{ "Event": { "analysis": "1", "date": "2024-05-09", "extends_uuid": "", "info": "[Threat Intel] Profiling Trafficers: Cerberus", "protected": false, "publish_timestamp": "1780039390", "published": true, "threat_level_id": "3", "timestamp": "1772901934", "uuid": "93c5c28d-f2ad-4db2-a959-4fff38dde26f", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#bd512b", "local": false, "name": "misp-galaxy:target-information=\"Belarus\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": "" }, { "colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#732009", "local": false, "name": "misp-galaxy:target-information=\"Colombia\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": "" }, { "colour": "#0f0428", "local": false, "name": "misp-galaxy:target-information=\"Algeria\"", "relationship_type": "" }, { "colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": "" }, { "colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": "" }, { "colour": "#c385b5", "local": false, "name": "misp-galaxy:target-information=\"Morocco\"", "relationship_type": "" }, { "colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": "" }, { "colour": "#9f5dac", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": "" }, { "colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": "" }, { "colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#74d147", "local": false, "name": "misp-galaxy:target-information=\"Czech Republic\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": "" }, { "colour": "#4929fe", "local": false, "name": "misp-galaxy:target-information=\"Iraq\"", "relationship_type": "" }, { "colour": "#c70b8f", "local": false, "name": "misp-galaxy:target-information=\"Portugal\"", "relationship_type": "" }, { "colour": "#620e4e", "local": false, "name": "misp-galaxy:target-information=\"Hungary\"", "relationship_type": "" }, { "colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": "" }, { "colour": "#c180fb", "local": false, "name": "misp-galaxy:target-information=\"Norway\"", "relationship_type": "" }, { "colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": "" }, { "colour": "#09ea0d", "local": false, "name": "misp-galaxy:target-information=\"Sri Lanka\"", "relationship_type": "" }, { "colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#199542", "local": false, "name": "misp-galaxy:target-information=\"Serbia\"", "relationship_type": "" }, { "colour": "#08ee7c", "local": false, "name": "misp-galaxy:target-information=\"Dominican Republic\"", "relationship_type": "" }, { "colour": "#64388b", "local": false, "name": "misp-galaxy:target-information=\"Tunisia\"", "relationship_type": "" }, { "colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": "" }, { "colour": "#41c393", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": "" }, { "colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": "" }, { "colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": "" }, { "colour": "#72ab92", "local": false, "name": "misp-galaxy:target-information=\"Lithuania\"", "relationship_type": "" }, { "colour": "#eb5a95", "local": false, "name": "misp-galaxy:target-information=\"Latvia\"", "relationship_type": "" }, { "colour": "#7d6b1a", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": "" }, { "colour": "#bedb1f", "local": false, "name": "misp-galaxy:target-information=\"Nigeria\"", "relationship_type": "" }, { "colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": "" }, { "colour": "#ff41c1", "local": false, "name": "misp-galaxy:target-information=\"Nepal\"", "relationship_type": "" }, { "colour": "#6d455d", "local": false, "name": "misp-galaxy:target-information=\"Bulgaria\"", "relationship_type": "" }, { "colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": "" }, { "colour": "#0fa7af", "local": false, "name": "misp-galaxy:target-information=\"Armenia\"", "relationship_type": "" }, { "colour": "#f107e3", "local": false, "name": "misp-galaxy:target-information=\"Ghana\"", "relationship_type": "" }, { "colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": "" }, { "colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": "" }, { "colour": "#04e23c", "local": false, "name": "misp-galaxy:target-information=\"Slovakia\"", "relationship_type": "" }, { "colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": "" }, { "colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#09b89b", "local": false, "name": "misp-galaxy:target-information=\"Uruguay\"", "relationship_type": "" }, { "colour": "#d802cf", "local": false, "name": "misp-galaxy:target-information=\"Azerbaijan\"", "relationship_type": "" }, { "colour": "#a3567e", "local": false, "name": "misp-galaxy:target-information=\"Estonia\"", "relationship_type": "" }, { "colour": "#997689", "local": false, "name": "misp-galaxy:target-information=\"Ethiopia\"", "relationship_type": "" }, { "colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": "" }, { "colour": "#3c02c3", "local": false, "name": "misp-galaxy:target-information=\"Luxembourg\"", "relationship_type": "" }, { "colour": "#20962d", "local": false, "name": "misp-galaxy:target-information=\"Finland\"", "relationship_type": "" }, { "colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": "" }, { "colour": "#9d320e", "local": false, "name": "misp-galaxy:target-information=\"Greece\"", "relationship_type": "" }, { "colour": "#4b3e92", "local": false, "name": "misp-galaxy:target-information=\"Palestine\"", "relationship_type": "" }, { "colour": "#8f3c0c", "local": false, "name": "misp-galaxy:target-information=\"Croatia\"", "relationship_type": "" }, { "colour": "#094367", "local": false, "name": "misp-galaxy:target-information=\"Denmark\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#b1b109", "local": false, "name": "misp-galaxy:target-information=\"Guatemala\"", "relationship_type": "" }, { "colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": "" }, { "colour": "#4cebc3", "local": false, "name": "misp-galaxy:target-information=\"Lebanon\"", "relationship_type": "" }, { "colour": "#d9dfae", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": "" }, { "colour": "#9f8eb4", "local": false, "name": "misp-galaxy:target-information=\"Costa Rica\"", "relationship_type": "" }, { "colour": "#2a06af", "local": false, "name": "misp-galaxy:target-information=\"Paraguay\"", "relationship_type": "" }, { "colour": "#841801", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": "" }, { "colour": "#98048e", "local": false, "name": "misp-galaxy:target-information=\"Honduras\"", "relationship_type": "" }, { "colour": "#6e9c5c", "local": false, "name": "misp-galaxy:target-information=\"Madagascar\"", "relationship_type": "" }, { "colour": "#4e41fc", "local": false, "name": "misp-galaxy:target-information=\"Ireland\"", "relationship_type": "" }, { "colour": "#7ae837", "local": false, "name": "misp-galaxy:target-information=\"Cameroon\"", "relationship_type": "" }, { "colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": "" }, { "colour": "#02a4c7", "local": false, "name": "misp-galaxy:target-information=\"Togo\"", "relationship_type": "" }, { "colour": "#b4dfcd", "local": false, "name": "misp-galaxy:target-information=\"North Macedonia\"", "relationship_type": "" }, { "colour": "#69061f", "local": false, "name": "misp-galaxy:target-information=\"Panama\"", "relationship_type": "" }, { "colour": "#d9210a", "local": false, "name": "misp-galaxy:target-information=\"Albania\"", "relationship_type": "" }, { "colour": "#63db91", "local": false, "name": "misp-galaxy:target-information=\"Cuba\"", "relationship_type": "" }, { "colour": "#437f93", "local": false, "name": "misp-galaxy:target-information=\"Senegal\"", "relationship_type": "" }, { "colour": "#c62adc", "local": false, "name": "misp-galaxy:target-information=\"Slovenia\"", "relationship_type": "" }, { "colour": "#5e8ca8", "local": false, "name": "misp-galaxy:target-information=\"Zambia\"", "relationship_type": "" }, { "colour": "#d6740b", "local": false, "name": "misp-galaxy:target-information=\"Uganda\"", "relationship_type": "" }, { "colour": "#71f7e5", "local": false, "name": "misp-galaxy:target-information=\"El Salvador\"", "relationship_type": "" }, { "colour": "#4b97c0", "local": false, "name": "misp-galaxy:target-information=\"Equatorial Guinea\"", "relationship_type": "" }, { "colour": "#a3dd51", "local": false, "name": "misp-galaxy:target-information=\"Angola\"", "relationship_type": "" }, { "colour": "#0bbdc3", "local": false, "name": "misp-galaxy:target-information=\"New Zealand\"", "relationship_type": "" }, { "colour": "#21c959", "local": false, "name": "misp-galaxy:target-information=\"Qatar\"", "relationship_type": "" }, { "colour": "#701b80", "local": false, "name": "misp-galaxy:target-information=\"Jamaica\"", "relationship_type": "" }, { "colour": "#efa459", "local": false, "name": "misp-galaxy:target-information=\"South Sudan\"", "relationship_type": "" }, { "colour": "#1f5547", "local": false, "name": "misp-galaxy:target-information=\"Sudan\"", "relationship_type": "" }, { "colour": "#031c9d", "local": false, "name": "misp-galaxy:target-information=\"Libya\"", "relationship_type": "" }, { "colour": "#13bb3c", "local": false, "name": "misp-galaxy:target-information=\"Oman\"", "relationship_type": "" }, { "colour": "#0dc5a4", "local": false, "name": "misp-galaxy:target-information=\"Mozambique\"", "relationship_type": "" }, { "colour": "#28720c", "local": false, "name": "misp-galaxy:target-information=\"Trinidad and Tobago\"", "relationship_type": "" }, { "colour": "#4ece2e", "local": false, "name": "misp-galaxy:target-information=\"Tajikistan\"", "relationship_type": "" }, { "colour": "#affa6e", "local": false, "name": "misp-galaxy:target-information=\"Burkina Faso\"", "relationship_type": "" }, { "colour": "#9df4e4", "local": false, "name": "misp-galaxy:target-information=\"Puerto Rico\"", "relationship_type": "" }, { "colour": "#71c031", "local": false, "name": "misp-galaxy:target-information=\"Nicaragua\"", "relationship_type": "" }, { "colour": "#842d01", "local": false, "name": "misp-galaxy:target-information=\"Benin\"", "relationship_type": "" }, { "colour": "#9077b1", "local": false, "name": "misp-galaxy:target-information=\"Yemen\"", "relationship_type": "" }, { "colour": "#8b035d", "local": false, "name": "misp-galaxy:target-information=\"Cyprus\"", "relationship_type": "" }, { "colour": "#8604d0", "local": false, "name": "misp-galaxy:target-information=\"Bahrain\"", "relationship_type": "" }, { "colour": "#631fed", "local": false, "name": "misp-galaxy:target-information=\"Rwanda\"", "relationship_type": "" }, { "colour": "#c79f1f", "local": false, "name": "misp-galaxy:target-information=\"Gabon\"", "relationship_type": "" }, { "colour": "#453bd5", "local": false, "name": "misp-galaxy:target-information=\"Namibia\"", "relationship_type": "" }, { "colour": "#d49f13", "local": false, "name": "misp-galaxy:target-information=\"Montenegro\"", "relationship_type": "" }, { "colour": "#83bd88", "local": false, "name": "misp-galaxy:target-information=\"Mali\"", "relationship_type": "" }, { "colour": "#cbf48a", "local": false, "name": "misp-galaxy:target-information=\"Papua New