{ "Event": { "analysis": "1", "date": "2026-02-23", "extends_uuid": "", "info": "[Threat Intel] Chronology of MuddyWater APT Attacks Targeting the Middle East", "protected": false, "publish_timestamp": "1780042189", "published": true, "threat_level_id": "2", "timestamp": "1780042189", "uuid": "902d955b-e5f7-4bca-948e-857e6ab0017c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#5bb38b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1588.001\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#1acf09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Trusted Relationship - T1199\"", "relationship_type": "" }, { "colour": "#6fe7f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#a42e64", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": "" }, { "colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": "" }, { "colour": "#4929fe", "local": false, "name": "misp-galaxy:target-information=\"Iraq\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#13bb3c", "local": false, "name": "misp-galaxy:target-information=\"Oman\"", "relationship_type": "" }, { "colour": "#19d775", "local": false, "name": "misp-galaxy:target-information=\"Turkmenistan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771844419", "to_ids": false, "type": "link", "uuid": "9925f81f-bdc2-4337-a69a-2ef141aa7d2c", "value": "https://www.genians.co.kr/en/blog/threat_intelligence/muddywater-apt?hs_amp=true" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1771844419", "to_ids": false, "type": "text", "uuid": "11b7be1f-4bab-409b-aa69-a2d4b318720d", "value": "This report analyzes the recent activities of the MuddyWater APT group, which primarily targets organizations in the Middle East. The group employs sophisticated spear-phishing techniques, often impersonating legitimate entities and using malicious documents to gain initial access. Their attacks focus on long-term infiltration and intelligence gathering rather than immediate disruption. The report details several attack cases from 2019 to 2026, highlighting the group's evolving tactics, including the abuse of legitimate remote management tools and the use of Rust-based malware. The analysis emphasizes the importance of endpoint detection and response (EDR) solutions in identifying and mitigating these threats, as traditional perimeter-based security measures prove insufficient against such advanced persistent threats." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1771844419", "to_ids": false, "type": "text", "uuid": "ccba21fd-a8cd-4442-a7bd-6517b60ab56a", "value": "Name: Chronology of MuddyWater APT Attacks Targeting the Middle East\nAuthor: AlienVault\nAdversary: MuddyWater\nTags: [\"anydesk\", \"edr\", \"middle east\", \"syncro\", \"apt\", \"spear-phishing\", \"intelligence gathering\", \"teamviewer\", \"screenconnect\", \"initial access\", \"remote management tools\", \"atera\", \"splashtop\", \"rust-based malware\"]\nTgtd countries: [\"Egypt\", \"Iraq\", \"Israel\", \"Jordan\", \"Malaysia\", \"Oman\", \"Turkmenistan\"]\nMlwr families: [\"Syncro\", \"Atera\", \"Splashtop\", \"AnyDesk\", \"TeamViewer\", \"ScreenConnect\"]\nAttack_ids: [\"T1133\", \"T1071\", \"T1190\", \"T1583.001\", \"T1036\", \"T1588.001\", \"T1102\", \"T1204\", \"T1059.001\", \"T1547.001\", \"T1199\", \"T1588.002\", \"T1566\", \"T1078\", \"T1027\", \"T1213\", \"T1105\", \"T1569.002\"]\nIndustries: [\"Government\", \"Telecommunications\", \"Education\", \"Finance\", \"Energy\", \"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1779140150", "to_ids": false, "type": "threat-actor", "uuid": "d812066b-99c2-4c9a-9af3-cd7ef8270d88", "value": "MuddyWater", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": "" }, { "colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780042187", "to_ids": true, "type": "ip-dst", "uuid": "d9881635-1caa-458e-bd3f-522a36bde721", "value": "159.198.66.153", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#17fb50", "local": false, "name": "asn:asn=\"22612\"", "relationship_type": "" }, { "colour": "#e80394", "local": false, "name": "asn:as-owner=\"NAMECHEAP-NET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780042189", "to_ids": true, "type": "ip-dst", "uuid": "11464537-f3b8-4ee1-b05d-9543bf2ffdc4", "value": "159.198.68.25", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#17fb50", "local": false, "name": "asn:asn=\"22612\"", "relationship_type": "" }, { "colour": "#e80394", "local": false, "name": "asn:as-owner=\"NAMECHEAP-NET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772151866", "to_ids": true, "type": "domain", "uuid": "ed74b12c-eeda-4a3b-802d-5dec116995e5", "value": "screenai.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772151888", "to_ids": true, "type": "domain", "uuid": "147826db-14cb-458b-a49f-1d32d6ab68cc", "value": "stratioai.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772151910", "to_ids": true, "type": "hostname", "uuid": "3e6bc575-65dc-4214-9a3a-aab1e12318ef", "value": "nomercys.it.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779536992", "uuid": "8f287ad4-9566-454c-a672-b5ada944bcb8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779536991", "to_ids": true, "type": "md5", "uuid": "a395a852-2ff3-4823-946b-6e2da829d0de", "value": "0a95918fd6000a69b8a70609f93e910f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779536992", "to_ids": true, "type": "sha1", "uuid": "5b53945c-b762-41d7-bbbb-1449f38d9b84", "value": "04e1f66cb9d4deb6e145bceb43c7110df9d8f027", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779536992", "to_ids": true, "type": "sha256", "uuid": "174ae8ae-909c-4755-9cea-674802c81c4b", "value": "e87fe81352ebda0cfc0ae785ebfc51a8965917235ee5d6dc6ca6b730eda494cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149408", "to_ids": true, "type": "ssdeep", "uuid": "3397230a-c3e2-4922-bc44-254bad6b2a45", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KE1T:w9mzytc/CKDllTllCeue6STzVT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149408", "to_ids": false, "type": "size-in-bytes", "uuid": "208d7fb4-3bcf-4d80-be51-8cd30a905b4e", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149408", "to_ids": true, "type": "vhash", "uuid": "0d2ffe39-5c93-491a-b007-8d1c0e72974f", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149408", "to_ids": true, "type": "filename", "uuid": "c477e772-2612-489b-b83e-e4ed1a69d375", "value": "profit-workshop.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149408", "to_ids": false, "type": "text", "uuid": "4e8beae6-a92c-49f4-9ae4-bd72f35c4370", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:26/63\nFirst Submission:2022-11-15T11:22:49.000000+00:00\nLast Submission:2022-11-15T11:22:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779536995", "uuid": "820a4be5-a384-4542-9350-8f0086982162", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779536994", "to_ids": true, "type": "md5", "uuid": "fd4b6afb-4374-4b88-8f72-c82c049543ca", "value": "1f280f51eeb6cf895fe80082ce725841", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779536994", "to_ids": true, "type": "sha1", "uuid": "ca23ce9b-4c28-4754-99f3-663e6b5a6b85", "value": "c5066432feb9de0785207d5da3891720e744297f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779536995", "to_ids": true, "type": "sha256", "uuid": "ef4169df-0ba0-4826-8877-080ffced2cc7", "value": "4d24b326d0335e122c7f6adaa22e8237895bdf4c6d85863cf8e84cfcc0503e69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149430", "to_ids": true, "type": "ssdeep", "uuid": "d43b9321-c2e7-4c8e-b528-11ea38c53d6a", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KETT:w9mzytc/CKDllTllCeue6STzzT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149430", "to_ids": false, "type": "size-in-bytes", "uuid": "63a90f5f-c337-4730-ae3e-6c92c121c861", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149430", "to_ids": true, "type": "vhash", "uuid": "58103f7e-fa7e-427b-96ec-5a9f0e1b6d75", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149430", "to_ids": true, "type": "filename", "uuid": "04b6aa66-aa38-4e1a-a7cc-cccf9f0170d0", "value": "415382.