{ "Event": { "analysis": "2", "date": "2021-06-01", "extends_uuid": "", "info": "[Threat Intel] Prometheus and Grief are the new additions to the ransomware threat landscape", "protected": false, "publish_timestamp": "1780039938", "published": true, "threat_level_id": "2", "timestamp": "1772902000", "uuid": "9076ee9a-5ba6-472a-aa4b-dee9f7294009", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Prometheus\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": "" }, { "colour": "#c180fb", "local": false, "name": "misp-galaxy:target-information=\"Norway\"", "relationship_type": "" }, { "colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": "" }, { "colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740606680", "to_ids": false, "type": "link", "uuid": "53ecb37d-5255-4cd5-a52c-b5e145dab7f9", "value": "https://www.securitylab.ru/news/520753.php" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740606689", "to_ids": false, "type": "link", "uuid": "d99891b2-5f24-4690-83c7-9b485e230532", "value": "https://social.cyware.com/news/prometheus-an-emerging-threat-in-the-ransomware-landscape-5bb9742f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740606819", "to_ids": false, "type": "link", "uuid": "90d33299-df0a-419e-adae-937a7906570e", "value": "https://unit42.paloaltonetworks.com/prometheus-ransomware/" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980474", "uuid": "8a63a5cc-d12f-4d21-a45e-93fb0e301477", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980474", "to_ids": true, "type": "md5", "uuid": "635286f5-6e8a-4af5-8c29-c158235830f4", "value": "43f0d539df164a311012f5cbe1cc8c29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747680", "to_ids": true, "type": "sha1", "uuid": "94b78ce2-0bc0-440d-bd8d-8b6222b9f998", "value": "3cb832ce1a9d709b866d56c983eac4705b317e71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747680", "to_ids": true, "type": "sha256", "uuid": "9efea734-a5ea-4ebe-9a35-54b3636ea456", "value": "11aebdff8c064c160c2b21f3a844bacaecd581d9dc2e4224d31903d2a56e2dd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747679", "to_ids": true, "type": "ssdeep", "uuid": "dac81235-249b-4464-a9df-2d414d79e2be", "value": "6144:w/4ZGlZGMesci9xUOAhegMqin7mXEVKce6c6FEYLZCfcHv5y:Q5lXihetD2RsCfcP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747679", "to_ids": false, "type": "size-in-bytes", "uuid": "91868596-1fd3-4d8d-9e33-d13d5c2634e4", "value": "473600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747679", "to_ids": true, "type": "vhash", "uuid": "e63aca20-0df1-4644-989a-012d96874a8a", "value": "245036751511f01e482100f19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747679", "to_ids": true, "type": "filename", "uuid": "d36255aa-ebb6-43a8-82f0-131adf7df423", "value": "Client.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 24/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747679", "to_ids": false, "type": "text", "uuid": "181cdfaf-76b8-45e7-8b4f-9c97986f2269", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Thanos.PA!MTB\nVT Total Detection:59/72\nFirst Submission:2021-04-06T11:24:45.000000+00:00\nLast Submission:2021-04-06T11:24:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980495", "uuid": "1470eb3f-72ea-4071-82f3-341c804b98cd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980495", "to_ids": true, "type": "md5", "uuid": "8bdbb5cc-4922-4bad-89a8-dcaa4cb99b21", "value": "d70181d031e35f86d26be56d230b7d4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747701", "to_ids": true, "type": "sha1", "uuid": "b885d4ab-9679-433f-ba51-8e6f3e24e889", "value": "27ad13e49541f0f9806a21ea825aab95fba11608", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747701", "to_ids": true, "type": "sha256", "uuid": "099393de-128a-4fed-bbfd-d63e86878aa1", "value": "52f7f9e8369a3e89899d40e89766c9642b137b25bfd58a2b564dac67a40445f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747700", "to_ids": true, "type": "ssdeep", "uuid": "affbf587-d9e7-40c5-8c5d-0faf70f64bfe", "value": "6144:K868xgMytFLI993uW7Tt+oWp8+NZBrDy62Dnmj61TFQ6Y09th:tgM2FLIZ7p+os9XsnmuZvBH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747700", "to_ids": false, "type": "size-in-bytes", "uuid": "7f6309db-8d65-4916-a7db-d92c990d4a7a", "value": "260096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747700", "to_ids": true, "type": "vhash", "uuid": "06285779-6f26-4f6a-badb-0549bc857ee7", "value": "225036751511901d4021zc15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747700", "to_ids": true, "type": "filename", "uuid": "b24548dc-2d37-4ebd-b6bd-4872c459f64b", "value": "Client-1.