{ "Event": { "analysis": "2", "date": "2018-05-01", "extends_uuid": "", "info": "[Threat Intel] Cobalt: Their Evolution And Joint Operations", "protected": false, "publish_timestamp": "1780039854", "published": true, "threat_level_id": "2", "timestamp": "1772901983", "uuid": "95577f81-7f15-402e-894a-bcb769c839e3", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": "" }, { "colour": "#0fa7af", "local": false, "name": "misp-galaxy:target-information=\"Armenia\"", "relationship_type": "" }, { "colour": "#bd512b", "local": false, "name": "misp-galaxy:target-information=\"Belarus\"", "relationship_type": "" }, { "colour": "#6d455d", "local": false, "name": "misp-galaxy:target-information=\"Bulgaria\"", "relationship_type": "" }, { "colour": "#a3567e", "local": false, "name": "misp-galaxy:target-information=\"Estonia\"", "relationship_type": "" }, { "colour": "#7d6b1a", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": "" }, { "colour": "#41c393", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Moldova\"", "relationship_type": "" }, { "colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": "" }, { "colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": "" }, { "colour": "#9f5dac", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cobalt\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Carbanak\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740397588", "to_ids": false, "type": "link", "uuid": "2790180c-442d-430f-922c-dbb7eaa6c7fc", "value": "https://www.group-ib.com/resources/research-hub/cobalt-evolution/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740397608", "to_ids": false, "type": "link", "uuid": "e10e2275-265b-4546-9ad6-dd2772676c58", "value": "https://go.group-ib.com/report-cobalt-evolution-en" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528617", "to_ids": true, "type": "md5", "uuid": "bf079212-f317-4d24-9165-1ca01f800b1a", "value": "23543750e343c70f6b2d0f1d63893675", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528618", "to_ids": true, "type": "md5", "uuid": "9c90fe82-3fa6-4bd1-be10-e4cd47c02a56", "value": "2d53c67eb0f16024c0843158149e9e5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528620", "to_ids": true, "type": "md5", "uuid": "3e0e065a-002b-43a4-b9ff-827046d92dcf", "value": "35e0449cbe9fbe43e95b920c246828b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528620", "to_ids": true, "type": "md5", "uuid": "fd0f480a-5e88-4d51-aab6-4fc73f362335", "value": "4ad39b50b9716c85a2c9377bf2fb1ca1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528621", "to_ids": true, "type": "md5", "uuid": "2ec006d2-4ab1-4a57-9909-26fc96584525", "value": "5a34aacbbfccd307d0394d0770ab6742", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528622", "to_ids": true, "type": "md5", "uuid": "416dafd4-9d99-478e-a2cc-1fae7cfb5fe9", "value": "5ab6c208607f6f92697015d4f84d6b69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528623", "to_ids": true, "type": "md5", "uuid": "24ae8660-6eab-46c1-a76a-cce414c802ea", "value": "5b9677bebe2b4392cc58f5836fe96a74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528624", "to_ids": true, "type": "md5", "uuid": "382d27cd-4698-415b-b41f-4c3c7d5146a0", "value": "60c61a79cd1b04936bfbab75e9332107", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528625", "to_ids": true, "type": "md5", "uuid": "d2adb0db-3bd9-44e7-8863-ffc0fdcd36da", "value": "670a1312ad4f1ac077d285bbc46e242c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528626", "to_ids": true, "type": "md5", "uuid": "4f03c8c2-17be-4342-9ae7-9feeaa263943", "value": "70e022cc5cd7f867a36d7e4932b637f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528627", "to_ids": true, "type": "md5", "uuid": "eeceebce-910f-41d0-a34f-ffdc71bc2ec0", "value": "731654ed318db772b50fc055a498f472", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528629", "to_ids": true, "type": "md5", "uuid": "60fdbcfa-a765-456f-b2a2-98bca525aca4", "value": "83dee40f12f67634c5da640f6d6f2efb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528630", "to_ids": true, "type": "md5", "uuid": "7b6ab4f5-fdfb-4028-a031-b44835729dae", "value": "9075432f928a166bff386a0598e15618", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528631", "to_ids": true, "type": "md5", "uuid": "45ed21d5-1694-471e-972b-8ba374e9b481", "value": "a57e0d0ec7ae26ffd9c1557be6ae0864", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528632", "to_ids": true, "type": "md5", "uuid": "0550b54c-3c1b-45cf-b0ba-df0c21a3dc47", "value": "ac9ed9c15244888d0635b698d1ed87c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528634", "to_ids": true, "type": "md5", "uuid": "3b0b3bba-ef44-491e-8eb8-0e4ad7c70901", "value": "b1e2d42db32952026df6d5d7cc7ed9e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528635", "to_ids": true, "type": "md5", "uuid": "3999370b-462e-4f98-942e-1af2e5f11e7e", "value": "b4a2799e4e50df6813e5fb1ab7d4b094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528636", "to_ids": true, "type": "md5", "uuid": "96ee84a0-5cb6-4111-b243-21112d1db5f9", "value": "b9a7c0706087a0fecbd9b6f1002a2b96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528637", "to_ids": true, "type": "md5", "uuid": "d55c53c4-b8e4-4b59-94eb-8cdc7cc92323", "value": "c6ac59164b4c637dba6436e2a30144b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528638", "to_ids": true, "type": "md5", "uuid": "64cb47b1-5264-4c27-8701-9551a5c235bc", "value": "c91658349005a2f1c92a20132de38486", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528639", "to_ids": true, "type": "md5", "uuid": "b566b457-9034-4b26-a0e2-d4dbb8753830", "value": "cafab9cc40ad0bd1cbec2164e17c8216", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528640", "to_ids": true, "type": "md5", "uuid": "04d5a77a-aa69-4533-9842-eee1e0090c39", "value": "d152c9df5fe1e5540b003eae557cf320", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528641", "to_ids": true, "type": "md5", "uuid": "18714ab6-6e2f-4877-b455-30594e89ed88", "value": "d529218495f0318b99e60477368bb55e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528642", "to_ids": true, "type": "md5", "uuid": "e7c20a87-3d86-4930-a46c-9fe517010d2c", "value": "db0d8569bc52e259bd327b10d0317174", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528643", "to_ids": true, "type": "md5", "uuid": "81f9b728-0a5b-446d-824b-7ebdde7edb15", "value": "dd8664286d6ec3f6f90a3b80af095479", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528644", "to_ids": true, "type": "md5", "uuid": "8a060887-9a92-41dc-884e-0949e43c575f", "value": "e5fcc477cd5176d4c6655c57b7a0274e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528645", "to_ids": true, "type": "md5", "uuid": "4b65b34c-df9e-4b7d-b800-07c2d8a64186", "value": "eb162cc34efae1cb621cc7157ef36514", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528647", "to_ids": true, "type": "md5", "uuid": "09e42bbb-987b-469a-b737-15ee4d88bca8", "value": "f2b1d948af17f0006985b9eaee48d490", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528648", "to_ids": true, "type": "md5", "uuid": "812a6a67-1d51-470c-b116-1f007d2cecfb", "value": "f5aea645966319c96d4dbcadce2a10e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528649", "to_ids": true, "type": "sha1", "uuid": "6f51ae48-a113-43a3-8814-edc6600e9b3d", "value": "1989fee716dab57aee2d7262309976edcfb4fa85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528650", "to_ids": true, "type": "sha1", "uuid": "29dc0b5f-3358-4828-b999-e6c2761798e9", "value": "1acc9fa452ca967c7339d483fa3c2f07b30f4f1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528651", "to_ids": true, "type": "sha1", "uuid": "81502e04-e75b-4a2f-ad6d-6958df5d6b5c", "value": "4c230bb70b1949067abb8643f2c4e8b015830be9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528652", "to_ids": true, "type": "sha256", "uuid": "af2a96ce-b6fb-4ce6-8c3f-1eb49caa79ad", "value": "106fcdf4d95957a156ae311e3d032b237d97385807949629aedd018429d4d155", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528654", "to_ids": true, "type": "sha256", "uuid": "af352fa5-0088-40eb-ba3d-e16bb2aa1c28", "value": "1a31f9c5271e128b27e0f360041fef4905309318c9a9c21ff0224f2bd9ebea9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528655", "to_ids": true, "type": "sha256", "uuid": "8c2f9137-d81f-4c8c-91dc-20b3a5a694f0", "value": "20711584cec6887d76f20519a73353c13e40a71c816b27ab132d1639c00fbc68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528656", "to_ids": true, "type": "sha256", "uuid": "96aa1dd2-76e3-4683-9f8d-b6d968e954d7", "value": "232b7f918079d393d6f0f0f89018d773f5197bb22bbbda06f0e7594c6b53123c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528657", "to_ids": true, "type": "sha256", "uuid": "7b55ece6-2c0a-463b-86db-b468e13561fc", "value": "2e75d78a47c377c6ab720276ba52f919ffe4bbb88b9b48508851738f0992e816", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528658", "to_ids": true, "type": "sha256", "uuid": "97a6401a-9e29-455f-878e-daa96a97e76a", "value": "363881c87ab0795c20f2f171acac1a5325673a48dd9b391a81d9574e470143e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528659", "to_ids": true, "type": "sha256", "uuid": "31de8cb3-d980-46f5-8f5c-a359a5e1d7b2", "value": "387dcbb30689bd778631249016ea5c0f10c87245d6229d77af1d21e5db1f8018", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528660", "to_ids": true, "type": "sha256", "uuid": "3f51ba19-63cc-4edd-bc37-12c2ee30f076", "value": "405d1f1d3cc198fda1e6d7fbf848efcfa08eb67848c0812bb403d6f3bccfd1de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528662", "to_ids": true, "type": "sha256", "uuid": "155e2e69-7bb7-47ec-903b-eade5c326941", "value": "484c9c1dc40308988371fec737a9eff9d3c4334705c2b8a97e0697324164c199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528663", "to_ids": true, "type": "sha256", "uuid": "3d36a3d5-55a5-458b-a830-36cdab52a11e", "value": "5595a6b04510e99d5b0c357d76b3be0ccc506aaf91f9a08a72e0b92ac6d3d952", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528664", "to_ids": true, "type": "sha256", "uuid": "c2156aae-67ce-4fb3-8ea9-96660eb1bca0", "value": "5f0d7423d889eb9dce5e79e5bb8202aea335f255bd88e4eabf21bff8890bbc90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528665", "to_ids": true, "type": "sha256", "uuid": "e5109410-af75-42c8-bbe4-a7762db1d9d0", "value": "60982ee489398897b0edeb78d1cf69ddb872ba8ab386438d65f78a60a73aff32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528666", "to_ids": true, "type": "sha256", "uuid": "040fb76d-042f-42d7-8f46-9b04b1e5dd88", "value": "71c7cbfc231aab4570970ff833ce8e83511d6b925de29721ca3171381631bef1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528667", "to_ids": true, "type": "sha256", "uuid": "e0d8aacf-f47b-4f19-bafa-f1b1baa105ac", "value": "9b39bb02989367497016fe58fc39b0564a947a8a298b4a58e36fa983944a33c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528668", "to_ids": true, "type": "sha256", "uuid": "cea334f7-561e-49e2-ad0a-4eca0caead5e", "value": "a345d922b87246cfaef749514f9b36d1c8bb152a8afddd26ab2566f9bea071b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528669", "to_ids": true, "type": "sha256", "uuid": "4401b551-ed18-49e0-a6db-668129ad9c44", "value": "b6d0b1030cb71c27f91dc9c645ad2c5aaf81bdf47f8713a5fa5aa0f2f0680f29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528670", "to_ids": true, "type": "sha256", "uuid": "84060257-75e8-400c-9a1c-ce13f19cdafa", "value": "c67de95eaf817dc46acce9a0948fa2ba91222193999f28cbde9f1b477f665e52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528672", "to_ids": true, "type": "sha256", "uuid": "436c4118-58c8-4305-94c5-ebeea31f845b", "value": "d3844ac08424b50c3624718665d387d0c24888685744f8efce217197f597483e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528673", "to_ids": true, "type": "sha256", "uuid": "efe560dd-2fc9-41cb-81be-985815175894", "value": "eac418381ea047601fae9c92412b5df49ed6aac3edd74fb5e2eb6f09a1cc3861", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746528674", "to_ids": true, "type": "sha256", "uuid": "bc2f541c-e03f-4a17-8076-5be8f2c205ac", "value": "fa9758814e0994b972afe305a50b7326193a3d15f603063d0b6728dccfbd8dbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528410", "uuid": "0eb67ff0-97bd-48f0-a739-2167ba578fcf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528410", "to_ids": true, "type": "md5", "uuid": "1e666744-9b1d-46bc-b5f4-e11508370c30", "value": "01a0e6e1ac4ca9ae8a8d314f3812d63a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511034", "to_ids": true, "type": "sha1", "uuid": "6036fb8f-de37-49f9-98ea-0e6b5b08fa4f", "value": "77297280a6774cbc4577d7af6eddff4e201d1adb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511034", "to_ids": true, "type": "sha256", "uuid": "175e16a4-14d8-4439-8e4a-91203d80038f", "value": "a1ac5fd61457a210401c4ffceb0070e69140650217bf331d513c4115298880bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511034", "to_ids": true, "type": "ssdeep", "uuid": "c4b8cf29-2df2-49a4-aeb6-beb0eb4e33a3", "value": "1536:odA/e14EAMBrXZV6Gyr5tJnBddzEWuiG+cV/YY/FOk8OXM:IqA4EPRXZVP2LEfT8KM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511034", "to_ids": false, "type": "size-in-bytes", "uuid": "ef3cbed2-b4de-4b85-b7ae-f8bd2ae3ca7d", "value": "126976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511034", "to_ids": true, "type": "vhash", "uuid": "c623bf5e-59c0-4e07-8c59-dbdd2462016c", "value": "015066551d1d15751bz61clzafz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511034", "to_ids": true, "type": "filename", "uuid": "c8819de4-36a0-48f5-a48e-d096e732a634", "value": "Parse.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511034", "to_ids": false, "type": "text", "uuid": "89ea8c36-3ee1-433b-b970-68e2ddb9826d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:33/69\nFirst Submission:2017-03-24T11:41:23.000000+00:00\nLast Submission:2022-08-25T17:08:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528411", "uuid": "cadd01ec-1be8-40ba-9a09-97cffcde29e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528411", "to_ids": true, "type": "md5", "uuid": "559e6540-43a9-4ecf-bf4c-125ef9c8346d", "value": "02dcb557d377470df02558f5914f2db9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511055", "to_ids": true, "type": "sha1", "uuid": "1b342ce3-826a-4cab-a3b2-45b662be62d9", "value": "21aec4c3a7134eed30951ba9f225a1204bb3e9ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511056", "to_ids": true, "type": "sha256", "uuid": "03131fa9-3e9e-473d-8cd1-15270b2516fa", "value": "bfb711f5e1700eb95a8a87fbe124daa0700414b4100ba5639bb4316b7885a201", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511055", "to_ids": true, "type": "ssdeep", "uuid": "b8c4c55a-319f-414c-abe4-fd2b706c97eb", "value": "6144:goks9p/V6rgJ+5KO2jufJpxWEFDRwsVc6Zw/LiPWe:3d9p9xJiKBjufLwEFF13ZSiPWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511055", "to_ids": false, "type": "size-in-bytes", "uuid": "f0648f26-23a2-455b-bfda-11975c1457ce", "value": "294932" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511055", "to_ids": true, "type": "vhash", "uuid": "c4557a20-8711-48cf-894f-7eedcf7b8c0e", "value": "bf0cda1e8b92bf9c134c0a8291e320e7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511055", "to_ids": true, "type": "filename", "uuid": "924fe369-a8ba-4f4c-9c0c-3c48e8f7b5d8", "value": "__substg1.0_37010102" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 19/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511055", "to_ids": false, "type": "text", "uuid": "bdd1f5c1-ef82-41e6-acf1-ee01a2a06d87", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:2/58\nFirst Submission:2017-06-28T10:47:33.000000+00:00\nLast Submission:2018-04-11T04:52:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528412", "uuid": "862badcb-40fc-47ec-95b8-43ae93db39cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528412", "to_ids": true, "type": "md5", "uuid": "c1601764-8946-47f6-aca4-38355f486af8", "value": "032d63ec4ccfef5648a414bead337b72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511077", "to_ids": true, "type": "sha1", "uuid": "0404618d-4b53-404b-8577-979233ac0243", "value": "bb93f8d22635a03e67c2d712400f83e35cb88119", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511077", "to_ids": true, "type": "sha256", "uuid": "a70d3b4e-4312-47c1-b437-fd71955bffdf", "value": "e70e4aa8d706d855199b56c4fd713969be27a90093fd0a8d86dc4464962b0302", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511076", "to_ids": true, "type": "ssdeep", "uuid": "b6f3ec32-487d-4703-89fb-aaa1af1b6218", "value": "1536:MRFneQzdduzS8T+ZrTmtrt/s/DQpp8IG:MRBeQzdd8S80rTmRJsLQp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511076", "to_ids": false, "type": "size-in-bytes", "uuid": "f25556b8-d841-4984-b28b-5cb39419e940", "value": "64000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511076", "to_ids": true, "type": "vhash", "uuid": "831fc7b3-1a57-4924-89f5-c65e124527b5", "value": "064056555d1c0510b0201006100a46z1f0c5z80500d63z19z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511076", "to_ids": true, "type": "filename", "uuid": "98b5708e-f08e-41f4-bb39-0da0cb7fae51", "value": "Sun.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 11/10/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511076", "to_ids": false, "type": "text", "uuid": "e23bb8fe-793c-447f-a331-c53b4d2cc883", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:52/69\nFirst Submission:2016-12-01T20:15:21.000000+00:00\nLast Submission:2016-12-21T07:21:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528413", "uuid": "da94d217-e46a-4bb9-849c-53d4b5b75f2d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528413", "to_ids": true, "type": "md5", "uuid": "e26572cc-1d91-4fe2-83ec-e8b6ae573c20", "value": "036faf1f7e39e44c0db25b9149b45786", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511098", "to_ids": true, "type": "sha1", "uuid": "316936ff-0895-4956-b43e-0f8905b22918", "value": "827ce493047fd77558a427e8ade6eba663369dc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511098", "to_ids": true, "type": "sha256", "uuid": "8f1b61d0-b67b-4392-9e02-bd773440e808", "value": "a15e7db68d76923f4c7baef74e4ef815719a56681acfaa4e43cf28941e3b8cb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511097", "to_ids": true, "type": "ssdeep", "uuid": "51ea059d-b9b1-448a-9c81-b2dbb646e19d", "value": "1536:u+5Ai0KvE2GA3Qys6voSQg6q0Jic0I1+XcFYJ2e5eIsWYucdfsS1rLvWn:1vfQysEygX/c0I+moz54fsS1rDo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511097", "to_ids": false, "type": "size-in-bytes", "uuid": "83700436-0b33-4e75-85b3-0532ac9ff1c6", "value": "77824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511097", "to_ids": true, "type": "vhash", "uuid": "d1ee1b46-d7b5-4c17-9819-e464efc7eaf5", "value": "074066655d1515556018z44!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511097", "to_ids": true, "type": "filename", "uuid": "26c2c5f2-2a70-4eef-9f7f-80c11765814a", "value": "wr.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511097", "to_ids": false, "type": "text", "uuid": "0e226cff-b955-404a-ae5a-a689c2f0a0a9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:51/72\nFirst Submission:2016-09-15T13:38:30.000000+00:00\nLast Submission:2017-12-20T16:11:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528414", "uuid": "9bc831ea-4d27-4eb2-9563-5542ab8abeb0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528414", "to_ids": true, "type": "md5", "uuid": "e3db03cd-2cac-4403-ab70-376058db6b02", "value": "04267fb0dbd0728a882298e120f70860", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511119", "to_ids": true, "type": "sha1", "uuid": "b1e3a0da-3626-4c65-a177-399fd013371e", "value": "795fb2e0f038bdb5c6ee2dbb598fb94e61742a04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511119", "to_ids": true, "type": "sha256", "uuid": "578df039-0bf9-4c24-aa12-4085aebf1e6c", "value": "82aafacd03c8137753da9474ae507bec524f9ed1828cd340126760ecdc966333", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511119", "to_ids": true, "type": "ssdeep", "uuid": "b37a761b-f38e-48e6-b238-ac4ceb4f2177", "value": "3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e5A/:xgn48XjSVr380A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511119", "to_ids": false, "type": "size-in-bytes", "uuid": "12eed5dd-47f3-41d1-b09c-2c55fed6d9b5", "value": "196608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511119", "to_ids": true, "type": "vhash", "uuid": "7286650a-198b-428d-bb6c-751556a247b5", "value": "115056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511119", "to_ids": true, "type": "filename", "uuid": "cb08dfa6-d047-45f5-ad44-496eaccc90e3", "value": "eOfB" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511119", "to_ids": false, "type": "text", "uuid": "4b310d79-67f6-4eca-ad64-79e17b4b7168", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A\nVT Total Detection:61/74\nFirst Submission:2017-02-28T04:26:59.000000+00:00\nLast Submission:2017-02-28T04:26:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528415", "uuid": "20d2c2f3-0a4a-466a-8d80-ecd91d740298", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528415", "to_ids": true, "type": "md5", "uuid": "260f9ae9-d531-4eeb-9559-49c1a5443aa1", "value": "0c34ae326a8fd68d4a67ea3484b7cf81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511140", "to_ids": true, "type": "sha1", "uuid": "eaa4be8a-3bd5-4254-91c3-b1d38d43aa27", "value": "a6b41c41a5f660e1ab98ccd6312acd70d4703864", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511140", "to_ids": true, "type": "sha256", "uuid": "dfafae08-bb8d-4ec9-9dab-e2d2d1c33338", "value": "2e88ae0ac6f22efe811a47d0eed419435087ebf94f80bf0d030b964af329cd42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511140", "to_ids": true, "type": "ssdeep", "uuid": "d90d9a59-0d36-47c0-be5f-090a7541978b", "value": "3072:H+S02j1TGWPw4NXw4kmEIRxUJ8lUOOq5JamRE:TDjV5Pfg4oIRxK8UUzR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511140", "to_ids": false, "type": "size-in-bytes", "uuid": "b65f8a4f-d1aa-4ef0-b063-ef3d112ac85b", "value": "199680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511140", "to_ids": true, "type": "vhash", "uuid": "d266148f-11ba-425f-8fb5-234407f9b828", "value": "115056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511140", "to_ids": true, "type": "filename", "uuid": "672c460a-bc0a-4733-b510-b47585487744", "value": "GizS" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 25/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511140", "to_ids": false, "type": "text", "uuid": "78ea37db-6467-4e78-902c-1483dc1ec8a0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A!dha\nVT Total Detection:53/68\nFirst Submission:2016-08-10T08:56:36.000000+00:00\nLast Submission:2016-08-10T08:56:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528416", "uuid": "8c5065d8-4b10-4228-83bb-9a74bf12f290", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528416", "to_ids": true, "type": "md5", "uuid": "129aa96c-cfb5-4d35-a7ef-10cc3ed5e550", "value": "0d21832c171e817e947837bbfb67380e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511161", "to_ids": true, "type": "sha1", "uuid": "b847ef81-edc9-43a5-8ca5-15c484c2e132", "value": "9b595ea907ee648236f8013c51327487e53eb9f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511161", "to_ids": true, "type": "sha256", "uuid": "bbfa0206-15ab-483a-944e-aeb2a85b4bcf", "value": "3a882d24bec6d7188fa48121f5142816c4a1e00f118ea6ea4707ef44fce1e93d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511161", "to_ids": true, "type": "ssdeep", "uuid": "e64c73e0-b0ca-4e47-b129-46d4ee7c5f19", "value": "768:lqVNSDFUfpK0rhOMme1NW+VL1DCkXrC4yOZBeMNZNTMQE0MxUeIRJ:P8hObI9L1DCAy4J7wQiUe+J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511161", "to_ids": false, "type": "size-in-bytes", "uuid": "85223bf2-97e0-4bdc-bdf8-449f6be4b2cc", "value": "58899" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511161", "to_ids": true, "type": "vhash", "uuid": "d3ef09c7-596d-4298-ad18-10ccb940476d", "value": "0540766d1c1zd1d701az3c9z35z13z41z4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511161", "to_ids": true, "type": "filename", "uuid": "56ae3839-fca4-4364-ae36-3028477ff59f", "value": "1.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511161", "to_ids": false, "type": "text", "uuid": "85b20675-a99a-4389-a19f-a06a56f62b16", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanSpy:Win32/Banker\nVT Total Detection:52/69\nFirst Submission:2016-07-26T14:10:42.000000+00:00\nLast Submission:2016-07-26T14:10:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528418", "uuid": "3c34cf5b-4c81-49db-bccf-e02dd96dd9f7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528418", "to_ids": true, "type": "md5", "uuid": "b4838930-5574-43ef-ac9a-9c8f9d8439af", "value": "0d753e128c3f5bd088dd3fd7813a74b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511183", "to_ids": true, "type": "sha1", "uuid": "13dea481-9302-4f5e-adc2-671fb0fed0ca", "value": "41d08eee1f061ef8aa852bf5646f651d083dff8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511183", "to_ids": true, "type": "sha256", "uuid": "c2eadace-b66d-4be7-88c7-702f33d44d87", "value": "f7c0c8fabb10ce86d6605c6116ab6d10c1f604a8c28db9a4f5963ea76ec76d75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511182", "to_ids": true, "type": "ssdeep", "uuid": "b5a75910-46e3-479f-a1d6-e628c8816c9e", "value": "768:pg4IVOQLU01QFgKpcQz1e8rckgMhHOe1kAIkX8fzUEkIgJa9o7t:pkIs16pNxe8I3M0akAIkePgJaU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511182", "to_ids": false, "type": "size-in-bytes", "uuid": "c7d2991a-9242-4c06-96a8-4de7e0fe65f9", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511182", "to_ids": true, "type": "vhash", "uuid": "b3e76694-61cd-49bd-a367-cc3b291b4fa2", "value": "064046551d155az2emz45fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511182", "to_ids": true, "type": "filename", "uuid": "b1f04b9b-edf2-45aa-8715-4e88019a62c0", "value": "InfraRecorder.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 11/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511182", "to_ids": false, "type": "text", "uuid": "ae8f360a-2dbd-4db9-8ded-875c1e5e73a2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Zbot.SIBD25!MTB\nVT Total Detection:58/72\nFirst Submission:2016-10-21T12:09:57.000000+00:00\nLast Submission:2016-10-21T12:09:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528419", "uuid": "a30b4bf4-8545-4d4f-a2b4-d2bc494c5a7e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528419", "to_ids": true, "type": "md5", "uuid": "c461e95e-e8d1-481a-9e2c-5884440e37be", "value": "0e7952fb5990c4782a939e2e61615f6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511205", "to_ids": true, "type": "sha1", "uuid": "783c3378-b8b2-4159-bae0-9d9724c5690d", "value": "d2b08e2ae206267569b8d3388e399f2a33e99652", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511205", "to_ids": true, "type": "sha256", "uuid": "7f9d1838-6189-4b82-91e4-03d722ed85a2", "value": "a908e47e1fdea7022ad394f1764684d7954a0ffe88f27d438fbdc4c7926745df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511203", "to_ids": true, "type": "ssdeep", "uuid": "f1dc1876-481d-486b-8335-d60da6034bad", "value": "192:TDtmpXYytEw5bk8xgNAO7UbGvHLMwvbglFG6Gk72oBjLXZsR3UJkFACqh/g2:TDCXYytq579WlFG6F7//oIMACIg2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511203", "to_ids": false, "type": "size-in-bytes", "uuid": "066ccb47-d0ff-4968-a714-aaf8a94c247b", "value": "12563" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511204", "to_ids": true, "type": "vhash", "uuid": "7ed47c56-de22-4732-902e-e09a5715a055", "value": "8ffe2c64b171218a1f5174dae10a3720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511204", "to_ids": true, "type": "filename", "uuid": "0b6b13d5-7078-4f85-bc39-3a6178f665f3", "value": "d.docx" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511204", "to_ids": false, "type": "text", "uuid": "453c8331-8691-428e-b36a-e7999581c7c6", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2017-07-05T08:34:37.000000+00:00\nLast Submission:2018-01-11T01:12:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528420", "uuid": "939a6fa1-a12c-4050-826d-061f23f7f599", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528420", "to_ids": true, "type": "md5", "uuid": "40730ed3-ffa2-4701-8916-9ad980856fa9", "value": "1593ac2ad08666e5bd6294174ea9121d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511227", "to_ids": true, "type": "sha1", "uuid": "9fa1779a-0bd7-40b8-8135-d588fcb6b2db", "value": "b8cc258878c5048140696f1f6c4dab28b6f0d147", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511227", "to_ids": true, "type": "sha256", "uuid": "2e58a1b2-e40a-4978-b8aa-73ef9816dbf5", "value": "56f8483f18a82e7495e2ab5f330c7f3ff9d1d73c2e1e15ae7bfce88c6f7da351", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511226", "to_ids": true, "type": "ssdeep", "uuid": "8b3ec9ad-6b0a-469b-a764-1016b51475fd", "value": "1536:TSsjnZzSaxdttn3sLmzkOfS7akgdKEuLnAh:OsbZzLfvn3AmrfS7akgdKEu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511226", "to_ids": false, "type": "size-in-bytes", "uuid": "ffce7a9d-d479-413f-8581-de05f65a2f07", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511226", "to_ids": true, "type": "vhash", "uuid": "15b4aca3-11da-4565-8268-bca2c9f604e2", "value": "0640365d151bzfnz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511226", "to_ids": true, "type": "filename", "uuid": "c8b52d4f-206d-489c-8248-708d6787721c", "value": "MICROWEB.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511226", "to_ids": false, "type": "text", "uuid": "9e67849a-0a1f-4fa9-94d2-00c1e31044c3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:51/69\nFirst Submission:2017-03-11T19:37:43.000000+00:00\nLast Submission:2017-03-11T19:37:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528421", "uuid": "4913e84d-e1b6-42f2-938d-83e6c534bf44", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528421", "to_ids": true, "type": "md5", "uuid": "88c10159-4fa9-44b5-b929-420e3da18b1b", "value": "16ea8bb383bb33c5df951794b6607456", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511248", "to_ids": true, "type": "sha1", "uuid": "5608bd71-8f7e-44de-afbf-2622e63634c5", "value": "1880c55a9a09655bf7f630fac6aa9a15260c7391", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511248", "to_ids": true, "type": "sha256", "uuid": "9b2624b7-26f3-473b-b671-bbdad4e0d91f", "value": "4e71ec1e4ca7069ad7fc535c8d9b6053befe1184b6e6b55043b4d901e15b0f5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511247", "to_ids": true, "type": "ssdeep", "uuid": "17e96913-68ea-4522-80c5-4cf9ff8d19b9", "value": "3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e5P/:xgn48XjSVr380A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511247", "to_ids": false, "type": "size-in-bytes", "uuid": "f1b13c62-3853-417d-8561-89ba2edfc496", "value": "196608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511247", "to_ids": true, "type": "vhash", "uuid": "973c8cde-9843-4708-9726-bfbe5ad33c23", "value": "115056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511247", "to_ids": true, "type": "filename", "uuid": "16bdfc2d-e843-424c-84ef-924221df39f9", "value": "malware 25_09_2017 (43)" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511247", "to_ids": false, "type": "text", "uuid": "0e9955af-879f-4b4a-a4ff-40eb69e7d734", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A\nVT Total Detection:55/68\nFirst Submission:2017-09-25T06:44:05.000000+00:00\nLast Submission:2017-09-25T08:50:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747520296", "uuid": "eb055726-97b4-455a-85a5-308babdda102", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747520296", "to_ids": true, "type": "md5", "uuid": "5dc03615-4766-4d7e-b13b-8387705f49ea", "value": "178117c3d3829dbfb43008b4af44a5af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511269", "to_ids": true, "type": "sha1", "uuid": "bad6f848-fde2-4f2e-9aaa-2cd9e94f9b5d", "value": "ca1c4e239a9572a17a60f3abc215f27d73435a8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511269", "to_ids": true, "type": "sha256", "uuid": "f1c458e2-a36e-4781-9ea5-c3c53ba1523d", "value": "be81342e8193db504242e7ae503641f8fc7b34e99ff1e0fa1371b36b6baed304", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511268", "to_ids": true, "type": "ssdeep", "uuid": "d18549ec-ea4d-49ad-a205-bd342bb45fc2", "value": "768:BmghxH6MQZ3V9Osvb+zf5RMjyHVn3EF6Fqu7Ly1NE0:B5IVZF9OEy9dZ3OGZkE0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511268", "to_ids": false, "type": "size-in-bytes", "uuid": "f1bc7a7d-4454-4fb8-85a8-20ad03caf696", "value": "52224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511268", "to_ids": true, "type": "vhash", "uuid": "655de716-c894-41bd-bdaf-167d7864cb58", "value": "054046151d155bzenzafz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511268", "to_ids": true, "type": "filename", "uuid": "8d452319-7b24-43f7-a49c-d61f4f9584a9", "value": "VTRESBRA.DLL" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511268", "to_ids": false, "type": "text", "uuid": "7c56bb7e-af23-4a28-b6b0-dc43888542f4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Zbot.SIBD25!MTB\nVT Total Detection:58/73\nFirst Submission:2018-02-12T16:03:06.000000+00:00\nLast Submission:2024-09-25T02:56:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981367", "uuid": "551e5d7f-c44e-46d5-8b93-73229c0f1aaf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981367", "to_ids": true, "type": "md5", "uuid": "390c9eb7-5bbd-4094-bb81-bcaa57cc2465", "value": "17c25c8a7c141195ee887de905f33d7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511290", "to_ids": true, "type": "sha1", "uuid": "020c5cea-3ea9-44ab-87b1-212c6ea32de7", "value": "7fa8079e8dca773574d01839efc623d3cd8e6a47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511290", "to_ids": true, "type": "sha256", "uuid": "abe37c46-3d06-44dd-b37d-17237250f8f7", "value": "e079fa28ea51fa98644164caf585ae3231d25372fccca1245902fb57488d4660", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511290", "to_ids": true, "type": "ssdeep", "uuid": "2e8f51f7-711a-4d60-9c3c-5808278c1f68", "value": "12288:ZPaAhutLwUVsvLPcFZXYl0oIZdm9n50DNq:ZPjutLRuvLPcX8mC5S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511290", "to_ids": false, "type": "size-in-bytes", "uuid": "5b62835d-5a09-49ec-aa40-db84fd168ad1", "value": "484864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511290", "to_ids": true, "type": "vhash", "uuid": "8eb1b02e-11e7-4f7a-bc6b-c40dc74201dd", "value": "045056655d75551038z4cnz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511290", "to_ids": true, "type": "filename", "uuid": "066df354-3a77-4552-9b36-2fa36bcf7e9e", "value": "Trojan.Ransom.PetrWrap" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 19/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511290", "to_ids": false, "type": "text", "uuid": "22880930-387a-4387-aaec-7f914ef8cdfe", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mischa!ic\nVT Total Detection:62/73\nFirst Submission:2017-02-10T05:59:36.000000+00:00\nLast Submission:2025-04-30T12:44:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528425", "uuid": "cc883bf4-4a62-4521-a689-15ae524ded5a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528425", "to_ids": true, "type": "md5", "uuid": "d1575dca-6965-48b5-af79-5decae77ace9", "value": "1b394efc804f6b08afa86db0924d75d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511311", "to_ids": true, "type": "sha1", "uuid": "d14231e7-dcd4-464c-b33e-8a6d85cafcac", "value": "fe36e71b34789fa3beb987ae17c9db3ec70a22f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511311", "to_ids": true, "type": "sha256", "uuid": "3ac7cbd9-de98-41c9-82df-d6f682163494", "value": "558f7a0924d25a7811ff9b59a34a676bffe427883333ba45b83dc48cc0214240", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511311", "to_ids": true, "type": "ssdeep", "uuid": "c834941d-1008-43ac-bec1-5100dd060e80", "value": "1536:UINenXRg/edOiPCyGhhQRigp0zVp07XiMvpn4bHwzddZuwB8GkTnKrr:UINeG/2LPsQR9p0z/y4bHwB58G4u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511311", "to_ids": false, "type": "size-in-bytes", "uuid": "44e64e82-9905-42f0-aa62-904b2c18204a", "value": "80755" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511311", "to_ids": true, "type": "vhash", "uuid": "d141e288-474d-48f0-9c30-7483f732209c", "value": "a8b251ce3024dd1a4897baf6389174ac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511311", "to_ids": true, "type": "filename", "uuid": "61af0de1-49fd-4afc-b1ab-fbe26da70207", "value": "Visa Payment Fraud Disruption.doc.zip" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511311", "to_ids": false, "type": "text", "uuid": "0af746a8-8701-4cd1-a005-250888749696", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:5/60\nFirst Submission:2016-10-28T13:24:27.000000+00:00\nLast Submission:2016-10-31T08:05:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528426", "uuid": "7a049597-a8d5-4a44-812b-b324641a995a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528426", "to_ids": true, "type": "md5", "uuid": "98fb0208-4eb5-428b-8fe1-80c84adbab1b", "value": "1d07edbd16cbe529500c37245e613a47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511332", "to_ids": true, "type": "sha1", "uuid": "9ec26528-7d92-49cd-828f-3b7f4e7cf812", "value": "eba284011f14e8ed2a409cf1d2bcafec242f8f11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511333", "to_ids": true, "type": "sha256", "uuid": "bb812ca4-d142-429d-bc57-524037b5ac74", "value": "57003578b08680149ccbb1d5e161c77dce1b82371a03fb66a64be1aeb5db6626", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511332", "to_ids": true, "type": "ssdeep", "uuid": "25cacaeb-6f6a-4c81-a766-81cbc71acee0", "value": "1536:Pa+ec4RstKzBL3eytiWDxoGCFh1aTS9ubVn/vYdGCysL1LVvTk7/3Iv:2iUpeytiWDxoGCFh1aTS9ubVn/vYdGCj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511332", "to_ids": false, "type": "size-in-bytes", "uuid": "b3522715-5d16-423c-b259-98bcba7cf7b9", "value": "92672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511332", "to_ids": true, "type": "vhash", "uuid": "95139184-f3a4-4630-be2a-7f700b3e4d67", "value": "0940666d6d1d15551bz1081z1hz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511332", "to_ids": true, "type": "filename", "uuid": "347382bb-5705-4f7c-bca4-acdd04207e9f", "value": "\u0414\u043e\u0433\u043e\u0432\u043e\u0440_\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f2016.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 30/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511332", "to_ids": false, "type": "text", "uuid": "142a02e3-fc11-4f9d-8295-6e9ae44bdac1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:56/70\nFirst Submission:2016-06-27T10:28:18.000000+00:00\nLast Submission:2016-06-28T14:02:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528428", "uuid": "e00919ed-fe20-4ced-9914-bcc5b9dcb035", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528428", "to_ids": true, "type": "md5", "uuid": "d3a1485b-10fb-4621-9bce-0db1ce788d9a", "value": "1df85c34e9ff432de52f939d45916abe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511354", "to_ids": true, "type": "sha1", "uuid": "0f39fe5e-12d0-42fc-9969-32bc33b69978", "value": "ba231913072e38b6f5c0a0f2aa9ce65da612c1a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511354", "to_ids": true, "type": "sha256", "uuid": "3491920d-c205-432a-b903-4444aec1f0f1", "value": "1b45a1a0e6f3c683713607a1b6062594315570808142f0e47b411faf1b226f0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511353", "to_ids": true, "type": "ssdeep", "uuid": "5714f8b7-7aab-4add-b144-f427bf0ec72e", "value": "6144:rCdVfLiER33a2PQJXqoCDKhcp31GNOA993ZZCoYa2HCrjTOipi+JvB:rCHjiEBWNv3ZZT7PjTfvB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511353", "to_ids": false, "type": "size-in-bytes", "uuid": "46d09fa4-439f-4f43-94ff-043b69ba98ad", "value": "1512603" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511353", "to_ids": true, "type": "vhash", "uuid": "8ec0f571-18c7-4ab9-831a-79065c0a0916", "value": "8ba01aec0675f42eebf5fe9c783b2186c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511353", "to_ids": true, "type": "filename", "uuid": "92bfe8b1-7226-445c-a4ba-50d9bc458371", "value": "Antifraud instructions.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511353", "to_ids": false, "type": "text", "uuid": "90a80506-5818-45e6-b204-3b2c4ccdbf4c", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:28/59\nFirst Submission:2016-11-07T13:03:07.000000+00:00\nLast Submission:2016-12-26T14:08:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528429", "uuid": "7278ed3c-facc-44fa-a571-3302259bc70f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528429", "to_ids": true, "type": "md5", "uuid": "c9f41f05-460a-453b-8495-9af60e53b1e5", "value": "22aef81ad5073421298846ee22996b73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511375", "to_ids": true, "type": "sha1", "uuid": "4c529043-6913-4d44-86b9-29a266af8e68", "value": "a35d4f3161bd78c07e8df19431c7240e0113d98a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511375", "to_ids": true, "type": "sha256", "uuid": "b47c274e-ef7a-4bf9-be77-5a9b3028b599", "value": "5d1ef3c6d583c2136a6d6d0ca072f81667857461a0d00299ea54ff54709540de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511374", "to_ids": true, "type": "ssdeep", "uuid": "5a99ad8b-9255-4311-ad06-f142559554cf", "value": "768:8UgB4D/+7YDBsnoweX7mINjd/XRE/XA+9d4J1Aww2+fR/T8ggO7UXBEOOLkLKLqe:oGjIYljwer7NBZEddqQ3F8B0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511374", "to_ids": false, "type": "size-in-bytes", "uuid": "1fa4fa05-ded5-4873-8371-cca29d89aaca", "value": "48640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511374", "to_ids": true, "type": "vhash", "uuid": "47eaa505-27dc-4d7b-8949-d3b86591dfd6", "value": "044046651d1510a8z457zd275z2090028fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511374", "to_ids": true, "type": "filename", "uuid": "7d45f170-707b-4b2e-bc48-31273a5348ed", "value": "ONElevation.