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 11/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149430", "to_ids": false, "type": "text", "uuid": "d1dc951c-1ea9-4c84-92b6-dc5c51d3f792", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:19/64\nFirst Submission:2022-10-19T11:00:16.000000+00:00\nLast Submission:2022-10-19T11:00:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779536997", "uuid": "b773169e-d9c8-472e-8554-1a74c765ed06", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779536997", "to_ids": true, "type": "md5", "uuid": "5fd0f0e4-7887-4564-a199-e9f5067cfa42", "value": "244a4f81cff4a8dc5872628a40713735", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779536997", "to_ids": true, "type": "sha1", "uuid": "bbeac564-5ae3-4123-91c1-3929f49cca4c", "value": "16fb722d7b8ab5a1eba16facd7aab894bb37465a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779536997", "to_ids": true, "type": "sha256", "uuid": "ebd6205f-c30f-4e41-8232-3ad52ca86792", "value": "1670a59f573037142f417fb8c448a9022c8d31a6b2bf93ad77a9db2924b502af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149452", "to_ids": true, "type": "ssdeep", "uuid": "e4cc1467-9072-4217-b44b-4c6c7660596b", "value": "6:q43tNykuX9vya0MwUHpBvt33XyxZ9cKjaJCOLlfv3rFwCFKHOmJHHLWXfGb:TrmX5dL/pZt3HubGVFwCsHOW8Gb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149452", "to_ids": false, "type": "size-in-bytes", "uuid": "6461f88e-80ba-450a-80e7-b636c0b5596c", "value": "308" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149452", "to_ids": true, "type": "vhash", "uuid": "662655d8-4a0f-465c-8a47-c83ad5f1c165", "value": "1423b06799819be0a182c52733e47a59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149452", "to_ids": true, "type": "filename", "uuid": "765fcb41-21cd-430a-88ef-1ce797b08641", "value": "Looking for business insurance no335080.2022-isrotel.html" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 10/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149452", "to_ids": false, "type": "text", "uuid": "9a414c40-dd8f-4fa0-a42a-28d6dcaf8b26", "value": "Type Description: HTML\nMicrosoft: TrojanDownloader:HTML/FormBook!MSR\nVT Total Detection:29/62\nFirst Submission:2022-11-08T15:37:16.000000+00:00\nLast Submission:2023-04-12T07:12:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537001", "uuid": "f90b3230-4304-4886-af03-54b10a3caf4b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537000", "to_ids": true, "type": "md5", "uuid": "3b73b649-00b4-4d8e-9a72-93acdb58f8ae", "value": "3a95186019af1943a0ea0f8eb07a288f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537000", "to_ids": true, "type": "sha1", "uuid": "355f6030-85ad-4113-bb85-bb9e879e434f", "value": "b7e56f4b31f4fdbe844c3d4a4156f1d0e3b3ea97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537001", "to_ids": true, "type": "sha256", "uuid": "403e366a-099c-42a1-a7fa-7755983eb3de", "value": "f38a56b8dc0e8a581999621eef65ef497f0ac0d35e953bd94335926f00e9464f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149474", "to_ids": true, "type": "ssdeep", "uuid": "cf701219-66d4-42a4-b383-8d3325eab982", "value": "24576:J97DkXCl6mchTj6QZ0sedNOX7Prm4M3fbVaVHqkP3O55+D1K:b76CQm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149474", "to_ids": false, "type": "size-in-bytes", "uuid": "ef038937-2c8a-48bd-8f33-7e1517b026d6", "value": "2923520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149474", "to_ids": true, "type": "vhash", "uuid": "053d1fb3-fb8f-4e69-810c-2fd3d314a222", "value": "6e1d7e785d8c02f6c5360417e338b7e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149474", "to_ids": true, "type": "filename", "uuid": "086e3a91-fc3e-441c-90d3-e2dfd806db40", "value": "New rules for the General Administration of Pensions and Social Insurance.doc" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149474", "to_ids": false, "type": "text", "uuid": "17b84893-7670-4933-9ae1-cf73d3d78898", "value": "Type Description: MS Word Document\nMicrosoft: TrojanDownloader:O97M/MuddyWater.GVA!MTB\nVT Total Detection:40/64\nFirst Submission:2026-01-06T07:58:40.000000+00:00\nLast Submission:2026-01-29T00:50:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537005", "uuid": "d5dc78d8-0416-46f5-951b-295cb562bc5d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537004", "to_ids": true, "type": "md5", "uuid": "afe1d6bd-155f-4529-8e66-044ff68ee322", "value": "4055d8b5c2e909f5db8b75a5750a7005", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537004", "to_ids": true, "type": "sha1", "uuid": "374cf08b-1cdd-4b13-a0b5-1a41a2e11659", "value": "0fc0e1ab30f55d1709532496ac6adac107a4729e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537005", "to_ids": true, "type": "sha256", "uuid": "6fca1a6b-4160-45b6-831a-d810d4e18c7f", "value": "ffbe988fd797cbb9a1eedb705cf00ebc8277cdbd9a21b6efb40a8bc22c7a43f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149495", "to_ids": true, "type": "ssdeep", "uuid": "41b8d5a7-50c0-4b31-be15-4e6d5aa24e61", "value": "49152:R51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:RPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149495", "to_ids": false, "type": "size-in-bytes", "uuid": "f777b41f-b30e-44f6-aaef-c6432dcee8ed", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149495", "to_ids": true, "type": "vhash", "uuid": "83a577fa-1509-4748-9e84-71196de98715", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149495", "to_ids": true, "type": "filename", "uuid": "de1f5933-ea8f-48e6-9ebe-f33aefe83335", "value": "49cd3f.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149495", "to_ids": false, "type": "text", "uuid": "b30aa92a-b8cb-41f5-9f92-1b7061757962", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:21/63\nFirst Submission:2024-03-07T13:58:25.000000+00:00\nLast Submission:2024-03-07T13:58:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537007", "uuid": "7a105659-a06a-43ba-95db-be3161cacf5a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537006", "to_ids": true, "type": "md5", "uuid": "ece6f7b8-4d49-4436-98e6-10971d89181f", "value": "43be8a405a7f57cf9f910d829c521b21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537007", "to_ids": true, "type": "sha1", "uuid": "c0e01dca-31c2-43d2-99a5-4d332b003268", "value": "bd39679896fe305cfb3cca7432c5ef6dafbc93a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537007", "to_ids": true, "type": "sha256", "uuid": "0aae76a0-67d9-4e1d-bc89-17d01843d63b", "value": "4550b4fa89ff70d8ea59d350ad8fc537ceaad13779877f2761d91d69a2c445b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149518", "to_ids": true, "type": "ssdeep", "uuid": "d36afa07-41aa-430b-86bd-c1a2aa798d6a", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KE3T:w9mzytc/CKDllTllCeue6STzXT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149518", "to_ids": false, "type": "size-in-bytes", "uuid": "b0369808-15fd-4db5-a98a-332792c00b7a", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149518", "to_ids": true, "type": "vhash", "uuid": "24f40d6b-a96c-4e33-90fb-d4a5daa5aa69", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149518", "to_ids": true, "type": "filename", "uuid": "2414acca-706b-4adb-b8fa-399a96f629e4", "value": "The electronic form of the invitation along with the exhibition manual.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149518", "to_ids": false, "type": "text", "uuid": "c316f31d-4f67-46ec-a4a6-a0d88cadf348", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:19/63\nFirst Submission:2022-10-12T11:30:40.000000+00:00\nLast Submission:2022-10-12T11:30:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537010", "uuid": "3d8e5bab-cd5f-4ec6-b710-9e78c7626c08", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537009", "to_ids": true, "type": "md5", "uuid": "b359728a-8680-4162-bcd5-17336b85e5b4", "value": "4c169dde3bc184c42ca7a712a61c6f3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537009", "to_ids": true, "type": "sha1", "uuid": "a0cb8768-cfa8-4ae6-aea8-e5d2a30c94fa", "value": "5b2c6e056d7430de881396e6bd96b59e4415428a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537010", "to_ids": true, "type": "sha256", "uuid": "b4e5e398-0381-4211-aafa-639a1f122830", "value": "433b47f40f47bea0889423ab96deb1776f47e9faa946e7c5089494ed00c6cc29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149540", "to_ids": true, "type": "ssdeep", "uuid": "3d79036b-6c8a-4473-b9e3-7da3aec700d0", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEzT:w9mzytc/CKDllTllCeue6STzTT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149540", "to_ids": false, "type": "size-in-bytes", "uuid": "a202fa6c-2ebf-47d5-817d-9d5f19b9cdd6", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149540", "to_ids": true, "type": "vhash", "uuid": "04b2736d-e030-496b-967b-075f789fc36b", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149540", "to_ids": true, "type": "filename", "uuid": "5ca70e75-896e-47ba-8ae1-9f17c38dcf37", "value": "668491.