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747700", "to_ids": false, "type": "text", "uuid": "e2fde4a0-c078-4852-afd2-92f9d2cc0e84", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Cryptolocker.PDN!MTB\nVT Total Detection:57/72\nFirst Submission:2021-03-28T12:15:55.000000+00:00\nLast Submission:2021-06-28T01:05:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981447", "uuid": "ab0a8f5f-4a83-4c6b-9cc9-b0f0e5a0113b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981447", "to_ids": true, "type": "md5", "uuid": "92131733-5101-46cb-8401-3c77acd26fd2", "value": "e1f063d63a75e0e0e864052b1a50ab06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747723", "to_ids": true, "type": "sha1", "uuid": "52238d07-5254-4e8e-a6c6-104eee9decf4", "value": "75d941a28cf0ade2ef2c16dfacbdeb36a51ccaf7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747723", "to_ids": true, "type": "sha256", "uuid": "b0a8a502-857c-461f-8d37-42a1eed82159", "value": "8c723af5c826adea162ef3f2e37a1cca7b43d549c9a5fab7c9ff17f65eb5d8e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747722", "to_ids": true, "type": "ssdeep", "uuid": "4694501b-0301-4fc6-bf11-cb212aac6c10", "value": "3072:stjs/3uSKCHtJJlvRCKnel9XBZorbISN1qfR5FA+beml:stoFLJlvBk9xZorbISHo/A+bd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747722", "to_ids": false, "type": "size-in-bytes", "uuid": "4a1557a2-8863-48ff-a403-04e611926e8f", "value": "145920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747722", "to_ids": true, "type": "vhash", "uuid": "375141e6-c8a3-4f03-87af-3c3d26d413e1", "value": "215036651512201104c2200101a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747722", "to_ids": true, "type": "filename", "uuid": "78086776-67ad-40d2-b10b-73b7ebc761c7", "value": "gVcWDWENI8" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747722", "to_ids": false, "type": "text", "uuid": "4b6a0d8e-89e9-4425-9166-56352276aafa", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MacOS/FileCoder\nVT Total Detection:62/72\nFirst Submission:2021-05-11T19:07:44.000000+00:00\nLast Submission:2023-11-14T12:26:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981447", "uuid": "e8c5ab5f-5844-477e-82fc-9fe98815d907", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981447", "to_ids": true, "type": "md5", "uuid": "7421deea-5d43-42ad-9968-db448a7525af", "value": "14de196b28bc12b5e571ea8303668041", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747744", "to_ids": true, "type": "sha1", "uuid": "a06c89a8-5d74-4870-b2b7-81862da213a8", "value": "7f400d518bd716e75c795de47e1dc67f9d29d582", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747744", "to_ids": true, "type": "sha256", "uuid": "f4ca837a-fc36-4639-a435-217ae22ea460", "value": "9d85a74f073c4403e3a91017b6757e0368139e672498a2f84f5efaad0d1b573b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747744", "to_ids": true, "type": "ssdeep", "uuid": "ed3460af-e894-4d76-97d2-d02324dcb384", "value": "3072:RdvedgwAwp9orNJUq11rfAEVMjOPsn94+fmVnj/:b4gnxMjO+9tfmVj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747744", "to_ids": false, "type": "size-in-bytes", "uuid": "ef5786b7-00dd-4501-8fb1-02cd1ca3a232", "value": "126464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747744", "to_ids": true, "type": "vhash", "uuid": "be02ec4d-bc27-447f-b1f9-ba1018481968", "value": "215036651511901d422100c16" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747744", "to_ids": true, "type": "filename", "uuid": "f3a35b36-da99-4618-a285-de0e9b2230b5", "value": "Client-0.