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511374", "to_ids": false, "type": "text", "uuid": "b24fe8d8-efea-44d5-8111-999b10426617", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:40/69\nFirst Submission:2017-02-02T23:28:08.000000+00:00\nLast Submission:2020-01-01T08:29:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528430", "uuid": "0e634b12-3c99-4551-9f87-d4ee2dc351c8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528430", "to_ids": true, "type": "md5", "uuid": "af1ff753-ca0a-4e29-8edc-7e35fac45c94", "value": "240e12d258ee70909c3151c249647224", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511417", "to_ids": true, "type": "sha1", "uuid": "fb437fa9-7b76-43ee-922e-f6c549a07471", "value": "cd2f33578b74991174423d172f1e2cdcef32f1aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511417", "to_ids": true, "type": "sha256", "uuid": "a084f7d9-f45e-4890-8608-fe576dca4cc4", "value": "8fb81db1fdd5c3276ca5ef1f92c24ede368f49ef68ec168c4065a64cc2e1213a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511416", "to_ids": true, "type": "ssdeep", "uuid": "1f901728-a75c-4218-bd58-9902c8a50d8b", "value": "3072:Y6gG6gHlMBg9swQVDkN1/tYibZ+JTz4T4jAp5:vqBCKi9tYqZOz4Tf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511416", "to_ids": false, "type": "size-in-bytes", "uuid": "27987759-4c6d-4b6b-94aa-f964869c5ec3", "value": "243586" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511416", "to_ids": true, "type": "filename", "uuid": "3a47f7ed-24ec-47f8-be28-82b20f9a44ff", "value": "confirmation_transfer_clearing.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511416", "to_ids": false, "type": "text", "uuid": "b084d018-53da-45fa-8b57-238b1277fa9a", "value": "Type Description: unknown\nMicrosoft: Exploit:O97M/CVE-2017-8570.G\nVT Total Detection:40/58\nFirst Submission:2018-02-27T11:54:23.000000+00:00\nLast Submission:2018-03-26T17:42:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528431", "uuid": "345780f6-8b5a-40f0-b6cb-009659f1e910", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528431", "to_ids": true, "type": "md5", "uuid": "2c7c8d36-87d4-42d5-88b8-ad9c77d713f1", "value": "276dd9b30cbf8553f4aebf5558158196", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511438", "to_ids": true, "type": "sha1", "uuid": "51f0f726-aa22-4f54-8e16-a64262bc1cff", "value": "25a5d6b65ae991ba92bc66c27503712cfed6e983", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511438", "to_ids": true, "type": "sha256", "uuid": "673a0ced-d879-4721-9e13-e9abb5ea27af", "value": "15cc531b271d84b79460d2ca58c3bd5bf4e32d28e17c229ab6ef109da6158ac0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511437", "to_ids": true, "type": "ssdeep", "uuid": "91e1d4d5-c4be-4123-afca-4a8ff7ae528f", "value": "3072:eJc51syUQdHyXAbxC8BcpFZ+tQN43iD+7zsfeTig:FRdH+sC8BWFZFvSieTig" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511437", "to_ids": false, "type": "size-in-bytes", "uuid": "2daad252-5f58-486d-9464-f06474a67071", "value": "194048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511437", "to_ids": true, "type": "vhash", "uuid": "1011691e-7574-476e-855c-eac16dc3f634", "value": "63ea818ecf850592caaceeb72bd29bea" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511437", "to_ids": true, "type": "filename", "uuid": "2f8af2a8-44bb-48ed-8886-5af037fe6c8b", "value": "\u041a\u043e\u043d\u0442\u0440\u0430\u043a\u0442.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511437", "to_ids": false, "type": "text", "uuid": "478a6dc0-6e1d-48a8-a33a-e99ed3398b34", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:Win32/Emotet!ml\nVT Total Detection:40/63\nFirst Submission:2017-02-08T13:01:01.000000+00:00\nLast Submission:2017-02-08T14:11:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528432", "uuid": "82526313-e895-4e65-8bb9-3b209c0834ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528432", "to_ids": true, "type": "md5", "uuid": "b916693f-8cd6-4511-80c0-01a730930bfa", "value": "2affe3974213f831629fb1ffbb252252", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511459", "to_ids": true, "type": "sha1", "uuid": "3f4d8c0b-43bd-4421-abc0-f68c5c7d8ff9", "value": "5336737eed58708f302e07862db674f6514144b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511459", "to_ids": true, "type": "sha256", "uuid": "6f296014-22a8-43c0-b6fb-abb5c19390a6", "value": "b1abc5a920e4a00c97f3b41a4e9cfdfe8b7e515dcae366b9ed2cceef876d1919", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511458", "to_ids": true, "type": "ssdeep", "uuid": "b233d713-2d74-48e7-b85e-772fc503efeb", "value": "6144:23F4W0J6tERrDEzqeewhPSaTtyk9IZJtUydysXzzuH7pz0GOpp+2Sy:aftERr4zcEF9wTUydXX/oz0PSy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511458", "to_ids": false, "type": "size-in-bytes", "uuid": "45d78abf-0939-4921-9c47-7b09d17bc364", "value": "454590" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511458", "to_ids": true, "type": "vhash", "uuid": "270c63be-06ca-4e6e-aea6-213723c57408", "value": "83083d9f0efb36cb511b395ab4b9f0eab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511458", "to_ids": true, "type": "filename", "uuid": "0e0c5c39-6d95-41d3-91c6-2df6cea68a69", "value": "E53D06CE.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 01/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511458", "to_ids": false, "type": "text", "uuid": "83f54078-f861-40b2-9a0e-db918846b9fe", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:30/58\nFirst Submission:2016-09-09T07:22:59.000000+00:00\nLast Submission:2018-05-12T23:41:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528433", "uuid": "4e9ed73d-ae88-441b-8816-18e8584e5065", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528433", "to_ids": true, "type": "md5", "uuid": "f681cdc9-9a83-4878-bf31-4f26297c7dd0", "value": "2bc838a1b62b94f710e2eb0b36b0c57e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511480", "to_ids": true, "type": "sha1", "uuid": "6c70b252-8579-40bc-9887-6baf7c08d679", "value": "d0779511434303fc347049f1556b6e42b3096cb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511481", "to_ids": true, "type": "sha256", "uuid": "573267ce-9312-4a76-944b-49543849e0a8", "value": "5674aa7b0e6e3dc0be838351d57e75dc41b5f438bcb8b6acc37bdd647fa68487", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511480", "to_ids": true, "type": "ssdeep", "uuid": "df35afe0-d90c-4504-b5be-75e67a80baba", "value": "192:ABmcJRs8J34qVjqmA/6h6RHwTGxNYtrELG67aK+vo1aol7uAERK:EJRsW4gQ/iGxNPG67aK+votl7RERK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511480", "to_ids": false, "type": "size-in-bytes", "uuid": "af9d4ac9-daa0-42dd-a699-c0b956a2b681", "value": "16744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511480", "to_ids": true, "type": "vhash", "uuid": "24731cce-4253-476c-a1ec-dcb2df2560be", "value": "e8f147874ca66370d7c2c3ab3044b02b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511480", "to_ids": true, "type": "filename", "uuid": "c8abcba6-9a79-41f8-9e64-89b301ce11d7", "value": "dec111.docx.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511480", "to_ids": false, "type": "text", "uuid": "79fdf4d4-94fd-41af-bd67-cab9b999ab62", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2017-07-04T10:55:50.000000+00:00\nLast Submission:2017-07-04T10:55:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528435", "uuid": "f75c0567-a93b-4f77-a45f-8fdf81cadab9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528435", "to_ids": true, "type": "md5", "uuid": "2f6a845c-2ee6-415e-9858-c5fbfde00c19", "value": "2d65e9263942e2a96811cc971fbe01d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511522", "to_ids": true, "type": "sha1", "uuid": "fbcf26c1-c4ae-45ae-b405-1c3f4d64975c", "value": "06c83b27f8161ca9604dfcee035c8849dbe9d7b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511522", "to_ids": true, "type": "sha256", "uuid": "0b4bb3d0-4c6a-4c08-b36d-ac92f11bb644", "value": "84f8f35cbc8730bac65560a6bd5e062dd7cf8c5d4345736750eac6dcb99726b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511522", "to_ids": true, "type": "ssdeep", "uuid": "27926d22-5a42-4cd2-a43e-f10dd1188055", "value": "6144:KbBvnpLpYumP5lXKUkc2Ba2PQJXxoCDKhMibt4NO699BZZ4o+8MvjFjC6CpX+sk8:KbBvnpLpYZhlXxr2+WKvBZZ5jWjCXk8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511522", "to_ids": false, "type": "size-in-bytes", "uuid": "c185dbe1-009a-492a-9fde-4e891b502f6d", "value": "1511892" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511522", "to_ids": true, "type": "vhash", "uuid": "55385402-a758-4772-8e92-bdcda729c338", "value": "8ba01aec0675f42eebf5fe9c783b2186c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511522", "to_ids": true, "type": "filename", "uuid": "e7099228-d590-49e9-80bc-7577a5739d95", "value": "VIRUS\u0411\u0430\u043d\u043a\u0438\u0442\u0435 \u043e\u0442\u0447\u0435\u0442\u043d\u0430 \u0444\u043e\u0440\u043c\u0430.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511522", "to_ids": false, "type": "text", "uuid": "7fbb5614-469b-4637-95d7-46d18bf9bc0d", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:27/59\nFirst Submission:2016-11-04T08:52:32.000000+00:00\nLast Submission:2016-11-07T12:11:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528435", "uuid": "9bf073fe-c1f0-4838-a1a3-c33ee4424e4e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528435", "to_ids": true, "type": "md5", "uuid": "24d44811-9405-491c-ac0a-0cd87de907b7", "value": "2db35b260eb5c26fdfabd667648d55e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511544", "to_ids": true, "type": "sha1", "uuid": "f37fd728-49ca-4476-ad28-bf9eb7f24292", "value": "7365686c113b20e789f324fc11aec6245519d3bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511544", "to_ids": true, "type": "sha256", "uuid": "3fc53ee6-98e8-40e4-9562-56e26ea0ab19", "value": "0b025090229123a49329267a2d455aacab517809cca1f5dd4745004744f0b45e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511543", "to_ids": true, "type": "ssdeep", "uuid": "bedaeb64-9fcd-4e8b-ad60-ac269c928c90", "value": "768:Qf45gaObdnczyzRZ49rrVVXDkjC0Gy/4+IROhL5ZqE1ZlxjkYF:QHJcWzR69PDzkZj5zvF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511543", "to_ids": false, "type": "size-in-bytes", "uuid": "b8c89c26-7b19-4aac-977b-ccf04da68f4c", "value": "51713" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511543", "to_ids": true, "type": "vhash", "uuid": "b905b403-a749-48cf-b8cd-c9ca2972189e", "value": "054046651d151az1a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511543", "to_ids": true, "type": "filename", "uuid": "384b06fa-831a-4d16-b14f-1e136e398309", "value": "tclsh86t.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511543", "to_ids": false, "type": "text", "uuid": "3b7231ed-88e6-4d77-add7-8cc61a39a24d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Cryptor\nVT Total Detection:60/72\nFirst Submission:2018-03-15T11:47:48.000000+00:00\nLast Submission:2018-03-15T11:47:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528435", "uuid": "4cb408dd-2a26-4d3f-a42c-fc0777adf11f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528435", "to_ids": true, "type": "md5", "uuid": "83134430-cb3f-43d8-a1b8-d9a239f51445", "value": "2e0cc6890fbf7a469d6c0ae70b5859e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511565", "to_ids": true, "type": "sha1", "uuid": "add52623-ce2f-4dee-a59c-b771f5be26e4", "value": "d6ff511a13b527e74de2cc134261a14a4491a628", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511565", "to_ids": true, "type": "sha256", "uuid": "a8d976c6-4559-426b-9010-aca4bdc93fb2", "value": "8a57464c93d4f6d85e51e07748d4ffcc0b9e6b5a64642aec859040d1606fd0f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511564", "to_ids": true, "type": "ssdeep", "uuid": "de45cab5-e740-46a9-ba58-9f0f4ab9c8ea", "value": "384:qsWh53om71goO9bMyWIG4wvkQ0fjleF4QuHQmCeZsn4TgcCq6Quj6sVSsTCNT:qsWhIWIGbvlNACwsnmgPvoT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511564", "to_ids": false, "type": "size-in-bytes", "uuid": "2913ee44-4dfe-42fb-9933-41fadb73cd34", "value": "45212" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511564", "to_ids": true, "type": "vhash", "uuid": "aa4d63ae-f024-41f5-b7de-c91655b2d364", "value": "84c3cddf63b6944c0848a97f3d8fcc0a5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511564", "to_ids": true, "type": "filename", "uuid": "b27ae58a-3db8-454d-a35d-cbbe1888300f", "value": "8a57464c93d4f6d85e51e07748d4ffcc0b9e6b5a64642aec859040d1606fd0f8 (1)" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511564", "to_ids": false, "type": "text", "uuid": "c63de997-b5b2-4198-a431-4a20b6fda4aa", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-11882.A\nVT Total Detection:31/59\nFirst Submission:2018-01-16T10:29:10.000000+00:00\nLast Submission:2018-01-19T21:19:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528437", "uuid": "d1c69396-39a3-4985-8416-1ccf8f53f615", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528437", "to_ids": true, "type": "md5", "uuid": "5ffe9346-de14-49ac-a4e6-a40fe63d656b", "value": "2fd718f06b65d3c16659845ac1b5e36f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511586", "to_ids": true, "type": "sha1", "uuid": "3e0808a9-7c98-4bfc-ad7f-7ba76970fa5c", "value": "042932d4eb508a5af1c1b5fe7a20f3616a93dbd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511586", "to_ids": true, "type": "sha256", "uuid": "f227eb58-bd99-42d3-8067-a35bd7d149a6", "value": "9e6884d66fd118bffc1f126ad94dbc6989b0be5e11494e064f886cda5f3ecce2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511586", "to_ids": true, "type": "ssdeep", "uuid": "fba1615a-8607-4d12-b68a-9b5b4bc27c1a", "value": "3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e5p/:xgn48XjSVr380A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511586", "to_ids": false, "type": "size-in-bytes", "uuid": "52de3fd8-d72e-4cfc-bd26-fd049931ca8a", "value": "196608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511586", "to_ids": true, "type": "vhash", "uuid": "2fec3733-4dd7-466b-a2aa-be2fdfa7be48", "value": "115056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511586", "to_ids": true, "type": "filename", "uuid": "eda45eb7-532f-475a-81c6-4995f6bbd08d", "value": "DVNt" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511586", "to_ids": false, "type": "text", "uuid": "f198a9cc-98c3-4695-8132-aa4b03fbfd9a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A\nVT Total Detection:60/74\nFirst Submission:2017-04-27T08:17:51.000000+00:00\nLast Submission:2017-04-27T12:41:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528438", "uuid": "19c1b3be-88a9-47d5-aa8d-5b03103647ad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528438", "to_ids": true, "type": "md5", "uuid": "a9ff0821-01e6-4994-9e88-5215f5432d8b", "value": "334870fc3c0f0dd2a8fa828393ddaccd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511607", "to_ids": true, "type": "sha1", "uuid": "d3092b5e-8673-45cb-a21b-ab3ad7f6018f", "value": "f8d0e6ac54347f214272ded6119f9892dafa9d2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511607", "to_ids": true, "type": "sha256", "uuid": "9dd5ca2d-23ee-471c-8340-d7047badadc1", "value": "9ce8f37c94008c26934ebd561734c5c7a7e820f112bc90bc63ba8730977b59f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511607", "to_ids": true, "type": "ssdeep", "uuid": "d854353f-3f86-4416-af26-5303c4cb8671", "value": "48:3Pc+8hBWm75LEEPj+UNTaH3RoSWoco4N0:3U3W8VrFaH3RouXl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511607", "to_ids": false, "type": "size-in-bytes", "uuid": "df17cf5f-44b4-4a4d-8591-f6478c3fede4", "value": "6034" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511607", "to_ids": true, "type": "vhash", "uuid": "e43d841e-0bac-4e16-b0e6-2086b1c08a63", "value": "85293c777072fcb5c0161589e61d1be22" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511607", "to_ids": true, "type": "filename", "uuid": "722ef4d1-0a84-4d14-8e11-709fdd86f54c", "value": "\u041f\u043e\u0440\u044f\u0434\u043e\u043a \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u043f\u0435\u043d\u0438\r .doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 01/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511607", "to_ids": false, "type": "text", "uuid": "deb82e6f-2d45-4717-8d3f-1d3d92c56620", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/CVE-2012-0158\nVT Total Detection:37/59\nFirst Submission:2017-04-24T12:13:07.000000+00:00\nLast Submission:2017-04-27T10:32:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528439", "uuid": "6f76569e-34c0-4027-ba39-3bbcc24ba7b1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528439", "to_ids": true, "type": "md5", "uuid": "e81aa704-9460-40e0-bccb-da38347f0e7d", "value": "336452149b04e9c4c64b8c5015e64ccd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511628", "to_ids": true, "type": "sha1", "uuid": "985c001c-e0ee-4e30-86e4-4b054f091b11", "value": "971f62775534fe0fbce5678387cbd126729a4187", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511628", "to_ids": true, "type": "sha256", "uuid": "a2cfab51-d7ce-427d-bbc6-94794b939422", "value": "52d69c91fba8435398870d480f37e87f0a9f7ee721473c98659f5b94b1c91abb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511628", "to_ids": true, "type": "ssdeep", "uuid": "5c0ec705-e156-485f-a354-df4112f0fd22", "value": "768:UzUX0QGwLJwxp+eGabemgjax8Kn33Pq4MbKahoICS4AIvog/EAUwMMFf:UYXLGyGBXZlX3Pq4MbwICS4AI5nbf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511628", "to_ids": false, "type": "size-in-bytes", "uuid": "fb8d8eba-d3d5-48ca-acf4-7d7004866d8c", "value": "53760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511628", "to_ids": true, "type": "vhash", "uuid": "6c9036d6-406c-4188-a09b-5285018796e2", "value": "15405656657d756az1a0b&z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511628", "to_ids": true, "type": "filename", "uuid": "eea5e403-50c5-440d-80c0-8f7d51290b3a", "value": "decrypted_out.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 01/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511628", "to_ids": false, "type": "text", "uuid": "86262d3f-c9a0-48f9-a5d8-a1603fe3e2c0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Zapchast\nVT Total Detection:46/68\nFirst Submission:2017-07-05T10:20:04.000000+00:00\nLast Submission:2018-03-31T08:55:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528440", "uuid": "094b155b-5c99-4208-bd88-c64d2290b2f5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528440", "to_ids": true, "type": "md5", "uuid": "60a4d8e8-f477-471b-a916-05507e4a4b6c", "value": "33700535591774417e3282f7b40ae8ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511649", "to_ids": true, "type": "sha1", "uuid": "5bf9ddec-9e57-4e55-87e9-c6809c322566", "value": "cb3d1222d735566cd042bfa26b38040c9519c265", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511650", "to_ids": true, "type": "sha256", "uuid": "ba889220-34e8-46fd-a8aa-627768a69505", "value": "69af510104bfd5dae6009ef1601e30141db3e624205707a9108efc9e1b8dd219", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511649", "to_ids": true, "type": "ssdeep", "uuid": "3f9c7ef3-86ac-4061-8595-47cbeb34d38e", "value": "3072:jz4OtdbM+lmsolAIrRuw+mqv9j1MWLQk:AO8+lDAA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511649", "to_ids": false, "type": "size-in-bytes", "uuid": "2c187de3-f895-4af4-b9a5-e293cdf5c5c0", "value": "113664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511649", "to_ids": true, "type": "vhash", "uuid": "e0b7e0ea-b293-48d6-8a4a-5d37a5974f4d", "value": "21503675151b0a121z10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511649", "to_ids": true, "type": "filename", "uuid": "9f0d0908-dc98-45e8-83d3-7c3922626981", "value": "ExecPSData.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511649", "to_ids": false, "type": "text", "uuid": "1a8fe91f-900c-4441-808e-e43f37794a0a", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win32/Ako\nVT Total Detection:56/72\nFirst Submission:2018-01-24T12:02:09.000000+00:00\nLast Submission:2019-11-18T10:35:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528441", "uuid": "2f865cdd-19cb-42fc-a971-63b0299c3a1f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528441", "to_ids": true, "type": "md5", "uuid": "93485471-0f9c-4ca2-b6ca-1209231d932d", "value": "33a0fdfe54090f31e5acc20bd0666d6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511671", "to_ids": true, "type": "sha1", "uuid": "dd832f07-ce58-4860-9031-3ea766524c23", "value": "cc4f0398532b3871bdc708dfe4d301d960bd0a18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511671", "to_ids": true, "type": "sha256", "uuid": "8abc19dc-3698-4606-952f-88821e7e677b", "value": "6ad3138c5329546c0017071e29958123418ae4da7259666f3c48f5015c93d70c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511670", "to_ids": true, "type": "ssdeep", "uuid": "68e6baff-a5ec-403b-b3fb-91ea248039c5", "value": "768:a4iDm/X86WFBWAxVf4xzAbcTTzorc6+ubtSprlQ4GC8rWwHSU2SI3ATUKjRKAvMb:aZDUs6uwJzuUuY4Y8qwyRJ+Rbryt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511670", "to_ids": false, "type": "size-in-bytes", "uuid": "11aade44-1aff-49bc-ab0e-289d65d4219b", "value": "60018" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511670", "to_ids": true, "type": "vhash", "uuid": "03428ab7-2a1b-4f40-9da8-53b998931850", "value": "8b4152b54e626d4b434942f65f9c2d76b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511670", "to_ids": true, "type": "filename", "uuid": "71273d79-e2ff-4c28-8716-8f908e0df1ae", "value": "\u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0443\u0441\u043b\u043e\u0432\u0438\u0439 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.doc_" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/10/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511670", "to_ids": false, "type": "text", "uuid": "6e6fac82-89aa-4570-a309-aee03b961721", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:4/60\nFirst Submission:2016-10-06T09:33:24.000000+00:00\nLast Submission:2016-10-06T09:33:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528442", "uuid": "e00a5caf-7669-496d-a4bf-3f5606c3b9c1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528442", "to_ids": true, "type": "md5", "uuid": "411eb89d-b7d5-4562-b215-604c90cb2bc8", "value": "33edc70615de35b71e54f046d7fa3038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511692", "to_ids": true, "type": "sha1", "uuid": "7bfd5bf7-e5eb-4433-a6f3-ac51b7b550fe", "value": "5bb2676c916ee71b81ab3e568a8b7321092d3c71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511692", "to_ids": true, "type": "sha256", "uuid": "d61d6c0e-ffc6-4404-a2f8-bca66b6bd81e", "value": "07f89dd94759af3d32448ee4da4f3aa14eb2209cb0469eaed859adccde0cc46a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511692", "to_ids": true, "type": "ssdeep", "uuid": "d5eedbc9-ce22-4c0a-8ebd-98ffb3fa8909", "value": "1536:qs5YTOw5Npl9t55G5IJJlDt+U3vVxIuC2PSKb8uTD3H1W+U+KWFel03Gch/Bi:quIOIDl9trkIH+MVxo2PlbXn31xU+u0k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511692", "to_ids": false, "type": "size-in-bytes", "uuid": "d224fc38-59e5-4cc9-b48c-ee7e31c28aae", "value": "256931" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511692", "to_ids": true, "type": "vhash", "uuid": "9ce37a29-9942-40ed-922e-7898fc65bd06", "value": "843db1bb7ebfecc994a907860b02a8121" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511692", "to_ids": true, "type": "filename", "uuid": "35b6bfda-240b-4de0-92e0-f607774f5cd3", "value": "pkygzqvlqc.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 01/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511692", "to_ids": false, "type": "text", "uuid": "ce35d87e-f9cf-4732-8518-d6955d8da0a8", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/CVE-2012-0158\nVT Total Detection:34/59\nFirst Submission:2017-03-28T07:37:18.000000+00:00\nLast Submission:2018-05-29T21:32:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528443", "uuid": "e0d22cb8-389f-48ca-83db-8089020f3a00", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528443", "to_ids": true, "type": "md5", "uuid": "93c38938-2c29-4193-aaec-33d6cfe76cc0", "value": "3533c61681c33d5c17d8ff7a769e1592", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511713", "to_ids": true, "type": "sha1", "uuid": "799c4933-d494-4d7b-ba48-0266339ced0a", "value": "56b85b40625ef09127b0af70a4d19a8fa4e0016c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511714", "to_ids": true, "type": "sha256", "uuid": "a557166f-2b3f-4392-a8b6-d9429a9f36bf", "value": "df3a183cd356d14ca1dee36a0376de8ed7d8be2451e3e191caca004cbdba568d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511713", "to_ids": true, "type": "ssdeep", "uuid": "a12989c5-a597-4dc7-971e-08d4b70a1ac2", "value": "3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e5S/:xgn48XjSVr380A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511713", "to_ids": false, "type": "size-in-bytes", "uuid": "7428a9e1-9394-43fd-978e-7b7115ec131c", "value": "4194304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511713", "to_ids": true, "type": "vhash", "uuid": "0b651831-62f4-4d36-8795-9aafc7c8c012", "value": "146056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511713", "to_ids": true, "type": "filename", "uuid": "e9bd1dc2-894c-4cbd-9546-461c2ef6d2c4", "value": "bin.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511713", "to_ids": false, "type": "text", "uuid": "03521935-b4ce-4c14-a463-0209e9dabb42", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A\nVT Total Detection:55/71\nFirst Submission:2017-09-20T10:55:11.000000+00:00\nLast Submission:2017-11-23T19:34:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528445", "uuid": "c212d56a-1144-495c-a867-497df1ae5dc3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528445", "to_ids": true, "type": "md5", "uuid": "84173226-eec8-4868-a86f-b9cafebded9c", "value": "37aded8f7ff56d6f170845e7e9cacbf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511756", "to_ids": true, "type": "sha1", "uuid": "be12db72-9c0c-486a-8e37-672a02fb6ca9", "value": "1cd36c26f0149daa4aed1533bf4553b92fc55510", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511756", "to_ids": true, "type": "sha256", "uuid": "158324a0-a523-408e-af8d-0bda08d944bd", "value": "022bbd6734923308f84765c1b5e64cd7b7160fb46731be821a4f1ee4031429f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511755", "to_ids": true, "type": "ssdeep", "uuid": "47fa9b28-af14-4ec7-8d06-d7ee3da4968f", "value": "24:eH1GSVGmZ1hnCoG+0umxP0hi3zm60ut8edlaNJUuNllK0wtKUoNh2wW0/RQHXP+K:yVGmVe8Izm60c8emJDlK0AoNQfUy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511755", "to_ids": false, "type": "size-in-bytes", "uuid": "b3ea934c-a5e1-4b16-9837-ca1075434e50", "value": "2048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511755", "to_ids": true, "type": "vhash", "uuid": "7bf24c22-1149-43ce-9879-e7e44ea02e8e", "value": "123026651.z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511755", "to_ids": true, "type": "filename", "uuid": "59ad9092-dd63-41d7-ab00-2658fc049680", "value": "main.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511755", "to_ids": false, "type": "text", "uuid": "1ce978ee-7ee4-48ec-8e97-cda6acb1825c", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:50/72\nFirst Submission:2018-01-16T10:37:04.000000+00:00\nLast Submission:2018-01-19T14:26:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528445", "uuid": "27025b45-3c60-4ab0-a897-44644a45ef0b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528445", "to_ids": true, "type": "md5", "uuid": "6498224c-f86b-419f-b8ea-c946e6ded6ff", "value": "37d1f4b225ea7008a1a5c0641d99a8a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511777", "to_ids": true, "type": "sha1", "uuid": "9e361cae-d6a5-4016-8ac0-2eb7555aab56", "value": "52885e4d80a630d7975d4cb979f7fe75805c1453", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511777", "to_ids": true, "type": "sha256", "uuid": "e9f25dd2-e78a-4206-8a82-5e4ac0c414ea", "value": "58ed6afc4e6b704e28a95bf35150ff767582e71f996009531dd81fe5251c4b7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511776", "to_ids": true, "type": "ssdeep", "uuid": "361c3fbf-fa69-4052-a343-51d04f163280", "value": "6:RlS0tYof9yoxI8xFB9WSoIQRrTI03zV4fMiC4vq9Nq+kfB3kgDvqGUvD1Mw1O9:RlzmS8mIiFHdx0Dq6Uqa+00grqrr1Mkk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511776", "to_ids": false, "type": "size-in-bytes", "uuid": "e21a92b1-c861-4005-9a53-ef1e6e73a516", "value": "423" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511776", "to_ids": true, "type": "vhash", "uuid": "62f581f4-5285-47b2-bd2d-59cb3a5085e0", "value": "7cf1bb4a890bf9077baea70ddbbde5e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511776", "to_ids": true, "type": "filename", "uuid": "11c96b49-aac1-4df7-9c01-c1ad7da7893a", "value": "58ed6afc4e6b704e28a95bf35150ff767582e71f996009531dd81fe5251c4b7b.dmp" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 20/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511776", "to_ids": false, "type": "text", "uuid": "782bb20c-ebd3-4ef5-b104-4b9d3784391e", "value": "Type Description: VBA\nMicrosoft: None\nVT Total Detection:28/60\nFirst Submission:2018-02-19T12:27:46.000000+00:00\nLast Submission:2018-03-26T09:02:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528446", "uuid": "bc737315-3815-4aea-9520-916208858c5d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528446", "to_ids": true, "type": "md5", "uuid": "610c25e1-d603-415a-beaf-5d0dec545b43", "value": "3b2b116db9569f50c9e7a272c7530b18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511798", "to_ids": true, "type": "sha1", "uuid": "a4284f41-0570-4ec6-a99d-56955b7ae74b", "value": "ae2050db62fef3891e46725a0d63f6d38885d7e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511798", "to_ids": true, "type": "sha256", "uuid": "a41b4094-7906-40be-8b63-96dec82fb02c", "value": "628c4db33cda526ad106af25b4a383edb646ad44b839a3bc85efa896befe749b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511798", "to_ids": true, "type": "ssdeep", "uuid": "4cd61e84-dc03-40c3-8617-69fcfda15c43", "value": "6144:tr9w8nuJzFeuNrDEzqeeOMRIqs+5gpZV5J50UC8sLFntzNyCp0+HZ7:trqHJzFxNr4zclfIb5J5RnOtzNzZ7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511798", "to_ids": false, "type": "size-in-bytes", "uuid": "8ddc649e-6bca-444e-bdc6-c857a42c9150", "value": "719230" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511798", "to_ids": true, "type": "vhash", "uuid": "b328a66f-652b-4a4e-9842-c0c8890d91f7", "value": "86a5df3ef11d8ddbe3085475838c2c4bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511798", "to_ids": true, "type": "filename", "uuid": "1d15c08f-ad91-4e20-a152-6f68898a411e", "value": "\u0441\u043f\u0438\u0441\u043e\u043a \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/11/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511798", "to_ids": false, "type": "text", "uuid": "3a71d449-f191-41be-833f-cd029e51512e", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:35/61\nFirst Submission:2016-08-04T07:41:15.000000+00:00\nLast Submission:2018-05-20T01:00:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528448", "uuid": "30693d04-ca3b-428d-ae8a-5e0ac966ca1f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528448", "to_ids": true, "type": "md5", "uuid": "38bef798-815e-4f79-8809-dc03e38d991b", "value": "3ea9ef46e89f07920d87255aef9261ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511819", "to_ids": true, "type": "sha1", "uuid": "ed1b2ea5-8114-458e-acf9-a644b35d2720", "value": "786fe91b985da86a86ec9d0f9c7535fff5df50f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511819", "to_ids": true, "type": "sha256", "uuid": "1f38073f-e2c9-4eb5-ae5a-33cf6e30be11", "value": "98bf2309086bf52a5df7b22e55a458e6fc1dc47918a1f860bdf775f0faa737af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511819", "to_ids": true, "type": "ssdeep", "uuid": "85c31c1a-fd4d-4df5-96f1-d7f16b24dab0", "value": "96:JxhPzR8KOGd7zlDuhsnqOOrzruGAd6aDCtwcUe:rhPzKaasn8zruGW6aajU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511819", "to_ids": false, "type": "size-in-bytes", "uuid": "32d79b71-ba18-4c17-8ac2-9d2e154f09a0", "value": "6656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511819", "to_ids": true, "type": "vhash", "uuid": "85c0d459-8045-4b4d-aba0-2bccff754843", "value": "063056555d15555az14#z181z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511819", "to_ids": true, "type": "filename", "uuid": "a714ac43-74c4-4d88-adb8-2e0e89eda2a8", "value": "AdobeArm.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 17/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511819", "to_ids": false, "type": "text", "uuid": "b6a3d352-a9e8-4179-a82b-03aea361fb01", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:48/71\nFirst Submission:2016-09-27T08:20:43.000000+00:00\nLast Submission:2016-09-29T05:36:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528449", "uuid": "42b839b7-d3f5-467a-80c8-498b0ea986b1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528449", "to_ids": true, "type": "md5", "uuid": "2a4e0475-b459-4076-9522-d3a9998fe524", "value": "417bbef21ca0b964aff5c8690b8307c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511840", "to_ids": true, "type": "sha1", "uuid": "84150d61-3a53-4516-aded-d98fa4a5bede", "value": "fc4dd1199c9b9f45b266026751c44248ae141cc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511840", "to_ids": true, "type": "sha256", "uuid": "be8951f9-b511-46e9-9924-ec469e9e90f7", "value": "22b119ec0ca6645a480df31b81656be18ab619f5f08dde9d2d35c22ace30f8ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511840", "to_ids": true, "type": "ssdeep", "uuid": "e6154ae8-a3f9-4e15-905c-d790d9d5f61d", "value": "6144:3R+mYpT057eyZCBscPYWu0zssEK7e4z3G:3MmegIyZKgP0QA79z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511840", "to_ids": false, "type": "size-in-bytes", "uuid": "69b7d29a-81c6-4df4-b106-a74d53c93a16", "value": "318976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511840", "to_ids": true, "type": "vhash", "uuid": "8aa9af05-8896-4f85-9dc0-991e39b20197", "value": "23503675551110a2810010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511840", "to_ids": true, "type": "filename", "uuid": "e4ab1456-ff03-4392-8c33-19d5f9586b0d", "value": "ExecPS.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 22/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511840", "to_ids": false, "type": "text", "uuid": "6369127a-486a-4f88-a8d4-d28fa95a2e9d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:50/68\nFirst Submission:2017-06-28T10:48:01.000000+00:00\nLast Submission:2019-12-30T18:46:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528450", "uuid": "59d0f265-ec07-4f45-b9c4-9fbc1c10a9bb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528450", "to_ids": true, "type": "md5", "uuid": "b1c45fd6-fe53-411e-a386-dee8e22dbe77", "value": "45b1809ac884da61954a1ec77a81c141", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511862", "to_ids": true, "type": "sha1", "uuid": "55023e55-3c1f-4c07-89d7-e2531f19c08a", "value": "88b555c1dea10089fa236ea2f505b0521f06a2da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511862", "to_ids": true, "type": "sha256", "uuid": "cbb7e740-23f8-4f74-b821-3cc2f1907a91", "value": "08bbdea65fe405601ed0c803981eca1f05f7872c24f53cd9e5ed53755ad79eca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511861", "to_ids": true, "type": "ssdeep", "uuid": "6842ccb1-6137-4213-9514-d87f6054d0f1", "value": "12288:rnUJcVNswzgElIenujr4zcUXVPUAT+r/dLhH:rUJcVP8EaenOxUXVPUAirj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511861", "to_ids": false, "type": "size-in-bytes", "uuid": "8cfa402d-0bb1-4ce7-9483-98ddbae7b768", "value": "1571763" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511861", "to_ids": true, "type": "vhash", "uuid": "9c2f8511-cf88-4d3e-8726-14b687100949", "value": "83083d9f0efb36cb511b395ab4b9f0eab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511861", "to_ids": true, "type": "filename", "uuid": "52be7496-0542-4d23-a40e-006fb153fcd9", "value": "88b555c1dea10089fa236ea2f505b0521f06a2da.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511861", "to_ids": false, "type": "text", "uuid": "eec73149-4970-442f-9f5e-cb9bf8c5ffa0", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:34/62\nFirst Submission:2016-09-07T10:33:01.000000+00:00\nLast Submission:2024-11-06T12:28:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528451", "uuid": "adc52b00-2270-4a5f-87e9-c7c10a341349", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528451", "to_ids": true, "type": "md5", "uuid": "d7b924ab-b87c-4b01-bd9a-c991d0d50796", "value": "4673ebad94126fc2404af32a32dd2d95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511883", "to_ids": true, "type": "sha1", "uuid": "b4a21149-9973-4ddd-8779-4fba8b4fa3ca", "value": "fc0d2bf85204636ccf05f9eabcb524bcfc5b8ec5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511883", "to_ids": true, "type": "sha256", "uuid": "b85945b3-668e-42f2-a8df-f9349ed84d6c", "value": "a6c4d88b1be008c66b4d6bc327c2316aa57e366269ed045e2d39546712af3e9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511883", "to_ids": true, "type": "ssdeep", "uuid": "20afccda-28e4-45bc-8d43-8d1483ff1a8f", "value": "96:n7Ek25oV8jQ8QFyxXp6i/1CxARvRPjz0ghCGHbAopcranp7dMipeO/io5+:nLm6yxXoi/1z73JXAopcrap7dMiT/V5+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511883", "to_ids": false, "type": "size-in-bytes", "uuid": "f56a1a51-c857-47c7-b3b2-5b3656ef76d1", "value": "7164" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511883", "to_ids": false, "type": "text", "uuid": "b5d31bf8-e458-4b3d-b1b1-3a86f8491d4f", "value": "Type Description: HTML\nMicrosoft: None\nVT Total Detection:21/64\nFirst Submission:2024-06-05T14:47:19.000000+00:00\nLast Submission:2024-06-05T14:47:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528452", "uuid": "a460d1d8-7743-43bf-a10f-81e9e9e08177", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528452", "to_ids": true, "type": "md5", "uuid": "282997cc-48ad-49fa-946b-10b734fc1339", "value": "470b4a700ed17cef328bc6017b7e01fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511904", "to_ids": true, "type": "sha1", "uuid": "76aa4d2b-ab31-4a81-a86f-23480d9da985", "value": "d1458b0cacbf791000d2e518ddde158a4f7090c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511904", "to_ids": true, "type": "sha256", "uuid": "d88a26ed-e3db-4363-8d28-5da851e51d0d", "value": "b1985d6277d3f32b06d9a32da2a889ae7e4a3dd44bb7b6962f2f07966af316f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511904", "to_ids": true, "type": "ssdeep", "uuid": "cf9869e6-d9d5-49a9-be35-91ae0db820e6", "value": "3072:hscGNHLm6Qd35ao3tj91MbFsd8hJfLsB6blymCyKyejzByocGyM6V2qgYUySMopB:h2NHLm5ZvmhKyIzkKyMyvbRTBqX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511904", "to_ids": false, "type": "size-in-bytes", "uuid": "69183247-86d8-4d17-8c99-32f5d3d7b368", "value": "227328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511904", "to_ids": true, "type": "vhash", "uuid": "557f399a-909c-4050-a902-1b2e0679083d", "value": "12505656657d6567zf002423lz2ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511904", "to_ids": true, "type": "filename", "uuid": "06da1b13-994f-49f9-bde5-018da51a0cc2", "value": "470b4a700ed17cef328bc6017b7e01fe.vir" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511904", "to_ids": false, "type": "text", "uuid": "f34485f5-f225-40ce-b283-74b0345e98c0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Zpevdo.B\nVT Total Detection:46/73\nFirst Submission:2017-07-07T20:41:28.000000+00:00\nLast Submission:2018-05-21T15:27:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528453", "uuid": "44fd0d78-b436-489c-8cbd-6f15a1057aee", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528453", "to_ids": true, "type": "md5", "uuid": "f3bd3145-68c9-450d-ae00-aca7e967a229", "value": "4b67a15c48c3db6f3ba89ea6bb8f2da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511946", "to_ids": true, "type": "sha1", "uuid": "c769320e-4209-45e1-a8ee-b84ea69adf93", "value": "7ff41c734fd0e1fa0ee6b8109dc8b7525864f15f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511946", "to_ids": true, "type": "sha256", "uuid": "7ff84057-03f6-4ff2-990f-8c1227cd6b54", "value": "f6eee655c95465e5a5e3e60cf9454db857f156e8d50d1964636bb742c5ecf5fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511946", "to_ids": true, "type": "ssdeep", "uuid": "e0a59e77-dae2-445e-81af-63bbfe4bca64", "value": "3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e5k/:xgn48XjSVr380A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511946", "to_ids": false, "type": "size-in-bytes", "uuid": "aa7c873c-e4cc-4b93-9c4a-5056d1552139", "value": "196608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511946", "to_ids": true, "type": "vhash", "uuid": "f756d540-3268-4d67-adaa-b6b4ba591c68", "value": "115056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511946", "to_ids": true, "type": "filename", "uuid": "25e6bd51-e9fa-4167-b488-9862fb7a37ed", "value": "Dw4m" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511946", "to_ids": false, "type": "text", "uuid": "6a7e88c5-20e3-4f5b-8fb2-a7333f2b442b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A\nVT Total Detection:52/68\nFirst Submission:2017-02-28T20:09:38.000000+00:00\nLast Submission:2017-03-01T01:19:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528455", "uuid": "30066bd4-1880-4ec1-97fb-729eccef28ef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528455", "to_ids": true, "type": "md5", "uuid": "4cf288b0-78be-49c4-ab60-532ef095b582", "value": "4c1e6fc86270f3ad5e33c1da50d27be8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511967", "to_ids": true, "type": "sha1", "uuid": "1286af8c-5820-433d-9194-5319ff95444c", "value": "1fc2a70e58fc225e741f27f989a18cc5fa18ee6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511967", "to_ids": true, "type": "sha256", "uuid": "d904bcbf-04cf-40e3-94bc-5716fcf4b7cc", "value": "5fe3d011c5a7540b8f6f92f4ae1f8606192655d7c424716d7b8482e132391f8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511967", "to_ids": true, "type": "ssdeep", "uuid": "c6a3f1e7-0d71-490b-9072-f793207b470b", "value": "768:+f34VPxYNEsxUCQzhf2LeqZoCdahrlV/BZtduoIDDrCqJbEr1w8KoHE:+kaHKCQzhudZSnV/BZFIPPs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511967", "to_ids": false, "type": "size-in-bytes", "uuid": "e6c1c150-2f96-4227-97f5-922dccd33ff0", "value": "43520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511967", "to_ids": true, "type": "vhash", "uuid": "a225634b-b7ef-4509-b9f0-8964d4fc6f44", "value": "044046551d151az2dmz45fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511967", "to_ids": true, "type": "filename", "uuid": "2e85fc5e-0635-44be-91d2-497e14643c84", "value": "myfile.