Guinea\"", "relationship_type": "" }, { "colour": "#f93f1c", "local": false, "name": "misp-galaxy:target-information=\"Zimbabwe\"", "relationship_type": "" }, { "colour": "#bc43ce", "local": false, "name": "misp-galaxy:target-information=\"Jersey\"", "relationship_type": "" }, { "colour": "#4fc5b4", "local": false, "name": "misp-galaxy:target-information=\"Botswana\"", "relationship_type": "" }, { "colour": "#5d3bf0", "local": false, "name": "misp-galaxy:target-information=\"Malawi\"", "relationship_type": "" }, { "colour": "#cdb249", "local": false, "name": "misp-galaxy:target-information=\"Haiti\"", "relationship_type": "" }, { "colour": "#687d35", "local": false, "name": "misp-galaxy:target-information=\"Mauritius\"", "relationship_type": "" }, { "colour": "#f834a3", "local": false, "name": "misp-galaxy:target-information=\"Maldives\"", "relationship_type": "" }, { "colour": "#598e44", "local": false, "name": "misp-galaxy:target-information=\"Somalia\"", "relationship_type": "" }, { "colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": "" }, { "colour": "#a74455", "local": false, "name": "misp-galaxy:target-information=\"Guyana\"", "relationship_type": "" }, { "colour": "#fcbb39", "local": false, "name": "misp-galaxy:target-information=\"Mauritania\"", "relationship_type": "" }, { "colour": "#dfc3c3", "local": false, "name": "misp-galaxy:target-information=\"Malta\"", "relationship_type": "" }, { "colour": "#16ba7c", "local": false, "name": "misp-galaxy:target-information=\"Saint Kitts and Nevis\"", "relationship_type": "" }, { "colour": "#c25683", "local": false, "name": "misp-galaxy:target-information=\"Bahamas\"", "relationship_type": "" }, { "colour": "#b51aa2", "local": false, "name": "misp-galaxy:target-information=\"Suriname\"", "relationship_type": "" }, { "colour": "#241a62", "local": false, "name": "misp-galaxy:target-information=\"Iceland\"", "relationship_type": "" }, { "colour": "#ad6422", "local": false, "name": "misp-galaxy:target-information=\"Liberia\"", "relationship_type": "" }, { "colour": "#f86e61", "local": false, "name": "misp-galaxy:target-information=\"Andorra\"", "relationship_type": "" }, { "colour": "#7f34fb", "local": false, "name": "misp-galaxy:target-information=\"Barbados\"", "relationship_type": "" }, { "colour": "#b580d1", "local": false, "name": "misp-galaxy:target-information=\"Belize\"", "relationship_type": "" }, { "colour": "#fabbd6", "local": false, "name": "misp-galaxy:target-information=\"Fiji\"", "relationship_type": "" }, { "colour": "#2107a4", "local": false, "name": "misp-galaxy:target-information=\"Sierra Leone\"", "relationship_type": "" }, { "colour": "#d8846f", "local": false, "name": "misp-galaxy:target-information=\"Bhutan\"", "relationship_type": "" }, { "colour": "#78b6f0", "local": false, "name": "misp-galaxy:target-information=\"Saint Lucia\"", "relationship_type": "" }, { "colour": "#719d95", "local": false, "name": "misp-galaxy:target-information=\"Guam\"", "relationship_type": "" }, { "colour": "#0d5eef", "local": false, "name": "misp-galaxy:target-information=\"Guinea\"", "relationship_type": "" }, { "colour": "#2aeb10", "local": false, "name": "misp-galaxy:target-information=\"Guinea-Bissau\"", "relationship_type": "" }, { "colour": "#7c7c77", "local": false, "name": "misp-galaxy:target-information=\"Chad\"", "relationship_type": "" }, { "colour": "#83e168", "local": false, "name": "misp-galaxy:target-information=\"Gambia\"", "relationship_type": "" }, { "colour": "#2ea969", "local": false, "name": "misp-galaxy:target-information=\"Niger\"", "relationship_type": "" }, { "colour": "#f28cbf", "local": false, "name": "misp-galaxy:target-information=\"Cura\u00e7ao\"", "relationship_type": "" }, { "colour": "#0a5d4f", "local": false, "name": "misp-galaxy:target-information=\"French Polynesia\"", "relationship_type": "" }, { "colour": "#d8e4c7", "local": false, "name": "misp-galaxy:target-information=\"Lesotho\"", "relationship_type": "" }, { "colour": "#83a682", "local": false, "name": "misp-galaxy:target-information=\"Burundi\"", "relationship_type": "" }, { "colour": "#5f8f8d", "local": false, "name": "misp-galaxy:target-information=\"Isle of Man\"", "relationship_type": "" }, { "colour": "#a66c0a", "local": false, "name": "misp-galaxy:target-information=\"Liechtenstein\"", "relationship_type": "" }, { "colour": "#3d5eba", "local": false, "name": "misp-galaxy:target-information=\"New Caledonia\"", "relationship_type": "" }, { "colour": "#b5e999", "local": false, "name": "misp-galaxy:target-information=\"San Marino\"", "relationship_type": "" }, { "colour": "#c80ee7", "local": false, "name": "misp-galaxy:target-information=\"Cayman Islands\"", "relationship_type": "" }, { "colour": "#31c535", "local": false, "name": "misp-galaxy:target-information=\"Dominica\"", "relationship_type": "" }, { "colour": "#c70980", "local": false, "name": "misp-galaxy:target-information=\"Faroe Islands\"", "relationship_type": "" }, { "colour": "#25398e", "local": false, "name": "misp-galaxy:target-information=\"Greenland\"", "relationship_type": "" }, { "colour": "#c9847a", "local": false, "name": "misp-galaxy:target-information=\"Grenada\"", "relationship_type": "" }, { "colour": "#53d6ba", "local": false, "name": "misp-galaxy:target-information=\"Guernsey\"", "relationship_type": "" }, { "colour": "#cea85d", "local": false, "name": "misp-galaxy:target-information=\"Turks and Caicos Islands\"", "relationship_type": "" }, { "colour": "#de7e67", "local": false, "name": "misp-galaxy:target-information=\"U.S. Virgin Islands\"", "relationship_type": "" }, { "colour": "#5fab99", "local": false, "name": "misp-galaxy:target-information=\"Anguilla\"", "relationship_type": "" }, { "colour": "#439154", "local": false, "name": "misp-galaxy:target-information=\"Antigua and Barbuda\"", "relationship_type": "" }, { "colour": "#9e0af4", "local": false, "name": "misp-galaxy:target-information=\"Bermuda\"", "relationship_type": "" }, { "colour": "#005585", "local": false, "name": "misp-galaxy:target-information=\"Central African Republic\"", "relationship_type": "" }, { "colour": "#03801f", "local": false, "name": "misp-galaxy:target-information=\"Comoros\"", "relationship_type": "" }, { "colour": "#57ece2", "local": false, "name": "misp-galaxy:target-information=\"Djibouti\"", "relationship_type": "" }, { "colour": "#450e1c", "local": false, "name": "misp-galaxy:target-information=\"Kiribati\"", "relationship_type": "" }, { "colour": "#f07c14", "local": false, "name": "misp-galaxy:target-information=\"Monaco\"", "relationship_type": "" }, { "colour": "#2c42ff", "local": false, "name": "misp-galaxy:target-information=\"Northern Mariana Islands\"", "relationship_type": "" }, { "colour": "#aa780d", "local": false, "name": "misp-galaxy:target-information=\"Palau\"", "relationship_type": "" }, { "colour": "#19d775", "local": false, "name": "misp-galaxy:target-information=\"Turkmenistan\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MetaStealer\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"RedLine Stealer\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Medium\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736660992", "to_ids": false, "type": "link", "uuid": "e42c02ca-eeff-4011-ba6e-6bfad619be0a", "value": "https://g0njxa.medium.com/profiling-traffic-cerberus-ex-amnesia-3758faba4385" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736660992", "to_ids": false, "type": "text", "uuid": "a968b161-ad50-4f10-a5af-daa5492d472a", "value": "This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the Commonwealth of Independent States (CIS) region. It provides insights into their operations, tactics, and the evolution of their malware campaigns over time, shedding light on the ever-evolving landscape of cybercriminal activities." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736660992", "to_ids": false, "type": "text", "uuid": "89d887e7-fce5-413d-827d-730519bd713d", "value": "Name: Profiling Trafficers: Cerberus\nAuthor: AlienVault\nAdversary: Cerberus (ex-Amnesia)\nTags: [\"cybercrime\", \"rhadamanthys stealer\", \"hacking\", \"infostealer\", \"malware\", \"russia\", \"casbaneiro\", \"lumma stealer\", \"aurora stealer\", \"metamorfo\", \"dracula stealer (samurai)\", \"redline\"]\nTgtd countries: [\"Russian Federation\", \"United States of America\", \"Ukraine\", \"Brazil\", \"Belarus\", \"Germany\", \"Kazakhstan\", \"Philippines\", \"Poland\", \"Egypt\", \"Thailand\", \"Netherlands\", \"Mexico\", \"Pakistan\", \"United Kingdom of Great Britain and Northern Ireland\", \"Colombia\", \"France\", \"Indonesia\", \"Spain\", \"British Indian Ocean Territory\", \"India\", \"Peru\", \"Algeria\", \"Argentina\", \"Bangladesh\", \"Morocco\", \"Italy\", \"Romania\", \"Uzbekistan\", \"Belgium\", \"China\", \"Czechia\", \"Malaysia\", \"Chile\", \"Moldova, Republic of\", \"Venezuela, Bolivarian Republic of\", \"Iraq\", \"Portugal\", \"Hungary\", \"Canada\", \"Norway\", \"Ecuador\", \"Sri Lanka\", \"Saudi Arabia\", \"Serbia\", \"Dominican Republic\", \"Bolivia, Plurinational State of\", \"Tunisia\", \"South Africa\", \"Kyrgyzstan\", \"Israel\", \"Kenya\", \"Iran, Islamic Republic of\", \"Myanmar\", \"Lithuania\", \"Latvia\", \"Georgia\", \"South Georgia and the South Sandwich Islands\", \"Nigeria\", \"Australia\", \"Nepal\", \"Bulgaria\", \"Sweden\", \"Armenia\", \"Ghana\", \"United Arab Emirates\", \"Switzerland\", \"Slovakia\", \"Jordan\", \"Austria\", \"Japan\", \"Uruguay\", \"Azerbaijan\", \"Estonia\", \"Ethiopia\", \"Bosnia and Herzegovina\", \"Luxembourg\", \"Finland\", \"Singapore\", \"Greece\", \"Palestine\", \"Croatia\", \"Denmark\", \"Taiwan\", \"Guatemala\", \"Cambodia\", \"Lebanon\", \"Mongolia\", \"Costa Rica\", \"Paraguay\", \"Kuwait\", \"Honduras\", \"Madagascar\", \"Ireland\", \"United Kingdom of Great Britain and Northern Ireland\", \"Cameroon\", \"Hong Kong\", \"Togo\", \"North Macedonia\", \"Panama\", \"Albania\", \"Cuba\", \"Senegal\", \"Slovenia\", \"Tanzania, United Republic of\", \"Zambia\", \"Uganda\", \"El Salvador\", \"Equatorial Guinea\", \"Angola\", \"New Zealand\", \"Qatar\", \"Jamaica\", \"South Sudan\", \"Sudan\", \"Libya\", \"Oman\", \"Mozambique\", \"Trinidad and Tobago\", \"Tajikistan\", \"Burkina Faso\", \"Puerto Rico\", \"Nicaragua\", \"Benin\", \"Yemen\", \"Cyprus\", \"Congo\", \"Congo, Democratic Republic of the\", \"Bahrain\", \"Rwanda\", \"Gabon\", \"Namibia\", \"Syrian Arab Republic\", \"Montenegro\", \"Mali\", \"Papua New Guinea\", \"Zimbabwe\", \"Jersey\", \"Botswana\", \"Malawi\", \"Haiti\", \"Mauritius\", \"Maldives\", \"Somalia\", \"Afghanistan\", \"Guyana\", \"Brunei Darussalam\", \"Mauritania\", \"Cabo Verde\", \"Malta\", \"Saint Kitts and Nevis\", \"Bahamas\", \"Suriname\", \"Iceland\", \"Liberia\", \"Macao\", \"Andorra\", \"Barbados\", \"Belize\", \"Fiji\", \"Sierra Leone\", \"Bhutan\", \"Saint Lucia\", \"French Guiana\", \"Guadeloupe\", \"Guam\", \"Equatorial Guinea\", \"Guinea\", \"Guinea-Bissau\", \"Papua New Guinea\", \"Chad\", \"Gambia\", \"Niger\", \"Nigeria\", \"Timor-Leste\", \"Cura\\u00e7ao\", \"French Polynesia\", \"Lesotho\", \"Martinique\", \"Burundi\", \"Eswatini\", \"Isle of Man\", \"Liechtenstein\", \"New Caledonia\", \"Saint Martin (French part)\", \"San Marino\", \"Cayman Islands\", \"Dominica\", \"Dominican Republic\", \"Faroe Islands\", \"Greenland\", \"Grenada\", \"Guernsey\", \"Guinea-Bissau\", \"Turks and Caicos Islands\", \"Virgin Islands, British\", \"Virgin Islands, U.S.\", \"Anguilla\", \"Antigua and Barbuda\", \"Bermuda\", \"Central African Republic\", \"Comoros\", \"Djibouti\", \"Kiribati\", \"Micronesia, Federated States of\", \"Monaco\", \"Norfolk Island\", \"Northern Mariana Islands\", \"Palau\", \"South Sudan\", \"Turkmenistan\", \"Virgin Islands, British\", \"Virgin Islands, U.S.