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747744", "to_ids": false, "type": "text", "uuid": "672e00dc-1bb5-4a40-a616-8bab9b31cad3", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MacOS/FileCoder\nVT Total Detection:59/72\nFirst Submission:2021-05-09T12:00:13.000000+00:00\nLast Submission:2022-10-09T13:43:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980558", "uuid": "1131493a-c0f2-40b3-8ccf-3809b45a3964", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980558", "to_ids": true, "type": "md5", "uuid": "363d0e99-ef76-4c49-b110-b47532564e9f", "value": "fbad77e0e8c402f55bea9c8d0f0ec982", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747765", "to_ids": true, "type": "sha1", "uuid": "db4831e9-eb8a-409e-9ce6-65cccf50c476", "value": "c8d3f04b61752843e24f02466ba5b25c6fb30175", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747765", "to_ids": true, "type": "sha256", "uuid": "1b602171-e863-4d5d-b98e-0c86fcecfc73", "value": "a0e20c580e8a82f4103af90d290f762bd847fadd4eba1f5cd90e465bb9f810b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747765", "to_ids": true, "type": "ssdeep", "uuid": "3faa3496-dc90-40f4-aba6-cc7591015329", "value": "3072:C//h0n1c1+B9+an7DKamAJinHaFa5z7F9LlL6EN4LDsR7rXqF8oUIlwqMsx9bKb:wGeycsKWi6FaRFnmwXqF8RLqMsx9b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747765", "to_ids": false, "type": "size-in-bytes", "uuid": "821e1dfd-b05e-4766-8be0-ddc7f47f478e", "value": "220160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747765", "to_ids": true, "type": "vhash", "uuid": "45c14c86-ad5e-4158-b9bd-3d1d70f184bb", "value": "225036651511f01e432100d0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747765", "to_ids": true, "type": "filename", "uuid": "9e314115-789f-4012-a9c0-c15bd1aa2a7a", "value": "jR5SmTbjJTzSO1O" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747765", "to_ids": false, "type": "text", "uuid": "34b40031-76cc-4961-b1f7-a573f4e87c04", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Thanos.PA!MTB\nVT Total Detection:59/73\nFirst Submission:2021-04-21T10:31:21.000000+00:00\nLast Submission:2021-04-21T10:31:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980580", "uuid": "70e6d68b-2638-4025-909a-4d23f0f86481", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980580", "to_ids": true, "type": "md5", "uuid": "fc78d030-74d4-438a-8691-e01450c95690", "value": "1493deb48d84805f19ba35e60d485e87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747786", "to_ids": true, "type": "sha1", "uuid": "ee3894f9-edfd-4437-920d-119baf76c4da", "value": "a34a1aeda6019b041f112b1ddbbc290ef523042b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747786", "to_ids": true, "type": "sha256", "uuid": "1e65dda8-ebcc-4963-b692-ed288acc35a5", "value": "20d9efe472c01a0a23c9764db679b27a4b6a4d72e697e3508e44f218b8b952f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747786", "to_ids": true, "type": "ssdeep", "uuid": "02cced21-cc16-4ba4-91c1-c64bb154bda7", "value": "3072:E//h0n1c1+B9+X6IdYPPq/gQZYi09m0jimJinHaFa5z7F9LlL6EN4LDsR7rXqF8Z:WGeycyiUx9/jiMi6FaRFnmwXqF8RL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747786", "to_ids": false, "type": "size-in-bytes", "uuid": "444ac8db-f6ae-4950-b68a-d9ff168c2046", "value": "227840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747786", "to_ids": true, "type": "vhash", "uuid": "ec6c3b0f-cc25-4bd9-b4b0-7983c9cfe2dc", "value": "225036651511f01e482100f17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747786", "to_ids": true, "type": "filename", "uuid": "0b3af54e-d151-47cd-954c-4a2e5bd11c0b", "value": "jR5SmTbjJTzSO1O" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747786", "to_ids": false, "type": "text", "uuid": "2cf0a8a6-d475-42ad-b227-a7a3b986a9f7", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Thanos.DC!MTB\nVT Total Detection:60/73\nFirst Submission:2021-04-21T10:30:21.000000+00:00\nLast