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511967", "to_ids": false, "type": "text", "uuid": "87d6339a-142c-4316-98e0-f74f4ca858c0", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:42/69\nFirst Submission:2017-04-04T09:40:21.000000+00:00\nLast Submission:2019-10-30T07:35:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528456", "uuid": "11f4ffd0-1323-465b-a085-8afbeffab5f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528456", "to_ids": true, "type": "md5", "uuid": "49fa15fe-7b45-414b-a875-8f2017da6571", "value": "5387ce39a795cfe6477b91aad2a617df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746511989", "to_ids": true, "type": "sha1", "uuid": "33e18440-72ae-4c1a-9948-211959b271c1", "value": "bcbbacf480573443c7cc4f14bb72eb8c03758f3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746511989", "to_ids": true, "type": "sha256", "uuid": "516d90cd-5d34-48df-8e37-f4538fe39b3d", "value": "0e1a4774ae49c992626a56f7b0a259c6c0ede1a1086e83637fea1731927bc435", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746511988", "to_ids": true, "type": "ssdeep", "uuid": "423e234d-c001-4eb3-8051-7d128059b8fe", "value": "384:A/MMMntMLu1R7GqO8GbiSAoKXMVkoArkeK9:A/MMMntMLu1lhOeMVkXrkD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746511988", "to_ids": false, "type": "size-in-bytes", "uuid": "1d70ac28-3587-4f8d-bb38-ac817e3d46da", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746511988", "to_ids": true, "type": "vhash", "uuid": "4bee75a6-775e-4e7b-850d-f151ba639961", "value": "1ae1ae3c46a874f35c91f3a8af23bf08" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746511988", "to_ids": true, "type": "filename", "uuid": "2217b48c-81a0-468c-ab50-fb64f3f89291", "value": "decoy.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746511988", "to_ids": false, "type": "text", "uuid": "a495ac4b-bae4-4673-b9b1-b43a54a46a15", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:7/59\nFirst Submission:2018-03-07T17:06:07.000000+00:00\nLast Submission:2018-05-28T07:39:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528457", "uuid": "38b340f5-abd0-4ed1-aa2f-3f3ceac5aa74", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528457", "to_ids": true, "type": "md5", "uuid": "8637ab86-d73f-441b-a8f7-f35921d53c62", "value": "53c31c8f47f6b421867e94ee2582f4fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512010", "to_ids": true, "type": "sha1", "uuid": "92161865-241f-4d85-9042-24f80fb3b1cf", "value": "47959870a6671bcaffd968b9e8a54a9fb970aebd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512010", "to_ids": true, "type": "sha256", "uuid": "cc892dae-7259-4beb-900a-2631748ef215", "value": "cd69ea2c146350dbc197d40213602007cd65030738e24ab7e09b90065af814ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512009", "to_ids": true, "type": "ssdeep", "uuid": "8c7488f4-5b06-44d6-8bf0-660362c367f8", "value": "192:TDtmpXYy+C5bk8xvsgPrwyAKtG05X35Hli/vFypN:TDCXYy+eDlAcG05Xh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512009", "to_ids": false, "type": "size-in-bytes", "uuid": "09e2ce26-3994-4b2e-b3ce-f3d2397ccd70", "value": "8192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512009", "to_ids": true, "type": "filename", "uuid": "6109cf76-267e-48bc-999e-9949c8a82563", "value": "mm[1].hta" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512009", "to_ids": false, "type": "text", "uuid": "22d16b24-dea7-4ab9-96aa-780eb570c3e0", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:0/61\nFirst Submission:2017-08-07T14:34:10.000000+00:00\nLast Submission:2017-08-07T14:34:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528458", "uuid": "01acb5f1-00f9-449a-939d-8d73b7a150a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528458", "to_ids": true, "type": "md5", "uuid": "78a8ba5f-4639-4e67-916d-655f250dfc5f", "value": "53c460bc660db253e06673ca3fcd9282", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512031", "to_ids": true, "type": "sha1", "uuid": "dd754325-3cfb-481b-acbc-b41f1038532f", "value": "989e0dfb0f2d14161ffef3dcbb6ff4ce204cd205", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512031", "to_ids": true, "type": "sha256", "uuid": "99121da3-fe0d-4ab7-838f-afca426f631a", "value": "759011872176924b497df5d9069ea355aeb5ad6931951fe61db53bd4f4cb0f22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512031", "to_ids": true, "type": "ssdeep", "uuid": "fbaac80f-3b05-4ff2-a416-22e49e97a7cd", "value": "3072:YJc51syUQdHyXAbxC1UI7wR7Jh4PgEMj/PV7SAZ:bRdH+sCmvdEMzPV7S4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512031", "to_ids": false, "type": "size-in-bytes", "uuid": "a7f20a0b-3399-455f-a131-6d32461dc488", "value": "175104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512031", "to_ids": true, "type": "vhash", "uuid": "fa6f55e7-8a3c-4703-abfa-8004b50e1314", "value": "64d59825472f8ea0fcaa481d515b239e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512031", "to_ids": true, "type": "filename", "uuid": "9bd86525-9834-4858-99db-891235682289", "value": "FATF New Standards.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512031", "to_ids": false, "type": "text", "uuid": "5de4bff6-b8db-4277-9462-ceb5db6ed417", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:35/62\nFirst Submission:2016-11-30T12:34:13.000000+00:00\nLast Submission:2018-05-25T19:59:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528459", "uuid": "314e4384-68ce-4cfc-8b79-f1f695ebef14", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528459", "to_ids": true, "type": "md5", "uuid": "aab7ded7-8c0c-47d8-b97b-194b9c8fc1fc", "value": "555399c93b5f01fd9fad5f903da768d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512052", "to_ids": true, "type": "sha1", "uuid": "1a3bd707-df14-453b-b83e-29c49f6bbaca", "value": "90718aa6a44ec35c52d0b9e817f35cc9695be28c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512052", "to_ids": true, "type": "sha256", "uuid": "42d2464b-b4b0-4a63-be15-f3ae70d908d7", "value": "6093e2e045fc251ad19e3d028cbef72991256004ab58955528f8ffafdca52b3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512052", "to_ids": true, "type": "ssdeep", "uuid": "78a9fed2-1fd2-49f8-aa15-b6056b9f54b2", "value": "1536:Bjfc0rBSn06FdejfojfojftYoIrRuw+mqbz9j1MWLQs:hk0YFG00lYoIrRuw+mqv9j1MWLQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512052", "to_ids": false, "type": "size-in-bytes", "uuid": "3d6f4cb6-8fbb-48ce-9835-8c5bbd7e52de", "value": "124416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512052", "to_ids": true, "type": "vhash", "uuid": "de856ab2-5f9a-4b6f-bfa6-9915e8cf1957", "value": "015046751d151az23gz11lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512052", "to_ids": true, "type": "filename", "uuid": "f25b3376-d692-4ce0-bd44-82d86b9963e1", "value": "doc_07082016_sjjq.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512052", "to_ids": false, "type": "text", "uuid": "3bdb37c2-9d07-4d2f-897f-cd2e6f55ca7a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:51/69\nFirst Submission:2016-07-08T10:30:07.000000+00:00\nLast Submission:2016-07-28T06:47:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528460", "uuid": "7bc7c253-3083-42c0-a142-8e52d6470860", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528460", "to_ids": true, "type": "md5", "uuid": "5820485b-51a1-4556-b208-3e4a23293e24", "value": "56487b799755f50c6e56c41870d43624", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512073", "to_ids": true, "type": "sha1", "uuid": "2c03063c-8ae6-4869-a838-b0d0b60cf0e7", "value": "57975aad7630479db98de09e7e6d0101f9521841", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512074", "to_ids": true, "type": "sha256", "uuid": "401f5359-9165-40bd-9f72-d00bd8d4e952", "value": "d3cb45f7c0f2c258f47330cb01aeb12a30e26746e60a4480187032f34517f7c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512073", "to_ids": true, "type": "ssdeep", "uuid": "3c926b94-caee-43ef-9ae3-440ed524eaa5", "value": "384:Ml7NbYbHrvr2qwWq/qm0Lks2/HEBK60haW2:Ml7dYDrqdWqNnHbF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512073", "to_ids": false, "type": "size-in-bytes", "uuid": "254efb45-0683-437f-bc46-b422645c9956", "value": "22528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512073", "to_ids": true, "type": "vhash", "uuid": "893b6d25-14b8-49d6-89b5-9da92751e16d", "value": "0240466d65551bzc3z6bz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512073", "to_ids": true, "type": "filename", "uuid": "e3d87aec-1ab6-4f1d-bc96-25cb3bfedb78", "value": "beacon.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512073", "to_ids": false, "type": "text", "uuid": "5541c714-01aa-48d1-a200-e7e2314133fa", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:57/73\nFirst Submission:2016-07-26T13:29:39.000000+00:00\nLast Submission:2016-07-27T08:13:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528462", "uuid": "38e4c591-e0b3-433a-8870-3063cad110bf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528462", "to_ids": true, "type": "md5", "uuid": "4e1e03a5-b3ec-412b-b57d-6f159e04e3dd", "value": "56a3a4c857939ac9bed4f2e0084fb037", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512095", "to_ids": true, "type": "sha1", "uuid": "ad03f26f-d93e-4863-87a2-8361ffa691ba", "value": "0f6df95ebd2f41b9249b1901aada04f4cd788549", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512095", "to_ids": true, "type": "sha256", "uuid": "5f1fae54-5b98-4f70-9896-1bb9e54ac3d7", "value": "a26c2a09b2b1f22cf08527ed053ebca8f657ed5c20f3ee2b7b98d468beea6f15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512094", "to_ids": true, "type": "ssdeep", "uuid": "11190cd4-665a-423e-9782-8c8a358dbe78", "value": "6144:yBVqts9O/VmJfgH/SlPuN1gWR1WEJkEBcWFN:dtYaVUfgHqlPuNdvDJ2Wr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512094", "to_ids": false, "type": "size-in-bytes", "uuid": "d180ba7d-3c51-45b0-8814-23d5fbd97db8", "value": "215040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512094", "to_ids": true, "type": "vhash", "uuid": "3760ada0-a972-48d8-94b1-8263c261c46c", "value": "025046656d6570c1z10016004bbz1033z400265z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512094", "to_ids": true, "type": "filename", "uuid": "22d4e8b2-cf3d-4ff8-9109-dcef1d022ccb", "value": "rozena" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512094", "to_ids": false, "type": "text", "uuid": "ecbe8a46-3af8-491a-8223-cca2d28d70b0", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:53/69\nFirst Submission:2017-03-02T00:47:21.000000+00:00\nLast Submission:2017-03-02T00:47:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528463", "uuid": "638d5641-3e9d-4e40-8718-76a96c37e0a0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528463", "to_ids": true, "type": "md5", "uuid": "deef79b7-cdf0-44a2-ab49-19eec39291b6", "value": "5a566b322605835a895e5408d2488e24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512137", "to_ids": true, "type": "sha1", "uuid": "6c28983f-5eb1-4fbc-9cdb-9c0c96fc64bc", "value": "6dc17d85f78829edeb6288eab569cde52513e9b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512137", "to_ids": true, "type": "sha256", "uuid": "c758eda3-3df2-4d5f-bd15-701165f55053", "value": "16b11dc750a2ca1ed8f876f5362d54444b6adfb21db5ea926dc370ca715dde25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512136", "to_ids": true, "type": "ssdeep", "uuid": "8dcc24a3-2fe7-40a8-8543-62e4e46ce939", "value": "768:Iv3kL6uSQh8pHypgljvtyMPkfoW5UoHW1vuXp8Xd9ZYl2mxzofZDWmoMSsOvJTEE:Nh8VjFyalW5U32CXTRmxzsZD5oMS/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512136", "to_ids": false, "type": "size-in-bytes", "uuid": "31424671-c951-4e55-9939-07a533a25e9e", "value": "67584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512136", "to_ids": true, "type": "vhash", "uuid": "8ad47d6b-6504-41dc-84f5-5927ad3efcde", "value": "064046551d155061z3003900527z6015z22z5a1z6189z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512136", "to_ids": true, "type": "filename", "uuid": "35979986-1c19-467c-9c03-d0df6ff0c8d5", "value": "myfile.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512136", "to_ids": false, "type": "text", "uuid": "bab13f25-4d19-413b-a760-d9e2dfc0a1ed", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Zbot.SIBD25!MTB\nVT Total Detection:54/72\nFirst Submission:2017-04-26T11:11:38.000000+00:00\nLast Submission:2020-01-03T12:05:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528464", "uuid": "78d6f34f-969b-4b6e-b8a8-e3bdebde2fe7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528464", "to_ids": true, "type": "md5", "uuid": "4c1d10d4-c244-412b-bc90-db5c4523e4e8", "value": "5b3968b47eb16a1cb88525e3b565eab1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512179", "to_ids": true, "type": "sha1", "uuid": "20630ac8-cd5d-46e1-9cf5-1a5b79766f2d", "value": "43f2c73e08b589d6885bd248b056fe4ac99a590b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512179", "to_ids": true, "type": "sha256", "uuid": "b6e92bd6-b936-4c55-b18e-8e61b1447ece", "value": "5f70c76b6771b7c56bc5da34e424eb9a090cedeb807c795795a88c415a2e772c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512179", "to_ids": true, "type": "ssdeep", "uuid": "52edfad3-4356-433f-a720-8594caf40cee", "value": "768:r/q5VBETeIrW4+jPH2BpiTH2Bkox55knslB5csZNMuLCemFUQo/B6+VkCcA:G4eIH2PHwM2Ku0Q5ccvmFUQo/x5cA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512179", "to_ids": false, "type": "size-in-bytes", "uuid": "316c9515-5c5f-4845-bc6e-b137bd9c1566", "value": "50176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512179", "to_ids": true, "type": "vhash", "uuid": "919e9efa-5d74-4527-a37d-cbc82a3e88a3", "value": "0540876d15555c0d1d1d1az1202=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512179", "to_ids": true, "type": "filename", "uuid": "7ad6ca27-0ffc-4059-b61e-8ad8fdcc48da", "value": "cuinfo.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512179", "to_ids": false, "type": "text", "uuid": "896707ec-2e44-48fd-97f7-d3af431cb517", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Bluteal.B!rfn\nVT Total Detection:47/72\nFirst Submission:2017-07-17T08:28:52.000000+00:00\nLast Submission:2025-02-07T20:15:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528465", "uuid": "0367c8f5-faaa-4d68-b1e9-555ccc5cfe0b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528465", "to_ids": true, "type": "md5", "uuid": "cb1c435b-aa52-4ebd-8783-c5ea7769e2fc", "value": "5d11c7b17633332b787992ee617d3552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512221", "to_ids": true, "type": "sha1", "uuid": "4ba9df87-146f-41a7-b3e8-0d39420afa63", "value": "2cc4296b9567b17612b83bef3935f22b0f103ad0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512221", "to_ids": true, "type": "sha256", "uuid": "1ada3261-1ecc-42f5-87a2-61e1e61753df", "value": "83508a9c828966cc7f866fb5f89f2b08ac295b8526ea97ef99c4c6f4f0637d95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512221", "to_ids": true, "type": "ssdeep", "uuid": "5e37d229-ea54-4b01-a9d7-508ed1c017f8", "value": "6144:rJmJ5rrpdzdSBpmL8DrbnBHsnnkpr7RkbE+46isXSQsfHJlwop:gVdz2o6rTBSklblsXSnSop" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512221", "to_ids": false, "type": "size-in-bytes", "uuid": "53318e07-2b74-4da3-9598-354fcac1147d", "value": "226100" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512221", "to_ids": true, "type": "vhash", "uuid": "97409d49-0a74-4374-80ac-ae83621841f5", "value": "cf68cc400bf9ea48146a587dea3810e2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512221", "to_ids": true, "type": "filename", "uuid": "024c685b-d297-4d20-b263-12226c52a40b", "value": "The rules for European banks.zip" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/11/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512221", "to_ids": false, "type": "text", "uuid": "d49ee61d-86df-4b93-8352-da20f8b91fac", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:10/64\nFirst Submission:2016-08-09T12:21:02.000000+00:00\nLast Submission:2018-04-16T08:03:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528466", "uuid": "afe1d8f1-6436-4350-9802-86973ebdf6bb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528466", "to_ids": true, "type": "md5", "uuid": "5947ff6c-6d85-447b-a7fe-7ddb6bcbd24b", "value": "5d139043028591159855ad589add1c41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512242", "to_ids": true, "type": "sha1", "uuid": "33f446ca-b1a1-45ca-b96a-8b17dff0a55d", "value": "8274d99dcf4c2923fdbc9f22e8d707f2ce6bb6f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512242", "to_ids": true, "type": "sha256", "uuid": "43cfd858-77a4-410f-a802-f3afc00934db", "value": "43f62ccda103ed31a0726f5e422c363ad296fd7c39ffc2ce8d71467094f0e1cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512242", "to_ids": true, "type": "ssdeep", "uuid": "a3bd04b6-752b-4ef7-b7a8-0f95f99c27a2", "value": "24:3Ro/Am0HG++hbhVJZErUfEUi5BLnDKCGJjjtjq3JFt/vmtS5E5DcX9rV+69Xfkr:3t+10M2LDvG943JD/xuRctA80" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512242", "to_ids": false, "type": "size-in-bytes", "uuid": "e5e6741e-1547-49e3-bcdc-2b0393e8bb50", "value": "6055" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512242", "to_ids": true, "type": "vhash", "uuid": "8f9ea23c-944b-46ce-9bf3-f0fbd00e842a", "value": "809bd7e8071fc988d2f1fdfe7348e82e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512242", "to_ids": true, "type": "filename", "uuid": "0713a2e5-9270-4212-81f4-ca453d50a466", "value": "1.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512242", "to_ids": false, "type": "text", "uuid": "0f25b12d-ce7b-4445-a255-2c87a1828e07", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:32/61\nFirst Submission:2017-09-25T06:58:32.000000+00:00\nLast Submission:2017-09-25T07:37:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528467", "uuid": "ccaa2f31-ae16-4721-addd-fdcf33acb4f6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528467", "to_ids": true, "type": "md5", "uuid": "5e2eac8d-5b79-4e5d-a717-0b3d30948a6b", "value": "5f6efd501a5356d8f3c53b760b9eb616", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512264", "to_ids": true, "type": "sha1", "uuid": "64358701-9a4e-404a-af9c-b1dd14d06111", "value": "40019fbae90cd91f56261e6954db447e56417a62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512264", "to_ids": true, "type": "sha256", "uuid": "46ca6672-bd05-4fdb-8c9b-9c43141b12d5", "value": "c942a9c5dd017942c27be4440b6a0ecacb1e2e7d1c9432f31eb0c2da568fc7e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512263", "to_ids": true, "type": "ssdeep", "uuid": "41f5b3e6-a49c-4b27-90c4-c6cc0ad49b28", "value": "192:TDtmpXYyGZcC5bk8xgNAOFSlcnFG6Gk72oBjLXZsRhK9UJkFAmQyHljxy:TDCXYyych5FSlsFG6F7//og2MA6Hl0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512263", "to_ids": false, "type": "size-in-bytes", "uuid": "d4b56b56-78cf-41bc-9f95-165c683324a3", "value": "12628" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512263", "to_ids": true, "type": "vhash", "uuid": "413fe19e-ca01-4b22-9a72-6c4705c2ee48", "value": "8ffe2c64b171218a1f5174dae10a3720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512263", "to_ids": true, "type": "filename", "uuid": "f34f080c-208e-4554-b4c0-11376729f3fd", "value": "aa1.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512263", "to_ids": false, "type": "text", "uuid": "d2aaec8a-2f71-4b64-a452-4176a0e32a8d", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2017-09-05T09:46:52.000000+00:00\nLast Submission:2017-09-08T07:51:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528469", "uuid": "5106c569-b97c-446f-ae0d-04c8e6a1b4cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528469", "to_ids": true, "type": "md5", "uuid": "eb21925f-cccc-49b3-a4e7-6a1fc48b3687", "value": "60ebd9c7e7a911922c5ec16ab8128061", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512306", "to_ids": true, "type": "sha1", "uuid": "43695e03-118c-4c08-ae19-cbf33e0ba25b", "value": "070ce979ac0a36c4afc14bbf35cd8bdaecb10385", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512306", "to_ids": true, "type": "sha256", "uuid": "4adfaedd-c5b1-4a45-bcfb-66e03b8c684d", "value": "9898a001cb5385e647cffbf2e0dfa1c9ee0ff5416d653cb44c108700fb1c732a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512306", "to_ids": true, "type": "ssdeep", "uuid": "1e36427b-fb24-44e4-8e98-c29c19e7be82", "value": "768:Qf45gaObdnczyzRZ49rrVVXDkjC0Gy/4+IROhL5ZqE1ZlxjkY:QHJcWzR69PDzkZj5zv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512306", "to_ids": false, "type": "size-in-bytes", "uuid": "4416798e-520f-47f7-b65a-df5d6f1bd20e", "value": "51712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512306", "to_ids": true, "type": "vhash", "uuid": "06b1b694-4653-485e-8d08-a89bb6393754", "value": "054046651d151az1a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512306", "to_ids": true, "type": "filename", "uuid": "ab4d66fe-9cf2-4e30-8e56-0cb2aa0711ff", "value": "tclsh86t.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512306", "to_ids": false, "type": "text", "uuid": "fa22af73-5da6-4db3-8b93-7d48044e6f22", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:50/69\nFirst Submission:2018-03-15T12:50:27.000000+00:00\nLast Submission:2018-03-18T08:29:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528470", "uuid": "d6510892-8844-468c-bb79-f767c15f37ad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528470", "to_ids": true, "type": "md5", "uuid": "b4f03264-7b5d-4424-b88a-3f382d4808ed", "value": "63f92615fbd133b98a02365ae5cfa232", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512327", "to_ids": true, "type": "sha1", "uuid": "6cbb4a7e-ac4b-4aa5-8037-688a336c7bea", "value": "8c9399618a46221015582e731b2eef1f5357b9d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512327", "to_ids": true, "type": "sha256", "uuid": "bde568bd-c537-437c-9e5e-3e8fdcbef91c", "value": "7c69615077f42589260103cd1a70c489c3e0f4f92f9cab5268b4bfeb5e168e73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512327", "to_ids": true, "type": "ssdeep", "uuid": "0fe4163b-b1f7-4886-a3b0-0e79cea39064", "value": "768:ofJwzO5g9ycPzTP1E/KCBDZD1xz99dNoEHJQ:nzn9/biSIDZD13u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512327", "to_ids": false, "type": "size-in-bytes", "uuid": "2540da58-d780-4521-a530-a9bf44decc41", "value": "47104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512327", "to_ids": true, "type": "vhash", "uuid": "b21ac578-e609-468a-8150-1af508f6e640", "value": "53f6914c01c2e749922b1b59e611a104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512327", "to_ids": true, "type": "filename", "uuid": "263e8058-ada1-41d3-97b4-63fd9d716a62", "value": "\u042d\u0442\u043e\u0442 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u0437\u0430\u0449\u0438\u0449\u0435\u0308\u043d.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/12/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512327", "to_ids": false, "type": "text", "uuid": "068d3c30-d099-45c8-abba-bb908e39cdaa", "value": "Type Description: MS Word Document\nMicrosoft: TrojanDownloader:O97M/Donoff\nVT Total Detection:41/63\nFirst Submission:2017-02-21T10:03:39.000000+00:00\nLast Submission:2017-03-03T07:58:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528471", "uuid": "1bbc5004-2651-402e-879f-a5a114ae1dc3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528471", "to_ids": true, "type": "md5", "uuid": "190c1270-6344-4d1c-9b0c-a915c7bf81ba", "value": "6469a3862115b768c7d8465f73e79355", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512348", "to_ids": true, "type": "sha1", "uuid": "55c3fbae-d7be-4d8e-a3d4-33bb61eff0ff", "value": "a2c8fdd6d1fa2ceea98616dfdce954441944a6dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512349", "to_ids": true, "type": "sha256", "uuid": "a4a305e3-c291-4e6b-822c-d1adc296fdc0", "value": "e234782f64f67ef3f78fffce306ead1ed2011ae9217275556ad14c08cd5bb04e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512348", "to_ids": true, "type": "ssdeep", "uuid": "3b0e37c4-7cdb-443d-ba3a-1b5a559f079c", "value": "192:lUkeiQnD9Es6K8t5Y7RLxWKX9KaIH3Mv2qSEXiXBR3BVlyvHiErgJ:eiQ6lQ7RLxWK/IXd0SRRRVlACErE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512348", "to_ids": false, "type": "size-in-bytes", "uuid": "b542540e-c559-49e3-8004-e8d64b698a20", "value": "7156" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 21/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512348", "to_ids": false, "type": "text", "uuid": "08666ecb-ce17-4c02-8cfd-ef74c40a85d2", "value": "Type Description: HTML\nMicrosoft: None\nVT Total Detection:21/62\nFirst Submission:2025-03-21T00:22:28.000000+00:00\nLast Submission:2025-03-21T00:22:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528472", "uuid": "08e828f5-b5fe-4980-baf9-784ca2d20a60", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528472", "to_ids": true, "type": "md5", "uuid": "7a1f7c65-8150-44b5-a56b-be142f903c25", "value": "655e81c7758220e79d2f9066d853b642", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512370", "to_ids": true, "type": "sha1", "uuid": "b82fccae-cabb-4a09-abfa-162080c3eeb7", "value": "bc6b62cc0bf304f363d6693cae63172419298047", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512370", "to_ids": true, "type": "sha256", "uuid": "f2a64085-2720-4104-b9e4-d00f0bbfa059", "value": "9ef1202481536703af2087905a78c53d81570d38d484e33e0ac71a12c12c4ea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512369", "to_ids": true, "type": "ssdeep", "uuid": "4d9a979b-67c1-4d1c-8426-2086b810132a", "value": "768:YD5lOcPQDOiydPT/bQ+/xsMxOOody29MwqhYB+LZaUG3XiAACDJ:YtYc4DxUxOlNewcxNrAfD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512369", "to_ids": false, "type": "size-in-bytes", "uuid": "6802373d-2da8-42a2-a829-e4d873d231d2", "value": "79872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512369", "to_ids": true, "type": "vhash", "uuid": "8c8a2aae-317e-4032-8942-ffc375c3e8dd", "value": "55b146f7af05a8095f1376966a3fd8c6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512369", "to_ids": true, "type": "filename", "uuid": "8d3731b8-24b6-4fff-bdfa-0b605f130713", "value": "=?utf-8?B?0JTQvtCz0L7QstC+0YAuZG9j?=" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512369", "to_ids": false, "type": "text", "uuid": "d0fa42d4-b6ce-4d9d-b483-1775ac227b1b", "value": "Type Description: MS Word Document\nMicrosoft: TrojanDownloader:O97M/Donoff.CD\nVT Total Detection:42/63\nFirst Submission:2017-02-16T12:10:18.000000+00:00\nLast Submission:2017-02-27T07:42:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528473", "uuid": "db6fd18f-93e1-488f-8102-aa3081180d5b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528473", "to_ids": true, "type": "md5", "uuid": "665c3a79-2766-4a13-9cfb-aa89f352c765", "value": "699ffb65463a6f62dc11207fe30cb2aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512412", "to_ids": true, "type": "sha1", "uuid": "4e8b1b52-1628-41d9-8d9d-92537f8ab460", "value": "ddc06f192a2b96f02bd6e7f6645047550ec55045", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512412", "to_ids": true, "type": "sha256", "uuid": "c42379c5-38e7-4af0-a63a-5eaada879985", "value": "25c46c068dbee7bd77cf762ed140c80ddaf439d118f51080e92478f982848a30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512411", "to_ids": true, "type": "ssdeep", "uuid": "79446568-2485-4512-b8be-1f079d6a3f4a", "value": "48:3UY/3+8AWmBLEEQgUX/UNTa4wt9WoAo8ah+eWW:3UGAWaUXcFa4w9oy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512411", "to_ids": false, "type": "size-in-bytes", "uuid": "d3a39c26-242f-4cb5-91db-dfc1b39f4b80", "value": "6093" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512411", "to_ids": true, "type": "vhash", "uuid": "411e0325-3267-430b-98be-8e9109b77260", "value": "85293c777072fcb5c0161589e61d1be22" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512411", "to_ids": true, "type": "filename", "uuid": "f231b3b3-8185-4fc5-9143-bd3dacfec6d6", "value": "\u0417\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0430 \u043e\u043f\u043b\u0430\u0442\u0443 \u0443\u0441\u043b\u0443\u0433\u0438 .doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512411", "to_ids": false, "type": "text", "uuid": "ec69f210-a45c-43d0-9056-86dc907e2240", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199\nVT Total Detection:39/60\nFirst Submission:2017-07-07T09:42:21.000000+00:00\nLast Submission:2017-09-20T14:24:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528474", "uuid": "c62b283f-b505-4bff-9827-a1ba867e722e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528474", "to_ids": true, "type": "md5", "uuid": "9e7525f5-2a7a-42bf-a5bc-1f5a64f777d6", "value": "6abcb743a649f136a7af82c0dbccae0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512433", "to_ids": true, "type": "sha1", "uuid": "b60acab0-3b66-46ab-86f1-2ed6a74bf26b", "value": "0c6a45ae4d9710f2d16709206dd46f33f39b118c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512433", "to_ids": true, "type": "sha256", "uuid": "d6e51ddb-b69f-447a-b2ec-805f74717100", "value": "d8fcb1076471ac0a2e24800185be36bc366608225b1e4d0a6e625608c44deb90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512432", "to_ids": true, "type": "ssdeep", "uuid": "222614d4-b1cd-4e87-aacd-c8779d9814e5", "value": "768:zU5NkJn9skLIAf6OxbqjiB6VisDQSkHufS7akgdKEuLnAvZ:zU56J9s4nt7hsDzkOfS7akgdKEuLnAh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512432", "to_ids": false, "type": "size-in-bytes", "uuid": "34d52dd9-4d80-4745-9f2d-011c86fd6dcb", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512432", "to_ids": true, "type": "vhash", "uuid": "d74a9364-2dc3-4320-a375-18553940d7dd", "value": "064046551d151bzfnz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512432", "to_ids": true, "type": "filename", "uuid": "b331fd73-ec51-4e36-84e3-a6b635d56abb", "value": "MICROWEB.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/10/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512432", "to_ids": false, "type": "text", "uuid": "2dee992c-a23e-458f-8420-db9bfee511e2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Zbot.SIBD25!MTB\nVT Total Detection:40/69\nFirst Submission:2017-02-28T13:03:35.000000+00:00\nLast Submission:2017-03-03T10:53:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528476", "uuid": "8186cc34-07c5-4527-a862-7b84dc770ce2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528476", "to_ids": true, "type": "md5", "uuid": "b71a6f2c-55bc-440d-8eda-5c0ac6ad8762", "value": "6d355ffa06ae39fc8671cc8ac38f984e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512454", "to_ids": true, "type": "sha1", "uuid": "0590b9c3-1772-4120-9d2a-8f6bb9f03f10", "value": "c31d3002d9f1bebc85b41d4c55a87ea1b797d4d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512454", "to_ids": true, "type": "sha256", "uuid": "b3bd3033-5d11-449a-8ad0-bc339c31788a", "value": "84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512453", "to_ids": true, "type": "ssdeep", "uuid": "8280c28b-df58-4125-9f2a-b5b634d8ef86", "value": "48:q4hHeO1fRvFz3luM8mtAUzJjpEbX2xpU5vg97ynBBzJHp7PLhy7SG+8I07el:Jd7vFJt1zJIOpU5tzNb8Iu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512453", "to_ids": false, "type": "size-in-bytes", "uuid": "4c676dd8-5d4b-458d-b388-b3a94e007f15", "value": "4096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512453", "to_ids": true, "type": "vhash", "uuid": "15be00b0-540f-4f4c-bda9-c08e603d427b", "value": "04303655551az11jz41z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512453", "to_ids": true, "type": "filename", "uuid": "e1bb449a-b39e-48d0-a7f3-33b16a8afe17", "value": "SWIFT log suppressors" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 17/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512453", "to_ids": false, "type": "text", "uuid": "eeae4954-ee93-40ab-94f3-f3e219c8ef99", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanSpy:Win32/Banker!MSR\nVT Total Detection:56/71\nFirst Submission:2016-05-16T00:44:54.000000+00:00\nLast Submission:2023-05-16T03:50:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528477", "uuid": "f07071f8-96cd-4db6-83d8-684f2d809f16", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528477", "to_ids": true, "type": "md5", "uuid": "9eb52aa5-33d9-4999-9e16-c99cd1a60509", "value": "6dda24eac03876879f1404671646b79f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512475", "to_ids": true, "type": "sha1", "uuid": "5f93c732-25d9-4527-8e71-bd8213d9fb86", "value": "40ad156bce130f5fa20c3d229115e1eb6e5ac208", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512475", "to_ids": true, "type": "sha256", "uuid": "69748956-506b-4aa7-82f1-f6e5bc75c0a2", "value": "3a87b40c4dd2c8bce991c7ee930e4f746b72c26fcd93d96d594abc3e3146bc9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512475", "to_ids": true, "type": "ssdeep", "uuid": "4bea7ca1-23a2-4283-96e6-feec3e6e69a6", "value": "1536:4JXDa4uJzc0lOWukHIrRuw+mqbz9j1MWLQs:4lYtQJkHIrRuw+mqv9j1MWLQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512475", "to_ids": false, "type": "size-in-bytes", "uuid": "33b5d6bf-ec1a-4e30-b170-a43982e1cad2", "value": "121856" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512475", "to_ids": true, "type": "vhash", "uuid": "392f6d61-de98-485d-a9e6-d0fceb5fdc5a", "value": "015046655d151az1chza0ajz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512475", "to_ids": true, "type": "filename", "uuid": "951f9529-99dc-4000-be28-64f8e035f96a", "value": "6dda24eac03876879f1404671646b79f.scr" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512475", "to_ids": false, "type": "text", "uuid": "633412bf-505d-4796-83a4-9e5ad41b989c", "value": "Type Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.ARL\nVT Total Detection:62/73\nFirst Submission:2018-02-16T10:39:17.000000+00:00\nLast Submission:2020-06-02T10:37:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528478", "uuid": "b0aab0b6-df87-436e-8d4c-1dd9fa92cc53", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528478", "to_ids": true, "type": "md5", "uuid": "223d7964-29be-442a-8f19-14eaf60a4897", "value": "70469e15f04b799930baec1d3d64cd54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512496", "to_ids": true, "type": "sha1", "uuid": "4e6cf5b5-2249-425b-af93-7a212df3f4bb", "value": "6382bf85ea139432ae36053415b49bf8b81c6ff7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512496", "to_ids": true, "type": "sha256", "uuid": "77b9157f-6204-41cd-9056-095be517a88c", "value": "2d23b519931072632b8b6c0c9560d95414dd1639df895694dff7e5ea19fe5182", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512496", "to_ids": true, "type": "ssdeep", "uuid": "468faa6a-e99c-4411-a27d-a8f250832fe3", "value": "48:3xKx8lLf+8yDWmBLEERhhWUNTaZKM9sH0WoAo8zOeYbL:3w6ljyWKz3FaT9mMoMH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512496", "to_ids": false, "type": "size-in-bytes", "uuid": "09a03eb5-e62b-455a-a375-fd73e7747697", "value": "6120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512496", "to_ids": true, "type": "vhash", "uuid": "ed595e12-9a83-49a6-ad63-96eb03d71b84", "value": "85293c777072fcb5c0161589e61d1be22" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512496", "to_ids": true, "type": "filename", "uuid": "8136853f-1ac3-4f31-8a33-c88a3146a34b", "value": "\u0424\u043e\u0440\u043c\u0430.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512496", "to_ids": false, "type": "text", "uuid": "b0102928-92a5-4fd3-8551-56b4dfae454c", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199\nVT Total Detection:36/59\nFirst Submission:2017-07-05T07:43:32.000000+00:00\nLast Submission:2018-05-20T01:00:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528479", "uuid": "1e211a15-85ba-4005-ae4b-ac066ca5a912", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528479", "to_ids": true, "type": "md5", "uuid": "8c7e3760-4e19-4fcc-ada0-2cb1cdb0e066", "value": "712e11e5217ef06847ea96a83e952566", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512538", "to_ids": true, "type": "sha1", "uuid": "d728f465-7cd2-4897-b07d-8f2b6ec0afe4", "value": "57466a02e822a46c054cb670d066a226033b1d13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512538", "to_ids": true, "type": "sha256", "uuid": "c8ce9227-66f9-4101-b77a-faba28613e59", "value": "084ad219c75a4520d3d043babb5a77c3ade97eeb913cd1b2fb26712feda304a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512538", "to_ids": true, "type": "ssdeep", "uuid": "6deb792a-aadd-421a-aa3a-557352f7d40a", "value": "12288:g0DZrdrcR9GKvVWvKQ1OGaEr4zcjuiNzttpVLw71rJH:g0DZrdc940Ga0xjVNzttD0H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512538", "to_ids": false, "type": "size-in-bytes", "uuid": "8da6b267-099d-4590-9cb3-8941c28e8429", "value": "598124" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512538", "to_ids": true, "type": "vhash", "uuid": "feea3b75-4e8f-438b-bf91-fbeaa941bd81", "value": "86a5df3ef11d8ddbe3085475838c2c4bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512538", "to_ids": true, "type": "filename", "uuid": "68864e42-ae98-4b1c-a6ff-f910f903360b", "value": "The rules for European banks.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512538", "to_ids": false, "type": "text", "uuid": "928e67b5-949c-4c50-989f-2fb63fd682a3", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:31/58\nFirst Submission:2016-08-15T12:50:47.000000+00:00\nLast Submission:2016-08-15T12:50:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528480", "uuid": "66bcf260-b855-4b22-9f66-19efdf2d5bf5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528480", "to_ids": true, "type": "md5", "uuid": "a1fe4fea-36ca-404e-844e-12ada492bd09", "value": "72ea2c440b522607eed37429a1675d8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512559", "to_ids": true, "type": "sha1", "uuid": "02dcc015-f1f3-469f-a0da-caa8b810a84d", "value": "a978992a6364cf3272dcd287f3e242dff4ea0b66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512559", "to_ids": true, "type": "sha256", "uuid": "2164cc16-b729-41d7-9898-bde2025c65c6", "value": "962875288f1da5755c23a5d2e99d8087dc2c3f5b01ea0ea509341d343b5b5291", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512559", "to_ids": true, "type": "ssdeep", "uuid": "1961d239-ff20-4f0d-80a6-c994aa51e033", "value": "96:3YTr7iPFasAR9pjVtXN+DsVhijn28DGHFqU3b0Cm3MxUI9GpXan:34CPFaHVj+wjIn3XU3b5m3M64kan" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512559", "to_ids": false, "type": "size-in-bytes", "uuid": "aacac510-de65-4d33-81c1-44a3187ce67b", "value": "9311" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512559", "to_ids": true, "type": "vhash", "uuid": "67d30d21-076b-4cbe-bb09-afff99cf8900", "value": "809bd7e8071fc988d2f1fdfe7348e82e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512559", "to_ids": true, "type": "filename", "uuid": "fe94f0de-74ad-44e6-84ef-d91d8744bcc3", "value": "New Business Venture.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512559", "to_ids": false, "type": "text", "uuid": "a20fac6a-d4bd-4052-a156-db4dfd909155", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:22/59\nFirst Submission:2017-09-06T17:08:03.000000+00:00\nLast Submission:2017-09-06T17:08:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528482", "uuid": "cb86fc4c-7b97-49f7-99fe-6a87bbad26aa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528482", "to_ids": true, "type": "md5", "uuid": "f37fdd7e-d8e7-4aae-aab9-4729312f3a0d", "value": "73ad7e37ce7a97c3bb5f69a87fe9358c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512601", "to_ids": true, "type": "sha1", "uuid": "3ec5e57a-c2f5-413c-bda4-b6d71d19c118", "value": "ddf2e8a0918acb29eaa7cac157c0462d46d73266", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512601", "to_ids": true, "type": "sha256", "uuid": "40428750-4ce0-460c-98a4-b1fbebb3b7c1", "value": "b97b9b7b54ed58c3761f5c09df3b7653f932206e1ff6d87122873b2fc063c083", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512601", "to_ids": true, "type": "ssdeep", "uuid": "5bbf91fc-7491-4ea5-9edd-002d492f5fb4", "value": "48:3oX+8QWm75LEEs4vY0UNTaHg+EYXW/WocoYVzO:3gQW8u3dFaH/EY2Xf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512601", "to_ids": false, "type": "size-in-bytes", "uuid": "c9d67756-0e98-4c86-9f0e-11e2a8b56d5c", "value": "6036" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512601", "to_ids": true, "type": "vhash", "uuid": "3cc13490-138a-494a-96e8-dbd9604cb567", "value": "85293c777072fcb5c0161589e61d1be22" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512601", "to_ids": true, "type": "filename", "uuid": "e861a715-07f1-4611-89f2-917937d37ba6", "value": "\u041f\u043e\u0440\u044f\u0434\u043e\u043a \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u043f\u0435\u043d\u0438\r .doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512601", "to_ids": false, "type": "text", "uuid": "bbe5329c-f1c4-4aba-834b-f74e7653ca30", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/CVE-2012-0158\nVT Total Detection:38/59\nFirst Submission:2017-04-24T12:21:49.000000+00:00\nLast Submission:2018-05-12T23:43:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528483", "uuid": "25939782-2993-4e5a-bce8-60337fe9cfcb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528483", "to_ids": true, "type": "md5", "uuid": "c69a7b72-2753-458b-935f-53570aee8362", "value": "749cbcc0ec509ffcf8bffaa9874e4f14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512622", "to_ids": true, "type": "sha1", "uuid": "e728afc6-f2d8-4666-b274-dfcb7cfeb2ce", "value": "51feb85f3536e2f9260e99303232b0f4514b5716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512622", "to_ids": true, "type": "sha256", "uuid": "6550b5c4-2178-43dc-a695-8e8423472e93", "value": "7dc74764abe19003932fb1a08ec96abfa8fbd817cf42c070f3dca4df7bec01d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512622", "to_ids": true, "type": "ssdeep", "uuid": "24a9f964-da26-474b-92a4-6e61976110d5", "value": "6144:A9tWXETPQIza2PQJXSrDEzqeeVuHe255SzZRJOSVo8HLSDqq2p/+8gs:iaETPzr4zcvXOSV1HWDq3gs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512622", "to_ids": false, "type": "size-in-bytes", "uuid": "86387621-b299-4352-9c8b-aecc9bd782a5", "value": "1461876" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512622", "to_ids": true, "type": "vhash", "uuid": "d2904892-357e-4ad5-b046-f1b0398ead3f", "value": "856c9c01cb8622597923f305b1e5e429e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512622", "to_ids": true, "type": "filename", "uuid": "cb4158d4-8b7b-4993-baf7-de75e8a7e384", "value": "binary (7)" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512622", "to_ids": false, "type": "text", "uuid": "57c0cfeb-684b-449e-b579-49af65f2542c", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:JS/Tabonachio.A\nVT Total Detection:29/59\nFirst Submission:2017-03-10T10:14:28.000000+00:00\nLast Submission:2017-03-17T14:40:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528484", "uuid": "342deefe-2480-4853-84a7-66eb107db082", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528484", "to_ids": true, "type": "md5", "uuid": "a1470347-1d52-4989-81f8-c9a3b7f973b9", "value": "74b113e6fae947fe9ced001432d6f152", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512643", "to_ids": true, "type": "sha1", "uuid": "0f2f7026-e094-4745-96a0-f5f22c5e7832", "value": "228c23a5f1ead8de24ff8dc626c8b3e274b46c66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512644", "to_ids": true, "type": "sha256", "uuid": "7f13809c-16d0-4d79-963b-bfceedd84021", "value": "391038713033ad9d90f32cc0f2680f62c362e369bba32fdf6009dccaa4bc6fa7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512643", "to_ids": true, "type": "ssdeep", "uuid": "8dfde749-cd5c-421e-8c67-28985480821f", "value": "768:DOCcgTW/59Ig/gqcG5b7ZDS2EAN6j6TL3xdA73mkEbro:yCtCBJ/hcGLxFPu3mm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512643", "to_ids": false, "type": "size-in-bytes", "uuid": "544461a2-d5d6-4899-8b23-a45ed470ba67", "value": "40960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512643", "to_ids": true, "type": "vhash", "uuid": "5d67dec9-54f9-4a05-a8cf-213f6a5a022a", "value": "044047551d1d60501041z200797z77z41400561z5bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512643", "to_ids": true, "type": "filename", "uuid": "8b7fc3f2-3a8d-4754-bb07-4841b3bf2907", "value": "741A53E36A1F3D.