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149540", "to_ids": false, "type": "text", "uuid": "9a33402c-a8e6-4843-8d99-249cee65a4e5", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:21/63\nFirst Submission:2022-10-31T09:58:43.000000+00:00\nLast Submission:2022-10-31T09:58:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537013", "uuid": "bcb03294-253e-41bb-bde3-f6c910da6d4f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537012", "to_ids": true, "type": "md5", "uuid": "9c7a5723-1773-4715-a7a3-49b4ca6e3def", "value": "74e75830252220cbbe7e3adec4340d2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537012", "to_ids": true, "type": "sha1", "uuid": "fab6150e-b57d-4f6d-a277-a7a92cb1e625", "value": "b4f5555d5b934b927de4950131952e17e7194665", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537013", "to_ids": true, "type": "sha256", "uuid": "84afdc6d-beb8-4d2a-83bb-c9c5bc694a3d", "value": "a2001892410e9f34ff0d02c8bc9e7c53b0bd10da58461e1e9eab26bdbf410c79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149562", "to_ids": true, "type": "ssdeep", "uuid": "fb623ae8-34b0-4787-ad08-0664711711b0", "value": "24576:FNfoT3/QPvpFAEkgRk+5gQTAj2FUNu3eLrDSr+AtU5KJL:FNfor/QP3EAB5H8jXuOLrDSr+AtU5KJL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149562", "to_ids": false, "type": "size-in-bytes", "uuid": "ba077553-e823-406d-ba55-91e15a96b6c3", "value": "1308672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149562", "to_ids": true, "type": "vhash", "uuid": "eddf2654-1b1c-4066-9a68-044ea93f66bd", "value": "016066655d1555155053zb2z773z61z15za01az137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149562", "to_ids": true, "type": "filename", "uuid": "7262f765-520d-495f-bd20-bb75318d374d", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 16/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149562", "to_ids": false, "type": "text", "uuid": "d6e93fd9-7124-4f26-bec8-5bd41fb54ee9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/TroyStealer.SE!MTB\nVT Total Detection:50/72\nFirst Submission:2025-11-17T10:24:09.000000+00:00\nLast Submission:2026-01-10T20:11:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537015", "uuid": "588de8e8-4223-4be0-abdf-0dc48301cdee", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537015", "to_ids": true, "type": "md5", "uuid": "862a4ca2-5551-4a4a-82a0-b3d716d4efff", "value": "75060f5394b72421c0d8f81f79931aa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537015", "to_ids": true, "type": "sha1", "uuid": "2649c08f-044b-40e0-afd9-0a8af8fd0d76", "value": "0bb3ddeac6d4af21ea63d73857c779269c21c579", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537015", "to_ids": true, "type": "sha256", "uuid": "5159b989-3252-4e9f-9203-a64c96fb17a6", "value": "f24ce8e6679893049ce4e5a03bc2d8c7e44bf5b918bf8bf1c2e45c5de4d11e56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149584", "to_ids": true, "type": "ssdeep", "uuid": "0a90c700-12e0-490d-a27c-97a0c27db660", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEUT:w9mzytc/CKDllTllCeue6STz0T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149584", "to_ids": false, "type": "size-in-bytes", "uuid": "e1253b8f-2e3d-4028-b643-1da43242c908", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149584", "to_ids": true, "type": "vhash", "uuid": "78e6fd3c-44a4-4052-9e74-f7cb3596306b", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149584", "to_ids": true, "type": "filename", "uuid": "9233cb3d-058a-4c82-bb05-4996381723d3", "value": "Caspel.az.workshop.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149584", "to_ids": false, "type": "text", "uuid": "555ae98f-9785-41b5-84c4-5693e12379b3", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:22/63\nFirst Submission:2022-11-08T04:46:02.000000+00:00\nLast Submission:2024-03-01T22:33:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537018", "uuid": "910fe709-f8e3-436e-88ea-9f1d9f8e4978", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537017", "to_ids": true, "type": "md5", "uuid": "19f0e96c-5618-4ad4-a608-e5ddd9b6c2c3", "value": "7da3d206519086f2725494b3ab095fbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537018", "to_ids": true, "type": "sha1", "uuid": "16c87625-245c-49bc-a686-14eb1b9e41f9", "value": "7d53dbb3f703608a68dc25a5212fc93627b3d3f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537018", "to_ids": true, "type": "sha256", "uuid": "cfe2f27b-046b-4032-98e7-ad4dc1606b89", "value": "a35a1c92c001b59605efd318655d912f2bcd4e745da2b4a1e385d289e12ee905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149606", "to_ids": true, "type": "ssdeep", "uuid": "f37e7a91-9d47-48ff-b979-d7184fee0751", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEYT:w9mzytc/CKDllTllCeue6STz4T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149606", "to_ids": false, "type": "size-in-bytes", "uuid": "bbf1b4ad-5753-4e9c-a3e2-4c1660e9908e", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149606", "to_ids": true, "type": "vhash", "uuid": "9167ecd1-2d18-41a4-8268-4cabbc209867", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149606", "to_ids": true, "type": "filename", "uuid": "fb094390-947f-4943-950f-271a58b9b188", "value": "a35a1c92c001b59605efd318655d912f2bcd4e745da2b4a1e385d289e12ee905.exe" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149606", "to_ids": false, "type": "text", "uuid": "b732377b-d03c-4873-8291-6db8d34436f4", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:21/63\nFirst Submission:2022-10-17T06:45:58.000000+00:00\nLast Submission:2023-10-26T09:41:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537021", "uuid": "4992a5b2-b885-4481-a3ab-c737ce61763f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537020", "to_ids": true, "type": "md5", "uuid": "f0c5b71d-c895-40dc-9ecb-4fad1c3b0c26", "value": "806adc79e7ea3be50ef1d3974a16b7fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537020", "to_ids": true, "type": "sha1", "uuid": "f7684fba-a9bc-4f61-840e-1f399f907e8f", "value": "b0ab6ce3d044a1339a705f233e113c44a1bced10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537021", "to_ids": true, "type": "sha256", "uuid": "c4c0e275-0859-430c-afda-87147488b51b", "value": "93b749082651d7fc0b3caa9df81bad7617b3bd4475de58acfe953dfafc7b3987", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149628", "to_ids": true, "type": "ssdeep", "uuid": "525eeaad-8ff6-4229-90ca-e4f2e14a67ff", "value": "12288:iP/HOjaQ3UMq+jE5SWNGyfV0djZpDGCDJVXDdJsn:scEMq+jE5SW0OEj7Dz9kn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149628", "to_ids": false, "type": "size-in-bytes", "uuid": "401b6da1-bc06-4c6f-b3be-846287454115", "value": "482304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149628", "to_ids": true, "type": "vhash", "uuid": "ba5bd6bc-618c-4bd2-a807-7f06af70400f", "value": "e2dc95b9129ca8c9dd12235269cbe13a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149628", "to_ids": true, "type": "filename", "uuid": "6b1f5433-0103-4db6-a0af-99d0202b4855", "value": "93b749082651d7fc0b3caa9df81bad7617b3bd4475de58acfe953dfafc7b3987.unknown" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149628", "to_ids": false, "type": "text", "uuid": "72834a99-1eb3-4cd7-9250-dd687f4be7db", "value": "Type Description: MS Word Document\nMicrosoft: TrojanDownloader:O97M/Aptdrop.J\nVT Total Detection:43/64\nFirst Submission:2019-03-12T11:19:36.000000+00:00\nLast Submission:2025-11-19T17:19:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537023", "uuid": "f63ef7c1-66f1-4c39-84b2-a1612cac0b8d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537023", "to_ids": true, "type": "md5", "uuid": "506bf240-e7b6-4ac1-88fb-aaaabca596ef", "value": "809334c0b55009c5a50f37e4eec63c43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537023", "to_ids": true, "type": "sha1", "uuid": "c9ee55b5-3554-4efe-8b15-54496428bcfe", "value": "24b60847bc0712c9ba0b8036c59ee16c211fa8bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537023", "to_ids": true, "type": "sha256", "uuid": "50e998cb-1170-4f39-b1af-49176c760589", "value": "2722e289767ae391e3c3773b8640a8b9f6eb24c6a9d6e541f29c8765f7a8944b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149650", "to_ids": true, "type": "ssdeep", "uuid": "50739c2d-03b1-4460-933a-fb6aa1c84502", "value": "49152:r51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TzOFNOnUI:rPCMr2NMRmk/XeM9TEeRvx+ch/TzAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149650", "to_ids": false, "type": "size-in-bytes", "uuid": "c328c34f-3ef2-43a3-9617-0cd515ae92a2", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149650", "to_ids": true, "type": "vhash", "uuid": "92f932f2-6d2e-499d-9b8d-0780e98726a9", "value": "4abff88a161b9a949d26e2a832b0a5cb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149650", "to_ids": true, "type": "filename", "uuid": "08e4e7c0-51a6-46f8-b995-8ea4609b8fbd", "value": "MuddyWater" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 23/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149650", "to_ids": false, "type": "text", "uuid": "3ab24d6a-0e46-4c02-8a0f-154f6da25441", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:26/63\nFirst Submission:2024-03-05T09:12:16.000000+00:00\nLast Submission:2024-05-22T18:53:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537026", "uuid": "b7f41e24-7324-4f3a-a872-79bd825d9631", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537025", "to_ids": true, "type": "md5", "uuid": "c447a314-06c0-41dd-a209-97630dadfdfc", "value": "95d9e6c262632abe004c4693a71eaced", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537025", "to_ids": true, "type": "sha1", "uuid": "ad783bff-f502-48aa-9ffa-170d82d018b2", "value": "8833920040e37c989217c342412d3aa3f40187e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537026", "to_ids": true, "type": "sha256", "uuid": "b6aa210f-36cd-47dd-9be2-2de26d13cd20", "value": "dc7e102a2c68f7e3e15908eb6174548ce3d13a94caadf76e1a4ee834dc17a271", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149672", "to_ids": true, "type": "ssdeep", "uuid": "ca8aba64-679d-4019-a32e-acfba1ab8501", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEHT:w9mzytc/CKDllTllCeue6STznT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149672", "to_ids": false, "type": "size-in-bytes", "uuid": "605bc378-c3d3-4064-b793-0aab5063bc0d", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149672", "to_ids": true, "type": "vhash", "uuid": "aec293b4-8a9d-47b6-a78e-069b1434fef9", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149672", "to_ids": true, "type": "filename", "uuid": "3af0b439-59b7-4166-b27b-65f9892abd35", "value": "Looking for business insurance no335080.2022-isrotel.