\"]\nMlwr families: [\"Aurora Stealer\", \"Lumma Stealer\", \"Redline\", \"Metamorfo - S0455\", \"Casbaneiro\", \"Dracula Stealer (Samurai)\", \"Rhadamanthys Stealer\"]\nAttack_ids: []\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736660992", "to_ids": false, "type": "threat-actor", "uuid": "e7b93607-142d-4d28-9019-1e575864b95f", "value": "Cerberus (ex-Amnesia)" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328555", "to_ids": false, "type": "threat-actor", "uuid": "4c36e018-bfa5-4747-b4d2-d0b5d200ab49", "value": "Cerberus" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328565", "to_ids": false, "type": "threat-actor", "uuid": "fb55f6b4-3cbc-45c7-af01-c3066e9cfbb3", "value": "\u0422\u0440\u0430\u0444\u0444\u0435\u0440\u044b" }, { "category": "Network activity", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "timestamp": "1746330654", "to_ids": true, "type": "ip-dst|port", "uuid": "570befc6-7270-4560-95ae-2dc0f80f2389", "value": "5.42.65.36|11552" }, { "category": "Network activity", "comment": "META", "deleted": false, "disable_correlation": false, "timestamp": "1746330654", "to_ids": true, "type": "ip-dst|port", "uuid": "b8d1f2ca-e68d-4d1e-a809-578f50dc89c3", "value": "5.42.65.101|48790" }, { "category": "Network activity", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "timestamp": "1746330654", "to_ids": true, "type": "ip-dst|port", "uuid": "3a5050f3-e5d3-4b1c-b18c-f6af87ec109e", "value": "5.42.65.101|40676" }, { "category": "Payload delivery", "comment": "REDLINE No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332400", "to_ids": true, "type": "md5", "uuid": "884c28d7-5adf-46d3-9b01-4a398386d980", "value": "d1390da1b59947229fc171d380072418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332401", "to_ids": true, "type": "md5", "uuid": "3b813503-1726-4adc-9265-c017c411fc44", "value": "294079f8862567a22dc40045de1d9c4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332402", "to_ids": true, "type": "md5", "uuid": "968a0161-6ef7-4366-873c-f15a6a3b84fe", "value": "66e53717dfdbe851f4d200ef11b0d121", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332404", "to_ids": true, "type": "md5", "uuid": "12f61402-a7d8-421c-b97b-b487a6958f9c", "value": "95336ebfdf4fb7a4225c27c3723be4b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332405", "to_ids": true, "type": "md5", "uuid": "f354d064-a9c7-453a-ae09-b8aea5cc6c51", "value": "f1f8de5b4e6984dbf52d278afd09b377", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332406", "to_ids": true, "type": "md5", "uuid": "879d9755-a1d7-407d-9468-e97ae6625cbb", "value": "823add1f76ee53424958c4d975bb8104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332407", "to_ids": true, "type": "md5", "uuid": "04893a25-065d-4b9a-88ba-e709d33caf9e", "value": "88ea9a904663c79a9d2c34bc41642736", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332408", "to_ids": true, "type": "md5", "uuid": "a958f1fa-613d-4985-ab1c-4024779958a4", "value": "a89d1fa864cf7cf80d7a88ce7085f0cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332409", "to_ids": true, "type": "md5", "uuid": "4c879a2c-517b-4a56-b641-880487135483", "value": "1119f08b1cf255578ebea6b7dc65e529", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332411", "to_ids": true, "type": "md5", "uuid": "5b95af55-85d8-4032-a59e-036c34f5bd7d", "value": "54a4da77d1bf79f497455c11c47478bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332412", "to_ids": true, "type": "md5", "uuid": "f26ec940-5008-4c12-ba98-90f1b4d679ad", "value": "be8514870cee288f61a73175032e4b82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332413", "to_ids": true, "type": "md5", "uuid": "c2ae0b60-2762-4ab0-80f9-9a33075291c7", "value": "c541f710d3e601bc95147cdb0707e742", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332414", "to_ids": true, "type": "md5", "uuid": "26ae79c0-22e6-4f78-94cc-749da12215e3", "value": "2d21fa15042a3fda41ab59472857bcf1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746332415", "to_ids": true, "type": "md5", "uuid": "b52da7dc-2aa0-4ede-accf-95666b91aaae", "value": "42e1b820fcca3478112e872e29292534", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332355", "uuid": "aedfea0e-9849-461f-a810-80efe33cacee", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332355", "to_ids": true, "type": "md5", "uuid": "1f133560-5b79-4eb8-9eab-5be22dfb2b41", "value": "77ba4de3a0792308d13a1a6c28ee4643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331102", "to_ids": true, "type": "sha1", "uuid": "7976cf34-822c-48c0-aad6-18b960d5bb31", "value": "211fd10854c4d90ef335f064e05806aba616c817", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331102", "to_ids": true, "type": "sha256", "uuid": "63c9819f-08c1-43c3-aa8a-e502374a2a5e", "value": "ae8796b12d29b7448438268047ba259c7ef7d8cb02114b1604527e4b0643955c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331102", "to_ids": true, "type": "ssdeep", "uuid": "f2ae1477-e749-43b7-a309-5c6f77ddef83", "value": "3072:S2V2Sv/JxcyjklYTRobHJeIiSs9k6MQ4f4lJ/NVwzgyptf/BX7NLx:SM2SJPjDTRAHJJs9ktQ7J/fyrfRN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331102", "to_ids": false, "type": "size-in-bytes", "uuid": "57271869-2228-4b25-855b-e3842f50bc85", "value": "15728640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331102", "to_ids": true, "type": "filename", "uuid": "32968f84-dd0d-4bbe-9eb2-ac88057c1b1b", "value": "SYNAPSE_X.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 27/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331102", "to_ids": false, "type": "text", "uuid": "be5de2ad-5282-4f7c-9a6c-ee762188836d", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.GMJ!MTB\nVT Total Detection:26/72\nFirst Submission:2023-09-27T13:19:46.000000+00:00\nLast Submission:2023-09-30T17:01:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332356", "uuid": "057491b4-4c0b-44b4-8f4a-ecc380c99197", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332356", "to_ids": true, "type": "md5", "uuid": "f077e39e-8529-4be3-84d3-ad3553960276", "value": "3dd9ffe9a21dfb02beecb3ac3f8c63b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331124", "to_ids": true, "type": "sha1", "uuid": "3bb302cd-eabb-40cc-9295-eee298741afe", "value": "83b9f1ecbcbbffa03e7115e72e23e2d1889f4ac6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331124", "to_ids": true, "type": "sha256", "uuid": "d7a6c4de-504f-46b1-aff6-95857a130a3a", "value": "3d281d22a40c06340f4f997421805854833f3b1b4bab87c96bc270a380c43144", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331123", "to_ids": true, "type": "ssdeep", "uuid": "e4603fcc-bbc8-4675-9157-80aa30ae2983", "value": "24576:8cdoWaG0h0D9Atcu7XvxsSYL1gIHglgz0+F:wG0h0DOXjcgIHBzZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331123", "to_ids": false, "type": "size-in-bytes", "uuid": "be7c4923-04a1-4372-aed8-adfd1db29407", "value": "1587200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331123", "to_ids": true, "type": "vhash", "uuid": "e648fecd-ce5c-4e54-a462-f73fc8adb256", "value": "0160be06551d155d55151az83nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331123", "to_ids": true, "type": "filename", "uuid": "fdd5de3d-bdc1-493b-acb5-a3b50559d057", "value": "bloodwoken_cheat.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331123", "to_ids": false, "type": "text", "uuid": "259c3b8a-a5d4-4674-add1-fe2a2db9db1c", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Phoenix!pz\nVT Total Detection:58/72\nFirst Submission:2023-10-07T00:48:17.000000+00:00\nLast Submission:2023-10-07T00:48:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332357", "uuid": "a4c83689-0b4d-492d-9d13-e54b6f13ce5c", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332357", "to_ids": true, "type": "md5", "uuid": "ea76bd48-9f3f-48b3-9f9d-150940c28210", "value": "0bb538a39510a3876e22b5f5120948f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331147", "to_ids": true, "type": "sha1", "uuid": "2dc7da65-00b5-473d-94db-256f5b08f1a4", "value": "ddfc3326d0b0f82c982df204c14c7d6c421ddb21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331147", "to_ids": true, "type": "sha256", "uuid": "c7333c04-a169-4a53-b81f-298a0e1d31df", "value": "3565e88ee2279a2b69eb1d3692025a657cbcacbd87986bdf665f05cb839dc17f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331146", "to_ids": true, "type": "ssdeep", "uuid": "9b1ed9c4-614a-4fa3-9e23-cef28ce24d55", "value": "3072:Duofs4eIbyO55lyjlmG5gJVX/2jyTvFkRzC2Tbj6lpaippjIQHPWGLCz+ZA1SGjo:Duoj55lyjlL5gX/2TilpVpjIQHPWGLCU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331146", "to_ids": false, "type": "size-in-bytes", "uuid": "ce2c9078-0037-4012-ac95-49319edd8351", "value": "188416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331146", "to_ids": true, "type": "vhash", "uuid": "72d7ec57-91e0-41a0-ad93-91e07b5a4596", "value": "01505666155d155018z46!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331146", "to_ids": true, "type": "filename", "uuid": "8b09737d-dc1c-4b1d-a325-beb0c9ba3aee", "value": "Crack TopkaVisual v2.5.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 21/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331146", "to_ids": false, "type": "text", "uuid": "e4175c8c-1fac-48f1-86e1-bfaf805e6773", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/LummaStealer.AARS!MTB\nVT Total Detection:57/74\nFirst Submission:2023-10-04T14:40:35.000000+00:00\nLast Submission:2024-06-21T03:00:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332358", "uuid": "94be5f49-2a2b-46ff-a36d-7296f475a92c", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332358", "to_ids": true, "type": "md5", "uuid": "d0135a89-cbbc-48f3-8260-1b212a77d023", "value": "736e37dbfa0a258d6db1eea8d6f799a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331176", "to_ids": true, "type": "sha1", "uuid": "850b5ddd-0e4c-4168-8167-2018fba09958", "value": "a0fa831386612dd1083e1252899f1122c23e7f44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331176", "to_ids": true, "type": "sha256", "uuid": "c51a622a-6334-4f4a-b9d4-d307b06b1f4a", "value": "a8543250d138dd67ae91f64c471a12eb8773efbf4838b81f398f15484df3dab2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331175", "to_ids": true, "type": "ssdeep", "uuid": "a5bbed0f-9cc2-40e9-a6c5-3fce227a9949", "value": "24576:1MZTPCzJAzty99wIJSvWnAia8vE125GObTZFBV:1MZTPCGy99wIsvWJc1YGEZFB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331175", "to_ids": false, "type": "size-in-bytes", "uuid": "e7876919-62bd-4bce-872b-12af0040a452", "value": "1039360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331175", "to_ids": true, "type": "vhash", "uuid": "3b5a287e-1f58-47c8-be43-d1abf05d0f22", "value": "01609e06551d155d6d151az89!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331175", "to_ids": true, "type": "filename", "uuid": "39fb5508-03ed-4c88-8a13-341985652a7c", "value": "Kasin.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331175", "to_ids": false, "type": "text", "uuid": "0dfce963-d294-46a2-8c36-6593e58d937b", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RedLine.ME!MTB\nVT Total Detection:57/73\nFirst Submission:2023-10-01T14:31:11.000000+00:00\nLast Submission:2023-10-01T14:31:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332359", "uuid": "57f7fae0-c867-41e8-b258-b60aced9e068", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332359", "to_ids": true, "type": "md5", "uuid": "67a439f0-c5de-4b21-ba3a-5227ed020d24", "value": "8ffa0079f493f0ad99f12855b1b41820", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331199", "to_ids": true, "type": "sha1", "uuid": "16525ecd-6c93-46a8-a1aa-874f0a4d672e", "value": "e8cd986a7881a158ba02319a827d65b61bfd3aaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331199", "to_ids": true, "type": "sha256", "uuid": "5099d2f1-39d4-4221-a263-263419df040d", "value": "b9161bebfa420e361053fe2d28cbacb9f59e12bb2e9ae6dc241326ec5b32429a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331198", "to_ids": true, "type": "ssdeep", "uuid": "a834e65a-967b-429f-82f4-0657549037db", "value": "24576:1wXXnkz1ezkPTyUg0hNbUl+4t6azpE/mg+nb90:1Nz1ezkPthmd4a9Zb9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331198", "to_ids": false, "type": "size-in-bytes", "uuid": "e1c42764-653e-45a8-a78a-2ae828741043", "value": "10485760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331198", "to_ids": true, "type": "vhash", "uuid": "55eb3b75-e6ff-4888-a99d-84f0a5c56a51", "value": "0170ae06551d155d6d151az89!