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512643", "to_ids": false, "type": "text", "uuid": "0a94db40-5f18-48d6-957f-72bc583e908d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:60/72\nFirst Submission:2018-01-24T11:07:29.000000+00:00\nLast Submission:2018-01-25T16:55:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528485", "uuid": "224f0d5f-4de4-4df7-8a00-2daf925191d2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528485", "to_ids": true, "type": "md5", "uuid": "0b07da9f-2cbc-422c-8c45-fe502d1fc60a", "value": "74d5576a036f8a28ea423f053fcd89e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512665", "to_ids": true, "type": "sha1", "uuid": "16d536f3-f456-4022-91af-6d80c7405133", "value": "6595b53a8ab2cf4cfb29514d9e34110b0fe59a05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512665", "to_ids": true, "type": "sha256", "uuid": "1778d035-782a-4d4f-8167-7162159a8a6c", "value": "dab05e284a9cbc89d263798bae40c9633ff501e19568c2ca21ada58e90d66891", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512664", "to_ids": true, "type": "ssdeep", "uuid": "dab17002-e79a-46a2-a614-5cb04e9036b3", "value": "12288:5nhPaFiaKeQiXJiX6qmvp5sNweQOzGKfwj0TuZ:5nhPaQkXc3Gehznf20TuZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512664", "to_ids": false, "type": "size-in-bytes", "uuid": "74e0c9b2-d2f3-4760-b659-583810930549", "value": "603648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512664", "to_ids": true, "type": "vhash", "uuid": "b14d6742-069c-439d-9f7f-ff7f21f0a3df", "value": "16505656651d6567zf002033lz5ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512664", "to_ids": true, "type": "filename", "uuid": "097a60dc-0156-4337-aa3a-9bf47dfbb008", "value": "74d5576a036f8a28ea423f053fcd89e2.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512664", "to_ids": false, "type": "text", "uuid": "fda2d2ae-1041-4270-a718-a30d5f58d07d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Multiverze\nVT Total Detection:52/73\nFirst Submission:2017-08-31T09:57:45.000000+00:00\nLast Submission:2018-10-04T21:30:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528486", "uuid": "6a879fe5-163c-4183-a8f1-486cdda944db", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528486", "to_ids": true, "type": "md5", "uuid": "df71b686-0cfa-4059-9e97-30f1cfe3d4cc", "value": "752fc2b1736b7b6e124ef8012c744c33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512686", "to_ids": true, "type": "sha1", "uuid": "8ac3f0b6-8144-42a2-951a-b29d21379548", "value": "3625701416da78a44a2285e8b9949ba3791612b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512686", "to_ids": true, "type": "sha256", "uuid": "b92def42-d593-4136-89dc-608900c42d7d", "value": "24751664a8330caafc86429dcf176a417255beaf7d4d71baa845838092a20125", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512685", "to_ids": true, "type": "ssdeep", "uuid": "63e42780-f2db-4957-879f-c61c3e74127d", "value": "6144:eDx1mHzCXboAhc/8eJMa2PQJX/oCDKhg7ukOJotityuJZ3x4XHOWjZCGp4+rl7:enmHGLhhc/8eJJWT8+yuJZ3qTjZjl7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512685", "to_ids": false, "type": "size-in-bytes", "uuid": "d89c755a-40be-43f2-b9cb-bd882e580d4d", "value": "1517140" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512685", "to_ids": true, "type": "vhash", "uuid": "158e2afe-dad1-47ac-b37e-f110b2c1aec8", "value": "8ba01aec0675f42eebf5fe9c783b2186c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512685", "to_ids": true, "type": "filename", "uuid": "3be11812-f90e-4704-a9d0-7bb03efe2489", "value": "Visa Payment Fraud Disruption.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512685", "to_ids": false, "type": "text", "uuid": "5acc6962-449d-48d4-9b74-a41dca24a330", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:26/59\nFirst Submission:2016-10-28T10:09:23.000000+00:00\nLast Submission:2016-10-28T10:09:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528487", "uuid": "3696126f-7559-4bbf-92dc-df9c4fd8e08f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528487", "to_ids": true, "type": "md5", "uuid": "dce3eb01-ce81-45e6-a453-90e1b9b82fd9", "value": "77ece7a13d98ac81e5022f8239985f9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512707", "to_ids": true, "type": "sha1", "uuid": "0bd49f4a-6175-4719-ae34-d31912700046", "value": "77cc3026c1dddbc71a0231e05816fe764699aeb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512707", "to_ids": true, "type": "sha256", "uuid": "48fa16bd-7dda-4367-9a02-ec816f4155cd", "value": "9c7cdd09d54c717ea58b0bc2441d54e63216216e37d1ab473838933304424b44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512707", "to_ids": true, "type": "ssdeep", "uuid": "911da4df-a92c-415f-8516-f4e64bfdfecc", "value": "6144:A3pn9SfsNEOFha2PQJX6oCDKhJ3/z9Ndq35d9aF5mU0NdPIXMX5TWiWp7+MIu:lsNbWpcHaF5+7GATWbIu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512707", "to_ids": false, "type": "size-in-bytes", "uuid": "bc8b934e-009d-438c-9d74-23448439bf61", "value": "1445791" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512707", "to_ids": true, "type": "vhash", "uuid": "bf90707d-446a-4edb-b709-fd50b725187d", "value": "870093b6c7b3da1dae72c18674ad25be5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512707", "to_ids": true, "type": "filename", "uuid": "e27a1343-9d03-4649-8e8d-1dca5efc2849", "value": "\u0438\u0437\u043c\u0435\u043d\u043d\u0435\u043d\u0438\u044f \u043f\u043e \u043a\u043e\u043c\u0438\u0441\u0441\u0438\u044f\u043c.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512707", "to_ids": false, "type": "text", "uuid": "28e404c1-5e17-46c1-9e93-b9f5c3d3f9ab", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:25/59\nFirst Submission:2016-10-18T00:09:47.000000+00:00\nLast Submission:2016-10-18T00:09:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528489", "uuid": "d86fb393-7d1a-49f7-b40c-f275a208934b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528489", "to_ids": true, "type": "md5", "uuid": "54a4b3d4-6c87-448d-8cc4-102a59fc0e5f", "value": "785ded9a20d7e63942e175a947d45f9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512728", "to_ids": true, "type": "sha1", "uuid": "007a335b-8e77-48f0-bc52-bb7161af7a58", "value": "1a0ae6380753572a459b442aafe5de3593cdd30d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512728", "to_ids": true, "type": "sha256", "uuid": "3e186424-4e6d-4c3d-9c03-f305d566835c", "value": "b070320b92ac42af6100936fe4f4519a4237fb1104081eab4d6602b09b10d6b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512728", "to_ids": true, "type": "ssdeep", "uuid": "40df1354-8beb-4238-867f-a6b3674cadd9", "value": "384:TDCXYy5BerCDlggDpq4z9TeyvIodc3qUH2C5XRdFG6F7//ozMACII0tzJ:Tty5BoeTDpq4zcwLdc3qUvRdhACId5J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512728", "to_ids": false, "type": "size-in-bytes", "uuid": "64c3e372-30f6-48dd-a181-1e1c84f593f8", "value": "19301" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512728", "to_ids": true, "type": "vhash", "uuid": "a98544da-11a6-417e-9149-77213236d2d6", "value": "7c39b4d81e858a1b757a27c6be23ca88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512728", "to_ids": true, "type": "filename", "uuid": "eabb4cbb-6534-4b21-90f7-cbccaa7ea4f9", "value": "m11.hta" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512728", "to_ids": false, "type": "text", "uuid": "aa10d984-5397-4c36-ba30-1abce4d82de7", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:22/62\nFirst Submission:2017-07-05T07:56:45.000000+00:00\nLast Submission:2017-09-20T15:43:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528490", "uuid": "67904374-076f-4b8b-8711-b9d4500e0008", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528490", "to_ids": true, "type": "md5", "uuid": "9734ca8a-7e48-449d-96bd-0172ed3863de", "value": "7c5e8302ac75588b16a88b158ab3b595", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512749", "to_ids": true, "type": "sha1", "uuid": "1d6aab71-b533-42dd-b37f-2d1d7ab1df10", "value": "73621392d3b95aa2babef481a77cafeaeb5e8c2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512749", "to_ids": true, "type": "sha256", "uuid": "bc3d9283-ef22-4dee-ac56-adf21817bac1", "value": "281c235610645efeba54a7e1a45bdd8f95f1fd37e354fee204c8492d33348e53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512749", "to_ids": true, "type": "ssdeep", "uuid": "1aebdd54-a86d-498f-bf8e-9e8bc4aa433c", "value": "6144:uJKJRXE6Gx2a2PQJXnrDEzqee3/Pp9VO4AllypRlophvH/yfL6apa+1T1:uMJRX0dr4zcUnypR+zyfLvT1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512749", "to_ids": false, "type": "size-in-bytes", "uuid": "92901ad9-6365-493e-9bf5-13fd46e1b681", "value": "1447069" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512749", "to_ids": true, "type": "vhash", "uuid": "d1e6f3ed-acdb-47c6-a7e1-a66b071edff7", "value": "83083d9f0efb36cb511b395ab4b9f0eab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512749", "to_ids": true, "type": "filename", "uuid": "fbc6a49a-b0e5-443e-aa7d-664e6f2dc352", "value": "rezyume.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512749", "to_ids": false, "type": "text", "uuid": "b9fa413f-7b4b-4256-a38a-9f00facb3a32", "value": "Type Description: Rich Text Format\nMicrosoft: TrojanDropper:Win32/Swrort\nVT Total Detection:34/62\nFirst Submission:2016-10-10T09:17:55.000000+00:00\nLast Submission:2024-09-27T16:38:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528491", "uuid": "60bb27b9-1413-4eda-b8f9-2e0d93042a4a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528491", "to_ids": true, "type": "md5", "uuid": "ef049ba2-b4d5-4250-806c-73185fe4a2dd", "value": "7fa1af2adba39ef6efe0f870c057554d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512771", "to_ids": true, "type": "sha1", "uuid": "fe81fb6a-ce3d-4862-beb8-5e621b42003f", "value": "c725b9b4fe1c5b4f8eeab629dc434fe244138387", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512771", "to_ids": true, "type": "sha256", "uuid": "3a4baba2-f839-49b9-ab56-0f180ce91a1e", "value": "7d0bf8035d882c77982fdb843f25ea7621b3eb68ecfb44b92a08d34722a426e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512770", "to_ids": true, "type": "ssdeep", "uuid": "3e0f42c8-6de0-4abb-8dc8-6e0a7bdaeac1", "value": "768:lqVNSDFUfpK0rhOMme1NW+VL1DCkXrCPOZBeMNZNTMQE0MxUeIRJ:P8hObI9L1DCX4J7wQiUe+J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512770", "to_ids": false, "type": "size-in-bytes", "uuid": "a679d051-3ca9-41ae-b9a3-0863e36d9969", "value": "58899" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512770", "to_ids": true, "type": "vhash", "uuid": "14333ab5-781c-4e4b-9753-cfcfa325ced9", "value": "0540766d1c1zd1d701az3c9z35z13z41z4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512770", "to_ids": true, "type": "filename", "uuid": "3e36fd6f-7633-41d2-b3de-f6c2d1362df6", "value": "7fa1af2adba39ef6efe0f870c057554d.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512770", "to_ids": false, "type": "text", "uuid": "cef737b8-210a-4e3e-83c8-8e3177e6e337", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:51/69\nFirst Submission:2016-08-02T20:42:52.000000+00:00\nLast Submission:2016-08-02T20:42:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528492", "uuid": "e572ae4b-e637-4154-b8bf-73c882b86570", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528492", "to_ids": true, "type": "md5", "uuid": "fd44a2ff-1382-45bd-905b-cf66223322af", "value": "80623478382370476d0b3ddc7fe68a88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512792", "to_ids": true, "type": "sha1", "uuid": "8a997bf0-5567-47b7-8004-fca491062d1b", "value": "5a144bb7b4a406e76ce30fc83ab9545d5dd425cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512792", "to_ids": true, "type": "sha256", "uuid": "08f39ac2-e16d-45b6-90b0-c836a2e0f6ce", "value": "1bd965be68ac71c12aaa198fe363637c2fed18ca31a89f151a10b1af340c4b41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512792", "to_ids": true, "type": "ssdeep", "uuid": "a7445100-a29b-467c-bc1e-1e275ded5bba", "value": "6144:KSygsEE1HQYyKa2PQJXvoCDKhVD7VHUmkOTz2VNVBVsM9dAbMNrRKSpQ+bVn:4EfYMWHdcnVBVZ9dlrRbVn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512792", "to_ids": false, "type": "size-in-bytes", "uuid": "0efb18a2-a358-4d74-93c3-d79e32cd6c0e", "value": "1467877" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512792", "to_ids": true, "type": "vhash", "uuid": "7559fc9b-1fb2-4610-9f14-76782728313b", "value": "85198044af91833d68a858e2e4a2ed31d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512792", "to_ids": true, "type": "filename", "uuid": "b3980c52-480c-4310-985c-c7ae64dfd2e4", "value": "Terrorist Financing.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512792", "to_ids": false, "type": "text", "uuid": "ba284730-1a9d-48ae-a4e8-8ab34ca23d44", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:26/59\nFirst Submission:2016-12-01T02:08:59.000000+00:00\nLast Submission:2016-12-21T07:17:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528493", "uuid": "9066f87f-a6b1-4115-842e-9524abb2eebb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528493", "to_ids": true, "type": "md5", "uuid": "ef10fdda-abc8-4df2-ae64-b1c5ca53b73b", "value": "820299c5bc8357743b222c11a3e50734", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512813", "to_ids": true, "type": "sha1", "uuid": "aa68eca2-3f52-4716-8915-3a4ca2c920cf", "value": "99c690baa8c8dbba851673134f8103520aa0460e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512813", "to_ids": true, "type": "sha256", "uuid": "6c7c5a7a-a4f9-40c5-aa06-3005fe59d4cd", "value": "19ca92213b894397315f2b97b020c59d89af911cfa5d83560a28bc00dbc8f1ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512813", "to_ids": true, "type": "ssdeep", "uuid": "491f4863-45dd-4368-92d3-4b7bca686e15", "value": "1536:I4G9117dIACwljrvXyoH4UisnooWTyaIDdyYXRyMEjoUOKRfaavqwQeHefu/zbfM:w1JywlPXr4knoEkfaaBB+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512813", "to_ids": false, "type": "size-in-bytes", "uuid": "a2744e6d-27b2-4619-8d36-ea81ddba262b", "value": "303667" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512813", "to_ids": true, "type": "filename", "uuid": "2be14d36-2a86-4628-8572-6b16d2961948", "value": "Invoice W256099386.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 20/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512813", "to_ids": false, "type": "text", "uuid": "d844570f-1acc-406f-b98a-883254273539", "value": "Type Description: unknown\nMicrosoft: Exploit:O97M/CVE-2017-8570.G\nVT Total Detection:45/60\nFirst Submission:2018-02-22T12:03:05.000000+00:00\nLast Submission:2018-05-11T00:10:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528494", "uuid": "7fd38881-7bcf-4612-81e3-7e985beaa81a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528494", "to_ids": true, "type": "md5", "uuid": "33d60b01-6e16-47ae-8b2e-25e269384a2d", "value": "84245bd582caf2bb26681fcd9d1fb09e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512855", "to_ids": true, "type": "sha1", "uuid": "65227bdc-fedf-4efd-9e83-f33c2d54086e", "value": "2b6bd89ff52a1755967c588eb8596d963669ecf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512855", "to_ids": true, "type": "sha256", "uuid": "a347e76f-dd29-4cb6-afa1-6fc94c8d0cf8", "value": "cb7f5dd7b0d6465a2d0b83042154f4329f6b7b2727c5ed17b95d777e43f437e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512855", "to_ids": true, "type": "ssdeep", "uuid": "160ba572-b097-4c91-b724-4149c8c58f02", "value": "1536:6jVI8GBXZlX3Pq4MbwICS4AhhWw8nNYbf:iVIzJd37MbDf8NYT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512855", "to_ids": false, "type": "size-in-bytes", "uuid": "4f1daf21-7fff-4261-a2e0-57c3016ac68c", "value": "53760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512855", "to_ids": true, "type": "vhash", "uuid": "17285572-7980-4650-85b2-9d2ffa1de465", "value": "15405656657d756az1a0b&z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512855", "to_ids": true, "type": "filename", "uuid": "a2ec492f-cd7a-4a02-bcf4-2d02b93c06ce", "value": "123.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512855", "to_ids": false, "type": "text", "uuid": "3c8e8329-aaaf-48c1-884e-824db66329f1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Zapchast\nVT Total Detection:55/73\nFirst Submission:2017-07-05T13:48:18.000000+00:00\nLast Submission:2017-07-05T13:48:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528496", "uuid": "d21e4082-eb26-4448-aee4-4df7bb58f1a0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528496", "to_ids": true, "type": "md5", "uuid": "aa1dc167-5032-4d87-855f-ecd0c52e8c31", "value": "85d074aa473f3ae94275f885f8a7d37e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512876", "to_ids": true, "type": "sha1", "uuid": "d100cd89-258b-4a6c-a4d1-85efd9f6fbf8", "value": "33ef1a39c9bb8dde67e9fd86b3eee2b3b4e15b81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512877", "to_ids": true, "type": "sha256", "uuid": "0a067bc7-ba70-4809-8443-5148fd945ef4", "value": "1c423933af5f5c95201ec9efffed171af1a3074cdeb1377b86dcaf8177cf5cb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512876", "to_ids": true, "type": "ssdeep", "uuid": "39a8bb0c-54df-45ee-b007-434efcd14335", "value": "6144:BB2XCzZDkSa2PQJXNrDEzqeesU2TvZOthveE5LhFign4TfdPD6api+tnN:BMSFD4r4zc/vNLhFjncPDvnN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512876", "to_ids": false, "type": "size-in-bytes", "uuid": "db958c49-27f2-4187-843d-f26521219ce3", "value": "1436702" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512876", "to_ids": true, "type": "vhash", "uuid": "499505a9-b587-4dd1-8eb6-ab0cb00732f9", "value": "856c9c01cb8622597923f305b1e5e429e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512876", "to_ids": true, "type": "filename", "uuid": "f5a46d9e-cec9-4b09-adc7-b9c9ba0ac319", "value": "1c423933af5f5c95201ec9efffed171af1a3074cdeb1377b86dcaf8177cf5cb9.vir.DNvir" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512876", "to_ids": false, "type": "text", "uuid": "0c2ab9c3-2a80-4585-97ab-89a2d6f497ba", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:JS/Tabonachio.A\nVT Total Detection:29/57\nFirst Submission:2017-02-08T03:18:36.000000+00:00\nLast Submission:2017-07-13T05:43:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528497", "uuid": "dc696364-bc8e-4b94-82ab-5ccd2b8e7599", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528497", "to_ids": true, "type": "md5", "uuid": "fa4eec35-e2de-4345-bd3d-fe513bc1ed8a", "value": "87325b2522f8a48b8e5f149dd5e8eea2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512898", "to_ids": true, "type": "sha1", "uuid": "57b12a16-b81b-438b-b7c2-fdc54ae11aee", "value": "bc938e40c3622f6ce323b9333537603199da6bb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512898", "to_ids": true, "type": "sha256", "uuid": "1ec3218d-19bb-46fd-aea2-27fb5a0ec9d5", "value": "9ea113bcfb80a6e7bbc687295a60a30e08492e9c1a5bf1bb1c84c4f12bf70045", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512897", "to_ids": true, "type": "ssdeep", "uuid": "df524f3a-bbec-4b23-9e7d-082da3b73c03", "value": "6:L4mhFDzh+dEXLkV07+FUhjR5WEh9QJCtPVQ:5hFDlBbGLMjfl9QoPV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512897", "to_ids": false, "type": "size-in-bytes", "uuid": "efc67a97-eb78-4d8a-9d88-4a7c72dde990", "value": "1464660" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512897", "to_ids": true, "type": "vhash", "uuid": "4d6bea24-5b21-4d39-b672-415efbe3f2ed", "value": "896c945c293b3550ae1c0f606a24203c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512897", "to_ids": true, "type": "filename", "uuid": "302308c0-7738-4adf-918f-52a51b13cb8a", "value": "alert.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512897", "to_ids": false, "type": "text", "uuid": "28efc498-6cd6-4171-8ef9-b2c91c4618ad", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:0/58\nFirst Submission:2016-10-20T12:28:18.000000+00:00\nLast Submission:2016-12-05T06:19:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528498", "uuid": "db07cebe-907d-4501-b340-6517a92737fa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528498", "to_ids": true, "type": "md5", "uuid": "b56a4922-6c6b-4861-8876-0032488b3a95", "value": "87aa6f8b236f77ea6ba2960e339a2418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512919", "to_ids": true, "type": "sha1", "uuid": "a54d2a7f-85bf-4666-9e52-70d1acefcc51", "value": "de6de0f0344693ff9fbc1c342867afee5bce3725", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512919", "to_ids": true, "type": "sha256", "uuid": "f96b801d-a3c6-48f5-81b6-54363cb64ce9", "value": "cd0170e8e982ec7e87a916d1fd137a7e056c97f64b269eb7696b361bc9c7d1b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512919", "to_ids": true, "type": "ssdeep", "uuid": "dba66a80-683c-4e98-a37c-34620ad970ba", "value": "48:erjbidGKR4ulZhCr6hzr6hnr6hmr6hdr6hLr6h6r6hhrGL:5dGKR4ulrxAMdO4JAL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512919", "to_ids": false, "type": "size-in-bytes", "uuid": "062a86d1-60ff-4e32-af2b-5df25be38ae2", "value": "2288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512919", "to_ids": true, "type": "filename", "uuid": "d21b7410-de17-4e42-959e-5c178b11d99f", "value": "task.bat" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512919", "to_ids": false, "type": "text", "uuid": "30ea9b3b-dbcd-425e-a211-7004bad6f2ff", "value": "Type Description: Text\nMicrosoft: Exploit:O97M/CVE-2017-8570.G\nVT Total Detection:30/58\nFirst Submission:2018-02-15T18:42:15.000000+00:00\nLast Submission:2018-05-28T07:24:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528499", "uuid": "ac295672-559f-4b0f-8353-a5fe9c1a87c6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528499", "to_ids": true, "type": "md5", "uuid": "5745f375-fd0b-4f80-901f-d443437cad07", "value": "87cd2fa87920d8f16eb10db54f9274c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512940", "to_ids": true, "type": "sha1", "uuid": "9751c9a2-9c1e-499d-8cc8-090d133f0484", "value": "819a0a6697c42e6263fb84574b6813c1311b4a2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512940", "to_ids": true, "type": "sha256", "uuid": "c41db0ef-4ae4-47b0-82aa-8f89ff964c9d", "value": "b1ed69a9223465340036ff753a1b568ae4ee3f2e36b8fe0249699799aab01f14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512940", "to_ids": true, "type": "ssdeep", "uuid": "fd3f4dee-69ab-4947-ac0f-16b7e3f1974a", "value": "3072:jJc51syUQdHyXAbxCdKlp9OQP8b4q/lT7o6XSzJUXDPt9sIGeMSZ+5:GRdH+sColp9Ou8b4qC6XkJYtyJFT5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512940", "to_ids": false, "type": "size-in-bytes", "uuid": "fa5ffe18-7c00-48ba-a908-a18114f9c246", "value": "183296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512940", "to_ids": true, "type": "vhash", "uuid": "63173760-bc14-40a5-9b3f-d5175f6142e7", "value": "77c529945c5452ecacc907dc9153d152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512940", "to_ids": true, "type": "filename", "uuid": "d79a07f9-35a1-40af-9385-fc350e2e0d04", "value": "malware.doc_" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 14/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512940", "to_ids": false, "type": "text", "uuid": "a68d2f2b-a8aa-4436-9c90-feae0bbe4226", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:42/63\nFirst Submission:2016-10-18T12:31:18.000000+00:00\nLast Submission:2016-11-20T16:54:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528500", "uuid": "c82695ae-f680-45c8-9f75-a5a81260ebe4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528500", "to_ids": true, "type": "md5", "uuid": "028af7c6-1ad5-4ad1-9544-a13a0ffb8829", "value": "87d595e68a7b871564d9c70b1a9066f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512961", "to_ids": true, "type": "sha1", "uuid": "e43aa626-ed94-4d14-b5a4-7705d12296bd", "value": "7fd9cd1ec3e7e174a87157c21122e27c3a946f11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512961", "to_ids": true, "type": "sha256", "uuid": "d46438a1-812b-40f4-9ada-37c3cf79b49b", "value": "44fb5685527f8faf9a721ff81ca4ce14e4e8da5f796c8568146d2e9145f1ff1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512961", "to_ids": true, "type": "ssdeep", "uuid": "b0b9f1fe-9de9-4e39-b285-9beb0aadcf64", "value": "192:mpuEphg7DVl3i4jnZOqD8U9/qDbaClr/FlMQJA+n:AVgJFi0Zd8UVp41D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512961", "to_ids": false, "type": "size-in-bytes", "uuid": "5bc9d387-b15f-4b2c-b8b6-2b0c678a37e4", "value": "11264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512961", "to_ids": true, "type": "vhash", "uuid": "ec476a00-cd49-4d42-befc-a3a264b82cbb", "value": "114056651d15551018z14lz13z9az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512961", "to_ids": true, "type": "filename", "uuid": "e279aab6-88b0-4fb9-8288-ac3456883437", "value": "VirusShare_87d595e68a7b871564d9c70b1a9066f5" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/10/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512961", "to_ids": false, "type": "text", "uuid": "59c68908-4770-476f-a069-0a2b4a004f62", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Cobaltstrike!ml\nVT Total Detection:49/68\nFirst Submission:2018-03-26T14:10:37.000000+00:00\nLast Submission:2021-10-23T20:49:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528501", "uuid": "2f9bd946-78e5-45d2-8191-97020900254e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528501", "to_ids": true, "type": "md5", "uuid": "11653b5c-8a5f-46f1-b47a-573fc79aaa88", "value": "88b33fe677772431f7c37751c89dcb47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746512983", "to_ids": true, "type": "sha1", "uuid": "c38d3e6b-9f94-4286-abdc-9ba1e25f905e", "value": "ce036b26a86d7897d0a8c9a4e6b8931bd9caeda4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746512983", "to_ids": true, "type": "sha256", "uuid": "0541716a-5c79-4722-a863-8ac2b6f490ff", "value": "cb01e0b835b05265cbad6a279de822c508056f1b16e20a9349717299362a9ccb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746512982", "to_ids": true, "type": "ssdeep", "uuid": "693d6c9a-8d54-440a-a5ca-e8fd389f304e", "value": "192:lfc0R80srl28oyOoWoGo1og7psoSoToq5G5G5TNFh1BBHrSUI6/6rjJ+eTV1/7/K:lU0arJRf/6iSdJ7UOu/R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746512982", "to_ids": false, "type": "size-in-bytes", "uuid": "36fe928c-4386-4b0b-8af9-891bb96083ed", "value": "34816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746512982", "to_ids": true, "type": "vhash", "uuid": "2872abb9-f7f6-459a-b65a-90055f5b75a9", "value": "5b3b482ee06b8064b72c7ea77ddd5436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746512982", "to_ids": true, "type": "filename", "uuid": "540a07ff-e7f3-48a0-a09c-80a11f63a21d", "value": "corp_change_tariff.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746512982", "to_ids": false, "type": "text", "uuid": "fea4d481-b528-4645-872c-c014849fd640", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:0/59\nFirst Submission:2017-06-28T11:08:35.000000+00:00\nLast Submission:2017-09-20T15:40:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528503", "uuid": "966ac451-3a97-48c2-bbf7-e2317e9798e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528503", "to_ids": true, "type": "md5", "uuid": "7a5d0967-eddd-4531-b44d-b138f70627f8", "value": "89889adb22c63186eb8c72323f34b1fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513004", "to_ids": true, "type": "sha1", "uuid": "f625729a-b747-40d1-be18-dd65b07bbd79", "value": "add325b0e7cdc931b3077705eb3960298934682d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513004", "to_ids": true, "type": "sha256", "uuid": "62f35836-a5ca-4700-88ed-7a15cf45c2a6", "value": "e59da7994b71f2dd6f3cdb0ccd094fe5deafe5a80f1328ecc214edc565a40239", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513004", "to_ids": true, "type": "ssdeep", "uuid": "d77853ae-1023-4ba9-905b-8fb29889e49c", "value": "768:lqVNSDFUfpK0rhOMme1NW+VL1DCkXrCwOZBeMNZNTMQE0MxUeIRC:P8hObI9L1DCY4J7wQiUe+C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513004", "to_ids": false, "type": "size-in-bytes", "uuid": "e7d96d77-bb40-40db-9382-4401e584731e", "value": "58896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513004", "to_ids": true, "type": "vhash", "uuid": "63631c4b-220d-475b-b1e4-bb6d1f831e80", "value": "0540766d1c1zd1d701az3c9z35z13z41z4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513004", "to_ids": true, "type": "filename", "uuid": "e7b3d7cb-fdc6-4ebd-bc0d-0a8fc11563ed", "value": "89889adb22c63186eb8c72323f34b1fd.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513004", "to_ids": false, "type": "text", "uuid": "5a576e2f-de3d-49c3-a6f5-ab767111977c", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanSpy:Win32/Banker\nVT Total Detection:51/68\nFirst Submission:2016-07-31T14:30:32.000000+00:00\nLast Submission:2016-07-31T14:30:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528504", "uuid": "143c537c-ac5a-4f02-9a98-c1fc7d507ca0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528504", "to_ids": true, "type": "md5", "uuid": "d9dc417f-a053-438b-af4b-346619388028", "value": "8993f927beaf8daa02bb792c86c2b5e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513026", "to_ids": true, "type": "sha1", "uuid": "96fb1f03-a334-4c82-8783-833cbdb61cdb", "value": "2e956f406dc546cefacd21c16fb95404d0ca1160", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513026", "to_ids": true, "type": "sha256", "uuid": "c7d2c7a8-aad7-4873-b9bd-0ed375a276b9", "value": "bc4d2d914f7f0044f085b086ffda0cf2eb01287d0c0653665ceb1ddbc2fd3326", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513025", "to_ids": true, "type": "ssdeep", "uuid": "a6511931-1857-4d8c-bf00-59ceb18e31b0", "value": "48:MAVAPiW/EDNMVZbpSL3xMaE1iU7mhgXmw9yvMVy9hSpLV5ZCnJXwh:MAVBWR3GWau7OcyvMVyTCSJC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513025", "to_ids": false, "type": "size-in-bytes", "uuid": "51742447-b31a-489e-bed8-e3071cbaa6de", "value": "8043" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513025", "to_ids": true, "type": "vhash", "uuid": "b807e188-7437-4cbd-ac72-c21663497484", "value": "8eb16705c06b423a6653ca2523888753a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513025", "to_ids": true, "type": "filename", "uuid": "d2ddd86c-8e16-429d-90bc-51450a71e96d", "value": "\u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Visa payWave.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 20/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513025", "to_ids": false, "type": "text", "uuid": "5b3cbe42-2cfd-4997-8b55-f952edbe4c5a", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-11882.SSMA!MTB\nVT Total Detection:47/60\nFirst Submission:2017-11-22T07:54:24.000000+00:00\nLast Submission:2017-12-28T14:15:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528505", "uuid": "abea0efd-84a0-4665-a42f-5b76c034116f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528505", "to_ids": true, "type": "md5", "uuid": "f862273d-7a35-47bf-bea8-397c7174e3de", "value": "89d910180aeaac1029c98d7ae4fe746c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513047", "to_ids": true, "type": "sha1", "uuid": "534e8669-2268-4c77-b197-0f14eec8ac5b", "value": "c2d39336058fe25d2a0b9a9a0ded56d97e3b5566", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513047", "to_ids": true, "type": "sha256", "uuid": "254e120b-0225-4b4a-b9f1-4614e44739ad", "value": "c128aa3fa953b1d4342f852444b016075245ecab1221f8e3a1b6334930da3b52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513046", "to_ids": true, "type": "ssdeep", "uuid": "57b1eaa3-0bec-4ab5-a01a-9ed115e91f44", "value": "393216:ttoIbHJJB29qbXM8e4SNAAjjkdvQwVwUOC9EqDAHRfdO:TLHJJB296xfJ4mOC/kR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513046", "to_ids": false, "type": "size-in-bytes", "uuid": "1279ce0d-e8d5-4ec4-a491-d5a2e232cec2", "value": "16554568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513046", "to_ids": true, "type": "vhash", "uuid": "bb458c4c-02c2-489f-9527-08d3f3caec22", "value": "017086665d1c0d5c0515103016z2az3bz4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513046", "to_ids": true, "type": "filename", "uuid": "cad8d3ec-94d4-4f1a-80df-041873628284", "value": "sklogger_full8.3.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513046", "to_ids": false, "type": "text", "uuid": "e177a98b-6002-4784-859c-29a2e23a7167", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:21/73\nFirst Submission:2017-02-08T12:19:58.000000+00:00\nLast Submission:2024-03-15T11:40:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528506", "uuid": "b6ad40b7-ea33-42ff-a5da-e0be4e137c84", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528506", "to_ids": true, "type": "md5", "uuid": "ceff3572-bf28-4603-a995-47ebee0a4988", "value": "8c8a24a1f8014a171c96c80efab30fc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513068", "to_ids": true, "type": "sha1", "uuid": "f55c946d-8461-4ca5-b7cf-5497edf8419b", "value": "bc217b50e453dc6d66e47ee609784674ca852e4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513068", "to_ids": true, "type": "sha256", "uuid": "e7ed4efa-1a25-49ff-aab9-c5d798489cd0", "value": "64a3f8b0e04356026372d48365a35ce3af89830b7945e32f1d56a7f337ba51c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513067", "to_ids": true, "type": "ssdeep", "uuid": "81428166-70f3-4ebb-8939-e04e5ef1c53f", "value": "12288:A7u4FxrTyonnPrhHJoX42MVJPcns5Qcb7BzEO441EhT5XLv5D0+DYabqQTyKhw7:6u4FxrTyonyWQcbtIO49hT5G+8/MZhw7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513067", "to_ids": false, "type": "size-in-bytes", "uuid": "b710c93e-842f-4eda-8930-d4eb70cbbba0", "value": "441344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513067", "to_ids": true, "type": "vhash", "uuid": "06cf2361-9e27-4177-a3dc-f987f3d9e6ef", "value": "14506656657d75556az2715lz2ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513067", "to_ids": true, "type": "filename", "uuid": "f5aa856d-1f7a-4ba3-88f9-c9a8afe88632", "value": "binary2.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 20/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513067", "to_ids": false, "type": "text", "uuid": "412df0a0-9b8e-4706-bfd8-fd196e068ed4", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.C64\nVT Total Detection:52/73\nFirst Submission:2017-09-06T22:07:35.000000+00:00\nLast Submission:2017-10-05T22:34:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528507", "uuid": "4a0ce7f1-5ec6-408f-9d27-b99d2e2ce61c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528507", "to_ids": true, "type": "md5", "uuid": "c70ab9af-c3d5-435d-b563-37f7edd7a37d", "value": "8c99d3520d8220d58c1990d962647a39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513089", "to_ids": true, "type": "sha1", "uuid": "4c599e6f-29be-4b66-8604-e1c2df10145e", "value": "7e3752d6db0915f28d1566613377ca6e743e1094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513089", "to_ids": true, "type": "sha256", "uuid": "624f0129-57ac-4ff1-94b0-c94e624f7b43", "value": "0f2076ca59666727cf4e0fd9139a8fe87212feae09ad03ca7aaba3cc5d0d1502", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513089", "to_ids": true, "type": "ssdeep", "uuid": "46a1dfa9-64fe-420b-8407-1d7104800f92", "value": "384:TDCXYy7d5j10r2u+FG9IceMvFG6F7//omMAOv:Tty7Ru+fUWAa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513089", "to_ids": false, "type": "size-in-bytes", "uuid": "69d384bc-9521-47b4-854c-33231526fb0c", "value": "19673" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513089", "to_ids": true, "type": "vhash", "uuid": "eac243ba-6940-40d3-bab9-4a9307cf92b7", "value": "7c39b4d81e858a1b757a27c6be23ca88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513089", "to_ids": true, "type": "filename", "uuid": "96e2ee67-82a8-4f5e-a87c-e7b0ad56c19f", "value": "8c99d3520d8220d58c1990d962647a39.xls" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513089", "to_ids": false, "type": "text", "uuid": "94767d1e-0986-4d75-8f1e-9acfb495b826", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:7/62\nFirst Submission:2017-07-07T12:01:00.000000+00:00\nLast Submission:2020-11-16T22:08:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528508", "uuid": "35d88e23-28cd-4135-aa90-8fd316502871", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528508", "to_ids": true, "type": "md5", "uuid": "a41b321c-5c6d-4285-a1f7-9216d261f477", "value": "95862a286c6f2c6205dc7d97ed12f753", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513131", "to_ids": true, "type": "sha1", "uuid": "38ecae0d-99e1-486a-b489-4aeb17a61c9d", "value": "0527c9e894b0eac9d7e83be4afabfdda701d0f5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513131", "to_ids": true, "type": "sha256", "uuid": "4760794f-bf66-4ef6-b989-c6893968d8c4", "value": "688c7160874a2525faaf218a3365071bd16446a6d5c981b59a30950c8c0a2f87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513131", "to_ids": true, "type": "ssdeep", "uuid": "b1496457-5443-47c9-99ab-598034ae31ab", "value": "196608:pj5Pq8oHV8cemgbBRIOPlHnEu5zdxRDU1yRVJfVbBpY4:pjgZV8cemX2xEUzZY6JfVbB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513131", "to_ids": false, "type": "size-in-bytes", "uuid": "b6df00eb-5f5c-4a42-bad1-6dd5277a48c2", "value": "6760834" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513131", "to_ids": true, "type": "vhash", "uuid": "d6884e07-a343-4ea2-adda-f1d8b60fd143", "value": "066066655d1515556az86!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513131", "to_ids": true, "type": "filename", "uuid": "74d9b620-cc00-4493-8fd1-4238d96a64de", "value": "688c7160874a2525faaf218a3365071bd16446a6d5c981b59a30950c8c0a2f87.exe.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 11/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513131", "to_ids": false, "type": "text", "uuid": "82f0e1e7-9e6f-4cf8-b0c8-a66f56e70cf4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:40/67\nFirst Submission:2017-07-28T06:38:42.000000+00:00\nLast Submission:2017-07-28T06:38:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528510", "uuid": "614c3ba7-6600-4ca5-a8a8-d27f724fbf31", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528510", "to_ids": true, "type": "md5", "uuid": "9ca5f3f9-5577-477a-a37b-766ad8677eb4", "value": "95a1a53b1f3309b07722a2fd5b9ad1b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513152", "to_ids": true, "type": "sha1", "uuid": "991ef28d-e3f2-458d-9eb0-f4a903d54a94", "value": "5e7046539fc51460f353a2a20e97135da8e1c946", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513152", "to_ids": true, "type": "sha256", "uuid": "e6008b85-bc59-48bc-a9f0-fe411e21c374", "value": "3db7364b4797a840e35d808b9f65c9dd30e4d0d73988d76ba419706108ae7a21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513152", "to_ids": true, "type": "ssdeep", "uuid": "cffcef51-c9d1-4727-997e-49bb3ce6a216", "value": "768:zcoaujaJOjwoyz/2TmuJmGoomU0eR/d8x0+3HYeZY+jgv3k:ooDjwrQJVmWtgD2+jIk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513152", "to_ids": false, "type": "size-in-bytes", "uuid": "62ab9df9-81bf-4246-81ef-f7b203a7abd3", "value": "50176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513152", "to_ids": true, "type": "vhash", "uuid": "a6be72ad-4d25-45e8-9948-96f644e3bc2c", "value": "054046151d151az1cmz22fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513152", "to_ids": true, "type": "filename", "uuid": "95d503e6-939d-4441-9813-ff363a6760b8", "value": "JiT Browser 6.0" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513152", "to_ids": false, "type": "text", "uuid": "acc77af4-4956-4dab-adb9-f0a4ff4d64ff", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Zbot.SIBD25!MTB\nVT Total Detection:59/72\nFirst Submission:2018-02-27T12:01:23.000000+00:00\nLast Submission:2025-04-23T20:28:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528511", "uuid": "f343ca52-d028-4d99-a9de-4e8af1823a16", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528511", "to_ids": true, "type": "md5", "uuid": "c57e9bde-848d-4bc1-859b-c8bce1a11590", "value": "966cc404a4f6bf6d77565004a952b3e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513173", "to_ids": true, "type": "sha1", "uuid": "109e7bcf-b875-436f-8bd3-2e519838cd1b", "value": "043e9cc465743a4e191c9e49ba283fe8b22d434e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513173", "to_ids": true, "type": "sha256", "uuid": "04f164d5-5291-4cb8-a45c-7236ced55b55", "value": "3cfe7c1e67988d7ceba746a745c1e18a46af5225d205c11e68c8b4348f399eec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513173", "to_ids": true, "type": "ssdeep", "uuid": "33797a55-d006-4ad3-84ae-9a8e62d62a19", "value": "768:lqVNSDFUfpK0rhOMme1NW+VL1DCkXrCgOZBeMNZNTMQE0MxUeIRJ:P8hObI9L1DC44J7wQiUe+J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513173", "to_ids": false, "type": "size-in-bytes", "uuid": "5ce70153-fdce-4bce-9888-0bd61fdddadc", "value": "58899" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513173", "to_ids": true, "type": "vhash", "uuid": "3b65bdeb-55d2-46c9-b28c-1efe143c3876", "value": "0540766d1c1zd1d701az3c9z35z13z41z4bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513173", "to_ids": true, "type": "filename", "uuid": "b931d1a2-291d-4b0a-9d28-b3825be1aa53", "value": "Action.