Submission:2021-04-21T10:30:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980601", "uuid": "07eb86fb-d6bd-42e6-aba2-fa0668f689bf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980601", "to_ids": true, "type": "md5", "uuid": "b1bb89ab-ad33-4e5d-b124-388aabd541ac", "value": "a6dcf23059f6e61fa683907c47baf73e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747808", "to_ids": true, "type": "sha1", "uuid": "e6f25dd3-e96e-46e0-938e-e9e88b90abfd", "value": "1d55396b26d97b18256513607dcbe3f308569d5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747808", "to_ids": true, "type": "sha256", "uuid": "1b45bc2f-e2ee-4b48-a142-cdd50e7637a3", "value": "e1c46a96effc5df063cea2fae83306ae1f0e2f898b0d2ada86c48052be5fe8d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747807", "to_ids": true, "type": "ssdeep", "uuid": "3d798fd2-44b8-47ed-ad97-d59752facf31", "value": "6144:a7QOomfMNffeRQHO1l+E9eWGktbD3xEKHb6Em:aVomfwfahxND3xEKHbH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747807", "to_ids": false, "type": "size-in-bytes", "uuid": "8ee25f1c-0bb0-4d16-9a9b-b701983cc208", "value": "296960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747807", "to_ids": true, "type": "vhash", "uuid": "193fc6b9-34a1-48af-b138-3906c050fec0", "value": "225036651512201105222001020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747807", "to_ids": true, "type": "filename", "uuid": "7cbee787-5cb0-4429-9a54-41eac79f2c4f", "value": "jB02uOATU9UUXWy" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747807", "to_ids": false, "type": "text", "uuid": "3b3fe8fb-e0d6-45d8-9576-103244ad45aa", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Thanos.DC!MTB\nVT Total Detection:58/73\nFirst Submission:2021-04-21T10:30:21.000000+00:00\nLast Submission:2021-04-21T10:30:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980622", "uuid": "45e86f44-625f-4fed-978a-015eeb118b3b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980622", "to_ids": true, "type": "md5", "uuid": "ddd14994-c025-4769-84b3-32a66b736cc6", "value": "d35e349ff1360c35998c9937c804a8f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747829", "to_ids": true, "type": "sha1", "uuid": "802ba4d5-00f7-472c-b596-cdc004dd8698", "value": "1740103b3fb4396ec7987bf02f6414d57667129f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747829", "to_ids": true, "type": "sha256", "uuid": "b1b99776-1e73-43e6-b806-671aaac01cea", "value": "f90d4b7491d9f365748dbc3d2379ab20520421ab57790e9a934bb5cf2ecb2404", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747828", "to_ids": true, "type": "ssdeep", "uuid": "6fb5324f-f5bf-4ac8-b072-0ca2879aa6f8", "value": "12288:Dy7kpM779vLv4j3/bVl1vVRYeDLi9TZOAhkJMwGO:u7kpM779vsNR9/0O2O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747828", "to_ids": false, "type": "size-in-bytes", "uuid": "38d93d39-ab0b-4e62-8f0f-5d2d7f3da2f8", "value": "495616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747828", "to_ids": true, "type": "vhash", "uuid": "f3cb33b6-827c-4bfc-88d5-aebbd7361ee6", "value": "245056070775151290813712620161e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747828", "to_ids": true, "type": "filename", "uuid": "2a19c8b3-f701-41cf-b86e-75afbddb66be", "value": "Client-1.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747828", "to_ids": false, "type": "text", "uuid": "d54c63d2-6efb-48b3-a335-837f408afc2a", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Cryptolocker.PDN!MTB\nVT Total Detection:58/73\nFirst Submission:2021-03-09T08:24:18.000000+00:00\nLast Submission:2021-03-09T08:24:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980643", "uuid": "a55453bc-9cf1-4107-aef0-f770b67c4f0c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980643", "to_ids": true, "type": "md5", "uuid": "6428d336-747f-4b05-b63e-37ad3bbab07b", "value": "9a7509833cf78634f8fd166b7807f3a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747850", "to_ids": true, "type": "sha1", "uuid": "42c6aa1e-c16b-4300-ad5a-4919b792ba0b", "value": "1a8353a6aa11b1b118b57829ac0364e8224f42d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747850", "to_ids": true, "type": "sha256", "uuid": "141a7dd3-2ccc-48e3-8c56-3bc02493d272", "value": "a090bb0e9118d7460c448304ccf47333ea64b90576230b8b4b5dee96f702ecf6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747850", "to_ids": true, "type": "ssdeep", "uuid": "987e4c7c-4479-47c3-910d-f967ccf3cd7c", "value": "49152:ATe5Mejx9l5UqONU94f3gOS0Qh+iHktJC9UADCK6DEJ9P5ZKqqrtFI0EsqyKZPpp:FiN44fwO6h+iEtJCyAD3dJ9P5ZKhvhAp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747850", "to_ids": false, "type": "size-in-bytes", "uuid": "7e62131d-1731-48b7-8171-a2d43b92afb7", "value": "3984303" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747850", "to_ids": true, "type": "vhash", "uuid": "1a3e6aff-b40a-4833-a2a7-59206bcb8bd1", "value": "036046655d65103013z3003c7z17z52z27fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747850", "to_ids": true, "type": "filename", "uuid": "d92eed5a-e941-45ac-836d-28186d495344", "value": "dttcodexgigas.1a8353a6aa11b1b118b57829ac0364e8224f42d9" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747850", "to_ids": false, "type": "text", "uuid": "4aa3c043-3810-4a8c-ae09-f38f126da6cf", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Thanos.AR!MSR\nVT