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331198", "to_ids": true, "type": "filename", "uuid": "055fbee8-2193-4da0-a990-12f36cfeaa51", "value": "8ffa0079f493f0ad99f12855b1b41820.virus" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 30/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331198", "to_ids": false, "type": "text", "uuid": "6613fc51-ebaf-478b-9760-02de4683a2f1", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.GPAC!MTB\nVT Total Detection:41/72\nFirst Submission:2023-09-30T04:33:41.000000+00:00\nLast Submission:2023-09-30T04:33:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332360", "uuid": "ad1cca6d-cfdb-4c6f-8044-ea61fa119ecf", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332360", "to_ids": true, "type": "md5", "uuid": "9f124fda-33de-46b8-8c94-005d0bd03883", "value": "60eb108ffe1bfe2683c971072abde8f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331225", "to_ids": true, "type": "sha1", "uuid": "52858928-7818-4190-bc84-e6153d398ec3", "value": "f10678b0615993502df4c7c9c7ea7e36e215f386", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331225", "to_ids": true, "type": "sha256", "uuid": "3a236154-a4da-4050-b801-bc351043d1f4", "value": "ab961d5cd09a20f7885e62fe36de18f0c33f07a61cabc6218e6801ea1213b0c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331225", "to_ids": true, "type": "ssdeep", "uuid": "20200879-4235-40fe-b8af-61d7883d1450", "value": "6144:b2CKBckxwwI8xzPy1L4NLP6MctXUH5Oy5Iq0EDZG3/:qtcawwLdLk0OAI5aZG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331225", "to_ids": false, "type": "size-in-bytes", "uuid": "9d999b42-1a65-423a-8757-0fa4a15c8661", "value": "584704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331225", "to_ids": true, "type": "vhash", "uuid": "44029d63-5c79-43c1-acbd-dba0860e8136", "value": "05505666155d155018z46!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331225", "to_ids": true, "type": "filename", "uuid": "4f2b1268-2669-48c8-a65d-dec8ea3423e5", "value": "Inject.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 06/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331225", "to_ids": false, "type": "text", "uuid": "0a218c74-763d-496b-b5e3-b6e36dbb5147", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.AARB!MTB\nVT Total Detection:54/72\nFirst Submission:2023-10-01T14:35:33.000000+00:00\nLast Submission:2023-10-01T14:35:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332362", "uuid": "40f0b5a3-4ad6-4554-843b-564873fa530e", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332362", "to_ids": true, "type": "md5", "uuid": "6a20e617-a625-41e9-87a1-e2244a37d313", "value": "498c9009ef58213aeb91aaea1b2c2387", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331276", "to_ids": true, "type": "sha1", "uuid": "7158842a-9947-4801-a480-0f3ae9c6b620", "value": "3b83251ea859df67669592f08ed75f95f5f92e2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331276", "to_ids": true, "type": "sha256", "uuid": "aa3e0791-9982-42ca-a250-4d9adb3aeb50", "value": "8c4b95e6112574a163283e6ca0c8c8eab674d4058824309357c4d6ac21136b34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331275", "to_ids": true, "type": "ssdeep", "uuid": "46702106-5b5a-42ee-8c98-998d95971650", "value": "24576:xzHN/eXZGlK69PW1dX/vAMhkoL4CiTCwm:aXZGlK69OzA0PniTCwm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331275", "to_ids": false, "type": "size-in-bytes", "uuid": "cbcabdc7-4c0e-424a-8e05-d72d76a1254b", "value": "1013248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331275", "to_ids": true, "type": "vhash", "uuid": "c6f73f8e-4706-47f0-89c1-8d1cf23754e7", "value": "0160ae06551d155d6d0d17z30089hz13z2fz" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 19/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331275", "to_ids": false, "type": "text", "uuid": "9380ca43-6bab-4b66-b02e-82c1cc2c084e", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Stealer!ic\nVT Total Detection:58/73\nFirst Submission:2023-10-02T08:48:47.000000+00:00\nLast Submission:2023-10-02T08:48:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332363", "uuid": "1ec30d59-274b-40e9-b6b7-7b52250a1295", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332363", "to_ids": true, "type": "md5", "uuid": "c2e00832-996a-4268-ab98-d50b07db5f86", "value": "71847c1a4f9d14ec19d69636ed2b3051", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331300", "to_ids": true, "type": "sha1", "uuid": "4368ac25-2fb7-411d-9e75-a40a5284c190", "value": "600c0a61770bcca612bfc50b0431672e4097ca7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331300", "to_ids": true, "type": "sha256", "uuid": "e3465025-b0d3-45af-b9e1-e1d971586c32", "value": "aa79dd98bfa1024797b92c3016e931180faf9baa462e751a8eb9061fbfd7a06c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331300", "to_ids": true, "type": "ssdeep", "uuid": "d8e03cc0-9966-4625-9ab5-c37da4e944bf", "value": "6144:GUdaTonyvEx8KQclrikR4aExM1N9V/0g:G4NyvrKQUikR4aExMQg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331300", "to_ids": false, "type": "size-in-bytes", "uuid": "1a263a00-34e6-41b5-8ed3-64e61ebc786f", "value": "10485760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331300", "to_ids": true, "type": "vhash", "uuid": "85cf005f-da7d-40ec-885a-aa3917c79858", "value": "01705666155d156az45!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331300", "to_ids": true, "type": "filename", "uuid": "cf4fb438-3254-488b-840f-67527db02f01", "value": "VIM.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331300", "to_ids": false, "type": "text", "uuid": "b015a5bb-854b-4e5b-a80f-4a6c4ec3f54c", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/RedLineStealer.O!MTB\nVT Total Detection:55/74\nFirst Submission:2023-09-25T15:00:39.000000+00:00\nLast Submission:2023-09-28T13:29:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332364", "uuid": "2a0fa9d1-cc0c-4efa-98e9-d6685f6be8c4", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332364", "to_ids": true, "type": "md5", "uuid": "9824a0f8-5362-43b4-aa4c-e23e5157c6f8", "value": "0e832303af3834fd10bfe0f161a0918d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331322", "to_ids": true, "type": "sha1", "uuid": "19d6221a-de31-432c-8a49-0cc55ca53263", "value": "3bc1e287f27fddaa0bfa68fc2e3b632be60de22f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331322", "to_ids": true, "type": "sha256", "uuid": "e3686d9b-dc80-49f1-83f4-8625b4a9eb16", "value": "48660eb510470d5ebf35a0dfdb4c592117eaec4f07cbf01d428099f052a2fdca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331321", "to_ids": true, "type": "ssdeep", "uuid": "980d3df4-43e6-42fe-8432-589288ebed30", "value": "12288:+ToPWBv/cpGrU3yDT+tjIGhHc4af4OAITeZG9:+TbBv5rUlIGhHcLiITeZG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331321", "to_ids": false, "type": "size-in-bytes", "uuid": "e742f25f-1e77-4573-9290-7ebbfba34411", "value": "529625" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331321", "to_ids": true, "type": "vhash", "uuid": "475e2a9d-dc3d-471e-b151-4b60bb24dfb9", "value": "055066655d1d15656az8f9z3tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331321", "to_ids": true, "type": "filename", "uuid": "98ce7801-2cae-4422-bfd0-0f1dce02d630", "value": "expensive.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 04/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331321", "to_ids": false, "type": "text", "uuid": "e48f9da0-9013-49ec-9b75-1d0e6a89877b", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AsyncRAT.E!MTB\nVT Total Detection:51/72\nFirst Submission:2023-09-30T20:15:37.000000+00:00\nLast Submission:2023-10-01T16:04:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332365", "uuid": "a1d3018a-2f87-4805-b0ad-95ad23cbf396", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332365", "to_ids": true, "type": "md5", "uuid": "58e39f66-ba81-452c-a0f2-38e6e95533cb", "value": "b42b3ffb6af260d65989055be4aa8ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331343", "to_ids": true, "type": "sha1", "uuid": "0608bffd-4847-4d9d-8e67-c6aa35800703", "value": "762fc0c56e45fcfe76591ae372aaf047cc52e517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331343", "to_ids": true, "type": "sha256", "uuid": "803d9d39-5a74-4409-b86c-894d49e83457", "value": "0aa93d611bbbe91ef03cce5ad22160fa4cea54a8e5b322f85be9b2a139e069e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331342", "to_ids": true, "type": "ssdeep", "uuid": "7da327ca-9ef5-487d-91af-f7fd7269c8d4", "value": "24576:iZ0DJXi9Dz+H5PFDIUnygsz/bkHshywK/3:id9Dz+HR11nM4HsAD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331342", "to_ids": false, "type": "size-in-bytes", "uuid": "703aa4f7-9bec-427e-8f5e-dd4a3d132dbf", "value": "15728640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331342", "to_ids": true, "type": "vhash", "uuid": "058fba81-ae3a-44ad-a19f-9c2f5e9af56c", "value": "0170ce06551d155d6d151az88!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331342", "to_ids": true, "type": "filename", "uuid": "a7169813-e01c-4bf0-81d7-919e9e9bae91", "value": "BLTools v2.5 crark soft.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 25/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331342", "to_ids": false, "type": "text", "uuid": "df2f170b-72e6-44ac-80b5-9071d969f348", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/LummaStealer.AARG!MTB\nVT Total Detection:56/74\nFirst Submission:2023-10-08T15:01:53.000000+00:00\nLast Submission:2023-10-26T14:22:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332366", "uuid": "beb4d309-4f18-4da7-a6f9-01e70185fc86", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332366", "to_ids": true, "type": "md5", "uuid": "af4fcc71-bf24-4926-9baf-0026842faf64", "value": "bc5270adb203015dc031e8412f7934cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331385", "to_ids": true, "type": "sha1", "uuid": "89f38fa9-349e-4b10-8f8d-9c1adf3dc9c4", "value": "8375c6ae7f581057e237f73b39f7660c141d0541", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331385", "to_ids": true, "type": "sha256", "uuid": "7c721bdf-1b29-48e0-a5a0-ea999638db3d", "value": "9e8cb629c2100e61c9e4819076ce714dd5fadf133e679e2ad46ee4428d8acfd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331384", "to_ids": true, "type": "ssdeep", "uuid": "46966e3f-6b60-4603-b3d7-75570a2ccbd0", "value": "3072:4kV809Au3Dy8B+VHMiV2/F/qX7yEOWW3U5XzQgiL2KJ0jNyhmeLrC3ZmynM:4kV3pB+VLOlYQgiiKJ4NyhmwrCpBnM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331384", "to_ids": false, "type": "size-in-bytes", "uuid": "593ab3b9-dbf4-4c82-88c7-01c63248bab3", "value": "217088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331384", "to_ids": true, "type": "vhash", "uuid": "6ece3560-2be5-4752-ac35-dcc808b1e5ea", "value": "025046655d155018z46!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331384", "to_ids": true, "type": "filename", "uuid": "ded2a5b2-df76-4dca-8bf3-73a6ab1920e2", "value": "Synapse X.