-12-15T15:24:43.000000+00:00\nLast Submission:2024-05-23T06:54:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508948", "uuid": "5d2015a8-affa-409e-824b-ad1f0cbeea19", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508948", "to_ids": true, "type": "md5", "uuid": "0c8aee78-7648-4af8-a9f4-211dd7f68e75", "value": "c789ec7537e300411d523aef74407a5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505940", "to_ids": true, "type": "sha1", "uuid": "78d2eb4c-fda7-49d4-b739-38eb2cc61a99", "value": "30b3e8c0f3f3cf200daa21c267ffab3cad64e68b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505940", "to_ids": true, "type": "sha256", "uuid": "7bb78d95-60ac-4a1b-98cb-ab77798935db", "value": "1f81609d9bbdc7f1d2c8846dcfc4292b3e2642301d9c59130f58e21abb0001be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505939", "to_ids": true, "type": "ssdeep", "uuid": "eb908e5e-f757-4601-84c6-052d7a7432d4", "value": "768:VNgKfjdNQF9j2T5GSl5/xRVSOUAl6g8JVgrwqn/cUF:VN22T5GSl5Z/Srg9wuF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505939", "to_ids": false, "type": "size-in-bytes", "uuid": "1d451647-1296-42ae-bb40-3493d51f6f67", "value": "51040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505939", "to_ids": true, "type": "vhash", "uuid": "05d2d25a-ab22-4f83-9718-84f849d15c43", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505939", "to_ids": true, "type": "filename", "uuid": "d9718401-eee5-4e23-814e-c8bfe18d5163", "value": "ais_samples (1964)" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505939", "to_ids": false, "type": "text", "uuid": "0d0cfb72-6a73-4cf1-b1b3-c9bbb3af15c8", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Foosace.O!dha\nVT Total Detection:37/64\nFirst Submission:2016-11-01T12:57:22.000000+00:00\nLast Submission:2024-05-23T06:57:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508969", "uuid": "60a2c478-ade2-4912-b6d0-bc5ad8c7e8c6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508969", "to_ids": true, "type": "md5", "uuid": "b6dca257-8d0c-424e-9215-858c85996eb4", "value": "0b32e65caf653d77cab2a866ee2d9dbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505961", "to_ids": true, "type": "sha1", "uuid": "bc80c990-6f6a-46b8-aeca-9c87caf2f92f", "value": "831e04c7a8a3af3daa08018026677580d20771ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505961", "to_ids": true, "type": "sha256", "uuid": "a2898a41-aec3-4269-9b50-90458c1ce7e3", "value": "885c697b7b1cf2c8c5e0b1a6303d544e220472844af3f944e98b224106d3f6a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505960", "to_ids": true, "type": "ssdeep", "uuid": "9d17c5fb-1460-4f25-88a6-5b959bee228f", "value": "768:VNgUo8JPjAttacCC25FJsF3PpvUTwTWx/H3llkclz:VNmasacCC25FiLSx/H3llkuz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505960", "to_ids": false, "type": "size-in-bytes", "uuid": "901c8ad8-7489-49a3-8efa-68e7f7f5496a", "value": "56758" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505960", "to_ids": true, "type": "vhash", "uuid": "de3b0ec5-09ef-49b3-9006-04f0d5e3ef31", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505960", "to_ids": true, "type": "filename", "uuid": "26eeff22-aa83-40c9-937b-a459ff27636b", "value": "-WRD0000.tmp.2323793382.DROPPED" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505960", "to_ids": false, "type": "text", "uuid": "ba7d698e-a1c0-4a5b-9ad1-d9111976680c", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:32/65\nFirst Submission:2016-11-03T10:25:04.000000+00:00\nLast Submission:2024-05-23T08:27:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746508991", "uuid": "66fa73aa-624f-4771-89d6-53e2323965ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746508991", "to_ids": true, "type": "md5", "uuid": "a6e32e50-7b94-4c7c-b0cb-17346d0cdc27", "value": "27faa10d1bec1a25f66e88645c695016", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746505982", "to_ids": true, "type": "sha1", "uuid": "4a8a3c3d-55de-4b16-ac5e-84fd74e9c318", "value": "549021d9f5d97c61fc6c2843968e7be38e6afa4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746505982", "to_ids": true, "type": "sha256", "uuid": "286b76c6-6ffe-4e0e-a6b9-2b07e365bc47", "value": "7698f7b4698a2cf0103822e4ba8501a1c692ac9866ac08cb6d8576e9745dc04d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746505982", "to_ids": true, "type": "ssdeep", "uuid": "e03befcc-5f04-40dd-b245-4325d64f32ef", "value": "768:VNgUo8JPdw9hJv5V1llXhM2hK68AxcyUV5sHDkclE:VNmaiJv5V1llxMaKQtDkuE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746505982", "to_ids": false, "type": "size-in-bytes", "uuid": "7fb91e37-cf0c-4c2e-8069-8ae1af5c6bd4", "value": "55395" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746505982", "to_ids": true, "type": "vhash", "uuid": "078d63e9-cdc5-47ca-9732-63c76c95914c", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746505982", "to_ids": true, "type": "filename", "uuid": "a1a81649-54e7-44f3-92ed-753167ceddd8", "value": "~WRD0000.tmp" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746505982", "to_ids": false, "type": "text", "uuid": "efd63dab-3ec5-4af9-ba99-abe5cdccd1c9", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:33/65\nFirst Submission:2016-11-02T07:16:06.000000+00:00\nLast Submission:2024-05-23T08:26:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746509012", "uuid": "d233ede4-c217-47fd-bd69-4b4ab60d4bec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746509012", "to_ids": true, "type": "md5", "uuid": "70c4e4d4-f462-432c-ab7a-37b0497e920a", "value": "647edddf61954822ddb7ab3341f9a6c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746506003", "to_ids": true, "type": "sha1", "uuid": "e85080b0-e7c9-4a2b-9bfd-3c7fd6b6475b", "value": "df47aa35c8e2cea651fd30b2cee5fbabbaf85500", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746506003", "to_ids": true, "type": "sha256", "uuid": "a77e53e5-8e07-46d7-9fa4-d33a256faee0", "value": "8075a549c01eabe9240379ba8b02603c56a4073417d98a6d35d50e065115e216", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746506003", "to_ids": true, "type": "ssdeep", "uuid": "7ab85581-89e7-46f0-8652-91623fa55ff4", "value": "768:VNgKfjdNQutYyACi2pFZkN/X1ng72ZxPHNliqn/cU9:VNcyACi2pFafdxPHNliu9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746506003", "to_ids": false, "type": "size-in-bytes", "uuid": "59959887-2fee-435d-bbb4-4619f26bad52", "value": "52616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746506003", "to_ids": true, "type": "vhash", "uuid": "2f68c766-263a-4558-a0b0-daeb4a54daf6", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746506003", "to_ids": true, "type": "filename", "uuid": "c259f353-dba2-4f59-9b4b-f93169263b47", "value": "Operation_in_Mosul.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746506003", "to_ids": false, "type": "text", "uuid": "062a2c4b-8bc7-4bb9-b5bc-c019e5d04279", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:37/64\nFirst Submission:2016-11-02T11:38:25.000000+00:00\nLast Submission:2024-05-23T08:27:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746509033", "uuid": "2d5cd3cc-d50e-4454-8862-52fc265b1434", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746509033", "to_ids": true, "type": "md5", "uuid": "f4eac735-6af9-4130-a4fc-c665c217d1be", "value": "2f04b8eb993ca4a3d98607824a10acfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746506024", "to_ids": true, "type": "sha1", "uuid": "a81183e4-904b-443d-ac9e-f374979fb86b", "value": "a5ad744088e2739dc8b6a0622432106158d0abd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746506024", "to_ids": true, "type": "sha256", "uuid": "b1aba331-630c-4fed-aa4f-5339568ef256", "value": "7c25a5cd3684c470066291e4dec7d706270a5392bc4f907d50b6a34ecb793f5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746506024", "to_ids": true, "type": "ssdeep", "uuid": "014df55b-9943-4441-a2e2-c26cd99b929b", "value": "384:VN2Xf1UU7TwkcrROUX6HqLAq6ofC1JJqz6lQZILUcOoXA1zkhlCn0aPCG50fjlen:VN2XuX6Hq8q6EgJJNlgAUch4+bxqGA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746506024", "to_ids": false, "type": "size-in-bytes", "uuid": "53d035bd-674d-4224-ad1e-81a1475f7067", "value": "52872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746506024", "to_ids": true, "type": "vhash", "uuid": "6025f14c-399e-43af-9a70-465b4429091f", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746506024", "to_ids": true, "type": "filename", "uuid": "08732ee0-6cf1-4e05-8727-d4f7006b3daa", "value": "NATO Secretary meeting.