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513173", "to_ids": false, "type": "text", "uuid": "1e47d0ad-9d0e-4796-b588-a8a805c8ec04", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanSpy:Win32/Banker\nVT Total Detection:54/69\nFirst Submission:2016-07-28T07:24:53.000000+00:00\nLast Submission:2016-12-09T17:49:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528512", "uuid": "5219844d-e063-410b-8e29-cc58174441eb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528512", "to_ids": true, "type": "md5", "uuid": "0e9044c6-d4d4-4f1c-bc49-3f07c5717d49", "value": "96b420f072cd135ed7cac2c6880c1727", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513194", "to_ids": true, "type": "sha1", "uuid": "abee0cbc-d66b-4e4a-8fa5-73132fa92ec2", "value": "9ca5777e3d653e4161e2675620ffbe8f30fbe49b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513195", "to_ids": true, "type": "sha256", "uuid": "a88ebac9-ca11-4665-942b-505a8df087b9", "value": "5f48841d06d9059aa23965bdbe0e96bb01cd7dc6e2a5930e2eb46deae7fb99a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513194", "to_ids": true, "type": "ssdeep", "uuid": "6e4960d5-ac75-45af-a48d-1137a7a150a6", "value": "192:DpuEStlgoeYDscYO4Frlq3cqLxm4WBClr/FuMN4Ff6Mhf+cl6:Ncheb9Oyucq6Z+8Lmc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513194", "to_ids": false, "type": "size-in-bytes", "uuid": "c57c5e26-0bc5-4035-a454-c8f7c514bf94", "value": "11264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513194", "to_ids": true, "type": "vhash", "uuid": "1f837523-7f97-4f68-8ffd-ce1ac44352e1", "value": "114056651d15551018z14lz13z9az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513194", "to_ids": true, "type": "filename", "uuid": "b2cd6579-3cb2-49ba-9840-dca2268ce296", "value": "int4.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 02/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513194", "to_ids": false, "type": "text", "uuid": "8d358e94-f6b1-480c-ac13-c017d01b7d4e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:58/73\nFirst Submission:2019-10-16T05:16:07.000000+00:00\nLast Submission:2019-10-16T05:16:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528513", "uuid": "f6308a6d-4666-424a-bc5a-177168ede497", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528513", "to_ids": true, "type": "md5", "uuid": "749ac2a1-10db-4290-8b3c-05c9e0f1d62d", "value": "96babdcf4dbcae1c40e28443a0535dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513216", "to_ids": true, "type": "sha1", "uuid": "931bbd08-3650-4fc8-85bd-0d3232d98bf8", "value": "dd9bdf212cac50ace88d39f14e153936b8a16052", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513216", "to_ids": true, "type": "sha256", "uuid": "cb81833d-7474-46c4-a915-80d201d235ef", "value": "79b057b17d55a900b1b59af24800d553422314b030f4a9c4f9308d8fbc1dc1af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513215", "to_ids": true, "type": "ssdeep", "uuid": "f53563e2-5246-4c88-9b4f-2171daa58f63", "value": "384:FKpoV8rWPnM3n4BfPRoevaRT3pz2YEUWyQW5fEYQ9hoI1gSBgQevHlvPO3x51x+v:FZV63EoeW3BoU7QW5ffQjoIbBgQox+gv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513215", "to_ids": false, "type": "size-in-bytes", "uuid": "12d6f082-1b2a-497e-820b-779a08fc556e", "value": "24217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513215", "to_ids": true, "type": "vhash", "uuid": "193ea96d-f2c3-40dd-8674-3adbde2f58b1", "value": "2cf1acb2aef4bbb24b63529064bc80b2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513215", "to_ids": true, "type": "filename", "uuid": "55100fa4-96b0-41d3-857a-8a0631fea7dd", "value": "\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 4. \u041f\u0440\u0430\u0432\u0438\u043b\u0430 \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u0439.pdf.rar" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513215", "to_ids": false, "type": "text", "uuid": "d9ba907c-9168-4285-8d88-316be3a0a7ec", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:7/58\nFirst Submission:2018-01-24T11:45:32.000000+00:00\nLast Submission:2018-04-17T05:00:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528514", "uuid": "6364e6fb-e093-4be8-b870-decbb4628b19", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528514", "to_ids": true, "type": "md5", "uuid": "f9b857f7-95fc-4498-9d82-aaa0ab38428d", "value": "9713863011d0db13da1943931ff33b92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513237", "to_ids": true, "type": "sha1", "uuid": "57c4c2ff-c210-4ba3-8165-fd9b1f01af1b", "value": "3de9079ce4427dbced2adf6900400785c1dfb423", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513237", "to_ids": true, "type": "sha256", "uuid": "ccf936f6-e44b-4698-adc6-606cc235f040", "value": "a403f45798ce79f742d9f11eb7621ec5fbb31f9dad5c4c6a183cdeaa758065ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513236", "to_ids": true, "type": "ssdeep", "uuid": "601c6438-b3ef-48c2-9acf-d3581b591a39", "value": "3072:BzfRQWNniZAiB/dVBvj7M9QcYxJH8uByAn0LxWmzf:BzZQWNntiLVB89QcYjbn0LxWm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513236", "to_ids": false, "type": "size-in-bytes", "uuid": "3480a1ca-ae96-460e-9e15-4abd3b9ad53f", "value": "184832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513236", "to_ids": true, "type": "vhash", "uuid": "4ea60a0c-443b-4b3d-ae3f-9d45a7ccb25d", "value": "aa504ffd973bdf8bde9b3374aad66200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513236", "to_ids": true, "type": "filename", "uuid": "223f6537-eb43-442a-93bc-55d6bab380e0", "value": "9713863011d0db13da1943931ff33b92.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513236", "to_ids": false, "type": "text", "uuid": "537355d4-b810-4d66-8e45-ef1bd24e0a00", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:43/63\nFirst Submission:2017-02-02T07:41:41.000000+00:00\nLast Submission:2017-02-08T08:44:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528515", "uuid": "a3e0ed45-b149-44f0-86eb-a3639947f5c6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528515", "to_ids": true, "type": "md5", "uuid": "e8df45ef-0807-48cf-a04f-4049e63dd6de", "value": "996054b4ebf1a81661b6b450113257a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513258", "to_ids": true, "type": "sha1", "uuid": "ce82c85b-b5d1-4b31-8c26-8cde3fbf3afa", "value": "2d736f3f0d0ab9ac6d80511e848cbf1bfcdabe29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513258", "to_ids": true, "type": "sha256", "uuid": "5465dff6-5d8b-454d-84bf-4710bbe3f2c6", "value": "00bc76898f07f18122f386b890d79c9338d223a5b5c89213a4bbf1040bccfa28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513257", "to_ids": true, "type": "ssdeep", "uuid": "fc0f70e0-59a8-467d-a31a-6c52cdba396f", "value": "3072:quIOdIq+UtrBgYP/4usn/beyjgmDW0AA/YsVOK8AVs:E7crBgYP/ds/LO0AA/YsN7q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513257", "to_ids": false, "type": "size-in-bytes", "uuid": "bea53bae-7b3c-468f-903b-9376f0934931", "value": "266659" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513257", "to_ids": true, "type": "vhash", "uuid": "7a704c34-32a8-401f-90a5-fb8152cc98b8", "value": "843db1bb7ebfecc994a907860b02a8121" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513257", "to_ids": true, "type": "filename", "uuid": "9a4550be-39e5-4fed-9aeb-ad8558212ef3", "value": "CVE-2016-7193.rtf" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513257", "to_ids": false, "type": "text", "uuid": "8f532403-4d8a-428b-84bf-421a133ad9d9", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:32/59\nFirst Submission:2017-04-04T09:03:10.000000+00:00\nLast Submission:2021-03-26T16:03:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528517", "uuid": "5d941cb5-441f-4b31-bef7-7e9e13ea1a75", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528517", "to_ids": true, "type": "md5", "uuid": "b5fa2931-37c6-4321-bb68-a8402ab84cba", "value": "9a395e8aca699190e724ac03b70b2924", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513279", "to_ids": true, "type": "sha1", "uuid": "6571578f-5663-41c0-990e-d60c21eeb76a", "value": "30b970761a5fdabe995bf4c2e8958750a641ae09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513279", "to_ids": true, "type": "sha256", "uuid": "b2d5af86-0929-4d62-a8da-5bd443f77f47", "value": "95416dd64701ca61ac4543b31bc1337007d0d568cb07466c30db2e49fde84f99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513279", "to_ids": true, "type": "ssdeep", "uuid": "ecc7d822-c3d7-4ca7-8788-165d08ffc172", "value": "3072:D2RxSO8YmDdYGBlovGrvhO1heZ/NzPJXWeupi:mxoYmVlkiJ88ZxPJmg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513279", "to_ids": false, "type": "size-in-bytes", "uuid": "17206489-4545-4e56-b5bf-030999ab0c43", "value": "220599" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513279", "to_ids": true, "type": "filename", "uuid": "9a1f935b-8abd-419f-82cf-cbaa3d8852c3", "value": "9a395e8aca699190e724ac03b70b2924.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 01/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513279", "to_ids": false, "type": "text", "uuid": "ee473db6-73f6-4cf4-9eb2-94df9e74b845", "value": "Type Description: unknown\nMicrosoft: Trojan:MSIL/Cryptor\nVT Total Detection:40/58\nFirst Submission:2018-03-07T10:37:35.000000+00:00\nLast Submission:2019-05-28T10:27:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528518", "uuid": "4d36d414-d5a9-4174-9b67-a5e11be94a4c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528518", "to_ids": true, "type": "md5", "uuid": "9d24c395-764d-4958-a014-166b940b812f", "value": "9afa9e95a7dcd3defd357292d843af4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513300", "to_ids": true, "type": "sha1", "uuid": "cabbd75b-aedf-4851-84dd-19e4c7cf19ad", "value": "82c9e7f4cadfff38bd139f250ce312d1d486e397", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513300", "to_ids": true, "type": "sha256", "uuid": "70404ae8-69b2-422e-94f7-19635b683ff3", "value": "47fd90c3ec027272c17b6feebfaa8761db61a9b65ec05bd516983a2deabddd0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513300", "to_ids": true, "type": "ssdeep", "uuid": "8a03888a-ad61-45fe-af58-0dcb0ebbf0b4", "value": "6144:kRdH+sCpVtp1hbN5Zf6PQ8PbnubjHjWUY2C1s7z4kW3VJ+wosHf:kRdenz1hbNf6PQ8PbnubjHjWUY2Cy34p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513300", "to_ids": false, "type": "size-in-bytes", "uuid": "7d465c6d-c569-484f-a852-d1c8e6935002", "value": "273920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513300", "to_ids": true, "type": "vhash", "uuid": "8b1540f8-9f42-4a16-852e-719b0c30f683", "value": "ac3e17cabed9a112a74e2e8ae67b106c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513300", "to_ids": true, "type": "filename", "uuid": "cb49cbf3-eb4f-4809-9fb7-161941df4ce4", "value": "Visa_Payment_Fraud_Disruption.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 29/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513300", "to_ids": false, "type": "text", "uuid": "f19ecf3f-885a-429b-9c42-e7cd5ecdae23", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:42/63\nFirst Submission:2016-11-01T07:26:35.000000+00:00\nLast Submission:2016-11-02T07:49:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528519", "uuid": "5cf68b89-4cfb-4aba-b679-f1259a608b90", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528519", "to_ids": true, "type": "md5", "uuid": "1ffa40ad-2e35-464f-b618-e3c588288e0f", "value": "9b6892e8470cfbd605f7037f844dc191", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513321", "to_ids": true, "type": "sha1", "uuid": "0069e577-1c51-49d9-a8fd-079cc14f9932", "value": "55d4b581a13d7ae1e8ad68b9be1d7c24ac76234c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513321", "to_ids": true, "type": "sha256", "uuid": "c3a6ea79-cacc-4811-9003-c14ec93b34a9", "value": "dcad7f5135ffa5e98067b46feec2563be8c67934eb3b14ef1aad8ff7fe0892c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513321", "to_ids": true, "type": "ssdeep", "uuid": "7460f296-1c56-44a9-8d96-71fdc745dc29", "value": "384:WDXG8MCpqva7QeQBRdsdv8ycOPUiSupx+YeS/6T/A0j8t73t3/84g:/7CpqyTc7sGo+Y/iToP84g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513321", "to_ids": false, "type": "size-in-bytes", "uuid": "3b1fafef-33f9-4181-8edc-8ac5407dac80", "value": "48128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513321", "to_ids": true, "type": "vhash", "uuid": "80bc3d02-8f1f-45ad-965f-392fc5ebba6f", "value": "c9993388a2bd3de4a80727258bc18f1b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513321", "to_ids": true, "type": "filename", "uuid": "fb3eccbf-8c31-4bb8-9c90-03bbd05fdf6f", "value": "Fraud alert!.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 18/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513321", "to_ids": false, "type": "text", "uuid": "c4b04017-4dbb-4033-88a6-35356bd79bc7", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:46/63\nFirst Submission:2017-08-31T09:51:56.000000+00:00\nLast Submission:2020-09-06T21:12:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528519", "uuid": "d684b516-3898-4abe-924b-86c685169589", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528519", "to_ids": true, "type": "md5", "uuid": "d4122cd7-08b0-4965-bfc8-5739595ec299", "value": "9cea189eb6935013603619e998150af9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513342", "to_ids": true, "type": "sha1", "uuid": "f92f0642-5329-49e1-be9d-d70c1fa421e2", "value": "225c36cecae716908d6add226de9d4256e28ff51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513343", "to_ids": true, "type": "sha256", "uuid": "dab2114f-682e-4122-983f-90f51f2ce41f", "value": "bc6da633e00c16447175b4cf4895ea7d3fa9f1da187bed795b5d6b399deca3a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513342", "to_ids": true, "type": "ssdeep", "uuid": "7cb707b3-6887-47de-a93c-77b92ccebd30", "value": "3072:7k0MH7Fcv1cH5u8fSNSc3niItjwvoTo9jLg0MLm8iw+XnYv:7DxwkR3nVti5xMaQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513342", "to_ids": false, "type": "size-in-bytes", "uuid": "471a511d-91df-4793-b44c-cb596255e136", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513342", "to_ids": true, "type": "vhash", "uuid": "9c1bd77b-9249-40fb-a49f-77d89dce95e2", "value": "015046151d1577z11z512lz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513342", "to_ids": true, "type": "filename", "uuid": "3d2815ee-4c32-44b6-a351-c7c02c3452aa", "value": "ROZENA" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513342", "to_ids": false, "type": "text", "uuid": "9508f322-28ed-41e1-9795-60dbd6e25576", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:55/69\nFirst Submission:2017-03-16T06:41:13.000000+00:00\nLast Submission:2017-03-19T16:49:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528521", "uuid": "40cf0e9e-b88c-433f-a152-8c3579c60118", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528521", "to_ids": true, "type": "md5", "uuid": "17792867-0f85-4590-abde-40e980fd7eca", "value": "9d443e225e21f160014e79b62c5aea3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513364", "to_ids": true, "type": "sha1", "uuid": "321e62a4-520e-4a31-abcf-4d513642e526", "value": "8539c6fc043a690aa96edcf02b05b935b2b6ea13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513364", "to_ids": true, "type": "sha256", "uuid": "9a3ee75c-979f-4787-9064-41b70756ed6e", "value": "aeb906d5c60094539a81efb4d2b37ce22eb037ef743756550bcde1136a5b5e69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513363", "to_ids": true, "type": "ssdeep", "uuid": "3d200279-e8f6-4efd-a5a0-5def680e1e41", "value": "6144:O5lfKQ3P/hdPfHd/RuVHwu+7rDEzqeehz+myv9O/xhZtM3puzbRrIEfkaKpZ+Cq+:OrdvqjKr4zc1dLMAnjfkfq+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513363", "to_ids": false, "type": "size-in-bytes", "uuid": "bf456b9a-8aa1-4b4b-8e7e-d9f7abe3fd39", "value": "708145" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513363", "to_ids": true, "type": "vhash", "uuid": "8ec64079-7bd8-4866-9f58-dc4b89cbb9d3", "value": "83083d9f0efb36cb511b395ab4b9f0eab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513363", "to_ids": true, "type": "filename", "uuid": "85a249cd-ebe3-4d39-8e2a-50f33900b39c", "value": "Bitcoin ATM's.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513363", "to_ids": false, "type": "text", "uuid": "9d12d79b-79f8-4ebd-be68-011035fd3b43", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:31/59\nFirst Submission:2016-08-04T11:20:25.000000+00:00\nLast Submission:2018-05-20T01:00:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528522", "uuid": "4741b470-59b1-4b14-85e6-033f4284310a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528522", "to_ids": true, "type": "md5", "uuid": "1c1c21da-b8d5-44e6-b7e7-117a8024a47b", "value": "9eaaac2857ac71ce73c2554152042101", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513385", "to_ids": true, "type": "sha1", "uuid": "d8676aea-7c90-45c0-9aac-65a556e336b8", "value": "1fa622992ddfc78d336f1889c325db3ec15c4f13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513385", "to_ids": true, "type": "sha256", "uuid": "6e138da1-fa3d-4717-95c1-8214248ace9d", "value": "bb550ef28f0b8570307341d6b0374c3f28593b058db4fb9156889cc028a09239", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513385", "to_ids": true, "type": "ssdeep", "uuid": "38b3e7c6-6aa6-46ef-b05b-c208dc26b61e", "value": "192:p9PGRDax6PsGXvrDz8928jAmzJXLaeu30ut+VoHAx5Wf7dHy0Q3A:p9PGRDax6PXvqt7ae/V8JBypw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513385", "to_ids": false, "type": "size-in-bytes", "uuid": "d78fa7a6-dd77-4cba-90fe-de1677158085", "value": "7219" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513385", "to_ids": true, "type": "filename", "uuid": "ee3e1e75-4056-48bb-ab1c-3fe2f4014628", "value": "3.xls" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513385", "to_ids": false, "type": "text", "uuid": "b2e78daf-3392-488c-923b-55530b72b08f", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:19/59\nFirst Submission:2017-09-06T21:47:47.000000+00:00\nLast Submission:2017-09-06T21:47:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528523", "uuid": "7f894417-3fe8-4090-8622-7c4a9140301d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528523", "to_ids": true, "type": "md5", "uuid": "6f27f242-b69d-4d1c-b56c-0c2fb928b54b", "value": "a7ed424cf7c78e31bfbd0915b841c6e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513427", "to_ids": true, "type": "sha1", "uuid": "0d4db135-024f-4e44-b7c9-cd89bdb7d088", "value": "30c53e27c4e5928852e5c4d8f25fa7424ac01f9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513427", "to_ids": true, "type": "sha256", "uuid": "8c0d612b-51f0-4813-8639-7b995469c7e2", "value": "c0026bd9402185eec8a1c7ef5639684a7ae0cd56112b23012225d6f07b5ff866", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513427", "to_ids": true, "type": "ssdeep", "uuid": "43fe39ec-2b96-4bb0-9373-ec0d117b92a3", "value": "1536:qsjHEZcwvr5vunv5ezT5LhikaN+PlozctKKKZjxSMWLynzFvDL3eLAwTKwRTXzbT:qbZ2NJENv2M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513427", "to_ids": false, "type": "size-in-bytes", "uuid": "004d39a3-d966-438e-8382-bbe2a5783f29", "value": "155558" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513427", "to_ids": true, "type": "vhash", "uuid": "37b29d76-5524-4cac-8319-45fe28c13379", "value": "80d680c95e074612335d0090140080ac2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513427", "to_ids": true, "type": "filename", "uuid": "da44280b-ecc8-4f67-83c8-beeab01a70ef", "value": "Oracle_RDBMS.rtf" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513427", "to_ids": false, "type": "text", "uuid": "3a31e73e-7d6e-49b8-a95f-b9da22cf1273", "value": "Type Description: Rich Text Format\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:37/59\nFirst Submission:2018-01-24T09:32:44.000000+00:00\nLast Submission:2018-05-11T00:14:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528524", "uuid": "2418c6bb-35e9-4052-a0bb-adc611abaa08", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528524", "to_ids": true, "type": "md5", "uuid": "a340f1f0-ad14-44c3-b5a4-231f920996ff", "value": "a9160049a5e449440fad78482ed5d951", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513448", "to_ids": true, "type": "sha1", "uuid": "ca6dc602-0ff0-4018-bbdd-6957cf3fee44", "value": "4a6e0e46dc6a9aec11278cb39ee41efb7f53dbb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513448", "to_ids": true, "type": "sha256", "uuid": "1231539c-4176-4d64-8f8d-593aeed90b6a", "value": "6daf931cc27b58ec8fa791314dbb060376305aa0bc3246322f7f20896c647940", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513448", "to_ids": true, "type": "ssdeep", "uuid": "4855b9d1-af1c-4ac9-a69f-d2f6b16672c1", "value": "192:7VAteL4U4xFJN3Ex6S6fMHTBYpC6DhBXspIJ2DTt+jBvZqlIpS+y:+PBNYB6fq8b4pIIGBtSn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513448", "to_ids": false, "type": "size-in-bytes", "uuid": "c450439b-f54f-4991-b854-c017e4dc72d2", "value": "8607" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513448", "to_ids": true, "type": "filename", "uuid": "0825a90a-7e33-4e75-92c8-a14f607eb93d", "value": "4398" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513448", "to_ids": false, "type": "text", "uuid": "eaf8e791-4a3a-465d-a2da-779bb6d1ea5b", "value": "Type Description: C++\nMicrosoft: None\nVT Total Detection:12/60\nFirst Submission:2017-09-20T10:55:33.000000+00:00\nLast Submission:2024-01-03T03:54:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528525", "uuid": "edbf8c1e-858a-4a42-9674-ece537d4e356", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528525", "to_ids": true, "type": "md5", "uuid": "0a1e14a3-6c7b-4d2f-8652-7f183fd42db4", "value": "a99db3460ae1bddca50ebb49e7ff98c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513469", "to_ids": true, "type": "sha1", "uuid": "e8008d2f-9288-409b-af72-f542bf564b24", "value": "c218d63c9b29f7b053abfeb5198b2a3e2537fcd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513469", "to_ids": true, "type": "sha256", "uuid": "f9cfbffd-2cf1-4316-8dea-8a353413742c", "value": "dd7639c87f4dfa99b08601cbead7848d9614d84ff0efa685936b881fa27d7331", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513469", "to_ids": true, "type": "ssdeep", "uuid": "8dce9e50-f0c0-4eeb-ba2e-f02d9fdf464d", "value": "3072:Pj6ilf/93lMfou342ElmW1bY11fA/ysOXh6gyfyvGpcsAI+Je:P2iF9lM1INp1btysg6rfYGUe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513469", "to_ids": false, "type": "size-in-bytes", "uuid": "7efbc6d3-a8f2-47a1-9564-3c0078ebf9f3", "value": "155136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513469", "to_ids": true, "type": "vhash", "uuid": "f82a8eca-6fba-448b-90b9-29553d791c93", "value": "11505656656d656018z2c3edz55z25z26z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513469", "to_ids": true, "type": "filename", "uuid": "1322a843-7f57-454e-9dfb-c74826f3b4c5", "value": "wire_drop1.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513469", "to_ids": false, "type": "text", "uuid": "cb7fb686-1a79-4e79-8e14-1ac3b0b10a16", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.CDD\nVT Total Detection:44/68\nFirst Submission:2017-09-05T12:34:05.000000+00:00\nLast Submission:2017-09-05T22:05:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528526", "uuid": "7ea05330-724b-4aaf-9153-992d3b45c79d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528526", "to_ids": true, "type": "md5", "uuid": "b7e79f4a-5211-4b7b-8b22-4e551041b9b9", "value": "ab6800a0a5ce088f9c9655672a42a446", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513490", "to_ids": true, "type": "sha1", "uuid": "f78c2a3d-2aef-4f8c-a0b6-d497b6d28d98", "value": "bb2e566b6ba2353a0284c296ee838e92515198a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513491", "to_ids": true, "type": "sha256", "uuid": "d2302b42-33ed-47cc-8cf0-915f412cf6a9", "value": "8f0892bb8cd79e63e89677c09e77aff46a866467b7f8dad81d210635210efd88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513490", "to_ids": true, "type": "ssdeep", "uuid": "845defed-d344-4b5b-a422-9609b7bc0970", "value": "6144:Tx59iV4GqMlseOI4lPa2PQJXhoCDKhmyYuJkdoxBOZWx4ADKnLJ1nAaGp1+CSS:r9EvljuOWZcCcWx46+nATSS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513490", "to_ids": false, "type": "size-in-bytes", "uuid": "d53c2e5f-6147-4b91-b6e4-8910750f19ff", "value": "1518206" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513490", "to_ids": true, "type": "vhash", "uuid": "70ba5753-ad54-49d8-ae57-be4150e76729", "value": "8ba01aec0675f42eebf5fe9c783b2186c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513490", "to_ids": true, "type": "filename", "uuid": "16943c4c-b5f5-4b70-b90a-549dacbd3309", "value": "Antifraud_instruction.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513490", "to_ids": false, "type": "text", "uuid": "5277f5ed-8d94-4178-837d-ad8a953d9e6f", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:29/59\nFirst Submission:2016-11-01T14:33:16.000000+00:00\nLast Submission:2018-05-20T01:00:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528528", "uuid": "dfabd61a-1f04-440a-afad-5538404f1e18", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528528", "to_ids": true, "type": "md5", "uuid": "634d3c71-d6c6-4cd3-ab33-9ba4e86089af", "value": "ae0e00e8bf6b9722d376cb84eaae2251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513532", "to_ids": true, "type": "sha1", "uuid": "10962ccf-29e6-42ba-a901-e3dd9abf33d5", "value": "5ece8000fdd7b1a444ded8efc0f0cd9c5a8d2be7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513533", "to_ids": true, "type": "sha256", "uuid": "72b06006-f934-4514-a705-6db27641391a", "value": "1e933ac1b3ff56dd3e767ffebb1eb9b05509f5e733719e174b09e52e26680879", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513532", "to_ids": true, "type": "ssdeep", "uuid": "750a8ca5-33aa-4192-9d60-62d65d6e3440", "value": "48:3NNL+8jWmXLEESQUNTa1Dy/QVV7SiWocZpsnODN:3PjWHRFaJCQHWN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513532", "to_ids": false, "type": "size-in-bytes", "uuid": "e40e956b-5636-49f7-bfa0-e1a1e78e5346", "value": "6238" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513532", "to_ids": true, "type": "vhash", "uuid": "a264314b-8fae-4894-863b-29d1148969bd", "value": "85293c777072fcb5c0161589e61d1be22" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513532", "to_ids": true, "type": "filename", "uuid": "30981cff-dd52-45a2-95f5-1cbb158554f4", "value": "WU CANCELLATION REQUEST.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513532", "to_ids": false, "type": "text", "uuid": "05e71647-3c4b-4ed0-b368-e72af5eff08b", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:30/59\nFirst Submission:2017-06-05T07:27:12.000000+00:00\nLast Submission:2018-01-09T21:43:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528529", "uuid": "ff573306-64f6-4a7a-948c-0fd22d1da47d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528529", "to_ids": true, "type": "md5", "uuid": "f2bef534-205e-496b-80e7-4f2da3e9cdd2", "value": "af75147e525ed8e52bf728466d66b9d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513554", "to_ids": true, "type": "sha1", "uuid": "826775a8-4d1f-4058-ace3-f8749fe94716", "value": "05493deb5acc8e54f8a500468983b9af61734bef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513554", "to_ids": true, "type": "sha256", "uuid": "3795ac80-494d-4fc4-9b90-3395910b03be", "value": "cd9572ab21bae521120a2a0f3bbfd8085512504a2ae9aa217db03164828117c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513553", "to_ids": true, "type": "ssdeep", "uuid": "118b59cb-ce6d-42a2-a212-ecaea4bd5f7d", "value": "768:8hVy4LkEy6UQLxpiIxnHdDHoWIjf7PUYPHingAwk0qLE:MVy4LkVCxgEnHyWiPVKgAwkw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513553", "to_ids": false, "type": "size-in-bytes", "uuid": "5a564068-7007-4302-a0b6-3f0cd90a946f", "value": "51712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513553", "to_ids": true, "type": "vhash", "uuid": "a916b88b-7b82-46e3-bd3a-21819856af2e", "value": "054046651d151az1a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513553", "to_ids": true, "type": "filename", "uuid": "bb0021da-64d4-4c74-9b1c-3d89602d9a7a", "value": "tclsh86t.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513553", "to_ids": false, "type": "text", "uuid": "7807fa11-bae7-45b3-914a-738394102f04", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:48/69\nFirst Submission:2018-03-14T14:11:29.000000+00:00\nLast Submission:2018-03-21T15:06:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528530", "uuid": "3d8bd524-ff0b-478f-8ac0-bdbd9fe16871", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528530", "to_ids": true, "type": "md5", "uuid": "562777ca-7e37-428e-ab51-d3f3aba70069", "value": "aff47ad6ee85747ec3fe5fcbd8441cf7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513575", "to_ids": true, "type": "sha1", "uuid": "b10d0d65-ce2d-4445-aa33-6c5de4f7a9be", "value": "8e4cf7f995c28e28807af0d19e40badcfcc35839", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513575", "to_ids": true, "type": "sha256", "uuid": "3d970585-0daa-484e-9c2d-8d6aa29fab1a", "value": "0413f17f76d3a2eabd0c04c9fdd9d1c165fe5afc0f85527dcde65b9de74febe1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513574", "to_ids": true, "type": "ssdeep", "uuid": "d4be30c9-5733-4250-98b8-efe75c19a1d0", "value": "3072:GbZhYK0PRXZVP2mrMtJz/0Vk9FRgQa0xUUaDjX1ThZDeODM9Oylzw2P:GbzGPJZd2SK40WQa0jafXdLAPlzwW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513574", "to_ids": false, "type": "size-in-bytes", "uuid": "f549915a-1765-4881-bf9f-2810145f7838", "value": "154834" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513574", "to_ids": true, "type": "vhash", "uuid": "c6a4cf4e-da58-4da5-b7e5-e187c967935c", "value": "c881a3418a9a2f2c2e034f75c803006b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513574", "to_ids": true, "type": "filename", "uuid": "88d6f297-4094-4af1-9b7d-bfe2282b1c27", "value": "\u041f\u0430\u043c\u044f\u0442\u043a\u0430.zip" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513574", "to_ids": false, "type": "text", "uuid": "f1fd9c3c-bd02-4895-8dba-9f6bda49f9c7", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:37/64\nFirst Submission:2017-03-25T06:07:47.000000+00:00\nLast Submission:2017-03-25T06:07:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528531", "uuid": "5c64ab7c-c0c3-49e0-9627-9327cf60a7b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528531", "to_ids": true, "type": "md5", "uuid": "4c419b8d-b70c-4221-a049-c1cd6939196d", "value": "b175140a52aca83833a8203ac81e7475", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513596", "to_ids": true, "type": "sha1", "uuid": "bd4fbc90-c6b6-411f-b34d-543fc3a24c42", "value": "67c3e9414d13ad735368121b328567c815116088", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513596", "to_ids": true, "type": "sha256", "uuid": "54267e3b-969a-4375-945f-606a5079b09f", "value": "b1001703c6e9138c721bbc51ca96e3ae915936b7ecc176f7dbba11f74b1af5d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513596", "to_ids": true, "type": "ssdeep", "uuid": "c3515e0d-e343-4356-b9e8-29f18edd6298", "value": "6:L4mhFDzh+dEXLkV07+FUhjR5WEh9QJCtPVQ:5hFDlBbGLMjfl9QoPV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513596", "to_ids": false, "type": "size-in-bytes", "uuid": "79e3d130-95d5-4400-94a3-55902eee0721", "value": "395955" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513596", "to_ids": true, "type": "vhash", "uuid": "28fb287e-ad8f-43b1-8850-e425006b2e0d", "value": "896c945c293b3550ae1c0f606a24203c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513596", "to_ids": true, "type": "filename", "uuid": "1bc3db8e-b689-4b75-a86b-e11a1c9d08a9", "value": "b1001703c6e9138c721bbc51ca96e3ae915936b7ecc176f7dbba11f74b1af5d6.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/11/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513596", "to_ids": false, "type": "text", "uuid": "564ccab8-19c0-4715-a7d3-c5c28fdc99a9", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:0/61\nFirst Submission:2016-08-16T12:07:54.000000+00:00\nLast Submission:2018-04-17T10:04:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528532", "uuid": "9f201759-14e8-4b84-bfd2-cd635d297823", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528532", "to_ids": true, "type": "md5", "uuid": "19bf7fef-a8ec-400f-b283-f1e9dcc1605c", "value": "b182a813da9b6e24321997fb3fad1748", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513618", "to_ids": true, "type": "sha1", "uuid": "6a352025-ee02-445e-bf0d-3cdc54aebad8", "value": "af55a0cbb9d5b26d231ba80aed8ce594aed714b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513618", "to_ids": true, "type": "sha256", "uuid": "64a1662a-a789-45d8-b90e-3e4ed116aaa8", "value": "663ec5b3a931d865f8d555eefe62853199975e806be490043af60fdb9d3db36e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513617", "to_ids": true, "type": "ssdeep", "uuid": "27d6e4b5-9649-4bf8-b03a-1eaa99349a21", "value": "3072:2nqpMY2L/aJZ5cdu4H2/TYjCTbgjB8tTLGjcB:uW72LSXyuC2/8ungj2TrB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513617", "to_ids": false, "type": "size-in-bytes", "uuid": "f477ada0-497d-4938-8af1-1cf4c5b659f0", "value": "112130" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513617", "to_ids": true, "type": "vhash", "uuid": "128a88fc-c75a-4486-8d87-9c8caf837aac", "value": "015046551d156bzf13lz8fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513617", "to_ids": true, "type": "filename", "uuid": "626b13be-448c-4696-b43e-fc73545f50be", "value": "~WRO4380.tmp" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513617", "to_ids": false, "type": "text", "uuid": "7710813d-1620-445c-85d5-792d35b08a5d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dorv.D!rfn\nVT Total Detection:53/69\nFirst Submission:2016-09-07T11:53:39.000000+00:00\nLast Submission:2016-09-30T09:08:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528533", "uuid": "1e3aafa6-c21c-4668-bc40-004d1ed6fd51", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528533", "to_ids": true, "type": "md5", "uuid": "9b5432f6-187b-4481-b49e-d12b16cff1af", "value": "b32c8b937ef0f319765f8b63f2209af2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513660", "to_ids": true, "type": "sha1", "uuid": "abdd7bfb-fc77-4309-86d4-2b6320b9ea71", "value": "5a83a5ea10563fe99483f174280ed4b429b6efb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513660", "to_ids": true, "type": "sha256", "uuid": "72ac53de-a582-4784-bd3c-ddb4653c9ef5", "value": "4e73334972d6b01650c572fd58596479e68edeb8337962a19e0a76579a9b4ecc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513659", "to_ids": true, "type": "ssdeep", "uuid": "35f8fb79-a9c3-4fe6-9401-ba07de6c0cad", "value": "1536:6jVI8GBXZlX3Pq4MbwICS4AhhWw8nNYbf:iVIzJd37MbDf8NYT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513659", "to_ids": false, "type": "size-in-bytes", "uuid": "cf1769b0-d62d-457b-b72a-e190e08d06a8", "value": "53760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513659", "to_ids": true, "type": "vhash", "uuid": "daf4f2fe-a985-4678-9456-8e09b06f0bbb", "value": "15405656657d756az1a0b&z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513659", "to_ids": true, "type": "filename", "uuid": "5d9ccaaf-24da-46ff-9c38-bf448276ed28", "value": "26782.txt" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513659", "to_ids": false, "type": "text", "uuid": "be2ad4a9-a771-4ea9-aaca-42bd3cca753e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Zapchast\nVT Total Detection:47/68\nFirst Submission:2017-07-05T17:53:01.000000+00:00\nLast Submission:2017-08-14T11:51:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528535", "uuid": "5dcbd0ad-74e5-451c-8081-d49b66d4ca69", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528535", "to_ids": true, "type": "md5", "uuid": "e05a97dd-8061-43f6-bfc1-4bd0dbe7d0cb", "value": "b4403222c7e0d02eee471c409d2f1a61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513681", "to_ids": true, "type": "sha1", "uuid": "3ecf9e89-8bed-4c0f-98be-7a5d96db775a", "value": "98e17e96c0b8ca6173d604a24f6ac1be4923b9b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513681", "to_ids": true, "type": "sha256", "uuid": "a63adf89-ce4f-498d-b658-c5b8496729ee", "value": "b6843fea7bf7a03f11e7b1f47f4fc1e98140d0b959aa609e7f74477fb2cae964", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513681", "to_ids": true, "type": "ssdeep", "uuid": "7cc24c95-7603-4e4a-a27a-7425a425c7c9", "value": "1536:tk3hOdsylKlgryzc4bNhZFGzE+cL2knAedmwpr5T7oBy:tk3hOdsylKlgryzc4bNhZFGzE+cL2knr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513681", "to_ids": false, "type": "size-in-bytes", "uuid": "534b0dc3-2f4f-4b74-aa39-32d5c785cd84", "value": "66048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513681", "to_ids": true, "type": "vhash", "uuid": "e695eded-aad3-47a7-aaa0-7f00541e010d", "value": "65a3da72e6827f0fa3ff04dde377ae51" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513681", "to_ids": true, "type": "filename", "uuid": "816516bc-f44f-4093-beff-187289fe0e1d", "value": "=?utf-8?B?0KHQvtCz0LvQsNGI0LXQvdC40LUg0YHQvtGC0YDRg9C00L3QuNC60LDQvC54?=\r =?utf-8?Q?ls?=" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 01/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513681", "to_ids": false, "type": "text", "uuid": "db4ec311-080e-40f6-9e2f-de5aece0810e", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: Trojan:Win32/Occamy.AB\nVT Total Detection:36/63\nFirst Submission:2017-02-16T12:19:16.000000+00:00\nLast Submission:2017-09-07T18:48:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528536", "uuid": "0d10ae4b-ebd3-4dd4-a518-f9ed66d2373b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528536", "to_ids": true, "type": "md5", "uuid": "9f9641ab-881e-4de5-a32c-a3cb3ad03767", "value": "b4f4ce145147c24d5ab339e877c57f88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513723", "to_ids": true, "type": "sha1", "uuid": "f4b37f2e-0dad-4933-b0eb-7b6a41a682ab", "value": "adb5af572a4a87c0d1c9837e49981df78ab6149b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513724", "to_ids": true, "type": "sha256", "uuid": "0991bb5a-158a-4d80-b017-b9cc0124416c", "value": "8e8d17261e97e358cf97a06e42cf7e8d3b645873cfcff0659419154b81c4bb8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513723", "to_ids": true, "type": "ssdeep", "uuid": "982d8b73-018e-4000-9b38-1eb98896de91", "value": "1536:HZILUV0JC7c2RL2g63/+KiN3ZFSetybuxyQTbx:+LA0C7cY2X3GKiN3DDD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513723", "to_ids": false, "type": "size-in-bytes", "uuid": "d1df2356-9053-4a33-b6af-3a8b41ea267f", "value": "87040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513723", "to_ids": true, "type": "vhash", "uuid": "77e455ca-e2fb-4f81-ad49-dd1d10481734", "value": "2d5415aacb4e5ff0220ed2a30f0b33f2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513723", "to_ids": true, "type": "filename", "uuid": "4fbd7d61-6932-4626-9310-41ff503ad006", "value": "Documentation.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 16/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513723", "to_ids": false, "type": "text", "uuid": "0955b5eb-7033-44b1-a742-cbb34202f53e", "value": "Type Description: MS Word Document\nMicrosoft: TrojanDownloader:JS/Swabfex.P\nVT Total Detection:32/63\nFirst Submission:2017-03-10T07:07:35.000000+00:00\nLast Submission:2017-03-14T07:13:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528537", "uuid": "0f4e5bf5-cf65-4693-ba9b-7392d0069b74", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528537", "to_ids": true, "type": "md5", "uuid": "5b58bf88-ff12-4b70-a8e8-1a91eda22001", "value": "b57189a131e7cbc53853d3ab58e2de12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513745", "to_ids": true, "type": "sha1", "uuid": "28bb4373-806f-49d6-a053-765af04f52b7", "value": "cdb2621901f5820e17eae9ab76e2dca2f19ab4a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513745", "to_ids": true, "type": "sha256", "uuid": "3ddfcc6a-c957-4727-8ba6-57546c70fd6d", "value": "5513f579ef278a5cd20338810a7748d351243e4bfb254259b10e38a1480199b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513744", "to_ids": true, "type": "ssdeep", "uuid": "d38dde78-4e60-48e3-bb5f-6bae6cb2d885", "value": "384:PuwLhkkkMrXhREWtgxOYiSY5Uvu9A8Yg2gSkmC:vBtgxO+vR8Yg2LkmC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513744", "to_ids": false, "type": "size-in-bytes", "uuid": "c0e6aa74-052d-4f74-91d8-576353709b22", "value": "37376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513744", "to_ids": true, "type": "vhash", "uuid": "f8822457-f1df-48ad-9a6b-0d42873f4420", "value": "15b46ae318263ed9fb9768e16ac87d47" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513744", "to_ids": true, "type": "filename", "uuid": "83d22eb8-de9b-4456-be5a-45247504cd6f", "value": "5513f579ef278a5cd20338810a7748d351243e4bfb254259b10e38a1480199b1.DOC_" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513744", "to_ids": false, "type": "text", "uuid": "2b667b3c-c5d6-4384-9ed2-4bec2ce3ed71", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:0/60\nFirst Submission:2016-11-18T16:18:59.000000+00:00\nLast Submission:2018-04-17T10:08:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528538", "uuid": "04a6c54e-15e4-40df-9b0b-5ec7a94d6838", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528538", "to_ids": true, "type": "md5", "uuid": "62b0b40b-6821-4888-a175-caba62857d93", "value": "b5babfa5eddfa129862b02d125c9070c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513766", "to_ids": true, "type": "sha1", "uuid": "12915668-baa6-4dc9-970e-9716855ac178", "value": "3b9a33715881e2df88b33f5b4b671310bd14114a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513766", "to_ids": true, "type": "sha256", "uuid": "95e2a6cb-bbbe-4e33-82dc-57a3fff79bb2", "value": "6e652c59f96447b94b87132b17b2631e86afac7100131f254a467527fd9f3c23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513766", "to_ids": true, "type": "ssdeep", "uuid": "30fc3248-2cd5-4809-8536-0c745fcbff0b", "value": "6144:v762v1rzmrWp+fNa2PQJX2oCDKhtWIkOvAtitcuJT3fC1bLnDKaGpP+IUQ:zbv1rzQWY3WhE+cuJT3KtDKzUQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513766", "to_ids": false, "type": "size-in-bytes", "uuid": "71e3194d-3453-49b5-b3e5-bcbc8ff06a84", "value": "1459431" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513766", "to_ids": true, "type": "vhash", "uuid": "b5082907-06e3-4910-b47c-fd76b8fa9406", "value": "85198044af91833d68a858e2e4a2ed31d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513766", "to_ids": true, "type": "filename", "uuid": "6a937c53-4bb8-4b14-99a9-2dfb9b1ed981", "value": "FATF Standards.