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331384", "to_ids": false, "type": "text", "uuid": "00f810d9-45f8-4311-bc65-02c226a6faae", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.GMF!MTB\nVT Total Detection:53/72\nFirst Submission:2023-09-22T13:28:55.000000+00:00\nLast Submission:2023-09-23T20:28:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332367", "uuid": "bcb938bb-a453-4188-b278-b14f5b8e9c2c", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332367", "to_ids": true, "type": "md5", "uuid": "1d726958-67bb-4ee9-b520-bd4d12316faf", "value": "b24659a8fdb459ed3a045d2accce0772", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331406", "to_ids": true, "type": "sha1", "uuid": "cfaf0e7e-6da8-4097-8673-72b5ba01ea9a", "value": "e09676924a63d1d6734562616a88bc4c28a12435", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331406", "to_ids": true, "type": "sha256", "uuid": "a71476a0-9bb2-47cc-b44e-f2b8b39f5b23", "value": "5148e10952bf2175dc106047ff825afe4e5b8063fb3de816cb72cdaf69049cc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331406", "to_ids": true, "type": "ssdeep", "uuid": "9c5b1540-fa15-48d8-9ae8-374053dbcb0e", "value": "24576:xi0DJXi9Dz+HpXt7A0nygszvbkXJ9sgo0k3CoCQ3:x09Dz+HJltnMoXJ9sgo0k3CoCQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331406", "to_ids": false, "type": "size-in-bytes", "uuid": "7c0041c5-1c30-4dbb-9cf7-2f081078139d", "value": "10485760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331406", "to_ids": true, "type": "vhash", "uuid": "2500d0b5-c46d-4c2c-b206-a0772a549bdc", "value": "0170ee06551d155d6d151az88!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331406", "to_ids": true, "type": "filename", "uuid": "2edc3459-0c32-4461-942f-2cd46a1c1e98", "value": "CrackInstall.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331406", "to_ids": false, "type": "text", "uuid": "79cecbea-e01a-4f8b-ae3b-c0678ea5590d", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/LummaStealer.AARG!MTB\nVT Total Detection:57/74\nFirst Submission:2023-10-02T04:03:08.000000+00:00\nLast Submission:2023-10-02T04:03:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "7257694a-9121-4680-ad1a-f33d1cf9f3c5", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "e558161d-a512-492f-81d2-2fe2d0db6710", "value": "a980bdb5b5e023fe9bb2d879eb2d255b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331448", "to_ids": true, "type": "sha1", "uuid": "9c1ba7f2-9a9a-4793-b300-0633c8628c58", "value": "eea83c8b6819ec7e4b8b10fd51904befb8337263", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331448", "to_ids": true, "type": "sha256", "uuid": "356592c2-d8b3-4091-b45e-5d16c9d4ffd1", "value": "005360f36d6b7bf31717fb5ba88f844bdf5455dfbd9f84894a8c1e53f7f5ef51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331447", "to_ids": true, "type": "ssdeep", "uuid": "c118104e-2f7c-492e-bd5a-bb94bf482043", "value": "3072:dveHSwh+d9yWklYTRobHJeIiSs9k6Mj4f4lJ/NVwzgypopOaQ:QHwDTRAHJJs9ktj7J/fyDa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331447", "to_ids": false, "type": "size-in-bytes", "uuid": "ab32c8dc-5618-4fb6-bb9b-d2f219e8f206", "value": "11534336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331447", "to_ids": true, "type": "vhash", "uuid": "060e9cdb-dd54-43fb-9229-091367a8b5c8", "value": "01706666155d15526az45!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331447", "to_ids": true, "type": "filename", "uuid": "8ce16aed-a5b2-409b-96bb-6f063ed790fe", "value": "005360f36d6b7bf31717fb5ba88f844bdf5455dfbd9f84894a8c1e53f7f5ef51.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 01/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331447", "to_ids": false, "type": "text", "uuid": "ac86801f-a2d2-4d0f-991e-2569c5810603", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/RedLine.RDDI!MTB\nVT Total Detection:55/72\nFirst Submission:2023-09-24T17:42:39.000000+00:00\nLast Submission:2023-09-30T15:24:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332370", "uuid": "337e6857-c2de-4290-9a65-9127e6141892", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332370", "to_ids": true, "type": "md5", "uuid": "f82062c2-926e-4695-b9c8-0acf8e6c91fb", "value": "882268f91ed47c6cedd6ad3495e74098", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331469", "to_ids": true, "type": "sha1", "uuid": "8f9e6cf1-680d-4b13-8261-5e443750bd60", "value": "cd4a2a704e87682d9b3088dc6ec43c6e6b0811ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331469", "to_ids": true, "type": "sha256", "uuid": "dd6b234a-e037-41b2-b0f6-6a1a86100853", "value": "55f8954fe0d809261a54ee760e99b4fe7d39bf4bed1007d925f329bc0c382034", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331469", "to_ids": true, "type": "ssdeep", "uuid": "b532a1be-1210-467d-a286-635ef192a8e9", "value": "3072:wSyywh+vXyUAFzCKmomZPsOwLm1ePgeda/Mf5715J:ry7+KxyeLm1pScMf5B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331469", "to_ids": false, "type": "size-in-bytes", "uuid": "b59a51ab-33fd-4f1f-999c-5a16886372cc", "value": "225561" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331469", "to_ids": true, "type": "vhash", "uuid": "f2684dfb-b0e5-46bf-800c-7740debdcdc2", "value": "02506666155d15526az45!z" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 20/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331469", "to_ids": false, "type": "text", "uuid": "67771687-2953-4c32-a06d-6933f272c03b", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/RedLine.RDDI!MTB\nVT Total Detection:58/74\nFirst Submission:2023-11-22T05:04:53.000000+00:00\nLast Submission:2024-06-19T03:01:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "811aae04-15f2-42dd-b289-91ba4cfae7b2", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "f9ac0976-4968-44d2-b83c-da1a378e8d11", "value": "db271fe34507c6229439100abf5458f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331490", "to_ids": true, "type": "sha1", "uuid": "8c8e99ad-ac17-4608-bd1f-6f149f908b3a", "value": "4f91ae85bfcae380a52e166041079fb10087dc79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331490", "to_ids": true, "type": "sha256", "uuid": "402ad4ed-f4e9-486c-b925-8ac71a20de56", "value": "fc43e409ca887fe8f98079100e54a442b7ab01a2743d7e195ba2c8358a1152df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331490", "to_ids": true, "type": "ssdeep", "uuid": "4703a2c5-145b-4d09-90f5-3218ff14a78d", "value": "24576:f8vuU6B2xlhtLiLdP2sN6a9Dhvhhn+edqjz:mxlhtLM2w6a3v/n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331490", "to_ids": false, "type": "size-in-bytes", "uuid": "c6365f2e-82ec-4a0a-9a8c-d1c46d269270", "value": "1845760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331490", "to_ids": true, "type": "vhash", "uuid": "456dea27-0a67-43a2-b3f3-900d3138a96a", "value": "016076551d555d15155018z8a7z2dz1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331490", "to_ids": true, "type": "filename", "uuid": "eaf4d5f1-23a8-4477-b982-33ee845c569b", "value": "unknown" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331490", "to_ids": false, "type": "text", "uuid": "3e2e6a4b-40b5-4dd2-8f11-e887dd38a921", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mokes.AARM!MTB\nVT Total Detection:59/72\nFirst Submission:2023-10-05T07:45:36.000000+00:00\nLast Submission:2023-10-07T04:13:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332372", "uuid": "31252c84-fc91-4b63-ad26-845f4888660c", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332372", "to_ids": true, "type": "md5", "uuid": "96ca8775-bf20-40ec-b0cc-513169016b7b", "value": "f658ef56ff9de13e40ab077774d8cf1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331511", "to_ids": true, "type": "sha1", "uuid": "cca82dc5-787d-4a42-b36e-a3de280f2747", "value": "b7582ca82d20499de6493261d6dbc2adb7edd4a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331511", "to_ids": true, "type": "sha256", "uuid": "e8a74483-4120-4e61-9bf7-e3ea5e3b6720", "value": "ead844553b8ff0358294b31f40c171f884f981017490a00d7df045cd627e54cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331511", "to_ids": true, "type": "ssdeep", "uuid": "badaa833-b2d3-46bb-9ba3-7a47194a0cff", "value": "3072:MgiI3oSxa5+yGbI2jaLVaZBCkry7Mg10OC92juuarBBKK//xnT:jb3pxacGWBxryH10OpjuukKKH1T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331511", "to_ids": false, "type": "size-in-bytes", "uuid": "668cb07a-ada0-4784-9ff5-cec5f8ae32f0", "value": "235520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331511", "to_ids": true, "type": "vhash", "uuid": "524feaec-9f2e-44b7-b903-bc47b4cdcfbf", "value": "02505666155d155az45!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331511", "to_ids": true, "type": "filename", "uuid": "e5916cad-eae8-4115-a569-1eaa6782e17c", "value": "slove_cheat.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 23/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331511", "to_ids": false, "type": "text", "uuid": "6f5407f8-33ba-4ccf-a932-d9b4fd7c85c1", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/PovStealer.AD!MTB\nVT Total Detection:51/72\nFirst Submission:2023-10-08T18:10:03.000000+00:00\nLast Submission:2023-10-17T12:08:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332373", "uuid": "1d1c7250-f17d-4e95-88ea-0214baa99d9d", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332373", "to_ids": true, "type": "md5", "uuid": "3d21b8b9-789b-4cf3-95ac-5b7e40ef6c54", "value": "4ac26adc3c8ff2775f1efa7ee2c54353", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331553", "to_ids": true, "type": "sha1", "uuid": "6b07d65c-e634-4d75-942e-972bb14d68e3", "value": "0b7d7512ab9bfd0d4124fe42d9d0376e99eb557e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331553", "to_ids": true, "type": "sha256", "uuid": "42d3e9ac-ae36-4c74-8fd8-6d6f32a74e3d", "value": "ffadffdb70628e31d82c7f79dbb60ee917f09d47c085a19e1ac6e6e1e35f65d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331553", "to_ids": true, "type": "ssdeep", "uuid": "a8ee754c-d93c-4b78-b6fd-6fa9f10f84ec", "value": "3072:g9ROYF0Msl9/jy4wAb8WrXjGYF6uPme+OfN2QAW78mj:gel9x1bJrTV6uPme+OfF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331553", "to_ids": false, "type": "size-in-bytes", "uuid": "2fd8bd53-1587-4624-a0e0-4a0b98fea23f", "value": "14680064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331553", "to_ids": true, "type": "vhash", "uuid": "d54bce49-333c-466b-a7c4-5a649186b5d6", "value": "017056655d1d1553z24z45!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331553", "to_ids": true, "type": "filename", "uuid": "fc8b88bd-16aa-477c-9390-cf2a38c401f4", "value": "Mashed conga" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 04/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331553", "to_ids": false, "type": "text", "uuid": "540bba24-fff1-4b4a-b673-84f2b2b0e0a0", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.MBJA!MTB\nVT Total Detection:51/72\nFirst Submission:2023-09-28T22:59:50.000000+00:00\nLast Submission:2023-09-30T21:23:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "f7d627e4-1d11-49c5-8eef-01f753590d8e", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "5d10fadd-6fca-45d9-97ee-737a0c9d5361", "value": "da60db8b44c8933a44e0e688a273603a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331595", "to_ids": true, "type": "sha1", "uuid": "673a4395-a1b2-433c-a28d-4ec97958f339", "value": "d5c615507302dde38ffc44aa514a6423a0237fa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331595", "to_ids": true, "type": "sha256", "uuid": "7e07634d-d066-4482-a9de-19ad1e445bc0", "value": "495d6698ee5c9a61d68bfd5328fa2e0979ff0ae04d1a2655e5d580e73fe6b998", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331595", "to_ids": true, "type": "ssdeep", "uuid": "9e1c8160-5364-4f72-b9e2-789fb0c6abae", "value": "12288:LukfHndm1oqcZs90yimqRj1V+ekv8Qo90wZzpYrGXHKLKPvujwCFWFmEBG3Prt4J:ddm1tcZs90yimuuek5rGXHdEF6A3yJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331595", "to_ids": false, "type": "size-in-bytes", "uuid": "e4e6a69a-6559-490d-947d-14c120d0ede0", "value": "976896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331595", "to_ids": true, "type": "vhash", "uuid": "bb43ae52-8007-453f-aa8b-358af5d2475c", "value": "09509e06551d155d65151az83!