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149672", "to_ids": false, "type": "text", "uuid": "c5c4c3ca-1407-4034-9d39-9793ea244533", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:12/65\nFirst Submission:2022-11-08T12:17:18.000000+00:00\nLast Submission:2026-02-10T03:09:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537029", "uuid": "61076541-13de-4945-979d-d6f135686859", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537028", "to_ids": true, "type": "md5", "uuid": "af08214d-9942-4d03-96e4-f7010f22ba2f", "value": "aba760ec55fdeccb35adb068443feb89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537028", "to_ids": true, "type": "sha1", "uuid": "55b78437-a4d5-470a-a25c-677ea8d16497", "value": "8103cbffd4f7651c32a1cc602f0398027fb3207f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537029", "to_ids": true, "type": "sha256", "uuid": "581f8a47-ffca-4809-967c-c94c0d528a1a", "value": "638c7a4f833dc95dbab5f0a81ef03b7d83704e30b5cdc630702475cc9fff86a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149695", "to_ids": true, "type": "ssdeep", "uuid": "6f3be573-8a91-43a1-b866-c6c8f000bba0", "value": "49152:g51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:gPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149695", "to_ids": false, "type": "size-in-bytes", "uuid": "b9ea09ab-a48d-4bc8-833b-892422bb1b66", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149695", "to_ids": true, "type": "vhash", "uuid": "6329a04c-61f1-4d1e-b45a-210f31a6d4be", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149695", "to_ids": true, "type": "filename", "uuid": "276b98e0-d142-487f-a6ea-e406dffdda00", "value": "Polaristek.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 07/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149695", "to_ids": false, "type": "text", "uuid": "031ccdbd-e711-4941-970d-44b5dfdee4be", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:24/64\nFirst Submission:2024-02-13T10:39:11.000000+00:00\nLast Submission:2024-02-27T01:42:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537032", "uuid": "1f3a5681-3eb5-4b15-8d65-c3c013e4ba3b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537031", "to_ids": true, "type": "md5", "uuid": "0da23b38-ad57-42f5-b0ec-99088b1c038e", "value": "b181ecbb7394e3b1394a8c97af65b7e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537031", "to_ids": true, "type": "sha1", "uuid": "e328d33a-d2d2-48e1-9500-6e49703a1dc5", "value": "18a6ee322f30fe17f896686fbc162e4c8d628e5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537032", "to_ids": true, "type": "sha256", "uuid": "b3819f3c-0dd6-41d3-a03c-4b30cf2bca23", "value": "dd2675e2f6835f8a8a0e65e9dbc763ca9229b55af7d212da38b949051ae296a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149716", "to_ids": true, "type": "ssdeep", "uuid": "65a6e84b-11ae-44fc-bcf9-22d29a60a847", "value": "49152:t51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:tPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149716", "to_ids": false, "type": "size-in-bytes", "uuid": "474a9073-f96e-44ba-8553-1924ecff913c", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149716", "to_ids": true, "type": "vhash", "uuid": "ab671fa8-60d5-4607-80d8-de76db20f734", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149716", "to_ids": true, "type": "filename", "uuid": "bdf4d2b2-abc2-4ea4-85a2-242c890a9f11", "value": "karel.com.tr.telekom\u00fcnikasyonWebsemineri.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 23/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149716", "to_ids": false, "type": "text", "uuid": "929a9e86-1a9a-4dde-8808-7069337c3513", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:30/64\nFirst Submission:2024-02-21T06:50:12.000000+00:00\nLast Submission:2025-05-20T15:16:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537034", "uuid": "9e27e17b-d874-46ba-a286-0d0fa239be07", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537033", "to_ids": true, "type": "md5", "uuid": "b6e7b87d-242a-4e2f-8418-fe8ceb2c5c3a", "value": "c381c2cb8fdd6acf1636280b9424f573", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537034", "to_ids": true, "type": "sha1", "uuid": "0ea31e8e-fe27-43a4-8623-a1cba8fdb1f4", "value": "7918e2c9c6f2847078bb736968f8f21b7e70a0af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537034", "to_ids": true, "type": "sha256", "uuid": "00321531-1df3-4a3d-b97a-c8a0bcfd4916", "value": "ff2ae62ba88e7068fa142bbe67d7b9398e8ae737a43cf36ace1fcf809776c909", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149738", "to_ids": true, "type": "ssdeep", "uuid": "bf8f3388-4e74-42ca-befc-4f4d3db0cfa1", "value": "49152:k51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:kPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149738", "to_ids": false, "type": "size-in-bytes", "uuid": "ed5b4c50-e427-4f4e-8113-5f46add7e3b9", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149738", "to_ids": true, "type": "vhash", "uuid": "1f0be4f4-f95c-4029-81ff-58f6c4dc1bd7", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149738", "to_ids": true, "type": "filename", "uuid": "a3d9a983-effd-417e-acfa-e0af759a3004", "value": "\u05ea\u05d5\u05db\u05e0\u05ea \u05ea\u05d9\u05d9\u05e8\u05d5\u05ea.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149738", "to_ids": false, "type": "text", "uuid": "5211e529-4080-44b4-8b4a-f024e796a6c1", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/MuddyWater.A\nVT Total Detection:32/64\nFirst Submission:2024-03-13T04:44:48.000000+00:00\nLast Submission:2024-08-07T15:19:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537037", "uuid": "84554a54-2582-498f-b767-12d545d33dd9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537036", "to_ids": true, "type": "md5", "uuid": "a3d9a80b-c933-4aa0-8a11-7f8d3af165a4", "value": "c89671f994af65677aa48b699a01fe9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537036", "to_ids": true, "type": "sha1", "uuid": "65b84d52-c022-4cf2-950c-c464bd7e32b7", "value": "ba914f8cb3dd889b4222512dde990ac1e6a3518f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537037", "to_ids": true, "type": "sha256", "uuid": "906efe24-c2ba-4fb4-a754-5573f383cc14", "value": "76ab046de18e20fd5cddbb90678389001361a430a0dc6297363ff10efbcb0fa8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149760", "to_ids": true, "type": "ssdeep", "uuid": "315249ac-6b86-44b7-874c-eafdb7c0d132", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KENT:w9mzytc/CKDllTllCeue6STztT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149760", "to_ids": false, "type": "size-in-bytes", "uuid": "4c617161-832c-41cf-8f74-d97a2871c072", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149760", "to_ids": true, "type": "vhash", "uuid": "3f2a2b19-a156-4ea8-9be8-69e706e69cc8", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149760", "to_ids": true, "type": "filename", "uuid": "9b4e018f-949b-46ba-b86f-35ce76f8e3e9", "value": "5cccd6.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149760", "to_ids": false, "type": "text", "uuid": "e62c2380-6d1e-47f8-92db-9414a46068ac", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:22/63\nFirst Submission:2022-09-20T13:05:40.000000+00:00\nLast Submission:2022-12-28T10:20:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537039", "uuid": "f2db3f40-314a-4ded-80ee-bf9389f3a84d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537038", "to_ids": true, "type": "md5", "uuid": "18821db1-6460-4444-a0d4-3abb3712faa9", "value": "e2d6031afd81bf3b6a44de4d0b039055", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537039", "to_ids": true, "type": "sha1", "uuid": "56ba0632-cb19-4fb7-90e9-5d7258016078", "value": "25fbdc712d4b08609cbde91a41006fc9722f7a6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537039", "to_ids": true, "type": "sha256", "uuid": "1a9d4028-8c86-4e23-93a7-025bb318d5ef", "value": "011cb37733cdf01c689d12fedc4a3eda8b0f6c4dcdeef1719004c32ee331198e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149781", "to_ids": true, "type": "ssdeep", "uuid": "9ceea484-f401-4345-81a7-01bc21ecfbf5", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KE5T:w9mzytc/CKDllTllCeue6STzZT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149781", "to_ids": false, "type": "size-in-bytes", "uuid": "8a8f8309-37f4-4629-a296-64c210c99823", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149781", "to_ids": true, "type": "vhash", "uuid": "d32ad3bc-ebd0-4cdd-ab7f-2ff5ce00bf9b", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149781", "to_ids": true, "type": "filename", "uuid": "3f64869c-ea75-4fde-a880-c014698714b5", "value": "55355a.