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513766", "to_ids": false, "type": "text", "uuid": "f71a7ef0-5e9d-428f-b061-ef32bc717dce", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:26/60\nFirst Submission:2016-11-29T09:47:49.000000+00:00\nLast Submission:2016-11-29T09:47:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528539", "uuid": "3e1476bf-7c29-4759-b8e2-35de8dcbf9d0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528539", "to_ids": true, "type": "md5", "uuid": "279cfc4f-012b-4d13-b9ea-a08c4fc1c64c", "value": "b5bb3f04b6dcf61576e0436fab88a22b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513787", "to_ids": true, "type": "sha1", "uuid": "30a44e8b-5274-4016-992d-9ee4cd55ef31", "value": "1f7db20e8634da9836127a8c80ab1f9b658f92eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513787", "to_ids": true, "type": "sha256", "uuid": "5fef1755-9188-44fa-a6d5-7c64b441cd84", "value": "69e55d2e3207e29d9efc806ff36f13cd49fb92f7c12f0145f867674b559734a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513787", "to_ids": true, "type": "ssdeep", "uuid": "d62fd899-8375-4a09-9e95-6d33762769f1", "value": "24:3Ro/AdaG++hOUENErUWEUi9pPv/dJ0gjq0ryYBP3zoKua28k8lrVMotkOn:3Y+8enKp1mP0/BPDogk81GotD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513787", "to_ids": false, "type": "size-in-bytes", "uuid": "63d78918-753b-4808-9d93-b54c0c259d52", "value": "6116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513787", "to_ids": true, "type": "vhash", "uuid": "03847686-91da-4959-b547-41d747d133f3", "value": "809bd7e8071fc988d2f1fdfe7348e82e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513787", "to_ids": true, "type": "filename", "uuid": "defe4949-5120-4984-aad6-fcb1b50454bf", "value": "\u0422\u0430\u0440\u0438\u0444\u044b.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 14/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513787", "to_ids": false, "type": "text", "uuid": "72a110b1-4248-47cb-9c87-38837c919526", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199\nVT Total Detection:35/61\nFirst Submission:2017-09-21T00:20:39.000000+00:00\nLast Submission:2018-10-04T21:30:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528540", "uuid": "dec5e386-ac4b-4458-b5ea-e6658da87fe9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528540", "to_ids": true, "type": "md5", "uuid": "abdb9571-165f-4a7e-8cdb-52ee36b5d622", "value": "b6f640a14cc416e366e9bf899481fd6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513808", "to_ids": true, "type": "sha1", "uuid": "780e1eb3-7739-4751-abde-f6b98c48dcdb", "value": "168a9694917422f0bf77aa0f8c2fccfd7aefde8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513809", "to_ids": true, "type": "sha256", "uuid": "26b8fbf6-ad37-418b-b6a3-fb3cbf788d88", "value": "fb97a028760cf5cee976f9ba516891cbe784d89c07a6f110a4552fc7dbfce5f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513808", "to_ids": true, "type": "ssdeep", "uuid": "22bb0e06-260f-4630-b9cc-640ed33e2eb8", "value": "3072:CBYelJ7Rsf1I34Vc1VwXo+meRY+OJT215VFTkzWiiJ/a2UWzxYJ8jgEBVvv0:CBYelnoVewgV7QTkq/la2UW1IMVX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513808", "to_ids": false, "type": "size-in-bytes", "uuid": "16926a5c-b88a-4644-b9af-af4cf29687ab", "value": "242176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513808", "to_ids": true, "type": "vhash", "uuid": "3726ed9b-9c5d-4305-9d5b-901ff4b3b9cd", "value": "125066655d155555129z76fz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513808", "to_ids": true, "type": "filename", "uuid": "246fd250-ab39-4ed5-b11f-6bad3f11f93d", "value": "myfile.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 24/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513808", "to_ids": false, "type": "text", "uuid": "c3af5cdc-2c1c-4554-8fd6-bf8eadfe2762", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/CobaltDrop.E!dha\nVT Total Detection:57/71\nFirst Submission:2017-11-22T16:46:27.000000+00:00\nLast Submission:2019-12-06T23:02:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528541", "uuid": "d321adc5-15ed-43c0-9a3f-22b51496bd72", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528541", "to_ids": true, "type": "md5", "uuid": "e174e59b-cf42-4b19-8a72-dc4cc89e2272", "value": "b7dd435a9cc841f7bada2a064afb4d3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513830", "to_ids": true, "type": "sha1", "uuid": "b896064d-ee0b-4660-a2cc-c331c862b26c", "value": "a5d64965127a3faf64510f63ee42e543b5c9a850", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513830", "to_ids": true, "type": "sha256", "uuid": "3c69bb6a-bca5-4a3b-b899-917be2c5bf1b", "value": "7e244e9ca0464faba41f6b6b1cbf45a2a1e34b9b151083562b06be4f9fe7ba86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513829", "to_ids": true, "type": "ssdeep", "uuid": "e9c6705f-b356-4df9-970f-2d26c733f197", "value": "768:YHHZ4mkFO0aApV76ilx+tKJ9rl1p1fQSkHufS7akgdKEuLnAvZ:25Mo+6MxdJlPTfzkOfS7akgdKEuLnAh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513829", "to_ids": false, "type": "size-in-bytes", "uuid": "4dbc2222-b443-422c-83f9-51aa10b9b932", "value": "59904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513829", "to_ids": true, "type": "vhash", "uuid": "7c0b946c-1e5f-416e-a6a7-d24eaaa30f16", "value": "054046551d151bzfnz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513829", "to_ids": true, "type": "filename", "uuid": "88c631ce-6735-440c-b841-8ff43c0f0fb4", "value": "MICROWEB.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513829", "to_ids": false, "type": "text", "uuid": "efbe0bd2-ae23-476c-bdf1-ad532e2719d0", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:48/71\nFirst Submission:2017-01-31T10:23:11.000000+00:00\nLast Submission:2017-02-10T13:37:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528542", "uuid": "7fcb539e-611c-49d9-90bb-0f580e0fc333", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528542", "to_ids": true, "type": "md5", "uuid": "d971da91-5123-4229-8ec1-487680423e35", "value": "bb6e7886bb38c10931152f9110a47a8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513872", "to_ids": true, "type": "sha1", "uuid": "0cf43556-3da7-4367-adf9-126c5c91d76a", "value": "4e1dd59fb0dc2c744000b07380c49b406328a20b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513872", "to_ids": true, "type": "sha256", "uuid": "20a7a10a-5a7b-4fc8-b556-8852b35e82da", "value": "0004d747019970d8cd0a6d59f20cca3efa7152257beceafea2f755f4a6eb9cd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513871", "to_ids": true, "type": "ssdeep", "uuid": "886f2582-fc37-417a-a262-14fbc23abd90", "value": "6144:GuWOsbda2PQJXMrDEzqee0/bNB1vrlxItStlNiviQX/TyqGp3+Q8U:GuBer4zcU+StlaiETyT8U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513871", "to_ids": false, "type": "size-in-bytes", "uuid": "bbd74b0c-fae1-489a-babf-e7a47422bafd", "value": "1436702" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513871", "to_ids": true, "type": "vhash", "uuid": "0201c21a-2449-495f-89cc-1ca63df96058", "value": "856c9c01cb8622597923f305b1e5e429e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513871", "to_ids": true, "type": "filename", "uuid": "b096791e-b323-46d7-963b-bf39f16e8140", "value": "\u041a\u043e\u043d\u0442\u0440\u0430\u043a\u0442 GP-088732-2017.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513871", "to_ids": false, "type": "text", "uuid": "324c0cff-967b-4f55-b312-ca0cdbb8365b", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:JS/Tabonachio.A\nVT Total Detection:27/59\nFirst Submission:2017-02-08T07:58:05.000000+00:00\nLast Submission:2017-02-08T14:04:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528543", "uuid": "7256a7a7-2312-4233-9f49-66e13a99c219", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528543", "to_ids": true, "type": "md5", "uuid": "7cf711e4-3a94-4371-b7a0-dc4378661e68", "value": "bcc9ac70ab4048f60a2f6d658fbee123", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513893", "to_ids": true, "type": "sha1", "uuid": "ccc2a0d9-7676-439d-a460-8c43489ee8f2", "value": "f5877ad728c5f7285ffc072f120f2485eebf6e8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513893", "to_ids": true, "type": "sha256", "uuid": "4c5871b8-7e89-44f0-99e0-455d49d0068f", "value": "fb00b98b44e3aa59fc2309c477ebb75774a2b5e1f300383414762bb4ab95d96a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513893", "to_ids": true, "type": "ssdeep", "uuid": "701fe17c-6c87-4a19-9fe5-5cade71a97ba", "value": "48:3n+8EWmaWLEEPhfUNTaZ0UKNrCean7WoAT/zueygM:3nEWMiFa6r+ea1Uk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513893", "to_ids": false, "type": "size-in-bytes", "uuid": "aeb383de-752c-4684-813c-89791fce1960", "value": "5954" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513893", "to_ids": true, "type": "vhash", "uuid": "ea74586c-1ee7-4176-89f9-1f93ad78a948", "value": "809bd7e8071fc988d2f1fdfe7348e82e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513893", "to_ids": true, "type": "filename", "uuid": "a6cb30d4-905f-478f-bd3b-538e85b49020", "value": "\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd \ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd \ufffd\ufffd \ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513893", "to_ids": false, "type": "text", "uuid": "8f49babd-767c-48d5-b161-f6802552b0f4", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:33/59\nFirst Submission:2017-08-07T07:42:33.000000+00:00\nLast Submission:2017-09-15T16:05:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528545", "uuid": "5f4586e9-3de3-482b-ab3b-b07a8fdc7c01", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528545", "to_ids": true, "type": "md5", "uuid": "ce12c6d8-2d93-425e-ad9f-bb19e720e05d", "value": "bd07b04e008093a40f60e48b903c59cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513914", "to_ids": true, "type": "sha1", "uuid": "75009691-6f87-4a1e-a8e0-6c7709eb1065", "value": "6c9c6b5a1b1b8e0b9ac775c975a215646aadb1e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513914", "to_ids": true, "type": "sha256", "uuid": "915aa266-5069-4db7-8ebb-22cd8938525c", "value": "2b36c2a238c5dc44bcc2c5b9049df207f2ea04cb499a7603edd1b0547b9ecc7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513914", "to_ids": true, "type": "ssdeep", "uuid": "50a78c20-684e-4004-9627-bdec093c772b", "value": "384:TDCXYy9oPImbv26r9hCiI3BQ05P/FG6F7//o0MACIrb:Tty9sL9hCr3mi0ACIH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513914", "to_ids": false, "type": "size-in-bytes", "uuid": "8195794c-ae66-49aa-a7f6-bf2501102171", "value": "19059" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513914", "to_ids": true, "type": "vhash", "uuid": "d9824da7-9866-4872-954c-61d0217556c6", "value": "7c39b4d81e858a1b757a27c6be23ca88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513914", "to_ids": true, "type": "filename", "uuid": "6de2b72e-61d5-46ed-a9a5-081d1a1fb50f", "value": "m1.xls" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513914", "to_ids": false, "type": "text", "uuid": "e622770b-cfb8-4202-8599-2778f4a57f17", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:25/62\nFirst Submission:2017-07-27T07:36:19.000000+00:00\nLast Submission:2018-05-11T00:17:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528546", "uuid": "f95ee525-83a4-40d6-8a89-8190f0c1d8d7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528546", "to_ids": true, "type": "md5", "uuid": "8187a6be-59e8-4e51-8cf6-7dea9364592d", "value": "bfabbefb0acd397a164e8f7ec3e467e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513935", "to_ids": true, "type": "sha1", "uuid": "b60c94f1-2650-4740-9f9d-1d1dacb5cbf2", "value": "95d66fabac08341459ddd3e9d25efffb24a024bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513935", "to_ids": true, "type": "sha256", "uuid": "b503db1c-a23b-41ae-bf81-2cd8695beea3", "value": "ccb1fa5cdbc402b912b01a1838c1f13e95e9392b3ab6cc5f28277c012b0759f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513935", "to_ids": true, "type": "ssdeep", "uuid": "0b8735b3-9759-4fba-96c4-795bc0e89802", "value": "384:FwG8MCpqva7QeQBRdsdv8ycON8iSupx+Yec4AWpsl50jJ1sj3tcx:R7CpqyTc7sG8+Y/4/s/C0m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513935", "to_ids": false, "type": "size-in-bytes", "uuid": "8fa96b34-b034-4e41-aac3-763657194ad5", "value": "47616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513935", "to_ids": true, "type": "vhash", "uuid": "18b87f63-4c8f-4fbb-8e97-725d9e319821", "value": "aa74ba30c885fd6c8efcdc58a4681638" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513935", "to_ids": true, "type": "filename", "uuid": "da747c07-924d-424f-89c8-fe0f22589af2", "value": "Fraud alert.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 11/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513935", "to_ids": false, "type": "text", "uuid": "a6c4dd1d-7019-4dd9-bba5-8443f5efd8a6", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:Win32/Bluteal!rfn\nVT Total Detection:44/63\nFirst Submission:2017-08-31T10:27:58.000000+00:00\nLast Submission:2018-10-04T21:30:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528547", "uuid": "9a423ee1-5b9e-43d0-8290-a39e09516cfb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528547", "to_ids": true, "type": "md5", "uuid": "77ebb7d7-8a48-44e8-9323-7666c6f910e0", "value": "bfb9688ac2747017c7975921ffe77be9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513956", "to_ids": true, "type": "sha1", "uuid": "4cf62feb-5549-4de1-a2cf-950afe4018f9", "value": "8236ca1ebd28e970bb3a035934689ad251582f37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513957", "to_ids": true, "type": "sha256", "uuid": "32b11e7f-77bc-425f-9fd6-85bbd384e6db", "value": "b2187f5ff859e2aa96f9f28d007b2d5d2121f41fd9e603cdef45205dbb99ab4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513956", "to_ids": true, "type": "ssdeep", "uuid": "bfe669cf-e909-4c6f-bda6-a41c3807e435", "value": "12288:g82TbMwhMDngrtpr4zcJOSEJJQbKbYz2S:B2Tb9SngrtZxJPEJCGW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513956", "to_ids": false, "type": "size-in-bytes", "uuid": "e5d1febc-e14f-490a-b7a8-0dceaeb7782a", "value": "606477" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513956", "to_ids": true, "type": "vhash", "uuid": "feaa6004-24f8-43dc-bc08-74fe52b14fc3", "value": "86a5df3ef11d8ddbe3085475838c2c4bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513956", "to_ids": true, "type": "filename", "uuid": "69e0be08-24c6-45d9-a517-28021562eb75", "value": "The rules for European banks.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513956", "to_ids": false, "type": "text", "uuid": "d18ae7a1-07fc-432e-8dd5-3cedefbe4274", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:36/59\nFirst Submission:2016-08-09T10:58:48.000000+00:00\nLast Submission:2018-10-01T15:01:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528548", "uuid": "c0260a7b-9e49-4f4f-9a67-78afc0f346a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528548", "to_ids": true, "type": "md5", "uuid": "01537825-9b22-4616-9b9c-544013357f36", "value": "c138d751db967c0c7461a503ff987162", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513978", "to_ids": true, "type": "sha1", "uuid": "096298fe-d3b7-4b37-bd10-c5746530ab76", "value": "0b2a98398d5403fbeee57d2c0638f9d2827c62fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513978", "to_ids": true, "type": "sha256", "uuid": "019a46fd-4054-4006-aee0-9826b6f977fb", "value": "92413232c75b939ece77e345393a377e74448d00965da7eba31655926725370d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513977", "to_ids": true, "type": "ssdeep", "uuid": "84592dfc-2e47-4a07-949e-4a29df86ad6c", "value": "3072:o6w2o2tLopB3W2GLk0pmVu8QdSDMUKo26qmvp5soeYxcwEI6zDaFvn:y2o2tWW2GZHRkDiF6qmvp5sNYewZ6zDo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513977", "to_ids": false, "type": "size-in-bytes", "uuid": "45bd043a-f043-4d03-8f7a-84d2741e1738", "value": "193536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513977", "to_ids": true, "type": "vhash", "uuid": "1aa7c3d9-26d2-48e4-a10d-72f5a7b287d9", "value": "11505656657d6561z13zf0020215z1cz13ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513977", "to_ids": true, "type": "filename", "uuid": "892faf27-fec6-42b1-a591-abceaee36fe2", "value": "c138d751db967c0c7461a503ff987162.vir" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 16/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513977", "to_ids": false, "type": "text", "uuid": "5c6642f6-bc54-4534-b385-869726f688a2", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:41/71\nFirst Submission:2017-07-27T08:47:48.000000+00:00\nLast Submission:2018-05-20T01:47:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528549", "uuid": "d2acb8dd-b4b9-4a1b-8541-a7a4e1b29dfb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528549", "to_ids": true, "type": "md5", "uuid": "ea3d5fa1-3f4b-4a96-bdec-a183236356cd", "value": "c2c753f440314d1ec88c1569aa845ac2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746513999", "to_ids": true, "type": "sha1", "uuid": "dc26378f-50c0-443a-b8db-c002b9fed4ed", "value": "7923656f894de05387d3c8c27bf733bd3a9ecf2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746513999", "to_ids": true, "type": "sha256", "uuid": "ace7a662-330e-4ec0-b99a-fc6b825bf649", "value": "a0292cc74ef005b2e5e0889d1fc1711f07688b93b16ebc3174895d7752a16a23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746513999", "to_ids": true, "type": "ssdeep", "uuid": "82531c8a-f8f4-47bc-99d8-7ecf7339f8e7", "value": "24:3Ro/AdaG++hOGxErUWEUiLkZG83J0gjq0rMcnPFESvrVMoQkOn:3Y+8dnsk4ImP0xPmSDGoQD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746513999", "to_ids": false, "type": "size-in-bytes", "uuid": "e287d002-d5df-4c59-b644-8b36c3ab09aa", "value": "5953" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746513999", "to_ids": true, "type": "vhash", "uuid": "ae596987-d9b1-4d3c-88cd-2cccedc08a9c", "value": "809bd7e8071fc988d2f1fdfe7348e82e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746513999", "to_ids": true, "type": "filename", "uuid": "8cd85de8-f77d-49e3-b6c6-9ff0e3503d8c", "value": "\u041a\u043e\u043f\u0438\u044f \u0438\u0441\u043a\u043e\u0432\u043e\u0433\u043e \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u044f.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746513999", "to_ids": false, "type": "text", "uuid": "b1654632-e03c-4d21-96b8-aa1a383015f9", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199\nVT Total Detection:37/61\nFirst Submission:2017-09-20T08:36:05.000000+00:00\nLast Submission:2018-10-04T21:30:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528550", "uuid": "520f0a10-1652-4d01-b6fc-3e770ad90463", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528550", "to_ids": true, "type": "md5", "uuid": "2015d28e-42b4-4eee-b9a9-841c680a40aa", "value": "c783cee95bdc2e973415366215d15998", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514041", "to_ids": true, "type": "sha1", "uuid": "6f1f54d6-d56f-4138-b673-b7650e180ea4", "value": "9a7a0a05a34633f6506a887986c915daab9a4191", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514041", "to_ids": true, "type": "sha256", "uuid": "539aee01-029d-4694-a439-85fb4616d395", "value": "3120b6ef21698c651479287f93e8252ae146543f5fb4868fd484da695b714960", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514041", "to_ids": true, "type": "ssdeep", "uuid": "6fa2cd5f-5407-40b9-a086-f1f8bcef17d1", "value": "48:6VGmsNeBA2b8J+PAqLMCDxNuRj+IoL0L4VA:0GhgBAU8bg1yAxQL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514041", "to_ids": false, "type": "size-in-bytes", "uuid": "8225ea0b-1114-4b69-a1de-94093f290400", "value": "3584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514041", "to_ids": true, "type": "vhash", "uuid": "698570dc-e3e7-4a68-aabf-02461ff76c20", "value": "13303655151.z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514041", "to_ids": true, "type": "filename", "uuid": "17709baf-597f-4dcd-92ee-13a1f49e8e6e", "value": "main64.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514041", "to_ids": false, "type": "text", "uuid": "2984f5a6-97b2-4151-9007-8a81d1bf6ead", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:38/68\nFirst Submission:2018-01-16T10:37:04.000000+00:00\nLast Submission:2018-01-19T14:26:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528552", "uuid": "ed28278a-59b3-4461-99a9-087193e72020", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528552", "to_ids": true, "type": "md5", "uuid": "3c8f1723-aa97-4a1e-832f-ba1994532322", "value": "c8239719f5d3d3c0cf3ea76ed626bbe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514062", "to_ids": true, "type": "sha1", "uuid": "5e7373d4-f702-4e6a-8cae-bfa911248afd", "value": "36888ab705e69b61d7456579511b20c062bfab8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514063", "to_ids": true, "type": "sha256", "uuid": "f5abb094-8603-44b1-969c-1e07f4220a74", "value": "0cde1b0614431cc124a35a200156458c04d0bb03df92c6555937370016d189c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514062", "to_ids": true, "type": "ssdeep", "uuid": "ecad2402-1858-413c-a3db-ca28701d6414", "value": "3072:CBYelJ7Rsf1I34Vc1VwXo+meRY+OJT215VFTkzWiiJ/a2UWzxYJ8jgEBVv50:CBYelnoVewgV7QTkq/la2UW1IMVR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514062", "to_ids": false, "type": "size-in-bytes", "uuid": "6a80678a-b477-40ac-91e6-10690539d243", "value": "242176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514062", "to_ids": true, "type": "vhash", "uuid": "6e91a94a-2307-42ab-8bc5-a22ec772d495", "value": "125066655d155555129z76fz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514062", "to_ids": true, "type": "filename", "uuid": "89e548b2-808c-40b7-8aec-aad4063a786b", "value": "20170925-test-decoded-2-1.xml" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 29/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514062", "to_ids": false, "type": "text", "uuid": "452adb0c-084e-4099-a2ad-b8a470ef835a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/CobaltDrop.E!dha\nVT Total Detection:60/74\nFirst Submission:2017-09-25T06:45:22.000000+00:00\nLast Submission:2017-09-25T08:50:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528553", "uuid": "bbf0d550-ac5d-45cb-93fc-589a4f954c81", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528553", "to_ids": true, "type": "md5", "uuid": "8562ead9-c4d0-4bfe-b8e5-d4cf8e0f9f3b", "value": "c8bce60c90ce26b0e2b96770071c72d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514084", "to_ids": true, "type": "sha1", "uuid": "d7ba6979-df7b-4966-9bb0-e83b7d9ba299", "value": "f39521374afeded1cf309004fc01c79b1d2ff1dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514084", "to_ids": true, "type": "sha256", "uuid": "6c022204-2636-4af9-baa3-ae4aca5c835c", "value": "5f434901d4f186bdc92ee679783bdfad80281423848462e445704d5a10b0dc20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514083", "to_ids": true, "type": "ssdeep", "uuid": "3443b9e1-a86f-4dae-9668-94fb277cf749", "value": "192:evD7IXBL9U2XEV6GnEgCchPjxiKE9X4mqcnoVsylzGP2IkOo72Kvdu:evDM99U20sGD2KEWNJZG+bz2KVu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514083", "to_ids": false, "type": "size-in-bytes", "uuid": "d391c3fc-2379-41df-b061-760c0c1a7017", "value": "10730" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514083", "to_ids": true, "type": "filename", "uuid": "99cd5b7c-5149-4c00-87a1-b20c962270c2", "value": "x.txt" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514083", "to_ids": false, "type": "text", "uuid": "f9c7afdc-5435-45c2-8df7-a94b536bcce1", "value": "Type Description: HTML\nMicrosoft: None\nVT Total Detection:31/63\nFirst Submission:2017-11-22T10:42:00.000000+00:00\nLast Submission:2018-05-07T00:12:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528554", "uuid": "460635fe-50a3-49f4-9f60-8bddb4e0e92b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528554", "to_ids": true, "type": "md5", "uuid": "c3645e35-c88d-47ba-bbaf-15cce3ef3ce0", "value": "c9ed3c1c6944341e106c5506f8d75d91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514126", "to_ids": true, "type": "sha1", "uuid": "4db8f126-06ee-460f-ad33-64608b048407", "value": "24cee03fee0b63b200a6abe1d73925ee594965a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514126", "to_ids": true, "type": "sha256", "uuid": "24009073-9aa2-403a-a14f-2a8b5aeb6423", "value": "4847cb5894d2c8f674237714b60b7e3d6560cf0941621aca462ea040a1ee57bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514125", "to_ids": true, "type": "ssdeep", "uuid": "ac373470-c666-4d40-b9e1-e15330bba574", "value": "192:mpuEphg7DVl3i4jnZOqD8U9/qDbaClr/FlMQJA+:AVgJFi0Zd8UVp41D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514125", "to_ids": false, "type": "size-in-bytes", "uuid": "f1d55756-f802-4b4d-b963-36a440943db7", "value": "11264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514125", "to_ids": true, "type": "vhash", "uuid": "aa839cbc-2507-410b-bc06-9ce72488b8d0", "value": "114056651d15551018z14lz13z9az1" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514125", "to_ids": false, "type": "text", "uuid": "63e19513-3de3-47e8-8b4d-98083beb04b5", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.C48\nVT Total Detection:49/68\nFirst Submission:2018-02-27T17:06:22.000000+00:00\nLast Submission:2018-03-06T14:26:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528555", "uuid": "d6195d1f-9cee-4235-97f8-11dcdd01dc19", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528555", "to_ids": true, "type": "md5", "uuid": "620136a7-6c61-43b6-8a49-aec949bea3f4", "value": "cc70aaa5a8a792faeab8c873a4d73174", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514168", "to_ids": true, "type": "sha1", "uuid": "458fab0f-6888-4bee-ac1d-bd05b2ec18bf", "value": "7dcd863ccd6eaed229aa1f01998f35abb877eb5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514168", "to_ids": true, "type": "sha256", "uuid": "0c730025-05b8-48b4-94d8-c2e35ef1c3ec", "value": "9e9bf7066fd5e26aa0fdc651efbc53745bbaf468817e6590f9d7120d610830a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514168", "to_ids": true, "type": "ssdeep", "uuid": "4f83dbc0-759f-4e67-99a5-f6d7d45d218c", "value": "1536:50YmVwMh0wJ3zvuBzxn3f+485Ei0UoayzPxTx/YY/FOk8P/:aY/wJDvCN3fViNoayzPr8P/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514168", "to_ids": false, "type": "size-in-bytes", "uuid": "8d42ca8c-10fe-4997-8506-3998490357e9", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514168", "to_ids": true, "type": "vhash", "uuid": "69d67593-c7fd-4751-901c-333b87edef60", "value": "015066151d1d15751bz411lz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514168", "to_ids": true, "type": "filename", "uuid": "f3daf804-29ee-46a6-bd11-9aa68d432c65", "value": "\u0418\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.scr" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514168", "to_ids": false, "type": "text", "uuid": "d42354a6-81bf-414f-ab71-b2e7519b65ee", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:50/69\nFirst Submission:2017-04-03T13:21:20.000000+00:00\nLast Submission:2017-04-03T13:21:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528556", "uuid": "7271c204-526f-4ac7-b185-50cd001649aa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528556", "to_ids": true, "type": "md5", "uuid": "93537652-34bd-4694-bfb6-4f941a4ae5dc", "value": "ce38e8d857794560fc8469c92ab16a66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514189", "to_ids": true, "type": "sha1", "uuid": "11702703-de7b-48b8-9925-41be9fabd037", "value": "a86f5f63fee80a9da758b78be406df2868fd9ef8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514189", "to_ids": true, "type": "sha256", "uuid": "286c4e2c-9636-43a5-9396-a1e0827a6843", "value": "66725e4c25e5d44f530e830c55d17ff43ebb9224bb1f31ee074d405ba8f50ebd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514189", "to_ids": true, "type": "ssdeep", "uuid": "019e2b9e-0477-4a1b-ac68-bcb040a558b1", "value": "192:kCpuESthggKZD01I24VjpqYert06pyLiClr/FYWMSpBf+i1:k0cNKqW2Cne5z9jWbBmi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514189", "to_ids": false, "type": "size-in-bytes", "uuid": "08fcf6d1-c36b-47f9-b9f6-592de1903b21", "value": "11264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514189", "to_ids": true, "type": "vhash", "uuid": "5a6af4ef-79a6-4f0e-b52d-384f2172e298", "value": "114056651d15551018z15lz13z9az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514189", "to_ids": true, "type": "filename", "uuid": "55c05580-9d85-4b69-8b53-cba967258d34", "value": "int.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514189", "to_ids": false, "type": "text", "uuid": "1ee692b1-c71f-4481-964e-c43be47b489b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:60/73\nFirst Submission:2018-02-07T07:56:02.000000+00:00\nLast Submission:2018-02-07T07:56:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528557", "uuid": "ce36f5db-5a3c-4b7d-943d-bf5518eaf778", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528557", "to_ids": true, "type": "md5", "uuid": "f6b23196-2889-4a23-8713-ac6748b883ee", "value": "d0f16357d10b5817c43554d5b6f540c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514210", "to_ids": true, "type": "sha1", "uuid": "2191bdcd-3007-4e98-8681-a969d1ebd791", "value": "27df1080a062698edc640f951aa9aeffa39a7fa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514210", "to_ids": true, "type": "sha256", "uuid": "71cd8398-71dc-4566-b787-ae1d70a2e006", "value": "8d19d567b8fd80ec910eca4cdec85acd1babc9f88fb057a3686e90ec82f73fe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514210", "to_ids": true, "type": "ssdeep", "uuid": "7200533b-da38-4a3a-ada1-c468c39dda99", "value": "6144:O/ToGlWXZFD3UTIejCC3DKZI4CYcgdR0bOk0Xn:O/T6XZFDkkGCO8tLUOkG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514210", "to_ids": false, "type": "size-in-bytes", "uuid": "766c302c-8c18-4e9f-998d-0a77f663d7ff", "value": "248090" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514210", "to_ids": true, "type": "vhash", "uuid": "a4f9a3f6-1b54-4427-8789-a3296eee34b6", "value": "12505656657d65608013ze0028345z1cz1a3z18z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514210", "to_ids": true, "type": "filename", "uuid": "edab20f9-9524-4a21-ab99-cfc0c64cbb59", "value": "44457.txt" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514210", "to_ids": false, "type": "text", "uuid": "8c0e35dc-d0b7-49bd-925c-cb41eb9df403", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.C8D\nVT Total Detection:39/67\nFirst Submission:2017-06-06T17:43:15.000000+00:00\nLast Submission:2017-06-06T17:43:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528558", "uuid": "d104b2d8-4a88-4e76-b928-d0c8c55525e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528558", "to_ids": true, "type": "md5", "uuid": "b8eb4d8b-131d-46b3-abf4-807e28556d17", "value": "d3d3494dc630694c20a21f1da327b551", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514252", "to_ids": true, "type": "sha1", "uuid": "bb1b3869-1c8c-4dbb-b239-771d843c6911", "value": "48c714037c0b60d9d5339b4c7366a35d383dc7af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514253", "to_ids": true, "type": "sha256", "uuid": "af73986f-991a-4e91-80c3-1ebb731c5eac", "value": "fd1469c96fe6b5f1b610a5d7302a3ceba705db2a75558013237f7bde5b7d3b03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514252", "to_ids": true, "type": "ssdeep", "uuid": "ff754439-7af1-497e-af2f-a37bfb517433", "value": "768:ENpvo0JM31hUIgvja/FitrRrXThw7JO6jkX8fzUEkIgJa9o7t:wvoaM31h6vjEitFhyo6jkePgJaU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514252", "to_ids": false, "type": "size-in-bytes", "uuid": "6506830f-8448-4cbc-8955-c2f6b3343ab9", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514252", "to_ids": true, "type": "vhash", "uuid": "91d53b9c-a362-4d86-a7c6-947a4ce11f13", "value": "064046551d155az2emz45fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514252", "to_ids": true, "type": "filename", "uuid": "e41c690a-97db-45f1-9071-a9a75c6fdc8e", "value": "InfraRecorder.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514252", "to_ids": false, "type": "text", "uuid": "ef991de5-7d90-4bca-9cd4-d68a53efc26f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:45/69\nFirst Submission:2016-10-26T04:56:34.000000+00:00\nLast Submission:2016-10-26T04:56:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528560", "uuid": "4c771b70-69d8-4311-bcd4-e841fd1bfc4a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528560", "to_ids": true, "type": "md5", "uuid": "a8f91ef9-105f-4450-82cc-9adf16c10e6d", "value": "d41c13c4a37eb358f6f314f6125343dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514274", "to_ids": true, "type": "sha1", "uuid": "1c42a0cd-1ea8-4935-9106-28aa717a886c", "value": "c63685987a93ec06d38893b294642108d9d85ece", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514274", "to_ids": true, "type": "sha256", "uuid": "2a096bae-1af0-4916-9e74-f9e6fe525f08", "value": "b30623fe90b7c2173d3544c868cbd31c312f9f637fee923c5cde7da8e2137e82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514273", "to_ids": true, "type": "ssdeep", "uuid": "05d31aac-b193-4f72-9b45-e7c25d5bd887", "value": "6144:MWH0SbO16AuJa2PQJXTrDEzqeeBCdUqs+5cpZV5J50UncvfrbZimpw+rRj:M40ScuKr4zcWfUb5J5RnErbZ7Rj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514273", "to_ids": false, "type": "size-in-bytes", "uuid": "8137314d-b3df-49ac-890e-fc7ea448d1c8", "value": "1460810" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514273", "to_ids": true, "type": "vhash", "uuid": "11dfd95b-f828-44c1-90bb-7070ec5df30f", "value": "856c9c01cb8622597923f305b1e5e429e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514273", "to_ids": true, "type": "filename", "uuid": "987e0449-39da-4732-b265-a20046aa78e3", "value": "\u043c\u0438\u0433\u0440\u0430\u0446\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514273", "to_ids": false, "type": "text", "uuid": "5fbe23ce-6e03-4fdb-a295-4adfab1a1a89", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:JS/Tabonachio.A\nVT Total Detection:34/59\nFirst Submission:2017-02-27T13:03:32.000000+00:00\nLast Submission:2018-05-12T23:42:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528561", "uuid": "de0b83b7-b2bc-401c-bac1-d03ba0cc4263", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528561", "to_ids": true, "type": "md5", "uuid": "78883eb1-1e2b-4c17-b120-d0b60d938b1c", "value": "d456a2719d1054bdbd0544a2ded6a354", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514295", "to_ids": true, "type": "sha1", "uuid": "fca56589-02bc-4b94-91d5-aa94ffac827f", "value": "65ac7bb445fbc9525ad3b04b88f11eef40e7ac0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514295", "to_ids": true, "type": "sha256", "uuid": "3293d12b-ae91-4b7b-b9f7-05f8e5a65998", "value": "8d23742b5a2362caf1cff76b6d1968732e1e4ff5727c85a93aeb122170653dc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514294", "to_ids": true, "type": "ssdeep", "uuid": "325a0bd1-eb83-43ca-b061-0192361cbf61", "value": "1536:oxkUsKAyQvxOwTeQjynNoOXQhw9ZahXgZK:8sjyUxOwTFjmoVw7aGM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514294", "to_ids": false, "type": "size-in-bytes", "uuid": "db62d5ef-51c4-4124-9df5-3c7477fd29f4", "value": "76470" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514294", "to_ids": true, "type": "vhash", "uuid": "48eee681-e574-4bb0-ab87-a04de7d51ded", "value": "f5fad293c7f25f554fa986fdfbc5b577" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514294", "to_ids": true, "type": "filename", "uuid": "580dfa37-2f68-4036-91cd-1955174b5be5", "value": "d456a2719d1054bdbd0544a2ded6a354.docx" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514294", "to_ids": false, "type": "text", "uuid": "e7d0781b-3748-4184-9171-31e19c5c8696", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2017-07-07T12:12:35.000000+00:00\nLast Submission:2017-09-13T18:26:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528561", "uuid": "2d361042-f009-42d9-8368-21b34c1f6b4e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528561", "to_ids": true, "type": "md5", "uuid": "c542b3ed-634f-4c35-857f-9bfd6d9958e6", "value": "d46df9eacfe7ff75e098942e541d0f18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514316", "to_ids": true, "type": "sha1", "uuid": "525410c3-30db-464b-83fa-daea217ccf6c", "value": "bbdb69d8275a213ea2dc9d9434f635f3ca571d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514316", "to_ids": true, "type": "sha256", "uuid": "d607bb7e-762a-4396-bada-bbec392590ce", "value": "60656140e2047bd5aef9b0568ea4a2f7c8661a524323111099e49048b27b72c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514316", "to_ids": true, "type": "ssdeep", "uuid": "dba6bc7f-f50f-4f06-99f6-7d5c7fd708d1", "value": "6144:bxJ7aMTJVPbZ1xuQQk0BlA9ysetaeDERdewOhK:bGMVPbZ6QUfmit64fh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514316", "to_ids": false, "type": "size-in-bytes", "uuid": "d63b0496-332a-45f4-b542-6922337de0f3", "value": "246272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514316", "to_ids": true, "type": "vhash", "uuid": "3c46a7f2-0f38-4fcf-a0a0-7b1ac8203a92", "value": "02503e0f7d1013z13z6!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514316", "to_ids": true, "type": "filename", "uuid": "24642fb9-2edf-4026-8022-3fe0cae3c0ce", "value": "GenDrive.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514316", "to_ids": false, "type": "text", "uuid": "45654b87-59f2-4cb7-a719-0ae1c06b97c3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Cryptor\nVT Total Detection:62/72\nFirst Submission:2017-11-21T13:49:27.000000+00:00\nLast Submission:2023-05-15T17:47:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528563", "uuid": "fbbac224-6593-40de-b29e-944fc9c588d7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528563", "to_ids": true, "type": "md5", "uuid": "dfa5c6c1-edf0-4a23-9939-7506b977bd1f", "value": "d4ff8e87f66150e36e4f70c65f422524", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514337", "to_ids": true, "type": "sha1", "uuid": "d6638369-2b5d-4d77-9bd0-5e4aa361dcd1", "value": "e93f0248e21995019a40612f74896bac9244cb3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514337", "to_ids": true, "type": "sha256", "uuid": "b1dcb273-dcdd-43a3-b5e3-17ae4cfc1243", "value": "2a918030be965cd5f365eb28cd5a0bebec32d05c6a27333ade3beaf3c54d242c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514337", "to_ids": true, "type": "ssdeep", "uuid": "a72b6727-1125-4262-b3fa-de87fb4a74e3", "value": "768:dCceUPD2PIsISeo8BdB9aFStBDC3g/XRNItC50Y4a1QeD2wUQ3uUzc+EOUjoCiWC:FxaPedLBaStB0tU01aKUS3ttjoCiB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514337", "to_ids": false, "type": "size-in-bytes", "uuid": "e2841f27-11ca-4658-8cc6-c57522a68f1e", "value": "95711" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514337", "to_ids": true, "type": "vhash", "uuid": "d0879713-f5c6-4d95-ad9b-723bb22b596f", "value": "83ee08e523e4969e5f0158e0325d13699" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514337", "to_ids": true, "type": "filename", "uuid": "878831da-6286-4506-b1d0-dd55877357aa", "value": "PCI DSS roles.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 18/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514337", "to_ids": false, "type": "text", "uuid": "c31d5171-61f1-43e0-907f-134060de0cd7", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/DDEDownloader.C\nVT Total Detection:43/62\nFirst Submission:2017-05-26T07:38:05.000000+00:00\nLast Submission:2024-11-18T08:09:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528564", "uuid": "93a255f3-00a5-4748-88d7-61da2f082cd8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528564", "to_ids": true, "type": "md5", "uuid": "9a0b385f-182e-4a00-8fb6-c080bde98e7d", "value": "d6ff1aa189524a993836507b8d23ec64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514379", "to_ids": true, "type": "sha1", "uuid": "550c7077-3470-4858-b325-ee24ae036cc2", "value": "06a10f37bdc4f1500c624abb31775dfc6c923878", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514379", "to_ids": true, "type": "sha256", "uuid": "6e565e49-76ea-4479-a3c3-81a9584683e2", "value": "067f31d8bbdb1369e58e806fffd5f60d438a0329095512171bdeb5338686ee8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514379", "to_ids": true, "type": "ssdeep", "uuid": "332bcf98-a430-4e50-8542-3234cf0e93da", "value": "1536:qD484cvds9Xcm/Z+TYHJgzkOfS7akgdKEuLnAh:qM84u0sTvrfS7akgdKEu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514379", "to_ids": false, "type": "size-in-bytes", "uuid": "d232970d-b2fd-4aed-8ad1-c070b31bbc55", "value": "62976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514379", "to_ids": true, "type": "vhash", "uuid": "5cda45b7-4837-471d-bf1b-e5e00db8cd9d", "value": "0640465d1d151az2emz45fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514379", "to_ids": true, "type": "filename", "uuid": "67de00b0-ba24-40ce-937a-6833042dce7c", "value": "MICROWEB.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514379", "to_ids": false, "type": "text", "uuid": "4e625654-8bb8-4c04-a2b3-33a6f7d5f4ca", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:52/71\nFirst Submission:2017-03-15T13:43:19.000000+00:00\nLast Submission:2017-03-15T13:43:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528565", "uuid": "c0c4d822-270a-4188-8e3f-620a3b3ebb31", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528565", "to_ids": true, "type": "md5", "uuid": "b4230311-b834-49d6-9f5b-1f0d9fa7f431", "value": "d906f35ffccf7f08afcc193a2804dc5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514400", "to_ids": true, "type": "sha1", "uuid": "ea664867-bd3e-4fb5-9e9e-c6ac95395b61", "value": "b944a463783804e357d16c0a4d6eb0ed15d3743f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514401", "to_ids": true, "type": "sha256", "uuid": "9fa71683-267b-465b-a716-b9c4772b340f", "value": "0a424531b7c46a72a6f1e2b5a0449b487d30b2f5389a2b86720e278f07ae976b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514400", "to_ids": true, "type": "ssdeep", "uuid": "b49f8932-4753-4000-b4bd-a92548a22e7a", "value": "6144:O/ToGlWXZFD3UTIejCC3DKZI4CYcgdR0bOk0X:O/T6XZFDkkGCO8tLUOk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514400", "to_ids": false, "type": "size-in-bytes", "uuid": "6d74db24-be3f-409b-ae87-ff11871d221c", "value": "248320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514400", "to_ids": true, "type": "vhash", "uuid": "92a8cd70-140b-4f87-85e8-47a1d55cc6e9", "value": "12505656657d65608013ze0028345z1cz1a3z18z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514400", "to_ids": true, "type": "filename", "uuid": "9b716c9e-9250-41cd-8361-1eef7a611770", "value": "0a424531b7c46a72a6f1e2b5a0449b487d30b2f5389a2b86720e278f07ae976b.