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331595", "to_ids": true, "type": "filename", "uuid": "ad517683-7929-4a5e-9d46-914d0e521c9b", "value": "495d6698ee5c9a61d68bfd5328fa2e0979ff0ae04d1a2655e5d580e73fe6b998.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 27/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331595", "to_ids": false, "type": "text", "uuid": "56fdd3f8-d9d8-4c93-b57b-b0fbd35b5835", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Phoenix.RPY!MTB\nVT Total Detection:56/72\nFirst Submission:2023-10-10T14:29:48.000000+00:00\nLast Submission:2023-10-16T13:55:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "c4f8d635-3757-4d3d-bbe2-f91cfa4b9fd6", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "b1b04c99-ab72-4e45-8a5b-79771ced982f", "value": "2f5a9fe38d66759435144779d31d475b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331616", "to_ids": true, "type": "sha1", "uuid": "839aabd4-6eee-44e6-8ad9-74a64559415c", "value": "224d09a9bc9c17350fbe8aa9c8c3f90f44338f32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331616", "to_ids": true, "type": "sha256", "uuid": "f0e121c6-db1a-477a-b8ad-c7c2a5f5137d", "value": "2318f5ddf39a7576e33513557c3af1498e841cef7b36acc53e80ddd700ac0d62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331616", "to_ids": true, "type": "ssdeep", "uuid": "bd2d1207-6adf-41a3-8844-e5d6d5cd3375", "value": "24576:UbkDJXy9Dz+HJv1jIUnygszPbE3MqFnp3o:UP9Dz+Hhl1nMI3MqFnp4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331616", "to_ids": false, "type": "size-in-bytes", "uuid": "27745c2d-12a0-4c2a-a68d-d642a996c2d6", "value": "1450912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331616", "to_ids": true, "type": "vhash", "uuid": "d6caf05f-45e0-4ae0-b2f5-33c922e695d9", "value": "0160ee06551d155d5d151az88!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331616", "to_ids": true, "type": "filename", "uuid": "a9dfacdb-96e6-42b3-8bb8-622827536a9d", "value": "2318f5ddf39a7576e33513557c3af1498e841cef7b36acc53e80ddd700ac0d62.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331616", "to_ids": false, "type": "text", "uuid": "f2d88306-45b6-42e7-8290-951e5d2f37ec", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/LummaStealer.AARG!MTB\nVT Total Detection:48/72\nFirst Submission:2023-10-01T11:37:58.000000+00:00\nLast Submission:2023-10-02T10:09:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "79599317-740c-4742-b46e-a22d3864d3bb", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "0a5f0b97-21c9-4ee5-b642-90d74b8c3a6c", "value": "3d6fec406c5ce7188d864a2a4607ee1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331637", "to_ids": true, "type": "sha1", "uuid": "aaf3c1c2-985d-4150-87f1-93ec38f7d9d6", "value": "8b5a047718bc29b8272471ada6852c19db8c666d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331638", "to_ids": true, "type": "sha256", "uuid": "37a137cf-6614-4475-ac5c-881f252c9f68", "value": "7eca655f69b3b43c4f228dbd149b73247166872ba92691f7fb00f7f35bb89e41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331637", "to_ids": true, "type": "ssdeep", "uuid": "c2ec0c18-ced7-4b5e-a000-eee69d1b2fbd", "value": "3072:b7OGhgnXiB3y2ximjjvi0iiA0oa7wZkJzKu2d2X6iJT8Tija:TtBH/RiiA0odZkJzp2dmtJ8T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331637", "to_ids": false, "type": "size-in-bytes", "uuid": "9cdc5654-36ea-4767-9e9b-56a4d522c813", "value": "196608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331637", "to_ids": true, "type": "vhash", "uuid": "e385cf98-ebca-4c71-a89e-5b8d3cba6937", "value": "01505666155d1557z10044!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331637", "to_ids": true, "type": "filename", "uuid": "f5194f0d-0da5-4f0f-9123-8ea220363f0d", "value": "NEAS.7eca655f69b3b43c4f228dbd149b73247166872ba92691f7fb00f7f35bb89e41exe.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331637", "to_ids": false, "type": "text", "uuid": "ab75cbc0-bbb9-4822-890c-b624d602a5df", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/PovStealer!pz\nVT Total Detection:57/72\nFirst Submission:2023-10-06T13:38:38.000000+00:00\nLast Submission:2023-10-07T12:37:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "2048a599-2dff-464b-9024-42241a7140d8", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "808d6402-823c-4caf-bbff-2858788d08ab", "value": "e939e476e256994e9a43324f9effb391", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331659", "to_ids": true, "type": "sha1", "uuid": "c8d6beaf-5cf7-48f4-8826-ac76e943ade2", "value": "2e745a72f9afd550b6e517d8d7561696a61649b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331659", "to_ids": true, "type": "sha256", "uuid": "4c61b559-17df-4fd3-92b4-14a359739816", "value": "5cabcd95b415dc8eb0dec906a09595f1392423388f22faab3eeb2cea17a77050", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331658", "to_ids": true, "type": "ssdeep", "uuid": "dbbb96d3-fc76-44c3-8b28-c2c3e798113b", "value": "6144:Ema4Rd6TwUHn9li+ZEXLyaN80AOel8rtnsc3Xe8I9njGzEB08n5:daGd6MUHadsurRsmO8I9nRB0q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331658", "to_ids": false, "type": "size-in-bytes", "uuid": "412f775f-cd3c-4677-9af8-83fec9ad4556", "value": "370952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331658", "to_ids": true, "type": "vhash", "uuid": "c7d5032e-f1f6-42f3-825b-28d24d70ac5f", "value": "035056655d55556az4c?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331658", "to_ids": true, "type": "filename", "uuid": "6261f86e-80dc-48b8-9f52-c7e3ea6e1992", "value": "5cabcd95b415dc8eb0dec906a09595f1392423388f22faab3eeb2cea17a77050.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 28/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331658", "to_ids": false, "type": "text", "uuid": "60b41117-cb1a-4469-8ccc-d47c8db78e25", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/RedLine.RDDP!MTB\nVT Total Detection:59/72\nFirst Submission:2023-10-11T09:55:41.000000+00:00\nLast Submission:2023-10-15T16:16:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332381", "uuid": "a572a8a4-6ca3-4c18-a6e9-034e06b27f74", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332381", "to_ids": true, "type": "md5", "uuid": "71ea8cf6-314e-402b-a7c0-dfe0f6d37e0f", "value": "b9d47127e97681023fb770efdb8a6d24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331680", "to_ids": true, "type": "sha1", "uuid": "02fc856c-e2b0-4545-9854-5b7a90a61d79", "value": "98c900b246ddd047d3aae85b9bfda3cc1f69ec8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331680", "to_ids": true, "type": "sha256", "uuid": "c1ff8048-65c5-411a-925a-6bc2590f6f0a", "value": "05a5688e8ebe4ebc9f8d619d75e3daf863dc64ae17767fb573affefb1f954b20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331679", "to_ids": true, "type": "ssdeep", "uuid": "beee2ce1-397e-4df0-ae19-dcbb410f0db8", "value": "12288:dExCUGYrf3E1zPXkbap6HFDWIdu2qMm2pKVC5H1Ja:d9Zkbi6pWMm20V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331679", "to_ids": false, "type": "size-in-bytes", "uuid": "ba87b2b9-8297-42dc-a5de-8692181c4bbf", "value": "656384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331679", "to_ids": true, "type": "vhash", "uuid": "533aa7e6-e306-455d-b15c-bec888ca285d", "value": "065086551d155d6515155az7f!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331679", "to_ids": true, "type": "filename", "uuid": "944aa2dc-2772-461e-a54e-29aca28dfc1e", "value": "feadlite.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 18/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331679", "to_ids": false, "type": "text", "uuid": "098f6a18-4494-4a7d-a69b-9b8728918758", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Phoenix!ic\nVT Total Detection:60/74\nFirst Submission:2023-07-19T13:27:11.000000+00:00\nLast Submission:2024-08-04T12:38:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332382", "uuid": "59593e2d-31fe-4b56-b077-0bc7d42b666b", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332382", "to_ids": true, "type": "md5", "uuid": "1c618e0a-6d5a-489d-a476-27b1dc37296f", "value": "d928b84006e3275621d8eda003616699", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331701", "to_ids": true, "type": "sha1", "uuid": "836e78cb-96d5-42ea-8830-25f194503d85", "value": "2b62247645e76e50112b4ecd44b259dd96025a03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331701", "to_ids": true, "type": "sha256", "uuid": "c88e8ed2-ea7a-4001-aa97-e9cd43d0a366", "value": "47594d5a62a262612f42ac7773670d5044523a00604cb40909b036f7dc5eb113", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331701", "to_ids": true, "type": "ssdeep", "uuid": "f08696de-2093-4476-8f55-117c46be49e2", "value": "3072:8fQCJE6aqgEXy0e0wErB3+AK+2TmU/wOcD1OPKTG4/jKH9:89E6aqguxghHcDEaF/j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331701", "to_ids": false, "type": "size-in-bytes", "uuid": "b3160e3d-2d11-4dc2-bf73-301d309b9177", "value": "206848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331701", "to_ids": true, "type": "vhash", "uuid": "ef4c5008-d4dd-44c3-8681-8179445e8182", "value": "025046655d155015z40046!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331701", "to_ids": true, "type": "filename", "uuid": "5786136a-a5d4-4457-9ad3-97e0ff77058e", "value": "Integer arcu odio" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 30/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331701", "to_ids": false, "type": "text", "uuid": "b352a8ca-8216-4575-88bc-e18bb07211f7", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/RedLine.MB!MTB\nVT Total Detection:52/72\nFirst Submission:2023-08-30T09:01:12.000000+00:00\nLast Submission:2023-11-17T17:34:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332383", "uuid": "625c753c-c6ed-4414-aac6-00de04eaccea", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332383", "to_ids": true, "type": "md5", "uuid": "7e3ed5a0-de1b-4ae0-bf6e-29b5abddd6af", "value": "4ee7c9b2351ce6c7648a95a922a09d19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331764", "to_ids": true, "type": "sha1", "uuid": "225ed81d-30b1-4718-a08e-9a1f935a3061", "value": "29408f8df87dfc127059ddabaae7491de4e32376", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331764", "to_ids": true, "type": "sha256", "uuid": "410b3ced-0f34-4313-be27-e3e270d484f6", "value": "880eba3081bc594b5ff380f24d58f2fc23eecd8fdc6a1c5e72790cd17c43a5e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331763", "to_ids": true, "type": "ssdeep", "uuid": "dbba3970-83f9-426f-881b-16b5e9ca255c", "value": "3072:SPMEIDNUQazyqWqk2R4FZwM12XICE8SUooNNL4YueVJkX3XScy7jh/DzJHNLx:PNUQ2WH3eYC0Ek3CPfVN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331763", "to_ids": false, "type": "size-in-bytes", "uuid": "a7ce6bd1-7134-48d1-aa13-e93a1297425f", "value": "10485760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331763", "to_ids": true, "type": "vhash", "uuid": "0aee6cab-a629-4456-b380-9366c3e8ef2a", "value": "017056655d1d156az46!