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746506024", "to_ids": false, "type": "text", "uuid": "aa997193-007d-4a6e-9091-7a761c8f4b20", "value": "Type Description: Rich Text Format\nMicrosoft: TrojanDownloader:SWF/Loablfs.A\nVT Total Detection:38/64\nFirst Submission:2016-12-27T11:37:25.000000+00:00\nLast Submission:2024-05-23T08:26:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746509054", "uuid": "b712e6d0-1a94-4a7f-8806-e3dded5e4eb4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746509054", "to_ids": true, "type": "md5", "uuid": "9b305806-d55f-4ad0-94c3-a26cfbb42b17", "value": "9fe3a0fb3304d749aeed2c3e2e5787eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746506045", "to_ids": true, "type": "sha1", "uuid": "a5764c02-e6b0-4fa1-a876-6dca90468705", "value": "9001f4cfe62367a282efc08b072a13a5e2e403db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746506046", "to_ids": true, "type": "sha256", "uuid": "fdd0a6fb-f8de-40fb-8e17-1e9a0d60a434", "value": "ffd5bd7548ab35c97841c31cf83ad2ea5ec02c741560317fc9602a49ce36a763", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746506045", "to_ids": true, "type": "ssdeep", "uuid": "84820104-617a-4e85-b568-653be3ac6b33", "value": "384:VNa319qb7NzybdKkJ/dNQnZ2QQPEE0Zmqzgl+wIcCMP7QyiPzkn+aWCfwi6rGsik:VNa35dNQnQQQc9ZmblZxCM0DTqn/cU2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746506045", "to_ids": false, "type": "size-in-bytes", "uuid": "b33b646c-c3c4-4c9a-9ff0-e04ccb1b2a1b", "value": "53134" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746506045", "to_ids": true, "type": "vhash", "uuid": "3eeb08ba-07f4-4f22-b383-fc466006154d", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746506045", "to_ids": true, "type": "filename", "uuid": "8c6f593d-5a5f-4cb3-85c3-92cfbfa3be60", "value": "NATO Secretary meeting.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746506045", "to_ids": false, "type": "text", "uuid": "3dcf7231-6456-45e6-85fb-2d079ec85985", "value": "Type Description: Rich Text Format\nMicrosoft: TrojanDownloader:SWF/Loablfs.A\nVT Total Detection:38/64\nFirst Submission:2016-12-27T13:07:10.000000+00:00\nLast Submission:2024-05-23T09:22:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746509075", "uuid": "d5bf46ae-f8f3-45c7-a1e2-959e21c5c2e7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746509075", "to_ids": true, "type": "md5", "uuid": "9fc93cb2-fc1f-4af9-a0dc-455be0ed64b0", "value": "62deab0e5d61d6bf9e0ba83d9e1d7e2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746506067", "to_ids": true, "type": "sha1", "uuid": "48b20bc6-93ae-4850-a975-6f7897868907", "value": "e173c2acab38fd7d50aa65e49e36f21629cc25f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746506067", "to_ids": true, "type": "sha256", "uuid": "6e008b88-13ea-4c15-ab71-da130388c8fa", "value": "e447237ad90a895e09d9b27080033f0fdf9619b5846cb96e8950196586f9362b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746506066", "to_ids": true, "type": "ssdeep", "uuid": "d41bdab1-1c89-4097-88a3-829670ae09bb", "value": "12288:4o2TvxaazUSrS5BAnoex5m9j16qfyL7F5ZhvAChcwsBLS3PvDmVzla9:4oKvZroBAnoR9jyFJLILS3P4E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746506066", "to_ids": false, "type": "size-in-bytes", "uuid": "78e2e18a-4d5a-4cbb-a902-22a27ebb95ff", "value": "1814105" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746506066", "to_ids": true, "type": "vhash", "uuid": "adef4208-b3d1-45eb-b8ff-ee1741afe6cd", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746506066", "to_ids": true, "type": "filename", "uuid": "4275686a-d64c-4846-8286-51289d9e45b6", "value": "~WRD0000.tmp" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746506066", "to_ids": false, "type": "text", "uuid": "93ae0728-b2c5-4d70-b269-26ec48cae649", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:33/65\nFirst Submission:2016-12-27T15:07:07.000000+00:00\nLast Submission:2024-05-23T09:19:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746509096", "uuid": "a950a4bc-d0c6-4e95-a643-159470ec9c23", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746509096", "to_ids": true, "type": "md5", "uuid": "319452dd-2166-4273-a8b3-83e80ab9ae48", "value": "f62182cf0ab94b3c97b0261547dfc6cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746506109", "to_ids": true, "type": "sha1", "uuid": "52f3bfd8-3c56-4601-8fe8-a8ae3585959f", "value": "ceea579dbeea57524f3696f88455d3fa6feb3f3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746506109", "to_ids": true, "type": "sha256", "uuid": "32e65eca-31ee-460f-94d2-4f0902188dd3", "value": "af9c1b97e03c0e89c5b09d6a7bd0ba7eb58a0e35908f5675f7889c0a8273ec81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746506108", "to_ids": true, "type": "ssdeep", "uuid": "4b30d624-4b19-40df-a2a4-cd46d8876e77", "value": "768:V1af7X6TBxX6TB0E86PTT5GSl5y6eYVmpl+cc1Bvk0pt7/2cn8qn/cU1:V1YIjtiTT5GSl5Rmjmx/2Pu1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746506108", "to_ids": false, "type": "size-in-bytes", "uuid": "64e8c859-b786-49cf-9bfe-7a7c52b1a6b0", "value": "60931" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746506108", "to_ids": true, "type": "vhash", "uuid": "67e90bd2-7f85-40b5-9ce2-4d91c5cc5e5b", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746506108", "to_ids": true, "type": "filename", "uuid": "9b1b820f-67b4-4ac7-be03-546f0795def3", "value": "af9c1b97e03c0e89c5b09d6a7bd0ba7eb58a0e35908f5675f7889c0a8273ec81_dealerschoice-b.