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514400", "to_ids": false, "type": "text", "uuid": "3cdd2e76-85ea-44e8-9734-2e04438544ea", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:40/68\nFirst Submission:2017-06-05T07:33:57.000000+00:00\nLast Submission:2017-08-14T11:54:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528566", "uuid": "8dbf9051-d107-4ced-a487-189ed5608123", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528566", "to_ids": true, "type": "md5", "uuid": "79837b10-c9e6-47f7-9dd8-905e1a14a8ee", "value": "db334fc7bd6d351aad6e93e87e837760", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514443", "to_ids": true, "type": "sha1", "uuid": "3935c327-be8f-4acd-8878-acaeaaa17678", "value": "44ceb4273d396be4ba44083ef93e3a7807209765", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514443", "to_ids": true, "type": "sha256", "uuid": "2b8bb328-ae61-4cfc-b526-466d78f4ab54", "value": "cc31a224beabbf6c6dc7fbf3afdce6b5b5e65141f1ab64c8d0c7622c91a1c25c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514443", "to_ids": true, "type": "ssdeep", "uuid": "1035a34f-a387-4c81-80d4-71cf67cb566c", "value": "1536:3UVsk3XyJvgtBdEQN+f8v0VWeftT/iUtDPROI7OYOtiBrU:3U5XyJvgtzEIiEwPDltDJjaxi+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514443", "to_ids": false, "type": "size-in-bytes", "uuid": "80c27523-a2d3-4543-ad0f-96b1e613c09a", "value": "96256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514443", "to_ids": true, "type": "vhash", "uuid": "8b2b4aeb-d5e6-4909-af9a-bf7f192d1918", "value": "094046551d1550c03031z1002dhz32z42fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514443", "to_ids": true, "type": "filename", "uuid": "eaece6d0-e026-440c-af8e-1d78f9a585e4", "value": "svchost.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514443", "to_ids": false, "type": "text", "uuid": "1f6ff6f0-14ee-400a-9ccb-ef9d1cdca90d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:46/69\nFirst Submission:2017-02-16T13:58:33.000000+00:00\nLast Submission:2020-01-01T00:32:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528567", "uuid": "ffcff608-08f8-4b0f-a021-22ff1c10a182", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528567", "to_ids": true, "type": "md5", "uuid": "91c3faf8-b1d4-4bd2-8b30-95c8c208f894", "value": "db4fc02e5f5a21e38e93d867cc70fe54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514464", "to_ids": true, "type": "sha1", "uuid": "72d91e1f-8cf1-4065-8e41-b84a49dd5886", "value": "71fc06bdd070e603a3082743b61d7cf21ad5b7e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514464", "to_ids": true, "type": "sha256", "uuid": "13920b8e-535f-4fc8-8e48-b7fd17dc5f94", "value": "ff94ded03a42857c7c534229859b99e034745177184791df3084b6dde66b29e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514464", "to_ids": true, "type": "ssdeep", "uuid": "d89ede39-5664-46b7-a0a4-e43b4ac06d53", "value": "3072:BOAlO17ogUF3eVo3tj91MbV6Stirchs1WclaCyKNxpoOd6IkaN6WKhUIjKTyXMIU:BOAlZg2ebphKNzoOd6aNaWmfTBqbq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514464", "to_ids": false, "type": "size-in-bytes", "uuid": "69996a10-1c57-4a4a-862b-6c9929ca910f", "value": "206848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514464", "to_ids": true, "type": "vhash", "uuid": "7060b70c-b52e-46fa-b425-a9445c6beffd", "value": "12505656657d656az1b1d&z2" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514464", "to_ids": false, "type": "text", "uuid": "356b6175-7f13-4b3b-9505-d34a214f964c", "value": "Type Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Sumak\nVT Total Detection:46/68\nFirst Submission:2017-07-19T21:13:42.000000+00:00\nLast Submission:2017-08-23T16:06:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528568", "uuid": "90183ec7-7b4b-4f94-b734-30c8edaa094e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528568", "to_ids": true, "type": "md5", "uuid": "0024cd0b-02c1-416f-9302-eb60bf004b1b", "value": "db6a8169f55a20838c0ca6f383c11e23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514486", "to_ids": true, "type": "sha1", "uuid": "ec122ecb-462b-40a8-bc13-d57e2e694edb", "value": "45f4834b2bb8e2b54225f1a09673682359db9ab4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514486", "to_ids": true, "type": "sha256", "uuid": "5c389ccb-fbe9-4dca-985a-f3e2f89ac84c", "value": "7c7ec88f0897b2d14dc971d7f855444ba49289775915c0d9dafcd7d9dc9411e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514485", "to_ids": true, "type": "ssdeep", "uuid": "98b4b28f-bfdc-4ddc-8245-838d3d297315", "value": "768:lqVNSDFUfpK0rhOMme1NW+VL1DCkXrC1OZBeMNZNTMQE0MxUeIRJ:P8hObI9L1DCN4J7wQiUe+J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514485", "to_ids": false, "type": "size-in-bytes", "uuid": "ee096fc4-ec77-4566-b44b-07da519a0be1", "value": "58899" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514485", "to_ids": true, "type": "filename", "uuid": "e6b57ee8-2536-4fbf-9a10-e62f29996ac7", "value": "db6a8169f55a20838c0ca6f383c11e23.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514485", "to_ids": false, "type": "text", "uuid": "0f558e57-dd5a-4c90-b31a-1128d9488f14", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanSpy:Win32/Banker\nVT Total Detection:52/69\nFirst Submission:2016-08-15T20:53:23.000000+00:00\nLast Submission:2016-08-15T20:53:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528569", "uuid": "f471a118-f848-4ae8-aa52-cbdc7e4906fe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528569", "to_ids": true, "type": "md5", "uuid": "f792798c-a35b-4f25-91e6-d94130069c6e", "value": "e167322a628bdec5348ee443ea9c9534", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514528", "to_ids": true, "type": "sha1", "uuid": "f8510cc6-8226-4b97-986a-5258b3fad585", "value": "3a7764f0e0fca7515f88db63f69e477f830a2ee2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514528", "to_ids": true, "type": "sha256", "uuid": "8e50238d-90c5-4b57-8d23-a3bb5fb3e331", "value": "1e78e5c47e09271b6d260bc3aee102b80b66bed68459f9cadb0d38147d3aed94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514527", "to_ids": true, "type": "ssdeep", "uuid": "735ff5b5-40bc-4306-8dcd-d1c93a4aac52", "value": "1536:XlevEyHLRgHMnTMBREuGvydUAieIc7PX/YTpk+hY1YXYKYRAoIhu:Xl8HAMTyCuGvymeN7PAlkmY1AYpZIhu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514527", "to_ids": false, "type": "size-in-bytes", "uuid": "31afc192-89ca-40ed-a423-2ed322622c60", "value": "124530" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514527", "to_ids": true, "type": "vhash", "uuid": "d64377c3-b803-4339-94b5-77e492801342", "value": "015066151d1d155517z100101lz18zf5z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514527", "to_ids": true, "type": "filename", "uuid": "78bbbcf3-fb56-49ba-955f-307df03db194", "value": "jishiben1.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 16/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514527", "to_ids": false, "type": "text", "uuid": "7d5e09a9-4e30-475c-8228-dae89970ba3d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:53/67\nFirst Submission:2016-08-10T16:30:34.000000+00:00\nLast Submission:2016-08-10T16:30:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528570", "uuid": "faf4d09b-8bf4-49f0-b4a3-8ca531bb3de5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528570", "to_ids": true, "type": "md5", "uuid": "1bbd5370-4440-4c6e-9fa1-ca8ef988615d", "value": "e249fc0578b0fbd00fc171a1b98cbc87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514549", "to_ids": true, "type": "sha1", "uuid": "dda225db-6240-4f12-ac9f-0d50d47d34ca", "value": "5b49f1d21c0c52d4e50d48d650eab41b2397ef45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514549", "to_ids": true, "type": "sha256", "uuid": "230e2a13-7971-4bbb-9820-ed0502b6dd52", "value": "d2d1a19fd2cf2093defe42ddbaaa2b01535313848a888d4f20c40eb8c4a518ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514548", "to_ids": true, "type": "ssdeep", "uuid": "ccc6b572-f86b-4f70-9b37-e63292cc5f32", "value": "768:y8mLJDbX25I1nUnNVoI/OtxvJKSk0abTWLvCr8B7mrCzfRr3K5q:y8ewI1nUNeIuMSTangNB79KQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514548", "to_ids": false, "type": "size-in-bytes", "uuid": "f8994ba1-8b46-4426-8e43-81dac50d9749", "value": "48128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514548", "to_ids": true, "type": "vhash", "uuid": "4bf93a3f-57d3-4d2b-898b-fc3b0c8dc527", "value": "044046651d155az1a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514548", "to_ids": true, "type": "filename", "uuid": "00472d44-e0ea-44d9-8b70-1317e3430712", "value": "VTRESBRA.DLL" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514548", "to_ids": false, "type": "text", "uuid": "bd9824f4-ff74-449c-9070-ba67006ebeda", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Cryptor\nVT Total Detection:65/72\nFirst Submission:2018-03-07T11:25:53.000000+00:00\nLast Submission:2018-05-04T17:46:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528571", "uuid": "d3c8801b-d7e5-49ca-b1b5-e74202886b9e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528571", "to_ids": true, "type": "md5", "uuid": "76acc48d-bb51-4001-96bd-dd38bccac7a3", "value": "e38f081cf6628df63fe8f79cb6ed62fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514570", "to_ids": true, "type": "sha1", "uuid": "7ea1623b-6981-4c98-910b-508811e72faf", "value": "aff3c28f312ee670f99b20b6615320ad049eb66b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514570", "to_ids": true, "type": "sha256", "uuid": "2177db3b-362b-47b1-b227-7e367268d26e", "value": "36a53dafa65c766a4ab746d3304a9bdb75e3d58b932487b5b7ade66c40717d78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514569", "to_ids": true, "type": "ssdeep", "uuid": "4e361f14-d70a-4b0a-851b-742f3e489b74", "value": "48:3oRATv3+8pJWmaWLEEhLmxUNTaVWWtOf/2UWoAB/JtOegMC:36ATvpJWejFacWtOf+sSzC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514569", "to_ids": false, "type": "size-in-bytes", "uuid": "4e45ba44-95c5-4ea5-a65f-9ba3ce242141", "value": "6113" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514569", "to_ids": true, "type": "vhash", "uuid": "cebabf72-7cde-4c69-b15f-a47c2762d750", "value": "85293c777072fcb5c0161589e61d1be22" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514569", "to_ids": true, "type": "filename", "uuid": "421eddea-8972-447d-80ee-44922b504bba", "value": "Corp.tarifs.pdf.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514569", "to_ids": false, "type": "text", "uuid": "93f363f3-c97f-4387-b396-4c19c6b09adf", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199!rfn\nVT Total Detection:36/61\nFirst Submission:2017-07-27T06:48:15.000000+00:00\nLast Submission:2025-03-19T20:35:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528572", "uuid": "cfe73bf4-841e-4789-9020-e19e2fe34915", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528572", "to_ids": true, "type": "md5", "uuid": "ac2a0beb-1a4d-4d29-a691-7c8cdb2e61de", "value": "e4a6e9824a12d0d3ace6ace9b3b79fcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514591", "to_ids": true, "type": "sha1", "uuid": "1987c1da-88ad-408f-85aa-1616e129a7e6", "value": "e0b5c8b15a952356881378fb41a833a5b32b73b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514591", "to_ids": true, "type": "sha256", "uuid": "01053dc0-95bc-4564-bef9-67596a8d70db", "value": "b65dbcafd28b4b04e3575eb4259d0b94621b9a2b103b7b4a324e6f6091590b56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514591", "to_ids": true, "type": "ssdeep", "uuid": "08f54773-3852-485e-b17d-05874738fb09", "value": "6144:+RdH+sCP4dljuZTWEBGnjatDIFa0fiavaAZjjbU:+RdenSKZbBGnjah+a0fjSMU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514591", "to_ids": false, "type": "size-in-bytes", "uuid": "4bca363b-3b97-495f-bd62-9e0382103097", "value": "205824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514591", "to_ids": true, "type": "vhash", "uuid": "55cc6b5c-b2a4-4d19-bf28-05e8d58ef0bb", "value": "9c069929cef812e6533a896c27a43c31" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514591", "to_ids": true, "type": "filename", "uuid": "4cdd1831-9e19-46fe-9089-e9196361292b", "value": "\u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 20/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514591", "to_ids": false, "type": "text", "uuid": "58f1e8e5-e7c8-480a-9c37-95c8a9239b4a", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:42/63\nFirst Submission:2016-10-20T13:12:44.000000+00:00\nLast Submission:2016-10-21T09:06:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528573", "uuid": "b5f42a9f-bad4-4b0c-8c1d-58a7cc2f28a2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528573", "to_ids": true, "type": "md5", "uuid": "0b689461-0995-48e1-b41f-47379ad1104d", "value": "e54c635381b677e4bd2715013e19526b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514612", "to_ids": true, "type": "sha1", "uuid": "37d7f179-b492-4eb7-9a60-ddddd138125f", "value": "fa9c28086d933755b667bc2c1a57de2bafb90c52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514612", "to_ids": true, "type": "sha256", "uuid": "efcee32f-b6a4-4df5-a048-81ecd243379e", "value": "f9ad463dea92342eabea601b342ecace268609cb7c708446d53d6fba47ecc694", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514612", "to_ids": true, "type": "ssdeep", "uuid": "b025620f-392e-454b-8841-b55d8d62ad53", "value": "768:DXCyM2nI41H93CDao43TJKVKZdT6d8LJCjerTsIGkX8fzUEkIgJa9o7t:2yHnIUFqaP3FIdGMje8kePgJaU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514612", "to_ids": false, "type": "size-in-bytes", "uuid": "3c413639-3a4f-4d0a-9cd9-9f66859ef872", "value": "62464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514612", "to_ids": true, "type": "vhash", "uuid": "497c0b2f-5713-4fc6-aa40-ad56bc25014e", "value": "064056551d1c055az2emz45fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514612", "to_ids": true, "type": "filename", "uuid": "ca3fd7b2-8f5c-466c-ba7d-ce690d546a33", "value": "InfraRecorder.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514612", "to_ids": false, "type": "text", "uuid": "a7889eeb-ae76-4212-89f7-3bc2c7220283", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:53/72\nFirst Submission:2016-10-20T13:20:55.000000+00:00\nLast Submission:2017-01-10T07:04:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528574", "uuid": "2065f8ec-1e31-461f-a874-468d79f63ed1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528574", "to_ids": true, "type": "md5", "uuid": "7c3f078e-5706-472b-a9cc-c2286820632e", "value": "e5c58d2ef3b20c5370c73b70e273b9b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514633", "to_ids": true, "type": "sha1", "uuid": "de363847-7376-4889-959a-fcbf70a95d8d", "value": "a415edcfe927b9483f19d82da9df8a34f540385d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514633", "to_ids": true, "type": "sha256", "uuid": "2866a446-2024-4955-b870-525f0080f1f6", "value": "cf03004e3a1c2bfd52ccc2ffd4cd2bf0055550a29b8d8f4a9f7a43e1e22791ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514633", "to_ids": true, "type": "ssdeep", "uuid": "e39bf4c6-ba21-46ef-8d48-04d178fd71b3", "value": "6144:7RkM79Wfdh4sqr4a2PQJXSrDEzqeetrPEkaRQ5iR5B6YydPZwwvz6Spq+BDV:RofdOsqrwr4zcGCK5BzyXhvzzDV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514633", "to_ids": false, "type": "size-in-bytes", "uuid": "046c7181-5f04-44e5-8ca2-c136ba18a740", "value": "1439818" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514633", "to_ids": true, "type": "vhash", "uuid": "796077d3-fbc2-4ae4-9b95-0a8c41d6a119", "value": "856c9c01cb8622597923f305b1e5e429e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514633", "to_ids": true, "type": "filename", "uuid": "88c9fd3b-7dcf-48d0-9f82-334aba088d6d", "value": "\u0423\u0441\u043b\u043e\u0432\u0438\u044f \u0441\u043e\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u044f.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 12/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514633", "to_ids": false, "type": "text", "uuid": "1a686dba-e1a4-4a95-a799-c325a16be322", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:JS/Tabonachio.A\nVT Total Detection:30/59\nFirst Submission:2017-02-10T13:12:56.000000+00:00\nLast Submission:2017-02-10T13:12:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528575", "uuid": "86e5a45d-ff16-4383-bea8-d354642cb371", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528575", "to_ids": true, "type": "md5", "uuid": "20ef4e3b-8da9-404a-9f8a-d90092084e44", "value": "e7aa5608c81ba4fcd8d166501b90fc06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514675", "to_ids": true, "type": "sha1", "uuid": "c5ed1a40-d54d-4080-b305-ffbb528e3aa9", "value": "5c714fda5b78726541301672a44eaf886728f88c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514676", "to_ids": true, "type": "sha256", "uuid": "8653e3ea-5065-4f9e-922d-62362c3ed5cd", "value": "5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514675", "to_ids": true, "type": "ssdeep", "uuid": "5f51b896-6a35-4e03-a2f5-fba40fa5e1a4", "value": "24576:LbxYXJMxhPW51ROvSEbf+Ghx1V3H4rLZjjzks8QEAydG55Cpw/M7cShJZ+i:LlYZhROaEmGhx/H4rLZj9zEFBw/M7cM1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514675", "to_ids": false, "type": "size-in-bytes", "uuid": "a43befaf-3472-4387-8014-92dc202fa8a8", "value": "1480520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514675", "to_ids": true, "type": "vhash", "uuid": "60ec14ef-c76c-4d93-8d69-8f83b0cf3a4c", "value": "01603f7f5d50101011z11z201013z1015z1010101010101016z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514675", "to_ids": true, "type": "filename", "uuid": "3001aef1-223d-4d54-92fd-628966e424bd", "value": "netscan.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514675", "to_ids": false, "type": "text", "uuid": "cac42a76-2a9d-4d34-87b9-6041ff1fe8d9", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:10/72\nFirst Submission:2016-09-04T14:44:21.000000+00:00\nLast Submission:2025-04-15T15:49:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528577", "uuid": "70951db3-6271-45c2-9981-241b7d778471", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528577", "to_ids": true, "type": "md5", "uuid": "2ece6464-3aa5-43ad-864c-9e98534503df", "value": "ec4cca1d9117a662573aefd5284393db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514717", "to_ids": true, "type": "sha1", "uuid": "b748dcb0-9605-4738-84af-75868d7875d0", "value": "124195bd256266dc4891e91f10017c8fc24d7a1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514717", "to_ids": true, "type": "sha256", "uuid": "b8ab5b78-1aaa-4387-8295-fa61ef4f63da", "value": "6ce42f0ea6fe5bc909f6c656213ae474630841950d9f352cd6f1cae2d2f8f0b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514717", "to_ids": true, "type": "ssdeep", "uuid": "c5c5ee93-3e0d-4850-b52c-30a2b779f8e6", "value": "384:TDCXYyFRDNOs3Q0ShQ0g1sPJ5r48FG6F7//oEWMACILwZ3K:TtyjDNr3QDO09Pn5ZfACIL+a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514717", "to_ids": false, "type": "size-in-bytes", "uuid": "cde525d8-18ea-48a5-bbc0-dbc1715cf877", "value": "19197" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514717", "to_ids": true, "type": "vhash", "uuid": "188cb872-5a8c-49dd-9beb-5ec0a4bdee08", "value": "7c39b4d81e858a1b757a27c6be23ca88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514717", "to_ids": true, "type": "filename", "uuid": "95f883bc-888a-4d86-8c1f-515334689abb", "value": "m111z.xls" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514717", "to_ids": false, "type": "text", "uuid": "e05984f1-08ac-4c99-aaec-dad4d7184062", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:9/62\nFirst Submission:2017-07-04T06:55:06.000000+00:00\nLast Submission:2017-08-28T14:52:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528578", "uuid": "fb699f1f-a9c0-411e-80be-e3a19930cb65", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528578", "to_ids": true, "type": "md5", "uuid": "2bc6f1ee-4156-4d0b-89b8-81f36968baeb", "value": "ef72be586832af0528d3a9b3c5347722", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514739", "to_ids": true, "type": "sha1", "uuid": "89f35683-8cb3-4395-800a-422c9c5d0fdb", "value": "b6c26ac64253ba96dcb6b7d1e9d95454e7267049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514739", "to_ids": true, "type": "sha256", "uuid": "bdac2e22-83de-4c0a-8950-0904b7c620aa", "value": "e38d15add7bb5fa7387cb9b377d549b1365386dc13fc7e5ed08468cad5ecafe2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514738", "to_ids": true, "type": "ssdeep", "uuid": "72d43317-4df1-4f24-9026-f47187fcd951", "value": "192:VR/Q8K+AqpnTRCRbFtcuX4QVrEfygyqeG98tiwzl:XY8K+AITSbFtcuIQPgyqRfwzl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514738", "to_ids": false, "type": "size-in-bytes", "uuid": "44950bd2-c2d6-480c-bfdc-d7e116bfca86", "value": "7156" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 15/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514738", "to_ids": false, "type": "text", "uuid": "6abeef8b-ecb7-412d-9d96-c67de7bfda40", "value": "Type Description: HTML\nMicrosoft: None\nVT Total Detection:20/60\nFirst Submission:2023-10-15T11:00:27.000000+00:00\nLast Submission:2023-10-15T11:00:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528579", "uuid": "1cd9d2be-7a84-45bf-9436-275c42958a20", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528579", "to_ids": true, "type": "md5", "uuid": "25f6800d-8fd7-42a4-85e9-e3acf4367a49", "value": "f360d41a0b42b129f7f0c29f98381416", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514781", "to_ids": true, "type": "sha1", "uuid": "d1c8e02c-4ab2-4b1d-be65-51f26f78b197", "value": "245b867e578e9df12877df07017338863a5fdc59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514781", "to_ids": true, "type": "sha256", "uuid": "69a1ec2c-5493-475f-8957-87f8f52a81b3", "value": "17f9db18327a29777b01d741f7631d9eb9c7e4cb33aa0905670154a5c191195c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514780", "to_ids": true, "type": "ssdeep", "uuid": "645479f3-3bfc-4a7a-8631-e2e24a223712", "value": "192:uZUGZxwvBgGkPSGZxevBgGkPSGZxevBgGkPSGZxevBgGkPD:3Y4Y4Y4YD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514780", "to_ids": false, "type": "size-in-bytes", "uuid": "f9840b87-c492-4d60-af36-da664239bf40", "value": "31811" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514780", "to_ids": true, "type": "vhash", "uuid": "70dc5462-fdd5-4981-940a-89d6b98853c4", "value": "842a3e8e5032ff19bec81fe3f12948867" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514780", "to_ids": true, "type": "filename", "uuid": "6db65340-de58-482a-92e1-1dc810aa5d7e", "value": "f360d41a0b42b129f7f0c29f98381416.rtf" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514780", "to_ids": false, "type": "text", "uuid": "f36395a1-1318-4540-9708-261d97a6ab11", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-11882.A\nVT Total Detection:51/63\nFirst Submission:2017-11-21T13:27:59.000000+00:00\nLast Submission:2024-01-14T16:42:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528580", "uuid": "242cdf8c-cb9d-4480-9255-ecb45b10889e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528580", "to_ids": true, "type": "md5", "uuid": "746125ee-b46e-4ecb-85f6-5bf1feba6e3d", "value": "f3e52ac8b82cdc048f48bfd03868b072", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514802", "to_ids": true, "type": "sha1", "uuid": "711b49ff-0de3-4dd8-8b5d-aa032adbe650", "value": "bca5a0cc43ed15e20540d6ae4033f589b1055386", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514803", "to_ids": true, "type": "sha256", "uuid": "421efa01-f1f1-4f2b-80c9-3ef15f5da4ee", "value": "935e16f280abd2b08a7953d608b09e9202a8345b95647770e959a2c062ee7446", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514801", "to_ids": true, "type": "ssdeep", "uuid": "62cb75c5-4293-4f99-a4a4-ed6f204d3e63", "value": "192:S74YnWFiSWIK60Jk/8vXFZSKdENYrOaXpRqixdj36kREI:2bWFDx0h9ZSKONIOC3djLREI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514801", "to_ids": false, "type": "size-in-bytes", "uuid": "7fdfe592-cf2c-48cf-93e7-60258fd58043", "value": "13219" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514801", "to_ids": true, "type": "vhash", "uuid": "1ed695e8-8908-440a-a2ad-8baadfeafb53", "value": "5b680307f6d4cc59c848602fd9989e91" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514802", "to_ids": true, "type": "filename", "uuid": "fc48d7dc-ac54-427b-89e4-759296dd7aca", "value": "applet_signed.jar" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/12/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514802", "to_ids": false, "type": "text", "uuid": "88303f50-dde3-49ba-8961-8154545eedad", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:36/61\nFirst Submission:2018-01-16T10:36:58.000000+00:00\nLast Submission:2018-02-01T19:39:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528581", "uuid": "6036370a-0eac-418e-b1f3-0813b303afdb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528581", "to_ids": true, "type": "md5", "uuid": "06d8b2a9-a633-4fc1-b4ee-cc58432f087a", "value": "f4f4eb32a90483a9a0fca214ffafb32c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514824", "to_ids": true, "type": "sha1", "uuid": "a34e0633-1062-4e1a-927a-e9a18cddac34", "value": "3722cb9026161d90b3ad94e7c012bbe58bf47e3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514824", "to_ids": true, "type": "sha256", "uuid": "9b39fd19-c777-49d3-8428-b10c4f3c9068", "value": "1ea7400cf77eda7adcd1080954819c56eb060c922f8e3b1d33fb4263e58001ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514823", "to_ids": true, "type": "ssdeep", "uuid": "595b4795-acef-451a-8c2b-42e69cc0577e", "value": "1536:QX5OU9X3Q2Bxoi9PBZ4r4JZ4As/DQpp8IG:QX5/3Q2BxR9Ar4zpsLQp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514823", "to_ids": false, "type": "size-in-bytes", "uuid": "f2874ca0-fca8-404f-8c9a-f99fe370bd60", "value": "59904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514823", "to_ids": true, "type": "vhash", "uuid": "5e0c8949-1b4e-4da7-adc5-183d23ffafc2", "value": "054056555d1c0510e0303003200937zf085z12z9c5z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514823", "to_ids": true, "type": "filename", "uuid": "7f84becc-d9a1-4a43-a070-9b6a1255baf1", "value": "Sun.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 21/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514823", "to_ids": false, "type": "text", "uuid": "d42e8895-bfb0-4009-ae01-6345a6555328", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Swrort.A\nVT Total Detection:45/69\nFirst Submission:2016-11-29T09:53:30.000000+00:00\nLast Submission:2016-11-29T09:53:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528582", "uuid": "951b27f4-f3e3-45fb-9454-5eb876d4acbc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528582", "to_ids": true, "type": "md5", "uuid": "abb59f6a-7019-4f68-93e1-2d5248e65ab0", "value": "f726cad84718bccfdc81c7f17700a4d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514866", "to_ids": true, "type": "sha1", "uuid": "3165db9f-f3ce-45e8-93d3-4decfeed8fc4", "value": "632e60853576acd23fd8e877685fed8eea5b6fdc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514866", "to_ids": true, "type": "sha256", "uuid": "be88eca7-257a-4ec0-b693-b66ab475ff8d", "value": "a3e28d3dcc551be46c9bfad01ac00c54a960da5062164c9d30aa136ccc283976", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514866", "to_ids": true, "type": "ssdeep", "uuid": "89bdf7a7-6bab-4c42-86d9-df07c57b115b", "value": "384:TDCXYy2Io54btqlTenMeOo+Ou9PzyyBnYgWvOYFG6F7//oPyMA6HlW:Tty5tqgMeOqu9Pzw6DAkU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514866", "to_ids": false, "type": "size-in-bytes", "uuid": "887ab5ca-ca2a-495f-ae2f-9b78db6c1cb0", "value": "19781" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514866", "to_ids": true, "type": "vhash", "uuid": "2fcfc727-0d07-4e73-b3fc-72d08cca5c97", "value": "7c39b4d81e858a1b757a27c6be23ca88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514866", "to_ids": true, "type": "filename", "uuid": "d3abccbc-8a09-4462-95d9-cd83f38f5678", "value": "85718.xls" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514866", "to_ids": false, "type": "text", "uuid": "aa8f53a1-5677-46eb-8624-54cad2f6b599", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:18/66\nFirst Submission:2017-09-05T09:15:57.000000+00:00\nLast Submission:2020-12-06T12:01:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528583", "uuid": "8ca9d0ed-53d5-4586-9f14-659219f9cb9b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528583", "to_ids": true, "type": "md5", "uuid": "ec4b8213-d2d7-44ba-a799-79cbbef86233", "value": "f86ecc69caab5d627f9fe63f73b56936", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514887", "to_ids": true, "type": "sha1", "uuid": "3d3d048d-49b4-427b-89a7-7cf71d3e5441", "value": "845add069316c90a148f7bbe476e2f7d50841b19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514887", "to_ids": true, "type": "sha256", "uuid": "e0460a59-6eab-49e6-b241-5faf83f32269", "value": "ba1df05aa392066075ab19ccacc5b1a778bb9e93f16cb5b7e67a7bcd99603ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514887", "to_ids": true, "type": "ssdeep", "uuid": "6d01995d-86c9-47e5-af92-c63ae3178d87", "value": "12288:/FNRWgJDwmQLbB1Oxr4zcKuHMF5EjUYrQq:/FegJqLbB1ixJHMFmlj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514887", "to_ids": false, "type": "size-in-bytes", "uuid": "79228893-795b-464b-aebb-341838860b81", "value": "567189" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514887", "to_ids": true, "type": "vhash", "uuid": "e044d8eb-78a6-4e3f-9783-a2cabe471754", "value": "84e3264a2e93af0fae576fed95b7759ac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514887", "to_ids": true, "type": "filename", "uuid": "07842f33-584a-470c-a3d9-de1301b316ec", "value": "Manual user.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514887", "to_ids": false, "type": "text", "uuid": "af305120-1224-4138-bf8a-99724f997822", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:34/59\nFirst Submission:2016-08-22T16:02:58.000000+00:00\nLast Submission:2016-08-22T16:02:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528585", "uuid": "3f2dec84-285c-45cd-bc19-86314b9055e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528585", "to_ids": true, "type": "md5", "uuid": "a0d2bba1-7cd0-4914-bbaf-8e52854b604b", "value": "fa04623cb547fa967f20f2630b750af0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514908", "to_ids": true, "type": "sha1", "uuid": "746e3c97-bad6-4ec9-b34f-910dbdb7223f", "value": "eecd6c130a26f87fba173c19c4006c6535d770b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514909", "to_ids": true, "type": "sha256", "uuid": "7032e668-2a3b-435a-8aac-9d4e1baf607e", "value": "da0ad540a16be01ae1430dd2af8f48fd28f3ac4f965fc6780d8eee3a2db2ad10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514908", "to_ids": true, "type": "ssdeep", "uuid": "9da9fd47-f4a7-43d0-b924-83ba85df99c4", "value": "768:opH313+6dXj7T2LJfNdMOfAuP23qL/x1FYZACtUoCIKGSvtfPJF:YHF3faJ1dLnP23k/SUzhJF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514908", "to_ids": false, "type": "size-in-bytes", "uuid": "e3393293-2304-4505-b500-ba4462def46c", "value": "73216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514908", "to_ids": true, "type": "vhash", "uuid": "e022e76f-5a0c-4bc0-96aa-437facd74fc8", "value": "074046651d151az5-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514908", "to_ids": true, "type": "filename", "uuid": "f14d05a8-234d-4ca9-a2bd-cbeec24a6a0d", "value": "cygwin1.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514908", "to_ids": false, "type": "text", "uuid": "b172af0c-588c-4171-8927-4f3195a22648", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Cryptor\nVT Total Detection:61/73\nFirst Submission:2018-03-26T08:13:49.000000+00:00\nLast Submission:2023-05-15T17:41:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528586", "uuid": "e1a31718-81cf-42c8-a664-e5c219fcb77e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528586", "to_ids": true, "type": "md5", "uuid": "cd81bbf6-d300-4b46-8236-221894c350cf", "value": "fa7654d7e2be803dd7af72b3457c1934", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514929", "to_ids": true, "type": "sha1", "uuid": "84370f00-b9a3-4a6e-8bc9-5ca36469d0aa", "value": "824be00be83d88d1dd49f682c45cb0c923da6541", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514930", "to_ids": true, "type": "sha256", "uuid": "6ec11200-1c35-428a-9be7-31021dc62a3d", "value": "aa2b322b7f44c06137859b733ac0d94dfb1e302b5be9a0e955bf935477008cad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514929", "to_ids": true, "type": "ssdeep", "uuid": "7f37eb44-e676-4d08-aaae-f39481bdf870", "value": "192:MvOuX0ZLKzP9plLaM5axJQd+gJIFgQqPohJDiSYKo:PuCKxLr7+gJIoSVo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514929", "to_ids": false, "type": "size-in-bytes", "uuid": "83f26e9e-9810-41b3-b70d-bba997e03d7d", "value": "7180" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514929", "to_ids": false, "type": "text", "uuid": "4fbdb37a-6f9e-4678-817f-74fafe50fc61", "value": "Type Description: HTML\nMicrosoft: None\nVT Total Detection:23/63\nFirst Submission:2024-06-05T15:33:11.000000+00:00\nLast Submission:2024-06-05T15:33:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528587", "uuid": "41c7af9f-7628-4bff-b1bb-1fd13cdaa41c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528587", "to_ids": true, "type": "md5", "uuid": "99c6c9f9-dac5-4bc0-853c-b77341827c30", "value": "fae3d240ad10fce0e4cec85aae446237", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514951", "to_ids": true, "type": "sha1", "uuid": "4748fcf0-a00a-41fd-8e8b-f79a98c9ab1c", "value": "8021579e1236d28805e3edddbd62630fd2f0d2ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514951", "to_ids": true, "type": "sha256", "uuid": "659e6903-f13a-4982-99b9-e185f08ea0c7", "value": "a64a2dfe1bc22f4493c9099759d1e1b4c4d42a7f45bfafd128a33c6c82078f97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514950", "to_ids": true, "type": "ssdeep", "uuid": "df8e193b-0f9c-4790-be75-a3469c572cba", "value": "96:3YVodiFaoTqkruXYIE4eXJ6fDczCo7TJHk3ASu/7qVKuw4is79/8VY:39UFaSru9MwczCo79E3ASuOVKuB/8i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514950", "to_ids": false, "type": "size-in-bytes", "uuid": "0bbd9d6e-13fd-408d-a5f7-0da0d1147dec", "value": "9657" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514950", "to_ids": true, "type": "vhash", "uuid": "b054a5de-301b-48d0-9bb4-51a175c2f7aa", "value": "809bd7e8071fc988d2f1fdfe7348e82e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514950", "to_ids": true, "type": "filename", "uuid": "84d7a482-2774-4d64-9a68-bf5727481381", "value": "0LjRjyDQuNGB0LrQvtCy0L7Qs9C+INC30LDRj9Cy0LvQtdC90Lg=?= =?utf-8?B?0Y8uZG9j?=" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 01/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514950", "to_ids": false, "type": "text", "uuid": "d1f1f65b-d998-4596-9529-3a3687f8dbb0", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199\nVT Total Detection:33/60\nFirst Submission:2017-09-05T08:53:41.000000+00:00\nLast Submission:2020-09-01T20:10:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528588", "uuid": "5e988fdb-c14e-44d5-a8d3-5a30b50522e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528588", "to_ids": true, "type": "md5", "uuid": "846f499a-5c08-402b-b566-6e7f525606a0", "value": "fbdb2469b83944061e4847bfc5b3a08b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514972", "to_ids": true, "type": "sha1", "uuid": "35dbf261-b568-4869-bca5-9325553f6728", "value": "9843cf7e1829508b655ad09879698057f7a0a636", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514972", "to_ids": true, "type": "sha256", "uuid": "f5652187-df25-4b11-a47c-fe0ab09402a8", "value": "64418056d8ce1c632abe8fece8e5e60b17530019eca8299cac1bf7b575df351c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514971", "to_ids": true, "type": "ssdeep", "uuid": "68e2ed55-6758-40e8-9eec-e04479b87e65", "value": "24:3Ro/Am0HG++hbhI0zZErUfEUinkZG7Jjjtjq3JFMcnPFESvrV+kkr:3t+1yMck47943JXPmSDAk0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514971", "to_ids": false, "type": "size-in-bytes", "uuid": "b7ba888d-5548-4dd3-809a-073eebc552d7", "value": "5905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514971", "to_ids": true, "type": "vhash", "uuid": "793e5a3f-3bba-4691-b1fd-a5b24e85eed6", "value": "809bd7e8071fc988d2f1fdfe7348e82e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514971", "to_ids": true, "type": "filename", "uuid": "209afd28-96e5-437f-bb7a-3e1cdc87de6f", "value": "64418056d8ce1c632abe8fece8e5e60b17530019eca8299cac1bf7b575df351c.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514971", "to_ids": false, "type": "text", "uuid": "6702834d-f142-4cb6-b5c5-18ade8d56d21", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:28/59\nFirst Submission:2017-09-20T09:26:48.000000+00:00\nLast Submission:2018-05-20T01:00:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528589", "uuid": "d871b8f8-59c8-4148-b434-f0d4d890bc1b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528589", "to_ids": true, "type": "md5", "uuid": "b0220484-f028-4e7a-b6a8-c7f3cdd54723", "value": "fbf25b39a15a011d8648bf20895f496a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746514993", "to_ids": true, "type": "sha1", "uuid": "9132c463-5ce5-4eb8-b8e5-8adcc558c2ef", "value": "7106ea71f0feb47cfdc4f3bf64851555eba4aa03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746514993", "to_ids": true, "type": "sha256", "uuid": "c40e276e-1091-47ab-8379-bbd50548545c", "value": "75c383d1610c628fedf7720f2d9c3e7f8aa6f7c99e2455f9494e1b40658711ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746514993", "to_ids": true, "type": "ssdeep", "uuid": "6dd3698d-6007-47a1-94ed-302b039a6a94", "value": "3072:H+S02j1TGWPw4NXw4kmEIRxUJ8lUOOq52amRE:TDjV5Pfg4oIRxK8UvzR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746514993", "to_ids": false, "type": "size-in-bytes", "uuid": "cb5ef7d8-fbcd-425a-9459-32015ea4b5ec", "value": "199680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746514993", "to_ids": true, "type": "vhash", "uuid": "bb7f77cc-0744-4a30-8242-e264ce827f55", "value": "115056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746514993", "to_ids": true, "type": "filename", "uuid": "98022550-2978-4a84-9eeb-d9c16373012e", "value": "aOaH" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746514993", "to_ids": false, "type": "text", "uuid": "4f8c0623-2441-4ac6-9275-4816a4259d5c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A!dha\nVT Total Detection:47/67\nFirst Submission:2016-06-27T13:49:20.000000+00:00\nLast Submission:2016-06-27T13:49:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528590", "uuid": "417f59e7-0ae1-4647-a2c1-364b19d3afa1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528590", "to_ids": true, "type": "md5", "uuid": "167f1eb1-55a5-447e-bca5-a959239acb65", "value": "fe44c14403f36c6e451bda391a1d1ca7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515014", "to_ids": true, "type": "sha1", "uuid": "3570d081-d603-46df-995e-03bc9111b628", "value": "4e8f63070b2e661aa1a6c9d3769c8c39e984aecb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515014", "to_ids": true, "type": "sha256", "uuid": "b8212200-d3b9-468b-98f7-ca1f0cd8f746", "value": "2177f7198240abe39ecd6333ca86450022b3e0e11566dd126d65e64eeefcabb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515014", "to_ids": true, "type": "ssdeep", "uuid": "59e70224-4f5e-428a-80b9-0688d6f5c3c4", "value": "192:IHSykZahxHn9QgyBtX4SR4wefaNP6WoRK/SjN7AGY:cSykyDyLXrRwaNCgyAp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515014", "to_ids": false, "type": "size-in-bytes", "uuid": "70d3e62a-8a7a-4efa-9b86-6b0718805826", "value": "14336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515014", "to_ids": true, "type": "vhash", "uuid": "57a45af3-9494-4943-82bd-ec8660f22155", "value": "0140775d151c0d1d1d1az1a1c=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515014", "to_ids": true, "type": "filename", "uuid": "d673eaf5-96d6-46f6-a231-a84a1fb9c665", "value": "leccj.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515014", "to_ids": false, "type": "text", "uuid": "26c4890b-3889-42c0-824b-b492c8a7404b", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/CobaltStrike!pz\nVT Total Detection:63/74\nFirst Submission:2016-07-26T13:50:07.000000+00:00\nLast Submission:2016-07-27T13:21:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528591", "uuid": "3439e68b-7407-4972-93c7-4f5798e80000", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528591", "to_ids": true, "type": "md5", "uuid": "4152257b-e592-4901-b770-7e01c1bc7990", "value": "649ad824358a4b00d7e7b8126cdbb28f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515035", "to_ids": true, "type": "sha1", "uuid": "1b7579c1-2d6b-4866-bd98-1b0a026d9fe4", "value": "be3ff443ad876199b47347fc86d0fa5264b28fc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515035", "to_ids": true, "type": "sha256", "uuid": "a1e7fc8c-0ffe-4a01-8538-b0817de4da6a", "value": "25f2f6fbbaf88093333600ad0dc39aa3e9f4716fc5dafdf5a0dac6e4c7d4177f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515035", "to_ids": true, "type": "ssdeep", "uuid": "8a671dd9-8ae5-49cd-bdc0-600160f75eb8", "value": "768:+rU3D0Ka+kBKKai6I6kW/8g3Fen2tEYhLX:dD0JRkrib618SenKnd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515035", "to_ids": false, "type": "size-in-bytes", "uuid": "151a2ddf-7e9b-486e-a0bc-bce3cb85aaf4", "value": "40448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515035", "to_ids": true, "type": "vhash", "uuid": "2a71f13b-947f-4ae3-b962-e814cd9c20f5", "value": "044046551d151az2dmz45fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515035", "to_ids": true, "type": "filename", "uuid": "cc3fe23c-8c6c-4e02-aac5-06bac4e6349f", "value": "lc.