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149781", "to_ids": false, "type": "text", "uuid": "713728ce-a1f5-4f16-957e-602ba634ea02", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:26/63\nFirst Submission:2022-10-25T06:05:51.000000+00:00\nLast Submission:2022-12-29T15:25:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537042", "uuid": "4549bbc2-852e-4564-bbec-7b7b31aab067", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537041", "to_ids": true, "type": "md5", "uuid": "28e166fe-5c9d-4e27-8eab-814eb8cb87fd", "value": "f1c935ce028022ab2a495eae83adacc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537041", "to_ids": true, "type": "sha1", "uuid": "a0030b84-37e7-485d-acb2-03f2cdc40208", "value": "1dd0301a120d6cbed1d22b9d1fb8c9d3d6793546", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537042", "to_ids": true, "type": "sha256", "uuid": "30c09050-8fb3-461a-8635-dab6b7db49c9", "value": "09e09503962a2a8022859e72b86ad8c69dcbf79839b71897c0bf8a4c4b9f4dd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149803", "to_ids": true, "type": "ssdeep", "uuid": "0381b0bd-a42f-4a05-b8fe-ba28796f8baa", "value": "49152:J+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:J+lUlz9FKbsodq0YaH7ZPxMb8tT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149803", "to_ids": false, "type": "size-in-bytes", "uuid": "1b6e9feb-6b56-49a0-97aa-e539464692be", "value": "2994176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149803", "to_ids": true, "type": "vhash", "uuid": "4fe36438-a67a-4f04-aaa8-d06718133a84", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149803", "to_ids": true, "type": "filename", "uuid": "7f140dc5-88ab-4d00-bc59-27ba8c58d5b0", "value": "digitalform.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149803", "to_ids": false, "type": "text", "uuid": "76de0446-7212-4ec6-8dd2-dc8fdd37769b", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:25/63\nFirst Submission:2024-04-03T17:11:44.000000+00:00\nLast Submission:2024-12-02T16:44:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537044", "uuid": "435fab15-f3ef-4ac1-a6aa-d9914a0d7c7a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537044", "to_ids": true, "type": "md5", "uuid": "eced155d-4c5c-4728-b9fe-2b683b0cc827", "value": "f6a4c531e92cbdd5ffac75c76939d7f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537044", "to_ids": true, "type": "sha1", "uuid": "c1c1fbd1-ab34-48c5-94b7-8112d2c7d0a8", "value": "c9e280d8ee3b8a0ab28e59671de2f889ba5f0bed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537044", "to_ids": true, "type": "sha256", "uuid": "0736ca1d-13ed-4cf8-b4e8-f7cb3d5f291f", "value": "4e80bd62d02f312b06a0c96e1b5d1c6fd5a8af4e051f3f7f90e2976580842515", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149826", "to_ids": true, "type": "ssdeep", "uuid": "1aac7093-a088-4462-ae48-0e3b745d92a2", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KE9T:w9mzytc/CKDllTllCeue6STzdT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149826", "to_ids": false, "type": "size-in-bytes", "uuid": "ef0f296d-3d59-4bae-991e-dcd6a4f46da2", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149826", "to_ids": true, "type": "vhash", "uuid": "b36564ce-8d97-47ab-9be1-23eedb652875", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149826", "to_ids": true, "type": "filename", "uuid": "f789ca03-1239-4e2f-9816-3432e86aab1b", "value": "4b4e80.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149826", "to_ids": false, "type": "text", "uuid": "b25dbc3e-8a3e-4d74-a19d-dc91207a7485", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:26/63\nFirst Submission:2022-11-14T07:26:38.000000+00:00\nLast Submission:2022-11-14T07:26:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537047", "uuid": "1f539d46-3808-409d-b0b9-0436e6ed1463", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537046", "to_ids": true, "type": "md5", "uuid": "19012fdd-b6b1-4f9d-a537-d1ef7ecbc1f5", "value": "0873ce3db84b79da935f71df3d6c8e6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537046", "to_ids": true, "type": "sha1", "uuid": "d6ed8761-c3e2-47a9-bb53-a36389f3f049", "value": "b7c4d32a1efa003742994253712593406480e68a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537047", "to_ids": true, "type": "sha256", "uuid": "2452f09b-ba4d-4aed-85a1-55d5a3c1569e", "value": "653046fa62d3c9325dbff5cb7961965a8bf5f96fa4e815b494c8d3e165b9c94a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149848", "to_ids": true, "type": "ssdeep", "uuid": "46de5551-e482-4567-a07c-58da881819d3", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEhT:w9mzytc/CKDllTllCeue6STzBT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149848", "to_ids": false, "type": "size-in-bytes", "uuid": "7b6fec63-089e-4af1-bbfa-cb8a1ea8e75b", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149848", "to_ids": true, "type": "vhash", "uuid": "4a9078f8-e462-4444-aa3d-a43f88781bf7", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149848", "to_ids": true, "type": "filename", "uuid": "369aef83-8430-46d6-b067-83501ae9102e", "value": "MOJJORDAN.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 23/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149848", "to_ids": false, "type": "text", "uuid": "9e2257a6-373a-4c1a-bdbb-7f76209821d5", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:24/63\nFirst Submission:2022-10-10T10:35:40.000000+00:00\nLast Submission:2022-10-17T08:48:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537049", "uuid": "5101472d-2b0d-43d6-9849-e83605d8344d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537049", "to_ids": true, "type": "md5", "uuid": "7bc7366e-c1d4-4326-9ffd-2c0fdb247c37", "value": "68352f61da6e3236c4fe760997a981ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537049", "to_ids": true, "type": "sha1", "uuid": "c696bd08-a6a3-417a-85ac-9b40f0fa407a", "value": "e2d16fdf836d5697cba2223ae288e756df319406", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537049", "to_ids": true, "type": "sha256", "uuid": "8e2429aa-1b4c-41da-9a62-331a8a701c40", "value": "2a5f74e8268ad2d38c18f57a19d723b72b2dadd11b3ab993507dd2863d18008d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149869", "to_ids": true, "type": "ssdeep", "uuid": "c6349a9e-40f1-41a4-8f7d-800cf556a1c1", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEfT:w9mzytc/CKDllTllCeue6STz/T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149869", "to_ids": false, "type": "size-in-bytes", "uuid": "29407c87-5d03-4875-bcc4-46d58610b698", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149869", "to_ids": true, "type": "vhash", "uuid": "3e9c0e6c-75bc-4f88-8a9b-3174fd66b504", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149869", "to_ids": true, "type": "filename", "uuid": "0cdf31be-c2dd-4114-ab51-45309e63b67c", "value": "Ertiqa.msi\u2014\u20141" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149869", "to_ids": false, "type": "text", "uuid": "407ea933-2c22-4663-939f-d96d7b627b18", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:25/63\nFirst Submission:2022-11-24T10:22:50.000000+00:00\nLast Submission:2026-02-11T06:13:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537052", "uuid": "18357c66-2e7a-418f-a5b6-9a13578b187a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537051", "to_ids": true, "type": "md5", "uuid": "7b23b1cd-c4f6-45b6-a613-0032a0b50b16", "value": "242098c3e87822bffa7c337987065fbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537051", "to_ids": true, "type": "sha1", "uuid": "67a41ed1-b957-4ac3-ac94-b8810bed37ef", "value": "9543cab61c330e533bcdd92ed6e1012f1b284d10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537052", "to_ids": true, "type": "sha256", "uuid": "94054151-d77f-43ed-aa19-268cb4387161", "value": "39da7cc7c627ea4c46f75bcec79e5669236e6b43657dcad099e1b9214527670e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149892", "to_ids": true, "type": "ssdeep", "uuid": "29ed9d0c-e773-4a06-8fff-8d1a747a3dc5", "value": "49152:6+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:6+lUlz9FKbsodq0YaH7ZPxMb8tT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149892", "to_ids": false, "type": "size-in-bytes", "uuid": "2877bf76-a52b-4629-91b9-6e8dcca1e808", "value": "2994176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149892", "to_ids": true, "type": "vhash", "uuid": "24787d3b-47b6-480a-81e1-d563deff8ed4", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149892", "to_ids": true, "type": "filename", "uuid": "1f7c1e16-19a3-4957-907b-fbd6741f6b3c", "value": "Leonardo hotels program.