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331763", "to_ids": true, "type": "filename", "uuid": "25d122ef-fd21-452b-8f30-74b2c5eaa990", "value": "Mandatory photoelectrically" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331763", "to_ids": false, "type": "text", "uuid": "2339ab66-6545-4fc4-9fb2-77d4a4e08052", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.GNB!MTB\nVT Total Detection:56/72\nFirst Submission:2023-09-16T09:19:55.000000+00:00\nLast Submission:2023-12-17T21:18:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "75aa3d37-31c7-4afe-9923-da593fc15c41", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "61898e1d-6ab4-49a2-8dbb-6519b115e5f9", "value": "a3f20325a54ae1042cbbeac6dff7b600", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331785", "to_ids": true, "type": "sha1", "uuid": "1f0a6f9d-f7ae-4bc6-aefc-c2f9d27970f2", "value": "ec6a7d10677bc3a35802ad6afbfe98d5dee3737a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331785", "to_ids": true, "type": "sha256", "uuid": "50864815-d116-4050-9d89-20ecc2f536f6", "value": "c4b216b616c005c7ae84dfbdc5f2a99172825e1ee362555ddad8ed29f23313d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331785", "to_ids": true, "type": "ssdeep", "uuid": "902e9640-0aa7-469e-9276-3324042152aa", "value": "3072:s3Kk9DvFoys1+VHMiV2/F/qX7yEOWW3UNXzQgiL2KJ0jNyhmeLr6PZmynM:s3/E1+VLOlsQgiiKJ4Nyhmwr6hBnM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331785", "to_ids": false, "type": "size-in-bytes", "uuid": "ecd59c22-b671-4bd1-a12e-4f17774b2888", "value": "217088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331785", "to_ids": true, "type": "vhash", "uuid": "ad3dc0c5-6823-4fcb-b385-e03264edea5e", "value": "025046655d155018z46!z" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331785", "to_ids": false, "type": "text", "uuid": "23962b0e-f12f-49df-a0c6-21ecb2b75e1f", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.GMF!MTB\nVT Total Detection:56/72\nFirst Submission:2023-09-19T16:12:24.000000+00:00\nLast Submission:2023-09-20T04:04:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "a507e329-11f0-463c-ae87-791e37888b51", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "1aaa0fb9-1d9e-41ed-9313-5a221071a8f8", "value": "7c6d12dcd138418691419f9783f8d3bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331869", "to_ids": true, "type": "sha1", "uuid": "21af8b13-23b2-45f2-a4c1-15e192a21ba1", "value": "c707b19f4cba1221a1805f1b64c7a088adb862fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331869", "to_ids": true, "type": "sha256", "uuid": "2fefa816-02d7-41f6-a2f0-d8151ac9ebb0", "value": "d52795d63ad44b0820ec52756b38b8f94c6d73f607200d7f2cf255f0c7e0dde2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331868", "to_ids": true, "type": "ssdeep", "uuid": "e3855cff-5e19-4560-a0ca-c6cfc18f63c8", "value": "6144:I5tRVoHUWbkvb6ZzlU9o2gLBiiAOe20LRhX+w4WfPS3sCJTty:I80WYvbgBlXczLRhXZMsCJTty" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331868", "to_ids": false, "type": "size-in-bytes", "uuid": "300e4351-1ed3-48dc-8ed9-a62c9730391e", "value": "361472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331868", "to_ids": true, "type": "vhash", "uuid": "540754c0-6c58-4618-b657-904b638563f9", "value": "035056655d1d556az4c?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331868", "to_ids": true, "type": "filename", "uuid": "a4fcb489-4ae2-4e55-84a7-2f35e4b23883", "value": "@facebyk_packlab.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 27/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331868", "to_ids": false, "type": "text", "uuid": "53c85cb2-5d1a-4a34-b4b2-81c7367f1215", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Jaik.MBIQ!MTB\nVT Total Detection:59/72\nFirst Submission:2023-09-11T05:23:14.000000+00:00\nLast Submission:2023-09-12T13:35:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332387", "uuid": "87af77e6-a014-41e7-a9fe-0d1a653d8eea", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332387", "to_ids": true, "type": "md5", "uuid": "515c1037-2412-4da4-92fe-9de61b393a93", "value": "42a617525cad4e3aebe3b3f58efd40c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331890", "to_ids": true, "type": "sha1", "uuid": "273f1de6-db47-43d3-a9b3-6fdc9b7b56cc", "value": "2c920abae30886105837b895399a77faa662ca76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331890", "to_ids": true, "type": "sha256", "uuid": "950a3f29-7bd4-49ef-8416-3374d5d26924", "value": "fa1cf73d7e3412591bc870cb0fb404a51dd48e93ffe708a7262158eeccd78c30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331889", "to_ids": true, "type": "ssdeep", "uuid": "f9f54358-604b-455b-877b-d749e71446e1", "value": "12288:P1kIRgk+9961lddmfRNLHrVuuvD6ornQvjSt1ybtjMQoaQADuNS9aS+mXNR:qIek+9c1lddmrD8uh1ybtgQuAy3mdR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331889", "to_ids": false, "type": "size-in-bytes", "uuid": "cd6b3713-d59f-4abc-99b8-024c5c8c781e", "value": "1448448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331889", "to_ids": true, "type": "vhash", "uuid": "b0bdfbf1-27ab-4471-9217-eeac2d240c0e", "value": "016096551d555d1515156az8anz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331889", "to_ids": true, "type": "filename", "uuid": "22a78a40-d193-4742-8387-62f68aff436a", "value": "@sgfsdfdgfh_alice.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331889", "to_ids": false, "type": "text", "uuid": "6ef4b364-a1a7-455a-afc0-85603b0e5c2f", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Zusy.SPDT!MTB\nVT Total Detection:56/72\nFirst Submission:2023-09-09T17:24:14.000000+00:00\nLast Submission:2023-09-09T17:24:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332388", "uuid": "89b0f342-96c1-4fd4-8d9c-150d189876c2", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332388", "to_ids": true, "type": "md5", "uuid": "e47f4951-0b53-4e45-928b-25fb60bf7378", "value": "75d78dec6b89d63ff10ded8766720ec5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331932", "to_ids": true, "type": "sha1", "uuid": "075315d5-ad53-4ba1-872d-f9a6c5c7b85a", "value": "92632c52de1a1382f06bcec3fbe337f875f065fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331932", "to_ids": true, "type": "sha256", "uuid": "5d090107-2b04-4dde-8c3d-728d98125c52", "value": "2655be15b467c7da072a193e613cc1debf169bcf7df87193964d4fcdc471bac1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331931", "to_ids": true, "type": "ssdeep", "uuid": "52c5a996-9c0d-4d6a-b72e-a446d256cfc2", "value": "49152:B9JEuuGhh+6nk9Ng222222Hh22222222x:B9JEuI/g222222Hh22222222" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331931", "to_ids": false, "type": "size-in-bytes", "uuid": "1a11c203-c1e2-4bbe-b309-4fcee9ede199", "value": "10485760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331931", "to_ids": true, "type": "vhash", "uuid": "5220e4b1-6a31-4f71-9a4e-140d8837f6cf", "value": "017086551d655d1515156az8bnz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331931", "to_ids": true, "type": "filename", "uuid": "46e254b8-0fd6-434b-a219-c91175d6fbca", "value": "Config.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331931", "to_ids": false, "type": "text", "uuid": "de2208e5-5688-4fd1-8622-87ecd0b0b872", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.A!MTB\nVT Total Detection:57/72\nFirst Submission:2023-09-08T13:21:43.000000+00:00\nLast Submission:2023-09-09T06:31:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332389", "uuid": "bd8632ad-d687-4e94-8508-743d1ccf46d2", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332389", "to_ids": true, "type": "md5", "uuid": "29126f2c-3e64-4d33-8a85-6aeee6316964", "value": "3d4fbecb84f481942537e3d527246571", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331953", "to_ids": true, "type": "sha1", "uuid": "d4ba1461-261c-404a-b062-6bcd74fdd444", "value": "ac96d16dc2f1ba1fa5985426e5af0058bcb64239", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331953", "to_ids": true, "type": "sha256", "uuid": "8b4f92c5-ad8a-4f12-a484-7777963388a0", "value": "54c318cdd02565483cf68a03032c4c6afa724d437a64fa2ed310ffee7b3fc12b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331952", "to_ids": true, "type": "ssdeep", "uuid": "2d847eef-f8c6-4ece-9f01-6473210ea365", "value": "6144:wS8vMTJW4vq0RsmGxFQbU08UcRAOt69zP+yx3iG5UxUQA+1vo09:wS8vx4vq0R9GcgedP+K3iTPa09" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331952", "to_ids": false, "type": "size-in-bytes", "uuid": "67ed7f8c-bc3a-4291-86ef-612ad7dc7928", "value": "348512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331952", "to_ids": true, "type": "vhash", "uuid": "aa6e19d0-c69b-4a1f-bdd5-b12d6caf69be", "value": "035046655d556035z3005oz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331952", "to_ids": true, "type": "filename", "uuid": "7a6f42c0-b094-44fe-a760-493d0b3534fd", "value": "AOI_dox_tool.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 04/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331952", "to_ids": false, "type": "text", "uuid": "e4637e10-82c4-4c02-9601-197dcbb37b83", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RedLine.EM!MTB\nVT Total Detection:53/72\nFirst Submission:2023-09-02T12:49:49.000000+00:00\nLast Submission:2023-09-02T16:23:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "1cb860ee-4a15-418a-b46c-ef397386985a", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "c77eaee1-459f-4903-b100-d2af2a664593", "value": "439707cc204edbb4d613934f560af3b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331974", "to_ids": true, "type": "sha1", "uuid": "a0298c64-aa59-4763-8418-3e3574a7a9fe", "value": "3fe92fb5db7f20498dd254b8f1ec1bb083fc0216", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331974", "to_ids": true, "type": "sha256", "uuid": "ee6114fa-7975-40ab-8d96-8c3a0604cb85", "value": "f1317fa1e70ad44256d1282121c8ad5e12faf9a32fc6b743212726d666408967", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331974", "to_ids": true, "type": "ssdeep", "uuid": "b618ff4d-66b8-4246-ad4e-a0a3dee7782f", "value": "3072:c1adNFF/NTC6yPVv6UXqMtM+FKIpZbdRrFEuVRBKm1XQk2ryl3qwZUbo:a6PF1TY6oqKbV7Km1bzU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331974", "to_ids": false, "type": "size-in-bytes", "uuid": "969a7f12-e7b9-40b7-92a9-829e42f8691f", "value": "226304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331974", "to_ids": true, "type": "vhash", "uuid": "e77c82a2-5678-4402-867b-5bf04dd6d1f7", "value": "025046655d155018z45!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331974", "to_ids": true, "type": "filename", "uuid": "c19b96c7-cd2c-42d8-a6aa-89ce6948be5c", "value": "sit down" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 04/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331974", "to_ids": false, "type": "text", "uuid": "44e063d5-754e-481a-b4d7-41cae263575f", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.CBEA!MTB\nVT Total Detection:59/73\nFirst Submission:2023-09-07T12:17:58.000000+00:00\nLast Submission:2023-09-08T05:10:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332391", "uuid": "fdab4eb5-db96-480f-91b2-ac437d702928", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332391", "to_ids": true, "type": "md5", "uuid": "3cccadf5-179d-485d-b16a-6654ccf15dd7", "value": "6abd607b239deffaf6cb239cb450a689", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746331995", "to_ids": true, "type": "sha1", "uuid": "349757e0-be00-4028-a70f-28368734d907", "value": "f270dc1b85ee491c39836935a92daa0f536cf5c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746331995", "to_ids": true, "type": "sha256", "uuid": "3f70a6a1-d6ee-40b2-9bcb-7a827d713cc2", "value": "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746331995", "to_ids": true, "type": "ssdeep", "uuid": "878db590-f7df-486a-9bf9-5f5daeabd161", "value": "3072:DFYaM4csg8CR4XyaN+M+DYPKNeoaG5gzxKa2xD6dlvpUVvHaRADYvvvv:hswCR47nCIG5gwDAlvpUVv2A0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746331995", "to_ids": false, "type": "size-in-bytes", "uuid": "d6e37579-8ac1-493b-970d-9be226c3be86", "value": "240640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746331995", "to_ids": true, "type": "vhash", "uuid": "c6d05d5d-36d9-425e-9a41-0006984b7719", "value": "025046655d155015z40045nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746331995", "to_ids": true, "type": "filename", "uuid": "f1d3b2d0-faf6-49ba-ac55-5a09713b57b6", "value": "Teeming" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746331995", "to_ids": false, "type": "text", "uuid": "afd25760-07b2-4c8d-9435-6bd0187f871b", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.GMP!MTB\nVT Total Detection:56/72\nFirst Submission:2023-09-05T11:41:11.000000+00:00\nLast Submission:2023-09-06T07:50:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332392", "uuid": "18298a7f-81b0-4708-b698-5b063a3df766", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332392", "to_ids": true, "type": "md5", "uuid": "593195cf-c654-48a2-944c-818516dfd436", "value": "a81021c8e9013b5280375523e775b7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746332016", "to_ids": true, "type": "sha1", "uuid": "51540a3e-b91a-4035-a11a-8ea02f3a1aaa", "value": "90d9a8e796ef17cd6c4c52ea481cdd03b2a47e09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746332016", "to_ids": true, "type": "sha256", "uuid": "34e788eb-645b-4247-99a3-58fbc708c441", "value": "794d826cfc8c07f1106d0fc00146484dcf67a9659a61693e06ed81e5d769bda7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746332016", "to_ids": true, "type": "ssdeep", "uuid": "14fec6ee-6186-432d-bbad-be86f2c91834", "value": "3072:iPaSHEy7Ec1miclJRPaGj6/0JVuGTgt/+y0pf/S1/fqG11:QdHn3QJby0JsGTUR0pS1aG1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746332016", "to_ids": false, "type": "size-in-bytes", "uuid": "8a12487a-4a1e-4223-9d95-c36f818335e7", "value": "214528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746332016", "to_ids": true, "type": "vhash", "uuid": "7a765f6b-23a1-46df-b24e-395dbf23dfc7", "value": "025046655d155az46!