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746506108", "to_ids": false, "type": "text", "uuid": "ff5d2a7e-8ef4-494f-91ab-498f9d247693", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/CVE-2016-4117\nVT Total Detection:37/63\nFirst Submission:2016-09-26T01:58:00.000000+00:00\nLast Submission:2024-10-27T23:20:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746509117", "uuid": "00c56908-ff36-4e71-88d8-f3124c7986dd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746509117", "to_ids": true, "type": "md5", "uuid": "2831e441-f1ab-4b4e-9391-4b3d7ace3707", "value": "504182aaa5575bb38bf584839beb6d51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746506130", "to_ids": true, "type": "sha1", "uuid": "cb4d0d05-2c48-461e-8951-9fb1138ce27f", "value": "f3805382ae2e23ff1147301d131a06e00e4ff75f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746506130", "to_ids": true, "type": "sha256", "uuid": "96f5b58e-fc42-456e-8dfd-917b4aca5c78", "value": "cc68ed96ef3a67b156565acbea2db8ed911b2b31132032f3ef37413f8e2772c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746506129", "to_ids": true, "type": "ssdeep", "uuid": "e67983f9-b0ea-45ac-bb40-ff5b48ad8b4d", "value": "768:V1af7X6TBxX6TB0E86PTT5GSl5y6eYVmpl+cc1Bvk0pt7/2cn8qn/cUy:V1YIjtiTT5GSl5Rmjmx/2Puy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746506129", "to_ids": false, "type": "size-in-bytes", "uuid": "631ca6f1-e72e-47cb-b1bf-6190bdf7eb21", "value": "60929" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746506129", "to_ids": true, "type": "vhash", "uuid": "72db305b-4483-4b18-842f-0a81479ed6ec", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746506129", "to_ids": true, "type": "filename", "uuid": "3b8351c1-b1cf-4d9a-b952-10cb207cdffe", "value": "ais_samples (285)" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746506129", "to_ids": false, "type": "text", "uuid": "2dae9ce1-b44e-45f6-ac04-5e3ac3ae20fc", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/CVE-2016-4117\nVT Total Detection:38/64\nFirst Submission:2016-09-22T13:52:11.000000+00:00\nLast Submission:2024-05-23T09:03:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746509138", "uuid": "0c268d2d-19ce-4607-8770-aa643323983e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746509138", "to_ids": true, "type": "md5", "uuid": "29ee0c0c-f7e8-488d-ad2a-c4a9b81cceaa", "value": "d79a21970cad03e22440ea66bd85931f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746506151", "to_ids": true, "type": "sha1", "uuid": "e70e768e-1338-4365-adfd-869688bcb7f6", "value": "5e24652499fc6a0e224e14c8b1683861a8c79b32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746506151", "to_ids": true, "type": "sha256", "uuid": "07afb847-5ef7-450a-bfed-a19e92c5ec05", "value": "2477043e41fd155ae8f60137255923ecb79c2d16527f52f6d1782dae130dbcbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746506151", "to_ids": true, "type": "ssdeep", "uuid": "23611e40-7986-45c7-a31d-0e23b29647aa", "value": "768:VNgKfjdNQutYyACi2pFZkN/X1ng72ZxPHNliqn/cUy:VNcyACi2pFafdxPHNliuy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746506151", "to_ids": false, "type": "size-in-bytes", "uuid": "ead703d6-a134-4e80-be5c-2ec1299e8b4c", "value": "52618" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746506151", "to_ids": true, "type": "vhash", "uuid": "942617cd-557f-4ed8-8ece-6414f42f4805", "value": "889b72e463346ba763c2470ce72c22f42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746506151", "to_ids": true, "type": "filename", "uuid": "d1c470f5-542f-4066-b7a2-b11b5ad5ee21", "value": "27.vir" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746506151", "to_ids": false, "type": "text", "uuid": "d7005416-1b3e-4566-b6eb-da6d3803dd2f", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:36/64\nFirst Submission:2016-11-08T02:53:51.000000+00:00\nLast Submission:2024-05-23T07:12:33.000000+00:00" } ] } ] } }