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149892", "to_ids": false, "type": "text", "uuid": "b31d8d9a-8a99-44ab-8b3d-ded18e694297", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/MuddyWater.A\nVT Total Detection:34/63\nFirst Submission:2024-04-02T09:11:17.000000+00:00\nLast Submission:2024-08-07T15:16:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537054", "uuid": "96ee30e1-21a4-4be9-89b5-9bfc023ef5f3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537054", "to_ids": true, "type": "md5", "uuid": "5d9834c6-947f-4c24-97df-41749ed6a8e4", "value": "aaa9db79b5d6ba319e24e6180a7935d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537054", "to_ids": true, "type": "sha1", "uuid": "b1e1db94-8305-4a6c-a619-5fa352fb983a", "value": "ff69b5e96a83f4f5657a087649882ec8b5ba09d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537054", "to_ids": true, "type": "sha256", "uuid": "967947b2-e533-43ec-ba9c-e4d1d88d07ff", "value": "dedc593acc72c352feef4cc2b051001bfe22a79a3a7852f0daf95e2d10e58b84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149914", "to_ids": true, "type": "ssdeep", "uuid": "c747e903-86b0-4b44-8b96-c9ab485363e5", "value": "6:q43tNykuX9vya0MwUHpBvt33XyxZ9+3O5UYM0K5bfv3QGyBOKTmVQHHLWXfGb:TrmX5dL/pZt3HuyYQiBOqB8Gb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149914", "to_ids": false, "type": "size-in-bytes", "uuid": "3c0958c7-7675-4c38-a1ff-05990ceaeed6", "value": "296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149914", "to_ids": true, "type": "vhash", "uuid": "b3ca3e1d-d219-40ef-859a-c6a96fa5c17b", "value": "1423b06799819be0a182c52733e47a59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149914", "to_ids": true, "type": "filename", "uuid": "74959089-5312-40da-b368-fc97e62b0b42", "value": "purchase\u00a0data\u00a0hosting-no332050-10.24.2022.html" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149914", "to_ids": false, "type": "text", "uuid": "5670df5c-c91b-4899-96c3-7d07e1b1019e", "value": "Type Description: HTML\nMicrosoft: TrojanDownloader:HTML/FormBook!MSR\nVT Total Detection:31/62\nFirst Submission:2022-10-25T12:15:17.000000+00:00\nLast Submission:2026-01-16T05:55:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537057", "uuid": "f06f8823-edc6-49dd-b453-24bf4c1e1368", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537056", "to_ids": true, "type": "md5", "uuid": "f92a8c23-ac97-4dab-bac4-8ba083f69e4a", "value": "b9a67ffb81420e68f9e5607cc200604a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537057", "to_ids": true, "type": "sha1", "uuid": "7175f954-dac1-413e-bfde-eb20902e0fa0", "value": "248214cc3011a70bb473dc12b0c07cb730aa04b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537057", "to_ids": true, "type": "sha256", "uuid": "98ed7d06-03e7-46da-9bbd-8cdfad6bf0dd", "value": "dab2cd3ddfe29a89b3d80830c6a4950952a44b6c97a664f1e9c182318ae5f4da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149935", "to_ids": true, "type": "ssdeep", "uuid": "4e5728f0-7e85-45a3-9b41-fd7a58af9c0c", "value": "6144:EY0QYQ+rwD1vkTkCJ6AjC6w9NZsK0cabUOAZ9AJEJ:ErrOkF6Z79DUU7J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149935", "to_ids": false, "type": "size-in-bytes", "uuid": "295b4422-e7fd-496c-9d21-c39e24fab459", "value": "270075" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149935", "to_ids": true, "type": "vhash", "uuid": "ef9940d7-c7d2-43bb-95b4-3b2c028600cb", "value": "bc9b05bc48cd641cceaf23b8ff575dd7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149935", "to_ids": true, "type": "filename", "uuid": "49f02519-f389-4691-b20d-b8cb31aae24f", "value": "Unistudent_SocialID.docx" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 23/06/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149935", "to_ids": false, "type": "text", "uuid": "97090aad-1615-4218-aa91-286ca3d42906", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:33/67\nFirst Submission:2019-04-08T12:15:30.000000+00:00\nLast Submission:2024-07-19T01:54:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537059", "uuid": "0d376006-3c74-4fef-affd-a2310b157928", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537059", "to_ids": true, "type": "md5", "uuid": "1fdd1cb1-877a-4831-8150-2bafa0a5db18", "value": "c5c0829df294cc4fd701df5d5c55718f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537059", "to_ids": true, "type": "sha1", "uuid": "bb7b47dc-cf10-4cb3-bd45-e8720845a777", "value": "fd581050fe011ff6e71463c9dcc68de14571ef04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537059", "to_ids": true, "type": "sha256", "uuid": "6f4585be-e505-4579-b84e-7dca938bbd05", "value": "e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149957", "to_ids": true, "type": "ssdeep", "uuid": "1021ec3a-3ec8-4a5c-87b5-2bbc87ebde1d", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEqT:w9mzytc/CKDllTllCeue6STzKT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149957", "to_ids": false, "type": "size-in-bytes", "uuid": "46f2c550-3a88-4222-85fe-7c99a7f31e95", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149957", "to_ids": true, "type": "vhash", "uuid": "c44b7148-4b6f-46ae-85cc-874dd1998880", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149957", "to_ids": true, "type": "filename", "uuid": "ab0bd63c-0188-40a6-a4ae-7ed287ca0c76", "value": "MOJJORDAN.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149957", "to_ids": false, "type": "text", "uuid": "24fb6bed-aef1-48f9-94f4-9c0d87686475", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:25/63\nFirst Submission:2022-10-24T16:43:54.000000+00:00\nLast Submission:2022-12-28T10:22:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537063", "uuid": "d44bc43f-78ed-401c-bb3a-ddf0fe3fb2f5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537062", "to_ids": true, "type": "md5", "uuid": "6c34cd5c-4ea4-4d0c-85bb-2c70b16867d1", "value": "c478e472f6223e7ee92cff8b459e55e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537062", "to_ids": true, "type": "sha1", "uuid": "4a1f81ac-201c-4ae3-8e1b-009ff53f65b6", "value": "326b808f4f933f20e4e8686e9a6e93454c8ed334", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537063", "to_ids": true, "type": "sha256", "uuid": "7782b637-f216-404d-b61e-c0870886db6b", "value": "7523e53c979692f9eecff6ec760ac3df5b47f172114286e570b6bba3b2133f58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772149979", "to_ids": true, "type": "ssdeep", "uuid": "7beb5a0b-29f2-45b3-9261-50ce83e13bad", "value": "24576:li8CxkFmdNY74p3qy2YMohshnNBj8/A1jYC:li8CxaeNYkRqy2YMoKpzv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772149979", "to_ids": false, "type": "size-in-bytes", "uuid": "8df0e561-7710-4ae9-b773-fe739ae010c2", "value": "1288192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772149979", "to_ids": true, "type": "vhash", "uuid": "8ba069b6-486b-4f1f-9d15-c1434923cc7a", "value": "016076655d155d05155053zb2z6e1z1079zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772149979", "to_ids": true, "type": "filename", "uuid": "2adb403c-0b27-42f8-9951-c21e818cbd8e", "value": "reddit.exe" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772149979", "to_ids": false, "type": "text", "uuid": "6d5478e9-e42b-44ca-8fe3-f82eefb791f2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/RustyStealer.A!AMTB\nVT Total Detection:48/72\nFirst Submission:2026-01-06T18:47:44.000000+00:00\nLast Submission:2026-01-29T00:51:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537065", "uuid": "f317c5cc-8457-456e-a804-e96b22a3105a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537064", "to_ids": true, "type": "md5", "uuid": "2d5beacf-c470-4fcb-8fc5-c2ca2ae0ae21", "value": "cdeb7abfc7775c63745135431272dda3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537065", "to_ids": true, "type": "sha1", "uuid": "7d3aa9e2-370b-431f-82bf-3f41f58691f9", "value": "77430cca36ee983dc17ca47efe9faa608effcef8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537065", "to_ids": true, "type": "sha256", "uuid": "5f82a827-6ea4-4975-b741-c14edb7f5a8a", "value": "165a80f6856487b3b4f41225ac60eed99c3d603f5a35febab8235757a273d1fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150001", "to_ids": true, "type": "ssdeep", "uuid": "8b7d9bd4-cad5-458f-92b6-762e0549f232", "value": "49152:851VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:8PCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150001", "to_ids": false, "type": "size-in-bytes", "uuid": "ff802943-64f0-4384-a02c-c9706f592e74", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150001", "to_ids": true, "type": "vhash", "uuid": "795d9090-f38a-4b8d-aa61-0d2778c17020", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150001", "to_ids": true, "type": "filename", "uuid": "949331d2-a839-46c5-9fa5-ca1e12da805c", "value": "50de35.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150001", "to_ids": false, "type": "text", "uuid": "c55ca01f-9b08-4671-a02b-217f0f8d39f2", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:16/64\nFirst Submission:2024-02-26T14:06:06.000000+00:00\nLast Submission:2024-02-26T14:06:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537068", "uuid": "34c671e4-26da-42b2-83bf-a9599ca496fa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537067", "to_ids": true, "type": "md5", "uuid": "fc9f0a8f-c4d1-47b5-8143-7e7d4fc7440f", "value": "ef6ec560efd05d21976a6fd3f489e206", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537067", "to_ids": true, "type": "sha1", "uuid": "771608c3-1061-42a6-a55a-94f28cc6f8ca", "value": "cc7afffdb88729a5e977fa8f75a898d09624f54a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537068", "to_ids": true, "type": "sha256", "uuid": "c3892179-deb3-4255-bc02-8e887df36db9", "value": "2ae6c5c2b71361f71ded4ad90bbf6ef0b0f4778caf54078c928e2017302fbe69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150023", "to_ids": true, "type": "ssdeep", "uuid": "0c4b4346-5687-467b-acb7-1894853351b0", "value": "49152:u51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:uPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150023", "to_ids": false, "type": "size-in-bytes", "uuid": "a3166c8a-c00e-4cad-a372-76f944cf0bfe", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150023", "to_ids": true, "type": "vhash", "uuid": "c7a998f0-c52f-4e52-b8cd-092e4f06ef9d", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150023", "to_ids": true, "type": "filename", "uuid": "38445225-8089-45c7-a04a-9a4f6fecf51c", "value": "4d33da.