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 04/04/2017", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515035", "to_ids": false, "type": "text", "uuid": "ed7b63ee-5045-4a64-932b-66b9ac182ca5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:36/61\nFirst Submission:2017-04-01T21:27:44.000000+00:00\nLast Submission:2017-04-01T21:27:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528592", "uuid": "801a6197-b96a-47c5-aa43-eaf89373b151", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528592", "to_ids": true, "type": "md5", "uuid": "e0fd5e2d-cbad-445c-89ed-1724f73e731c", "value": "1417d6d7ceadb491bb9ab8cac6a3ce6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515119", "to_ids": true, "type": "sha1", "uuid": "774349a6-c3a0-4b6d-afa0-8808b630490d", "value": "51f56f8fd80b6f89c4e182f140c2be0f7fcaeaec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515119", "to_ids": true, "type": "sha256", "uuid": "ddf233cd-4c2b-4483-b30a-b60b8eb88b19", "value": "94155a2940a1d49a92a602a5232f156eeb1d35018847edb9c6002cefe4c49f94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515119", "to_ids": true, "type": "ssdeep", "uuid": "adae0749-bbe7-42e1-90ec-80ae520ed241", "value": "24:3Ro/AdaG++hO9eErUWEUiXLnDKC/J0gjq0rt/vmtS5E5DcX9rVMo69XfkOn:3Y+8tnGLDv/mP0h/xuRctGoID" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515119", "to_ids": false, "type": "size-in-bytes", "uuid": "deea01ef-a6b6-413e-977b-f28e18bc0cac", "value": "6103" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515119", "to_ids": true, "type": "vhash", "uuid": "5bdb2aa9-260a-469a-8948-235735e5ae54", "value": "809bd7e8071fc988d2f1fdfe7348e82e5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515119", "to_ids": true, "type": "filename", "uuid": "70be8ef5-2a8a-447d-875b-df8f005c12ba", "value": "1417d6d7ceadb491bb9ab8cac6a3ce6f.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515119", "to_ids": false, "type": "text", "uuid": "cd773568-6114-4c1a-8f34-bd6c4b936457", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199\nVT Total Detection:36/62\nFirst Submission:2017-09-25T06:23:32.000000+00:00\nLast Submission:2018-10-04T21:30:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528593", "uuid": "fba37d60-335f-4976-ae9b-0ed3f5d7a6d1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528593", "to_ids": true, "type": "md5", "uuid": "8e1704f4-3c66-4ff3-bce8-1ef1958ce7ce", "value": "fd34bc7a8c1e756bf54c38d94d7dd450", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515140", "to_ids": true, "type": "sha1", "uuid": "93a3ccba-9439-4882-9433-359107620f3a", "value": "c6fb1c68240d94e2bf3e6b3a1f91c3f70051645c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515140", "to_ids": true, "type": "sha256", "uuid": "4a8bd315-39a1-49c2-a328-e9378444d31b", "value": "922e3bccd3eb151ee46afb203f9618ae007b99a758ca95caf5324d650a496426", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515140", "to_ids": true, "type": "ssdeep", "uuid": "e109b542-8589-4a02-aada-b0b618dcdcfc", "value": "768:1u1cA7lzbCG3pN2g6q6LjhB8mozAG/VA6iMB/gtQTa58iVhPewUwP:1ub7pb3iLlBaAgA6iYEQu58iHXx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515140", "to_ids": false, "type": "size-in-bytes", "uuid": "648ccd14-9a5c-412a-b5b5-ad71dd725b82", "value": "47616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515140", "to_ids": true, "type": "vhash", "uuid": "a5ddb8df-a881-4f8b-bac9-4d99ab2c0565", "value": "044046551d151az3dmz15fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515140", "to_ids": true, "type": "filename", "uuid": "27f18588-8fb8-45f4-8a8c-dbe982dfa610", "value": "fd34bc7a8c1e756bf54c38d94d7dd450.virobj" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515140", "to_ids": false, "type": "text", "uuid": "2497938c-cf85-4289-94a4-11d61e565f1a", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Cystea\nVT Total Detection:56/72\nFirst Submission:2017-05-29T12:06:05.000000+00:00\nLast Submission:2020-06-10T16:23:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528594", "uuid": "930ba5a8-e5b7-4119-8dc7-5e2c0e548efc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528594", "to_ids": true, "type": "md5", "uuid": "918aa8f9-482c-4d8e-ac70-d47a82c268ff", "value": "e34cf17871b7476a1cd064a3a7043224", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515162", "to_ids": true, "type": "sha1", "uuid": "2e97bfbf-4184-479b-a884-ebf768b5bbfe", "value": "b04faf953fa9a35fd4ac4c506df6f168f90d3cac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515162", "to_ids": true, "type": "sha256", "uuid": "0b81a716-2be7-4999-b3bd-d5c882d23403", "value": "083e096c90ce5dcbcce2e47f9992f3debf1bc468e3c4998d355432be88382e7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515161", "to_ids": true, "type": "ssdeep", "uuid": "bd48ffaf-a7ac-4c4e-92cc-ae62e23ae756", "value": "6144:a9VF/aEGWgAsk5eQdcSYclhPeOyzDM0hyL6oHG1AZ:EVF/lGWgAsk5eQdcSNgzDM0cRZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515161", "to_ids": false, "type": "size-in-bytes", "uuid": "99ec2470-9948-4740-ae2f-289863a8506a", "value": "256000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515161", "to_ids": true, "type": "vhash", "uuid": "705540de-fd67-472f-9852-9dc6b969adac", "value": "025046655d156130202022400671z33z5045z21z346033z67z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515161", "to_ids": true, "type": "filename", "uuid": "6a6c51ed-34e1-4fe1-8671-42247de74f72", "value": "upc.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 25/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515161", "to_ids": false, "type": "text", "uuid": "f8728fa6-b4a7-4b0f-9d60-0ec5819c810c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Cystea\nVT Total Detection:52/69\nFirst Submission:2017-05-31T16:21:10.000000+00:00\nLast Submission:2017-06-01T13:17:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528595", "uuid": "e5818b2d-e5f2-4afd-9f68-cea3c4254fcf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528595", "to_ids": true, "type": "md5", "uuid": "fc3322cb-8b5d-4712-9bcd-2ddfc0c34d0a", "value": "3dc3e45e3aee70ca220c936a097ac3a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515183", "to_ids": true, "type": "sha1", "uuid": "1e44c5a2-10ce-4bd2-be1a-5e1127e5d1e1", "value": "03242857ddf563b33fed8882a8fcdcebdca02bd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515183", "to_ids": true, "type": "sha256", "uuid": "a6c6aa8a-cc5a-4083-8382-24a426da33a0", "value": "08fd104d0c5a65912efd699c213e48e446d1f5ad15df0cd3e367176708800d46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515183", "to_ids": true, "type": "ssdeep", "uuid": "503ff7b7-86d4-4856-80d6-ab877d7c2edf", "value": "12288:hx07itSX9lyHMRw0ENukSj2mMgUprLLQzJCVsdur4zcgWQBpwojRbVj:UWtSNlC7xNupj22UprQzOsdSxgWQBKoL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515183", "to_ids": false, "type": "size-in-bytes", "uuid": "cdf77d1d-0ca0-475a-8b99-d3f0bc833d0f", "value": "1777822" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515183", "to_ids": true, "type": "vhash", "uuid": "120ec830-60cd-4522-8783-f9360a6aa842", "value": "856c9c01cb8622597923f305b1e5e429e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515183", "to_ids": true, "type": "filename", "uuid": "92bb0855-a820-4da5-938b-be7e5bbf32c2", "value": "\u0434\u043e\u0433\u043e\u0432\u043e\u0440 \u043d\u0430 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 25/08/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515183", "to_ids": false, "type": "text", "uuid": "b14f1d80-920f-48f1-b055-f1155c4fa1f0", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:JS/Tabonachio.A\nVT Total Detection:31/59\nFirst Submission:2017-03-02T00:59:42.000000+00:00\nLast Submission:2017-03-02T05:05:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528596", "uuid": "f8fa50a2-e395-4911-b0ca-3774cb928f06", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528596", "to_ids": true, "type": "md5", "uuid": "38d656f8-da81-408f-8539-37f9f8ff3718", "value": "5001ef2b836d4de7f281997260c1d5bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515204", "to_ids": true, "type": "sha1", "uuid": "cd633f92-2acb-4be1-80bf-2ec99eac2eaf", "value": "cfc10d54defbff49c859a6aa5b7e7f6d0cd4a3f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515204", "to_ids": true, "type": "sha256", "uuid": "9ac2da83-7b20-4ffe-8480-902d0722297c", "value": "0a10e844f1b6d8e6e6f653d6bd2f65902ec669d563fe0a52a3b0eee34a2d3ab9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515204", "to_ids": true, "type": "ssdeep", "uuid": "d766a021-5aa5-47ab-907d-dc6e94f49ebb", "value": "48:6VGmsUkBO2b8KfPAqtnBxNuRj+IoL0L4Kl:0Gh9BOU8JmByAxQLH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515204", "to_ids": false, "type": "size-in-bytes", "uuid": "335efd37-b0f2-4ba6-b9cb-d8ec6cd4560d", "value": "3584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515204", "to_ids": true, "type": "vhash", "uuid": "a1f09cb1-5169-4337-b757-b3d260284aeb", "value": "13303655151.z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515204", "to_ids": true, "type": "filename", "uuid": "f50961a0-8711-4ae3-bcbb-a6c53ad4d076", "value": "myfile.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515204", "to_ids": false, "type": "text", "uuid": "85ba86e1-4320-40c4-9444-9048f3bf108e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:52/73\nFirst Submission:2017-12-25T15:08:47.000000+00:00\nLast Submission:2019-11-22T02:03:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528597", "uuid": "e1c7c03b-66cc-4f19-a87d-fe5b4d917c49", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528597", "to_ids": true, "type": "md5", "uuid": "8eaf8807-007f-43c3-abb0-8947905c76e4", "value": "15137f602deea71ac2a167c6469673f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515288", "to_ids": true, "type": "sha1", "uuid": "5479e0de-dfad-4196-9450-f9633719ac0c", "value": "a68ec55b798ec7bb664e0e28825866b3376164c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515288", "to_ids": true, "type": "sha256", "uuid": "44fcb418-6988-491c-baa9-e4cf0f9689d9", "value": "231a110af055dd4579d7759fba7d1c0f8f06486b45f2f8a0fda1c5215a572313", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515287", "to_ids": true, "type": "ssdeep", "uuid": "2813e943-66e9-4a40-b01e-9637cdb498a8", "value": "12:WA+LTok2I1uv+LSWn3bLj1wPRz2YyjKu3ZVYUYN4kJSWnNc5Lva:WA+Lkmsv+LSWn3bLjypyjdJVnkgGcVa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515287", "to_ids": false, "type": "size-in-bytes", "uuid": "e46595a8-76fd-4d99-b9ca-534f69110250", "value": "641" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515287", "to_ids": true, "type": "filename", "uuid": "ea72f985-752e-4a0c-8806-88f942a3e67a", "value": "DAZZLE_S.SF" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 12/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515287", "to_ids": false, "type": "text", "uuid": "dde104f5-fefb-4e3e-8d28-9080cb1b9b54", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:0/56\nFirst Submission:2021-11-12T11:18:53.000000+00:00\nLast Submission:2021-11-12T11:18:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528597", "uuid": "4007c999-aca6-4a5e-a620-b79bff8e46bb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528597", "to_ids": true, "type": "md5", "uuid": "a7e42d3c-04b6-4570-8ed3-65a165ba924b", "value": "c4505c6a6b148c3d7b5f4d756f49dbdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515393", "to_ids": true, "type": "sha1", "uuid": "bcea3542-6306-4a8f-a38a-d826516638bc", "value": "e9645c1c0af795db76529202e2b4b72163f5164b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515393", "to_ids": true, "type": "sha256", "uuid": "03d7a377-d40b-41d9-92ce-5d2dbdaa06db", "value": "39ac90410bd78f541eb42b1108d2264c7bd7a5feafe102cd7ac8f517c1bd3754", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515392", "to_ids": true, "type": "ssdeep", "uuid": "93736f69-c594-48a8-b9ec-dbed6a774a5a", "value": "768:dlMynYoV145RMDodfPsrKthvVsn+CxHwGeUwP:dlM6H45RMDodsreYox" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515392", "to_ids": false, "type": "size-in-bytes", "uuid": "459b9ecd-f773-42e5-82e7-e0d9b61cd2ee", "value": "42496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515392", "to_ids": true, "type": "vhash", "uuid": "6ac85ac2-a624-42da-872a-16dfccdeb21e", "value": "044046551d151az3dmz15fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515392", "to_ids": true, "type": "filename", "uuid": "09bfcd2f-9b14-41ee-b45c-251c876b2e36", "value": "2a918030be965cd5f365eb28cd5a0bebec32d05c6a27333ade3beaf3c54d242c.rtf__WRF_DE1EFD4F-E057-483E-BCCC-C9173EDEDEAD_.tmp" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515392", "to_ids": false, "type": "text", "uuid": "fb20d8cb-dca7-4cbc-8e64-940d906bc5f5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Stager\nVT Total Detection:58/73\nFirst Submission:2017-05-26T07:49:01.000000+00:00\nLast Submission:2025-04-24T13:27:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528599", "uuid": "81a0e879-926d-420a-a7f5-2656a9c8b248", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528599", "to_ids": true, "type": "md5", "uuid": "ff9b20d2-6897-45ff-915a-ba02e68e1668", "value": "658b0502b53f718bd0611a638dfd5969", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515414", "to_ids": true, "type": "sha1", "uuid": "6ec9c895-1295-4bb8-9b01-d4beed2ad0dc", "value": "d8879121597693aa54eda9f5cf3247d6e9bc4426", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515414", "to_ids": true, "type": "sha256", "uuid": "b3a7ea19-ac7c-46a4-b18d-e5684d21c787", "value": "4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515414", "to_ids": true, "type": "ssdeep", "uuid": "8197c7b3-25ec-4a51-bf63-0d6acf2bb3e4", "value": "768:gueBJS583Z7RBICJZIgUw7MT2QxRhtqBPm7nEDDXn32ztptG98kGC:gueW5yDp5UzT2uyPm436w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515414", "to_ids": false, "type": "size-in-bytes", "uuid": "5d715d67-edbc-4ffc-aaaa-cb0944407a36", "value": "52736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515414", "to_ids": true, "type": "vhash", "uuid": "8365864d-7867-4501-b6af-abbc635fac8d", "value": "054056655d15555az42nz2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515414", "to_ids": true, "type": "filename", "uuid": "5baea0cc-ca9d-4fcf-a90e-7cfcc2485647", "value": "Sin confirmar 46458.crdownload" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515414", "to_ids": false, "type": "text", "uuid": "05babb5a-7133-43a7-b99d-df679ca1680d", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Xafade.A\nVT Total Detection:56/73\nFirst Submission:2016-12-26T07:30:30.000000+00:00\nLast Submission:2025-02-07T20:19:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528600", "uuid": "d203140c-3329-457c-b8db-0cc7bdb8aaa4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528600", "to_ids": true, "type": "md5", "uuid": "77debca2-aced-4226-aa1a-35c8d4f32462", "value": "f53570abc569f300ff00f881c7ce77b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515540", "to_ids": true, "type": "sha1", "uuid": "1fea9ecc-e6e7-4a22-868e-288c5e152321", "value": "d6f38706864af3f8575150f5150f4a2de31cd23c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515540", "to_ids": true, "type": "sha256", "uuid": "b2e323da-55b7-4080-a323-61558a2e70f2", "value": "61afc2bf91283ccc478406a4c1277a0c8549584716d8b3a89d36f9bcdc45c4fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515539", "to_ids": true, "type": "ssdeep", "uuid": "656bab07-0229-4028-8083-960c64798da2", "value": "12288:OP6ppvzzM5PQeHUIB+uouIwVIZ44BXltEx+DRC:OPN0u+ZhltExqo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515539", "to_ids": false, "type": "size-in-bytes", "uuid": "712fbb30-4526-4ed6-b7e2-384f46b1f66c", "value": "537460" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515539", "to_ids": true, "type": "vhash", "uuid": "dc0af751-b84d-44f7-90ae-cd14416ab518", "value": "8745801f501a3cf5bdbd4bccc1030f81c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515539", "to_ids": true, "type": "filename", "uuid": "5e9cf8a7-139e-45d1-b98d-4dd4a9a89170", "value": "\u0417\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u0435.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515539", "to_ids": false, "type": "text", "uuid": "896ebd17-8374-4bc7-b2c2-cb036e5ea9b6", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/DDEDownloader.C\nVT Total Detection:37/59\nFirst Submission:2017-05-31T11:39:42.000000+00:00\nLast Submission:2018-11-26T11:34:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528601", "uuid": "8b6992de-412a-4168-b511-30dc8957c399", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528601", "to_ids": true, "type": "md5", "uuid": "c456014a-cd60-4a3e-ab63-c3338a506641", "value": "999fe28b2cbe5d99e47d11ed55761c9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515561", "to_ids": true, "type": "sha1", "uuid": "90439a59-eef4-422c-bacd-6072525252ad", "value": "2e241c8dca691c19a6e036007465b6b2229df69e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515561", "to_ids": true, "type": "sha256", "uuid": "f6303d19-2c4b-464d-a26a-3a1170ac9660", "value": "66be70aa7d2eec60dd9823037b55a603a83b3da3b2862244bb5907cb8f392140", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515561", "to_ids": true, "type": "ssdeep", "uuid": "0a5c9e85-7ced-4f04-9faa-18cf5dab463b", "value": "6144:MFbuuWI4DJ/qRHKnMFCBW8qEu8KDPC2o1MrQQnVWk0Ec2bkdjGDEKnHenS:MJWI4D5qRqDBdaTryN2bkdGDl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515561", "to_ids": false, "type": "size-in-bytes", "uuid": "953abb5e-3a70-42fc-a192-b7ec1465de5a", "value": "340736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515561", "to_ids": true, "type": "vhash", "uuid": "ca8d6621-9049-493e-bb32-05090b5a3a53", "value": "23503675151110a2810010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515561", "to_ids": true, "type": "filename", "uuid": "daec3ab3-1418-446e-bae4-cdda1a9c0bde", "value": "ExecPS.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515561", "to_ids": false, "type": "text", "uuid": "cc14c2ff-a994-4e44-a6ae-0c2e3b068dbb", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Pipxec.A\nVT Total Detection:47/72\nFirst Submission:2017-06-23T08:58:47.000000+00:00\nLast Submission:2023-05-15T17:43:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528602", "uuid": "720cd983-1327-4073-82bd-c14e316e32d9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528602", "to_ids": true, "type": "md5", "uuid": "a070efe3-9a84-40d7-82f6-ee8694d116ac", "value": "6dee2e15028e65abdf674f7a3006883e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515583", "to_ids": true, "type": "sha1", "uuid": "4aeca24a-512f-43b6-86cf-09a701eb09a1", "value": "dc91ae24e68286423d60b5aca7170eba0945305c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515583", "to_ids": true, "type": "sha256", "uuid": "425a17a6-1954-41b7-965a-d60f250100f0", "value": "6acf35535d64d2c2116746ee4f0837cf59710b912b1f100fedec5b1520c957aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515582", "to_ids": true, "type": "ssdeep", "uuid": "9b6cd190-5234-4091-ae82-a4c166af2300", "value": "1536:NkjDGFcLbg01VeSMgRcSYJayaEVCudy4/9kFSunaAtS0A4bbvY6AYBmbYpRr:SjLLb/1RbFVZiwSpAtSorKYr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515582", "to_ids": false, "type": "size-in-bytes", "uuid": "a78c7dfb-4025-49c6-b1b0-99071bee1f06", "value": "143360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515582", "to_ids": true, "type": "vhash", "uuid": "d18a5862-e310-4f40-b404-78d42dd618b8", "value": "015046656d1561z31z10d0058z11z25z3002cfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515582", "to_ids": true, "type": "filename", "uuid": "c8a0c73d-f638-41de-b92f-b81be1d53256", "value": "~WRF{DE1EFD4F-E057-483E-BCCC-C9173EDEDEAD}.tmp" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515582", "to_ids": false, "type": "text", "uuid": "91f0cb8c-1d86-43a0-a7e7-7a13dffa3694", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Muway.A\nVT Total Detection:57/73\nFirst Submission:2017-05-17T00:05:32.000000+00:00\nLast Submission:2024-02-06T07:17:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528603", "uuid": "57a57ba4-4af1-4ef8-8ac0-004002c3787c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528603", "to_ids": true, "type": "md5", "uuid": "fbc750b4-4258-4ba3-a0c2-2ddb07ec4119", "value": "0846b28b2b2e230a77bbfd663e41b418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515625", "to_ids": true, "type": "sha1", "uuid": "bab84f60-c444-4f2b-9d18-13289226ce81", "value": "6a4c96f8ffcf139867e13964befcfce708a7afc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515625", "to_ids": true, "type": "sha256", "uuid": "6626b1ea-0d61-441d-bae1-9e14d66dd97a", "value": "746566d92e062c247083e7545c97f037d054a5ee802cb73b38940f2af96eb25a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515624", "to_ids": true, "type": "ssdeep", "uuid": "e6fa4652-c5d1-4aa7-9190-b808dfd71ad6", "value": "192:PLPZ0H925F85piTE+DxMKr9oSNmKOHeQbtdOZ3EwfN5:T892w/NKr9DN8bCUwfN5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515624", "to_ids": false, "type": "size-in-bytes", "uuid": "a533b851-5975-408d-abe0-7a24a18442b9", "value": "11230" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515624", "to_ids": true, "type": "vhash", "uuid": "14d0f682-94f9-435f-b6ef-ec961611d57a", "value": "htm:60fb06505c4da20b7b4b4d12841fb921" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515624", "to_ids": true, "type": "filename", "uuid": "20d38bde-4c9d-452b-9880-74e6c4c88e63", "value": "InternalSecurityPatch.hta" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 07/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515624", "to_ids": false, "type": "text", "uuid": "723396df-9044-4f70-8c8e-14b734f081c5", "value": "Type Description: HTML\nNoneMicrosoft: TrojanDropper:PowerShell/Ploty.C\nVT Total Detection:25/57\nFirst Submission:2017-10-07T06:11:54.000000+00:00\nLast Submission:2017-10-11T15:22:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528605", "uuid": "9789cbe7-52f4-4e77-b334-fdc8f9adaf29", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528605", "to_ids": true, "type": "md5", "uuid": "2597b9cb-5ca1-4d32-93a5-6652bb001b73", "value": "2e7e3390cc3d979aeca585c41825e74f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515646", "to_ids": true, "type": "sha1", "uuid": "18687a5c-92cd-4c68-a510-7ea4d35bcc30", "value": "fe61c78a331e82d4ed8e8fe975fb0e14384ab2c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515646", "to_ids": true, "type": "sha256", "uuid": "c4be48d5-40a5-437f-80b6-8718848ba6d7", "value": "7dedd5af20185fbf0542e81456e993e26830c91199ed9ef25c0807f0223940f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515646", "to_ids": true, "type": "ssdeep", "uuid": "55ed22e6-5794-4ad6-ac06-17d7f921bf31", "value": "3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e55/:xgn48XjSVr380A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515646", "to_ids": false, "type": "size-in-bytes", "uuid": "80a53623-97e3-499d-bb6a-37a65444ea58", "value": "196608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515646", "to_ids": true, "type": "vhash", "uuid": "9a6107e6-8bb5-47f9-acff-f002f00d2e2e", "value": "115056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515646", "to_ids": true, "type": "filename", "uuid": "3de2e560-aebc-4ddf-8ac2-db800d2328fd", "value": "VirusShare_2e7e3390cc3d979aeca585c41825e74f" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515646", "to_ids": false, "type": "text", "uuid": "a3cf0541-1a1d-4fcc-a3fa-98e5dcc10ac5", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A\nVT Total Detection:60/70\nFirst Submission:2017-05-31T16:30:30.000000+00:00\nLast Submission:2023-06-27T16:34:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528605", "uuid": "b72b94df-5a95-48d9-afb7-3b20c46db640", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528605", "to_ids": true, "type": "md5", "uuid": "41a287af-773e-4c16-a060-a8c22eb5cb72", "value": "01718b365b4724b777e9ae63fed0c610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515709", "to_ids": true, "type": "sha1", "uuid": "9d7f32df-3216-4073-a2c7-e49692ae7e27", "value": "1f996d4002e8b8eb3410a947b5a0a66229ad1ae2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515709", "to_ids": true, "type": "sha256", "uuid": "7ed5b741-c5f0-4558-99d0-009a9eee166c", "value": "a83199aa78d06e76a8719cf54ef9b130e295ec0f2e15142aa306fc7ab0214d8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515709", "to_ids": true, "type": "ssdeep", "uuid": "14256a5b-4a3f-4378-9d1d-451cece41934", "value": "192:jQv5kPZyvtRKvicRn+e4hyN5zG1jAmSn/CDKUciro2PfFnyCRfGELXem17brHuA8:cKP9fRkhjAdnZi3fFnyCwCvX5C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515709", "to_ids": false, "type": "size-in-bytes", "uuid": "428d9d16-185b-4dd4-a198-375133384c22", "value": "11176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515709", "to_ids": true, "type": "vhash", "uuid": "11901c0f-ff3d-4107-a952-ac1c616fa71c", "value": "5b680307f6d4cc59c848602fd9989e91" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515709", "to_ids": true, "type": "filename", "uuid": "b0633d97-3b1e-4e6a-a9ad-52aab0982c6a", "value": "01718b365b4724b777e9ae63fed0c610.jar" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515709", "to_ids": false, "type": "text", "uuid": "dd0b3c89-7df7-459f-b584-179ea626aacd", "value": "Type Description: JAR\nMicrosoft: VirTool:Java/CobaltStrike.A\nVT Total Detection:41/63\nFirst Submission:2017-12-25T15:08:21.000000+00:00\nLast Submission:2018-02-05T23:36:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528606", "uuid": "2e08a49f-e3cb-455c-abdc-3887c8971b12", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528606", "to_ids": true, "type": "md5", "uuid": "edac5723-3ed9-4029-9ea1-2dab5e0f755a", "value": "2b75a6137dc9210cbccfd1b63195262a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515730", "to_ids": true, "type": "sha1", "uuid": "75af612c-206e-4865-bb16-8332da0ff540", "value": "b114d177cf4942993a79fe8df54f00f4b0ed5849", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515730", "to_ids": true, "type": "sha256", "uuid": "8bf4570f-f08c-41c0-9a04-5a57c1ce3647", "value": "adadbaf6fad2936eba9d6b448aaeec324ac7293e664d9702c23a65c40f38ff29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515730", "to_ids": true, "type": "ssdeep", "uuid": "6d6dab63-d18e-47ac-a921-f06ad8f2e234", "value": "24:eH1GSVGmZiOQhnCoG+0uZkP0higmht8exRl7tGUuNllK0wtKUoNh2wW0/wwlHC6u:yVGmw7e8Zzm/8e/GDlK0AoNQfUwwli6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515730", "to_ids": false, "type": "size-in-bytes", "uuid": "2f6911fd-e2cb-47f2-b265-d9a1da33e159", "value": "2048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515730", "to_ids": true, "type": "vhash", "uuid": "85ec59f0-b99a-4c20-afc8-229d564d12a0", "value": "123026651.z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515730", "to_ids": true, "type": "filename", "uuid": "92ce4492-5448-4726-8960-3aafd02a597d", "value": "VirusShare_2b75a6137dc9210cbccfd1b63195262a" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515730", "to_ids": false, "type": "text", "uuid": "25bef24b-7366-4eed-8e01-bd92222d65df", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.CAD\nVT Total Detection:53/72\nFirst Submission:2017-12-25T15:08:48.000000+00:00\nLast Submission:2021-10-28T02:50:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528607", "uuid": "04d39a6f-137f-44e1-bf09-363a00fee302", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528607", "to_ids": true, "type": "md5", "uuid": "d1129803-ed3c-45bf-a453-6b34ec59a4b3", "value": "3b03f52cc29b91fcfe71530b5807f1d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515751", "to_ids": true, "type": "sha1", "uuid": "0470fa52-3376-4b35-a20c-baf06f8be0d2", "value": "fd44bc390fd5967fd5c4db0454ab729d4955eae9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515752", "to_ids": true, "type": "sha256", "uuid": "85615f8c-2d56-4b7c-9085-91b5859f6f4e", "value": "ae3d88d7581e0db10b469be2a526f6c0a12265e9fe3be2b742c7863ce0cda995", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515751", "to_ids": true, "type": "ssdeep", "uuid": "9a9ccabb-5134-4dbf-a41a-c0c2feecf968", "value": "3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e5o/:xgn48XjSVr380A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515751", "to_ids": false, "type": "size-in-bytes", "uuid": "00dfcf83-dd9f-4f87-8eb0-0c7eff82a31b", "value": "196608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515751", "to_ids": true, "type": "vhash", "uuid": "1b38b993-f0d1-4257-8cf3-99bf53308a9a", "value": "115056656d1555529z7cfz39za00176z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515751", "to_ids": true, "type": "filename", "uuid": "b2a03ea8-6747-4426-9c38-0d1275cb0266", "value": "499214" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515751", "to_ids": false, "type": "text", "uuid": "648ce4e0-8926-4f1d-8f7f-c3b3251078f9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Conbea.A\nVT Total Detection:62/73\nFirst Submission:2017-06-26T14:39:38.000000+00:00\nLast Submission:2023-07-14T06:07:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528608", "uuid": "75f90ff9-ad6d-4047-86c3-d36cdc08da76", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528608", "to_ids": true, "type": "md5", "uuid": "46a1c6ce-a875-419c-9954-037eaaf89297", "value": "a4f6b59524c3f519cef40bb11812283f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515773", "to_ids": true, "type": "sha1", "uuid": "f5baa53b-0c0d-4e94-845b-59cd0d9095e0", "value": "f48ae9eadf6d10c3e09e52e66ae8663c6b897ce8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515773", "to_ids": true, "type": "sha256", "uuid": "137e33bb-940f-4fc7-b86c-5f1eeeb47c6a", "value": "af17a3b5bf4c78283b2ee338ac6d457b9f3e7b7187c7e9d8651452b78574b3d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515772", "to_ids": true, "type": "ssdeep", "uuid": "84e13362-fb3c-41b0-9aad-7d1f23c362bc", "value": "768:SfIWKVPrObLU9WEluiItPgI6FKV0VHsaN7vNoGp/RDBSjbDEI5BBUdbKclTkNx1M:iIfVPi1sbuj6FigR3EEI5aly1O+A3tt1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515772", "to_ids": false, "type": "size-in-bytes", "uuid": "91140f8d-89f4-4547-94ab-ef3719ac0d5d", "value": "105273" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515772", "to_ids": true, "type": "vhash", "uuid": "3bd07550-b92f-48d1-9b26-46f57d4ef113", "value": "8745801f501a3cf5bdbd4bccc1030f81c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515772", "to_ids": true, "type": "filename", "uuid": "18b68493-e308-4472-b269-923b1dc6adfe", "value": "cob1.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515772", "to_ids": false, "type": "text", "uuid": "70b234f4-ba84-47d4-9d9e-9d483c25858d", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/DDEDownloader.C\nVT Total Detection:39/59\nFirst Submission:2017-05-29T09:56:08.000000+00:00\nLast Submission:2018-05-25T18:52:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528609", "uuid": "5d382ee8-ad99-4468-a42a-10f769c12b4e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528609", "to_ids": true, "type": "md5", "uuid": "cd644de5-ab35-4150-94b5-86b5edfaf9a2", "value": "c14365374fc3331482f35b75178a1ad4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515794", "to_ids": true, "type": "sha1", "uuid": "4b9994f7-04ae-44fe-9722-533f42fa946f", "value": "06f642602cf3d914cf1f0f0920407a0c0c3116e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515794", "to_ids": true, "type": "sha256", "uuid": "48c7c6f0-7a75-486c-bcc5-5683adca120e", "value": "b082f4e8eab928c2362fcd183f3829c0608a2a4d50221ae749c344e278a02fc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515793", "to_ids": true, "type": "ssdeep", "uuid": "a43241fc-844b-4944-b432-2a899ba7ca82", "value": "384:yLgm5CBWc04Us3+CW8Xb7RJYOIf2WJWcCATx74G3xwTnI66vTXzFyJgA5Mto42h:yUfBWXs3+CW8X3IFWcnyeGI6cxyU/2h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515794", "to_ids": false, "type": "size-in-bytes", "uuid": "d827f71e-34b1-49d5-9087-113d186d96b8", "value": "23827" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515794", "to_ids": true, "type": "vhash", "uuid": "3e6ea1ed-ee4b-439f-abd6-bce3deb98178", "value": "41fc8e5136e4202be5ef86563d4cd20a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515794", "to_ids": true, "type": "filename", "uuid": "9ce23661-7f3e-4f87-b5a6-86855a506fa4", "value": "vpn.rar" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515794", "to_ids": false, "type": "text", "uuid": "d503a5f8-f9d3-4105-bdd7-88babcd3b199", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:7/57\nFirst Submission:2018-01-26T06:00:55.000000+00:00\nLast Submission:2018-03-15T01:24:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528610", "uuid": "4e19d407-bb76-4989-aed3-922a2bde0c1e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528610", "to_ids": true, "type": "md5", "uuid": "1ea41590-0192-4595-bb1f-8a2eafe15529", "value": "5d4d3ba6823a07f070f5a42cbcc7a5c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515836", "to_ids": true, "type": "sha1", "uuid": "bd9c1cab-fd3d-47d7-b2a0-03227194de07", "value": "7bf86a174c171d7415e6644d2620811d92e81dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515836", "to_ids": true, "type": "sha256", "uuid": "7df44908-3d8f-445d-b780-17111c5967f8", "value": "bb971a4508d6cad7a1edcab06f5ebd30c25b2c1c5100a8c606f44d319e2faa5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515835", "to_ids": true, "type": "ssdeep", "uuid": "b0668f27-3050-4c39-946b-a93516e0f95b", "value": "1536:JwLSWMAMwflmsolaTIrRuw+mqbz9j1MWLQsP:2RtM+lmsolAIrRuw+mqv9j1MWLQk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515835", "to_ids": false, "type": "size-in-bytes", "uuid": "4178a343-9e64-49d9-942d-ae875e87d63c", "value": "113152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515835", "to_ids": true, "type": "vhash", "uuid": "6556165c-c416-4739-b3ca-692ae6b2c75e", "value": "21503675151b0a121z10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515835", "to_ids": true, "type": "filename", "uuid": "75bee30f-5adc-46a2-8b50-af6e2e6be24b", "value": "ExecPSData.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 29/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515835", "to_ids": false, "type": "text", "uuid": "e4ade472-b927-487c-b69a-3253454addb8", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanDropper:MSIL/Encostely\nVT Total Detection:59/73\nFirst Submission:2018-01-26T03:56:09.000000+00:00\nLast Submission:2018-02-15T22:16:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528611", "uuid": "147f09e3-1b2f-4e0b-894c-3dfcfff8a13e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528611", "to_ids": true, "type": "md5", "uuid": "616adeec-2c88-4889-923a-4081acec4bd7", "value": "f8b6c00eedfefe64884eb0139245ef85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515857", "to_ids": true, "type": "sha1", "uuid": "cdc6550d-9acf-475a-8cb8-00845abd50ed", "value": "1bda5ef869a32b5df7e42cd5ec15d7c9aea23b07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515857", "to_ids": true, "type": "sha256", "uuid": "51935d5b-034e-47a1-9b2a-effee8a70ac7", "value": "c5d7c5c94468ba74211e08d7c2ad9d0274011d432edc1af8cdf2215b2c9d9291", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515857", "to_ids": true, "type": "ssdeep", "uuid": "fa189249-1221-4f45-a492-6a29ec52244d", "value": "12288:GwWpvMrCE00Sg0R2DJEkBIi4g5eqQ4zpJ46c+9roe1xgav9y8Z+b8nmxvfG:GwWpkAH7Rwt6KPQ47c4NyY/Z+bEmxnG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515857", "to_ids": false, "type": "size-in-bytes", "uuid": "9022b12b-fdd1-494f-9cb4-a18ab0382cd9", "value": "707989" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515857", "to_ids": true, "type": "vhash", "uuid": "49b271f9-4c41-4c11-aa74-4eff1b8d045e", "value": "83ee08e523e4969e5f0158e0325d13699" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515857", "to_ids": true, "type": "filename", "uuid": "371c22c8-2d41-4960-a942-7aefafb19640", "value": "\u041f\u0435\u043d\u044f \u043f\u043e \u0437\u0430\u0434\u043e\u043b\u0436\u0435\u043d\u043d\u043e\u0441\u0442\u0438.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515857", "to_ids": false, "type": "text", "uuid": "2cd71921-0a15-48c1-af72-c591937f38ba", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/DDEDownloader.C\nVT Total Detection:41/59\nFirst Submission:2017-06-23T12:14:04.000000+00:00\nLast Submission:2018-05-12T23:45:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528612", "uuid": "80d3aa20-eeaa-4003-8466-3a099357418a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528612", "to_ids": true, "type": "md5", "uuid": "af859617-4e2d-4f2f-ad77-b3b2ab692cf0", "value": "0ba1024fd50f436fd34a449cc0f2e7dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515899", "to_ids": true, "type": "sha1", "uuid": "601d9747-f97a-4d24-83b3-1f5a5cea133f", "value": "f87c7c66e311c1a28855cc176421c760f12bdb51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515899", "to_ids": true, "type": "sha256", "uuid": "e38330ec-8a60-4e24-84cd-18cf5e61ab3b", "value": "c827b3a2dcca43ecf1ecc6c2dff45094183f6d7c5a91a1be537b9fa048d28427", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515899", "to_ids": true, "type": "ssdeep", "uuid": "3f92036f-7170-49fa-825e-6bf73787aabb", "value": "768:dkAjarMTxgf9BMTnKz04eMl8FbwEyaFx+Ixc5:G62vMrx4eM07xpxc5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515899", "to_ids": false, "type": "size-in-bytes", "uuid": "1e87bfbe-082e-458d-b33b-af7268a235a1", "value": "43852" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515899", "to_ids": false, "type": "text", "uuid": "df057424-5732-44f1-a63a-8e7be7169e8a", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:18/58\nFirst Submission:2017-07-13T07:48:16.000000+00:00\nLast Submission:2017-07-13T07:48:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528613", "uuid": "4c227259-6d5f-4a3e-b8a2-de9cc4bcc278", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528613", "to_ids": true, "type": "md5", "uuid": "9e1c8a3a-7499-4313-9575-6b55769645ac", "value": "244d8d2e948f908ef21f60389ea16837", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515941", "to_ids": true, "type": "sha1", "uuid": "46624461-3de4-460a-bee0-2d2733989530", "value": "9a7e02dd67e37e8db2481fa172cee31a4085b733", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515941", "to_ids": true, "type": "sha256", "uuid": "60a3c56b-0930-4299-bb67-e11b9420d115", "value": "e0f6073aee370d5e1e29da20208ffa10e1b30f4cf7860bb1a9dde67a83dee332", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515941", "to_ids": true, "type": "ssdeep", "uuid": "91059b81-e8f2-4bc9-96ef-bc3caa8f315c", "value": "12288:Qi4IRbsAqY4UJOyhOGABellNwcmchIA+zk2OBnYXLb:Eu8CjB+A+42OBnYXLb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515941", "to_ids": false, "type": "size-in-bytes", "uuid": "2ebfc7d9-5312-4c47-9a28-78900dc24e42", "value": "545039" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515941", "to_ids": true, "type": "vhash", "uuid": "c12f9d6b-78d1-4833-869e-51ab8e74cb92", "value": "8745801f501a3cf5bdbd4bccc1030f81c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515941", "to_ids": true, "type": "filename", "uuid": "c3ac68e2-e765-4e85-aa32-7cd5d99110c6", "value": "1.doc" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515941", "to_ids": false, "type": "text", "uuid": "5392cb8a-06a6-4962-a166-89255a49c58c", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:31/60\nFirst Submission:2017-05-29T13:05:31.000000+00:00\nLast Submission:2018-05-20T01:00:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528615", "uuid": "eced1416-7af4-42d2-b104-36f95b6696d1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528615", "to_ids": true, "type": "md5", "uuid": "4e339bf2-5265-410a-a892-112a777a3cbc", "value": "b65a8e26ad3250b9300fc20846e820e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515962", "to_ids": true, "type": "sha1", "uuid": "d950ba6a-e40c-4985-aecd-dd36dee0e6ce", "value": "f15a4993dfdb9b16026631c37b7adc51c5e01fc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515962", "to_ids": true, "type": "sha256", "uuid": "ec462df9-6cb3-402e-84a7-798a9825f9a1", "value": "e4511c9492dcbb850830e6fa6443eb95ff3e389d65eba620d1aaa36ed29399c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515962", "to_ids": true, "type": "ssdeep", "uuid": "238ab0fc-404d-46fd-8ddd-dce49c484d8a", "value": "12288:fjRD0P+8Zqku8OVYCpiCJYY2Bu0VBHobHMqqrHdp1VbAb3h4LrDp:f5f8HoJYY2B0LMqqTpVcKXDp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515962", "to_ids": false, "type": "size-in-bytes", "uuid": "52d8a489-a23e-4bcc-b124-37abadabbf00", "value": "623469" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515962", "to_ids": true, "type": "vhash", "uuid": "47da7662-004c-4c51-bd08-1a1ef2151cf3", "value": "htm:519a941b6b403d0b0920913c3e52d0ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515962", "to_ids": true, "type": "filename", "uuid": "31df0816-cc08-4057-ab58-b767db1a30f5", "value": "patch" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 27/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515962", "to_ids": false, "type": "text", "uuid": "f5d28bdc-2435-4b92-b8d1-8f7d8c09c2b8", "value": "Type Description: HTML\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:21/65\nFirst Submission:2017-09-18T16:21:02.000000+00:00\nLast Submission:2017-10-26T08:01:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746528616", "uuid": "fa9724a0-a3fe-410e-98bc-4e1d99f8601e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746528616", "to_ids": true, "type": "md5", "uuid": "947c2b97-056f-4436-bfbf-c5ec054e345f", "value": "7edca868c6c52a9f7b24892dc361e444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746515983", "to_ids": true, "type": "sha1", "uuid": "68d5dfc9-1e1a-42ed-b7a4-63f7e1638b09", "value": "dce6845fd34a10f5f47bfc114495eec5f1284dc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746515984", "to_ids": true, "type": "sha256", "uuid": "9d56eef0-4abb-46cb-8096-e04b5aa81505", "value": "e559c65b51a874b9ebf4faacd830223428e507a865788c2f32a820b952ccf0b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746515983", "to_ids": true, "type": "ssdeep", "uuid": "dffa4b8f-dd66-4af8-a9f7-139df943b191", "value": "3072:Q5n8szeUJcvOVgkJG6uMQIya9Rtcvrc0PY1xdlnvt9NXpIXdmAjkkkWkkkfme8Hz:Q58szeUgegqG6I6Ag0PY1DxNzAsmJp1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746515983", "to_ids": false, "type": "size-in-bytes", "uuid": "bc7e3f42-6071-4ffd-8a0c-0ed36735d442", "value": "316066" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746515983", "to_ids": true, "type": "vhash", "uuid": "c3faddb1-be45-4ccc-b888-9882d60bb567", "value": "8745801f501a3cf5bdbd4bccc1030f81c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746515983", "to_ids": true, "type": "filename", "uuid": "525524c9-9eb0-4fa0-bf37-9420e0fc0421", "value": "0YDQsNCy0Lg=?=\r =?utf-8?B?0YLQtdC70Y8uZG9j?=" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/09/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746515983", "to_ids": false, "type": "text", "uuid": "ccf43254-3a28-4c9c-bfb1-3376685fd8c3", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:O97M/DDEDownloader.C\nVT Total Detection:40/59\nFirst Submission:2017-05-16T23:55:01.000000+00:00\nLast Submission:2018-05-25T20:00:17.000000+00:00" } ] } ] } }