Total Detection:63/73\nFirst Submission:2021-03-14T09:53:09.000000+00:00\nLast Submission:2021-03-14T09:53:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981447", "uuid": "06272134-d374-430a-8d70-711c9e544073", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981447", "to_ids": true, "type": "md5", "uuid": "4a0c62f4-75bb-4994-90c5-c43c78f09e4d", "value": "dd4eb8aa3371b7fd821a7a9730c924cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747871", "to_ids": true, "type": "sha1", "uuid": "d95abaa0-336a-4ed6-a517-1d2af9d8c147", "value": "3e53f7bf7dcb8569aaf0f3a3bcf67bda4c01c054", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747871", "to_ids": true, "type": "sha256", "uuid": "fe8edfb9-7a94-4d1e-9617-d89f7d2c52e3", "value": "9bf0633f41d2962ba5e2895ece2ef9fa7b546ada311ca30f330f0d261a7fb184", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747871", "to_ids": true, "type": "ssdeep", "uuid": "749b22ea-167a-4095-8116-e4339c6bbf7c", "value": "3072:gq1cp4Z88R77RRZCsllDXUnVx01f9PSiILEM9Q3L+9XQE0yhM49dyeT:nejKl0v0bKLEM9OL+9XQE0ufr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747871", "to_ids": false, "type": "size-in-bytes", "uuid": "7fec8d69-72ab-4e47-bbb9-394cdbfa2ef0", "value": "199168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747871", "to_ids": true, "type": "vhash", "uuid": "a4f39b11-440b-42e2-8ec2-1bb84f23d866", "value": "215036651512301104f2300101c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747871", "to_ids": true, "type": "filename", "uuid": "f866e0c0-43a0-416e-b116-271ed7c5acff", "value": "Svchost.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 19/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747871", "to_ids": false, "type": "text", "uuid": "7841eaf4-6737-4a1d-9019-e1d0ba9a0205", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/FileCoder!MTB\nVT Total Detection:63/73\nFirst Submission:2021-02-16T21:32:29.000000+00:00\nLast Submission:2022-09-01T22:27:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980686", "uuid": "94c883e5-9469-4406-99f5-38497c489a8f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980686", "to_ids": true, "type": "md5", "uuid": "1418ddea-a11e-45ea-b321-3e54a9c00bca", "value": "96c565af56a5ba8339f35121bf9ff196", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747892", "to_ids": true, "type": "sha1", "uuid": "cd940d1e-a471-4734-b19e-8ee2cfecf843", "value": "2edae92d476225b00b4a7ea1e9d7f7ccfda462cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747893", "to_ids": true, "type": "sha256", "uuid": "0342f1f2-36d8-47f9-a702-a983df796fcb", "value": "779db1c725f71e54d4f31452763784abe783afa6a78cc222e17796b0045f33fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747892", "to_ids": true, "type": "ssdeep", "uuid": "f0ba1fb0-77a6-41fb-ae32-050ba2855f57", "value": "6144:ROOqmJUklmUWzv9jZoRAMNsd6AKVuVTuU:flEDpUYMAeu1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747892", "to_ids": false, "type": "size-in-bytes", "uuid": "74edae65-626a-4bd9-b213-f39f81e974a7", "value": "239104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747892", "to_ids": true, "type": "vhash", "uuid": "38013681-3579-445a-9d7d-0a5a348180a8", "value": "225036651512201104d2200101a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747892", "to_ids": true, "type": "filename", "uuid": "8cb0de95-d1ae-4bbc-a8e7-26736068ce23", "value": "16o7J3tXq14xTYO" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747892", "to_ids": false, "type": "text", "uuid": "06114b47-24f2-4683-a446-8ad7c5708b7a", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Thanos.DC!MTB\nVT Total Detection:60/73\nFirst Submission:2021-05-25T09:20:54.000000+00:00\nLast Submission:2021-05-25T09:20:54.000000+00:00" } ] } ] } }