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 23/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150023", "to_ids": false, "type": "text", "uuid": "b8fc7a04-97b9-4d59-be05-184f074eb2ff", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:19/64\nFirst Submission:2024-03-08T09:39:04.000000+00:00\nLast Submission:2024-03-08T09:39:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537070", "uuid": "c4e445e5-ea39-4aaa-8aca-310741efaacd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537070", "to_ids": true, "type": "md5", "uuid": "6cddf020-e5b8-4892-b6cd-e5198a9abc13", "value": "f06e30dee8629e951cefa73373fdef9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537070", "to_ids": true, "type": "sha1", "uuid": "2709f14c-95be-4b01-bd09-6560737256d7", "value": "d6ae00e158a266eb8427b61ce06ea8f9468bc7b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537070", "to_ids": true, "type": "sha256", "uuid": "2e51542e-e67c-4e7b-b958-43dd5cbf7ea2", "value": "54ebdea80d30660f1d7be0b71bc3eb04189ef2036cdbba24d60f474547d3516a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150044", "to_ids": true, "type": "ssdeep", "uuid": "260c424b-bc9e-43cc-9704-ab9dcedbc473", "value": "49152:NSJ55PNH64yDWPsJWL7K0YMpLKSo5xR5nZsExvl:NA55PU4uSs8pLKSo5xbnZsExvl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150044", "to_ids": false, "type": "size-in-bytes", "uuid": "0d2f53fd-2758-42b1-b866-70fe1de6291c", "value": "1849344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150044", "to_ids": true, "type": "vhash", "uuid": "2dc07ca7-cc04-4e48-8cae-5a9d09aa2261", "value": "016076657d155515555az43!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150044", "to_ids": true, "type": "filename", "uuid": "5d5dc68f-1af5-4620-bd6f-20b64a038d75", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 27/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150044", "to_ids": false, "type": "text", "uuid": "dbdd334d-40d8-4895-913f-c1d8753f00f7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:49/72\nFirst Submission:2025-11-17T10:10:27.000000+00:00\nLast Submission:2025-11-17T10:10:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537073", "uuid": "e055d623-a5b3-4cbb-bc03-b25b5253e667", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537072", "to_ids": true, "type": "md5", "uuid": "ad277906-460a-4e49-8c32-d7e95df6c618", "value": "f97650ede0c39a29b0b5c5472f685d11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537072", "to_ids": true, "type": "sha1", "uuid": "8d4ee5a3-7116-48c6-b4d5-55b23aa40c6b", "value": "8ef8d08d98a7680d1cc7f3a367813e5568b2033d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537073", "to_ids": true, "type": "sha256", "uuid": "fce4450e-99c2-49c5-b98b-b1b7099ff731", "value": "6f079c1e2655ed391fb8f0b6bfafa126acf905732b5554f38a9d32d0b9ca407d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150066", "to_ids": true, "type": "ssdeep", "uuid": "6e87d713-c96a-4cb2-bd2a-a43ad933af1f", "value": "24576:3iqchRQCffg3YhbHfdARpuPTB7Y8UwX2hQ1fZjDOriD:3iq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150066", "to_ids": false, "type": "size-in-bytes", "uuid": "c6a4a05b-3957-4277-af53-e3f46e7c0ec4", "value": "3836416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150066", "to_ids": true, "type": "vhash", "uuid": "f1bdd0b0-6c45-4bff-aaf0-9c994afaa783", "value": "840d9270cdc54989f417226f43eacc87" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150066", "to_ids": true, "type": "filename", "uuid": "f9333441-eaca-495b-b00c-7e1a05054cd2", "value": "Webinar.doc" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 22/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150066", "to_ids": false, "type": "text", "uuid": "ae21c466-76bf-42ee-8d9a-452ea150f8ca", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:VBA/Malgent!MSR\nVT Total Detection:36/64\nFirst Submission:2025-11-17T10:52:57.000000+00:00\nLast Submission:2025-11-17T10:52:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537075", "uuid": "7bc0d9f0-cbdd-4e8d-8049-f6c524036289", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537075", "to_ids": true, "type": "md5", "uuid": "b37d94f1-b8f1-43c8-aa7c-f1921c29a3fa", "value": "1e9a4e774b61acc8a6b35ee50417e661", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537075", "to_ids": true, "type": "sha1", "uuid": "0391dbe2-b96c-457e-8161-06d8c94b4cd4", "value": "b7522d2f1fb7b9b92348b4d88c62480683d3485c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537075", "to_ids": true, "type": "sha256", "uuid": "22f0f0de-970a-437b-91d2-cf3316ef2119", "value": "c6128f222f844e699760e32695d405bd5931635ec38ae50eddc17a0976ccefb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150088", "to_ids": true, "type": "ssdeep", "uuid": "692ea1c4-4f15-440d-92db-b6fd2be6c552", "value": "49152:d51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:dPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150088", "to_ids": false, "type": "size-in-bytes", "uuid": "50c8907a-5696-4b52-897f-4432f01af08a", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150088", "to_ids": true, "type": "vhash", "uuid": "19f6e29e-af31-43cf-9111-814199486cb2", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150088", "to_ids": true, "type": "filename", "uuid": "bcd3a82b-8ee0-4ecf-ad9a-4902f9236a0d", "value": "\u05de\u05d9\u05dc\u05d2\u05d4.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150088", "to_ids": false, "type": "text", "uuid": "780accef-4afd-4f17-a073-07102e60b0c0", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:23/63\nFirst Submission:2024-03-11T15:34:56.000000+00:00\nLast Submission:2024-12-02T16:30:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537078", "uuid": "dc51021d-19df-4073-86d3-d0bbecaa7bbb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537077", "to_ids": true, "type": "md5", "uuid": "b3b525e5-a092-4d28-90b8-910b181fb414", "value": "2ed6ebaa28a9bfccc59c6e89a8990631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537078", "to_ids": true, "type": "sha1", "uuid": "c8f90955-5bff-4b74-b36f-9563fe0f7c28", "value": "da2c86bf111cb63d657728b90ec5b80de13d946c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537078", "to_ids": true, "type": "sha256", "uuid": "586aeabe-4baa-4a50-877b-af569c680899", "value": "aa282daa9da3d6fc2dc6d54d453f4c23b746ada5b295472e7883ee6e6353b671", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150109", "to_ids": true, "type": "ssdeep", "uuid": "a4e1a463-7602-484f-a703-2e9acdd056f1", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEwT:w9mzytc/CKDllTllCeue6STzQT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150109", "to_ids": false, "type": "size-in-bytes", "uuid": "56685c99-2fa3-4fa8-a988-f9abd38bacf9", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150109", "to_ids": true, "type": "vhash", "uuid": "b16583e1-24cf-4947-88bb-865932026999", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150109", "to_ids": true, "type": "filename", "uuid": "3e508566-73ef-4769-8440-b0b77182943f", "value": "zipfile.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150109", "to_ids": false, "type": "text", "uuid": "611b2051-2811-4c3f-b338-6df155071f30", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:24/63\nFirst Submission:2022-11-14T09:32:32.000000+00:00\nLast Submission:2024-08-28T06:03:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537080", "uuid": "1e813c68-2b03-40d2-aea4-473eb7f41c80", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537080", "to_ids": true, "type": "md5", "uuid": "ca6a3a01-03f4-4d3d-8032-53b2c41f1b72", "value": "3ab16bd1c339fd0727be650104b74dd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537080", "to_ids": true, "type": "sha1", "uuid": "99776b47-f248-4a8d-9b17-1e026f1983ac", "value": "2b5ddc48fe17d014e38b9fd6646b23d5eb70b471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537080", "to_ids": true, "type": "sha256", "uuid": "928dacaf-1406-4d40-b415-1dfb3d9b4b64", "value": "b2c52fde1301a3624a9ceb995f2de4112d57fcbc6a4695799aec15af4fa0a122", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150131", "to_ids": true, "type": "ssdeep", "uuid": "a094fbc7-6698-40b4-a7a5-4cfce581bd4c", "value": "6144:1kxmZlZgvvvKm5KqORB6fFYipUjqvVy0:bZlZgvvvKmINbUFPgwVy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150131", "to_ids": false, "type": "size-in-bytes", "uuid": "cd4cd06b-39b9-4725-9d69-8969a8df427c", "value": "1288704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150131", "to_ids": true, "type": "vhash", "uuid": "91c8dbe0-5eaa-4fa5-aa02-22a4305e087c", "value": "35c734776fe05147670942468ef0aa58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150131", "to_ids": true, "type": "filename", "uuid": "166c4748-cc93-44f5-8c15-5dd63fa5fcf3", "value": "Online