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746332016", "to_ids": true, "type": "filename", "uuid": "1bf17f47-44bc-4497-84f5-6682b0df841e", "value": "Greetings" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 31/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746332016", "to_ids": false, "type": "text", "uuid": "6043dda0-0c02-465e-aa85-208ea81d19ed", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.GMC!MTB\nVT Total Detection:53/72\nFirst Submission:2023-08-22T14:22:59.000000+00:00\nLast Submission:2023-09-28T18:24:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332394", "uuid": "6e6ee041-45df-4335-8e94-14282db4c814", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332394", "to_ids": true, "type": "md5", "uuid": "941b4f9e-57ba-48e1-b728-fb2c3ad38cbc", "value": "f3a7fc92daa621568991f1ed8c723d28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746332037", "to_ids": true, "type": "sha1", "uuid": "9d7558c2-7640-42b0-89b1-635989f65066", "value": "0334d4a6e29eb951b1fcb569664733554cc7fb55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746332038", "to_ids": true, "type": "sha256", "uuid": "ec7ab252-768d-4cf8-ac83-83a4c89e41a0", "value": "3bb81ede1499e15b8869d74372838a6850df04bf623e4abd73876e91673f92af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746332037", "to_ids": true, "type": "ssdeep", "uuid": "5307e390-3829-4e97-a68d-f977a993aaee", "value": "6144:v2ANnvlQ5H/4ziiI1K9yGAOxJBEWrS1KRY5/Bbl:nNnvl6Huc1RGgWrS1KexBbl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746332037", "to_ids": false, "type": "size-in-bytes", "uuid": "4ad5c9c9-3b64-4e2d-af52-82e75bed6bd5", "value": "335712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746332037", "to_ids": true, "type": "vhash", "uuid": "75359430-084d-4770-ac17-522f2af03e78", "value": "035066655d1d5d056az4b!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746332037", "to_ids": true, "type": "filename", "uuid": "ea7fafa3-2823-411e-a463-a2b07cee5586", "value": "midnight.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 17/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746332037", "to_ids": false, "type": "text", "uuid": "d9b8033b-526c-489a-b0b6-1da0fd0218ee", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RedLine.EM!MTB\nVT Total Detection:55/73\nFirst Submission:2023-08-29T15:24:38.000000+00:00\nLast Submission:2023-09-05T13:48:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "c577a277-3539-401a-9733-7fdef3a6b50d", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "56155671-e67b-4e13-aa24-3d03b5d54eff", "value": "a8558d6b6d80af8d991a468bb1b4b2b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746332059", "to_ids": true, "type": "sha1", "uuid": "accf9eb3-8c21-4189-9257-2c1e889872d5", "value": "f9416cb8e7535643f86c5a3540642fe0fb0b09d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746332059", "to_ids": true, "type": "sha256", "uuid": "03b779c4-02e5-4556-9f21-d089c907b9a2", "value": "16fbabbe3842fee9262fd42da0151f81e4375652d59b01f75a1f0dff46cda69f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746332058", "to_ids": true, "type": "ssdeep", "uuid": "80629be7-7838-4187-93dc-7f226a1e461c", "value": "6144:4AFObyV0RWeTKO40HAOWZ4s+H1CCZnvYO6yq2u8erIUfc:VsbyGHTq0kZ3aNZnvYWJuv1fc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746332058", "to_ids": false, "type": "size-in-bytes", "uuid": "eab25e92-42cf-4f32-b394-ddfe1c63073d", "value": "1310720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746332058", "to_ids": true, "type": "vhash", "uuid": "07eb9b09-9167-4922-8fa8-7582169c17a9", "value": "016056655d75641az4chz13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746332058", "to_ids": true, "type": "filename", "uuid": "0c48a8bc-8fdb-4038-bd04-3c0a4e8e06cd", "value": "met.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 03/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746332058", "to_ids": false, "type": "text", "uuid": "188d2bfb-aa06-4b9b-8ff7-31822cdce286", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline!ic\nVT Total Detection:61/72\nFirst Submission:2023-05-28T04:11:54.000000+00:00\nLast Submission:2024-03-23T21:50:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981114", "uuid": "e1dd9ea8-92e6-4afb-ba27-7277bd5a85a1", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981114", "to_ids": true, "type": "md5", "uuid": "5d779276-f00e-42b0-bfc1-cabb38834074", "value": "308717a99b5cd9701497bfd3e2276309", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746332080", "to_ids": true, "type": "sha1", "uuid": "2f3b5b19-1fe7-41cb-a874-0b2af2bb6fb2", "value": "16720188fac4c8625c0bc96036817605b10e4301", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746332080", "to_ids": true, "type": "sha256", "uuid": "8f98f80d-b682-4c01-9460-bbe460371863", "value": "9f8a9a96bcd4b50414604cbd67f282226a2af227972833725e133c60da35ad43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746332079", "to_ids": true, "type": "ssdeep", "uuid": "4e58096b-4e47-460a-a870-4f53897f2754", "value": "12288:VmjymUhUJFXf6rt6x6vbA14LU0gApH0q17ia6r6QHrhbpOYmnVHnuHu6tgJhVsWb:wy4FXfDx6vbA1YhpHL+rhtObhsWXUuW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746332079", "to_ids": false, "type": "size-in-bytes", "uuid": "9cb5e55c-167f-4c43-8054-50998db20d6e", "value": "1655296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746332079", "to_ids": true, "type": "vhash", "uuid": "842b4757-2609-4c8d-9f49-4ab5dca0957a", "value": "0160a6551d655d1515156az88nz2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746332079", "to_ids": true, "type": "filename", "uuid": "9e9c558b-5d4f-4842-9669-9f696f21a7e2", "value": "9f8a9a96bcd4b50414604cbd67f282226a2af227972833725e133c60da35ad43.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746332079", "to_ids": false, "type": "text", "uuid": "a235e054-379e-430a-b856-fff42ab0261d", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Redline.GMH!MTB\nVT Total Detection:60/73\nFirst Submission:2023-08-31T06:15:18.000000+00:00\nLast Submission:2023-09-03T05:56:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332398", "uuid": "170d2394-7590-4c75-8f49-dfdbe39b6a45", "Attribute": [ { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332398", "to_ids": true, "type": "md5", "uuid": "a485f737-dfc4-49ff-8003-410224492f01", "value": "1b29fd740423a23136cad3e874103ac7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746332101", "to_ids": true, "type": "sha1", "uuid": "76fdfefa-3bbe-491d-936b-37bc0fef1db7", "value": "930c4d9566fa0264b5f2f6186db543dddaf6e9bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "REDLINE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746332101", "to_ids": true, "type": "sha256", "uuid": "d079a38e-f036-4c4c-9893-779a0ebdeb95", "value": "1ccd8f49139944de4758cd6491fb568a08be4c06b3f48a01ea82f267b83ed6e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746332101", "to_ids": true, "type": "ssdeep", "uuid": "ea8aad29-2c20-46fa-a9f0-fc190346c9dc", "value": "6144:5GMCv2ANGzuCdvsvgfE9J/1nAAOwFnt2nXAKYR7M2bo9/B:5eOaGzugkK5nXAKYRgko9/B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746332101", "to_ids": false, "type": "size-in-bytes", "uuid": "4720aaaf-2c43-407d-bfa3-b04005ba28c5", "value": "330752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746332101", "to_ids": true, "type": "vhash", "uuid": "3aeeff88-7f26-48dd-8118-28998204a687", "value": "035076655d1d5d055567z5004bnz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746332101", "to_ids": true, "type": "filename", "uuid": "27ec80b3-e7a3-49d2-9358-a63281812479", "value": "Zanax.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 22/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746332101", "to_ids": false, "type": "text", "uuid": "c494f136-ee23-4591-8c97-f6f6feed7197", "value": "REDLINE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RedLine.MD!MTB\nVT Total Detection:61/74\nFirst Submission:2023-08-29T21:49:56.000000+00:00\nLast Submission:2024-06-21T03:00:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746332399", "uuid": "7a487a48-b6b0-4050-8427-5bb5604e635c", "Attribute": [ { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746332399", "to_ids": true, "type": "md5", "uuid": "a455dfa1-1a71-461f-bff0-3e0e78342df8", "value": "b596fb6817fb15ee5b1fd13d755b655b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746332123", "to_ids": true, "type": "sha1", "uuid": "a9a62086-7760-4373-9d61-6a5fad0f1091", "value": "0faba95a63c0391d8c8f570f1acc2e830d05dcfa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "META", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746332123", "to_ids": true, "type": "sha256", "uuid": "43e3b385-595e-4fc1-9c61-77ec0e2410e0", "value": "bd10d9b144c1fb01f8ab436de9dd10019c0201c383ce4d4cdc99fb027a0fd4d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746332122", "to_ids": true, "type": "ssdeep", "uuid": "05e07429-7583-4b22-bd35-daf93244013b", "value": "6144:ZbRmsOm/xvfHaU4+ecAO/NfwTKbxpGrvsYVPttUf17TZHU5WgO1s7fm:JosOm/9j9Nnb6I+ttUVgOi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746332122", "to_ids": false, "type": "size-in-bytes", "uuid": "0fe12071-930f-4c06-8df8-fd98fc3fe564", "value": "358400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746332122", "to_ids": true, "type": "vhash", "uuid": "187f5bc4-cc25-4720-9696-506267ea3327", "value": "035056655d1d556az5e7z2vz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746332122", "to_ids": true, "type": "filename", "uuid": "2f79e60a-5e3c-4f20-9636-8c5a259d65f7", "value": "Black.exe" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 04/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746332122", "to_ids": false, "type": "text", "uuid": "315bf828-3da4-4535-b53a-d51771505e2a", "value": "META\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/RedLine.RDDD!MTB\nVT Total Detection:54/72\nFirst Submission:2023-08-27T02:25:45.000000+00:00\nLast Submission:2023-09-19T18:31:25.000000+00:00" } ] } ] } }