Seminar.FM.gov.om.doc" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150131", "to_ids": false, "type": "text", "uuid": "1bb33561-ee0c-4f2a-a923-24ac6e915983", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:O97M/Obfuse!AMTB\nVT Total Detection:35/65\nFirst Submission:2025-08-21T17:14:25.000000+00:00\nLast Submission:2025-08-21T17:32:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537083", "uuid": "3cee3a45-0468-49ec-abfa-4ca0acf43026", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537082", "to_ids": true, "type": "md5", "uuid": "def11dfe-942d-49bb-bdad-58bbf31c3569", "value": "6d7ce5b03fe61683229c29a859505163", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537083", "to_ids": true, "type": "sha1", "uuid": "687e9e66-357e-4924-b5b8-3764a1d04a25", "value": "b45adaa53c38733a2df76ddece56baa1d3921c20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537083", "to_ids": true, "type": "sha256", "uuid": "805e35fb-db78-40d8-bd8f-c538b8b11c62", "value": "697580cf4266fa7d50fd5f690eee1f3033d3a706eb61fc1fca25471dbc36e684", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150153", "to_ids": true, "type": "ssdeep", "uuid": "edb971ff-8558-45b5-80d2-6ead0148ffe7", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEpT:w9mzytc/CKDllTllCeue6STzJT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150153", "to_ids": false, "type": "size-in-bytes", "uuid": "faaf6d40-2b6d-48bd-b8cb-3b31aed96418", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150153", "to_ids": true, "type": "vhash", "uuid": "0d6de470-0358-457b-be2e-807e604dd6d7", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150153", "to_ids": true, "type": "filename", "uuid": "99081d6f-8abb-4f21-8fcc-b747f8d469ae", "value": "6baa03.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150153", "to_ids": false, "type": "text", "uuid": "690868ba-467a-40cf-8ad2-5e938bde43ce", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:21/63\nFirst Submission:2022-11-12T13:25:06.000000+00:00\nLast Submission:2022-12-29T15:42:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537086", "uuid": "c534b571-1ba0-4ee9-99b3-0772cdfa3c93", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537085", "to_ids": true, "type": "md5", "uuid": "475389be-18cf-4de8-949b-ce70cf968dbd", "value": "23d99f912f2491749b89e4fd337273bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537085", "to_ids": true, "type": "sha1", "uuid": "af4576ce-bdb0-4a5a-80e0-5ecccf5cdded", "value": "6fb8b0e4e31f678f53b22e7b8a1b70f0deef1545", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537086", "to_ids": true, "type": "sha256", "uuid": "7856e715-0c61-4379-a7b7-e11f0d614055", "value": "14c270cf53a50867e42120250abca863675d37abf39d60689e58288a9e870144", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150175", "to_ids": true, "type": "ssdeep", "uuid": "bb9333cc-42ef-4b9d-9190-5b7cd7f511fd", "value": "49152:r51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:rPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150175", "to_ids": false, "type": "size-in-bytes", "uuid": "fe993004-a877-4b21-a413-b0a509fe0f7b", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150175", "to_ids": true, "type": "vhash", "uuid": "ada0c221-4bd1-4433-a9d6-3547fe329058", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150175", "to_ids": true, "type": "filename", "uuid": "f2c45229-4aa2-4995-9be5-9a2d2905ad12", "value": "Tejasnetworks.com.webinar.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150175", "to_ids": false, "type": "text", "uuid": "9d621938-b5e2-41af-b0d8-6faaed8909d8", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:24/64\nFirst Submission:2024-02-04T07:56:56.000000+00:00\nLast Submission:2025-04-10T09:54:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537088", "uuid": "6539fd8f-5e47-4ca2-83aa-3e732146413d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537088", "to_ids": true, "type": "md5", "uuid": "3635b5b6-66ba-47b8-9e6b-cc271f315751", "value": "64fc017a451ef273dcacdf6c099031f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537088", "to_ids": true, "type": "sha1", "uuid": "ae73d76a-026b-44f0-83c0-654a5c096191", "value": "6aa8b4f4a6fd1b4f768b1ac6faaaddbaa302a585", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537088", "to_ids": true, "type": "sha256", "uuid": "51b3344d-1277-4267-8c41-ba40661e2d2e", "value": "70cab18770795ea23e15851fa49be03314dc081fc44cdf76e8f0c9b889515c1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150197", "to_ids": true, "type": "ssdeep", "uuid": "2e25f18e-323b-4ad9-a29e-b9fc0751d93f", "value": "3072:mY96NNUbhnfcWcHVZvXhq6NRrWSMItI019Bx:mY9WNUNfcPbXhqwrWXJyx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150197", "to_ids": false, "type": "size-in-bytes", "uuid": "f022a25d-ca70-48a8-a574-be42b5317133", "value": "132578" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150197", "to_ids": true, "type": "vhash", "uuid": "ceaf8dca-e506-4413-910f-4957393f4047", "value": "95d54f60fbd87cb39bb58e42353d6fd5f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150197", "to_ids": true, "type": "filename", "uuid": "dd9e31ba-d673-4c71-9e85-82f63c43b328", "value": "\u0645\u06a9\u062a\u0628\u0629 \u0625\u0644\u06a9\u062a\u0631\u0648\u0646\u06cc\u0629 .pdf" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150197", "to_ids": false, "type": "text", "uuid": "8960f691-918b-48f9-8978-df71f8acbb33", "value": "Type Description: PDF\nMicrosoft: Trojan:PDF/Phish!rfn\nVT Total Detection:20/64\nFirst Submission:2020-09-29T03:48:39.000000+00:00\nLast Submission:2021-03-11T12:00:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537091", "uuid": "dd386662-e428-4f8b-bc3c-beec8b41e4b2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537090", "to_ids": true, "type": "md5", "uuid": "51186466-a013-4b4b-b429-7363ea8648fd", "value": "93be13bbcad30440a0d0ef3868d67003", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537090", "to_ids": true, "type": "sha1", "uuid": "347b2ca7-c138-4493-833f-58148e413767", "value": "0f5c2ebbf2edc7d25ea72437b5f5b2245fcffacf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537091", "to_ids": true, "type": "sha256", "uuid": "cf17bed5-3948-4cf5-9925-18471557d151", "value": "ec553e14b84ccca9b84e96a9ed19188a1ba5f4bf1ca278ab88f928f0b00b9bd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150219", "to_ids": true, "type": "ssdeep", "uuid": "7adeb302-9dd9-4f02-8bf9-79dc4f6a4bfc", "value": "49152:a+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:a+lUlz9FKbsodq0YaH7ZPxMb8tT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150219", "to_ids": false, "type": "size-in-bytes", "uuid": "b41c850a-8bae-4e33-9f7e-2ecb72f7b558", "value": "2994176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150219", "to_ids": true, "type": "vhash", "uuid": "8242cc8a-f1c2-475e-a9e7-22f3aab2f230", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150219", "to_ids": true, "type": "filename", "uuid": "944e7886-b986-43a8-bb0a-f58c6d50074f", "value": "ec553e14b84ccca9b84e96a9ed19188a1ba5f4bf1ca2_edr78ab88f928f0b00b9bd0XxX4Msi.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150219", "to_ids": false, "type": "text", "uuid": "78b19855-c84a-4c62-a782-48623e2f8d7e", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:24/64\nFirst Submission:2024-04-01T15:29:00.000000+00:00\nLast Submission:2025-06-18T11:31:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779537093", "uuid": "07c8adfd-42db-4b37-8b68-9653910aaa15", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779537093", "to_ids": true, "type": "md5", "uuid": "a39cd60e-fa3b-4f56-bb79-821ad5e9fc85", "value": "96d5a7e0e75654c444cb1a915c666ac8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779537093", "to_ids": true, "type": "sha1", "uuid": "4d076a31-c482-4e41-a371-4920c4c8d05f", "value": "39ac9a36ac7e3411a14590f2200d642072dbf40c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779537093", "to_ids": true, "type": "sha256", "uuid": "b879e1b0-d3b0-4d53-b5d4-ee285e6d7d02", "value": "331b513cf17568329c7d5f1bac1d14f38c77f8d4adba40c48dab6baf98854f92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772150240", "to_ids": true, "type": "ssdeep", "uuid": "61bf8e66-eed6-439a-a3ba-09d96e90a073", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEVT:w9mzytc/CKDllTllCeue6STz1T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772150240", "to_ids": false, "type": "size-in-bytes", "uuid": "bec796d5-f913-4cb0-b171-bb6fa8db395d", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772150240", "to_ids": true, "type": "vhash", "uuid": "658a3d73-cf2a-484d-9294-88652dea7324", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772150240", "to_ids": true, "type": "filename", "uuid": "4794fc9d-9a8c-4966-b1f8-66eaa08cae4d", "value": "The electronic form of the invitation along with the exhibition manual.msi" }, { "category": "Other", "comment": "Checked: 27/02/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772150240", "to_ids": false, "type": "text", "uuid": "729c3afd-4a38-458a-8be2-f8708ec5bdce", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:15/63\nFirst Submission:2022-10-24T09:47:24.000000+00:00\nLast Submission:2022-10-27T12:29:12.000000+00:00" } ] } ] } }