{ "Event": { "analysis": "1", "date": "2024-10-15", "extends_uuid": "", "info": "[Threat Intel] SideWinder APT's post-exploitation framework analysis", "protected": false, "publish_timestamp": "1780039372", "published": true, "threat_level_id": "1", "timestamp": "1773034851", "uuid": "a013c3bb-1b42-4372-9a24-fd1efedf4004", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#9dfeaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Abuse Elevation Control Mechanism - T1548\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#fdd85e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": "" }, { "colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": "" }, { "colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": "" }, { "colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#57ece2", "local": false, "name": "misp-galaxy:target-information=\"Djibouti\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#f834a3", "local": false, "name": "misp-galaxy:target-information=\"Maldives\"", "relationship_type": "" }, { "colour": "#c385b5", "local": false, "name": "misp-galaxy:target-information=\"Morocco\"", "relationship_type": "" }, { "colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": "" }, { "colour": "#ff41c1", "local": false, "name": "misp-galaxy:target-information=\"Nepal\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#09ea0d", "local": false, "name": "misp-galaxy:target-information=\"Sri Lanka\"", "relationship_type": "" }, { "colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"RAZOR TIGER\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Infrastructure\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Oil\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:04856c5c-870e-43c4-95a4-8e3dcb8b2582=\"c62008f8-576a-4495-9e3f-5b1f1f398167\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736660099", "to_ids": false, "type": "link", "uuid": "4914b319-557f-45ac-9fee-d8456b9847ce", "value": "https://securelist.com/sidewinder-apt/114089/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736660099", "to_ids": false, "type": "text", "uuid": "b40d86af-6d8e-41d6-a870-7aff574f69ff", "value": "SideWinder APT group has expanded its activities, targeting high-profile entities in the Middle East and Africa. The group employs a multi-stage infection chain using spear-phishing emails with malicious attachments. A new post-exploitation toolkit called 'StealerBot' has been discovered, designed for espionage activities. The infection process involves remote template injection, RTF exploits, and malicious LNK files. SideWinder's infrastructure uses numerous domains with subdomains mimicking legitimate organizations. Targets include government, military, logistics, infrastructure, telecommunications, financial institutions, universities, and oil trading companies across multiple countries." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736660099", "to_ids": false, "type": "text", "uuid": "87755f26-88e4-4bae-bbff-341d5d1e1d5f", "value": "Name: SideWinder APT's post-exploitation framework analysis\nAuthor: AlienVault\nAdversary: SideWinder\nTags: [\"moduleinstaller\", \"infrastructure\", \"spear-phishing\", \"espionage\", \"backdoor loader module\", \"apt\", \"cve-2017-11882\", \"stealerbot\", \"rtf exploit\", \"post-exploitation\"]\nTgtd countries: [\"Afghanistan\", \"Bangladesh\", \"British Indian Ocean Territory\", \"China\", \"Djibouti\", \"France\", \"India\", \"Indonesia\", \"Jordan\", \"Malaysia\", \"Maldives\", \"Morocco\", \"Myanmar\", \"Nepal\", \"Pakistan\", \"Saudi Arabia\", \"Sri Lanka\", \"United Arab Emirates\"]\nMlwr families: [\"StealerBot\", \"Backdoor loader module\", \"ModuleInstaller\"]\nAttack_ids: [\"T1113\", \"T1033\", \"T1003\", \"T1547\", \"T1082\", \"T1053\", \"T1005\", \"T1055\", \"T1021\", \"T1548\", \"T1016\", \"T1059\", \"T1083\", \"T1204\", \"T1057\", \"T1566\", \"T1078\", \"T1027\", \"T1056\", \"T1012\", \"T1134\"]\nIndustries: [\"Government\", \"Defense\", \"Transportation\", \"Telecommunications\", \"Finance\", \"Education\", \"Energy\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736660099", "to_ids": false, "type": "threat-actor", "uuid": "cea270a7-683b-4c44-99d0-cce716e1092f", "value": "SideWinder" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736660099", "to_ids": false, "type": "vulnerability", "uuid": "25e59654-9fe9-44f5-b629-30be870128b2", "value": "CVE-2017-11882" }, { "category": "Payload delivery", "comment": "StealerBot - Orchestrator No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147386", "to_ids": true, "type": "md5", "uuid": "6c0f6e41-5e9a-4db9-bb60-26fc8f877734", "value": "3a036a1846bfeceb615101b10c7c910e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - Keylogger No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147407", "to_ids": true, "type": "md5", "uuid": "04e6df2c-43a8-406f-9c4a-c33e7bdbd26e", "value": "47f51c7f31ab4a0d91a0f4c07b2f99d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - Screenshot grabber No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147428", "to_ids": true, "type": "md5", "uuid": "6f298e2c-a4af-4ab0-bd21-663fdc6216c1", "value": "f3058ac120a2ae7807f36899e27784ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - File stealer No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147449", "to_ids": true, "type": "md5", "uuid": "d13bd947-c230-4bef-b876-ef6cc4a5bee1", "value": "0fbb71525d65f0196a9bfbffea285b18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - Live Console No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147470", "to_ids": true, "type": "md5", "uuid": "90b8772c-cb08-4455-8f59-191f622f8948", "value": "1ed7ad166567c46f71dc703e55d31c7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - RDP Credential Stealer No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147490", "to_ids": true, "type": "md5", "uuid": "4ccda742-d9f6-4c11-9223-cc7719f6b04f", "value": "2f0e150e3d6dbb1624c727d1a641e754", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - RDP Credential Stealer \u2013 Injected library No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147511", "to_ids": true, "type": "md5", "uuid": "53f742a8-8d59-4d57-b6ad-063e2795ce4f", "value": "bf16760ee49742225fdb2a73c1bd83c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - Token Grabber No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147532", "to_ids": true, "type": "md5", "uuid": "b4de8d4d-60eb-4130-a1af-c6f2e9fe23be", "value": "b3650a88a50108873fc45ad3c249671a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - Credential Phisher \u2013 Injected library No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147553", "to_ids": true, "type": "md5", "uuid": "07e07f20-ec29-4d3e-8d85-a775d6ad114b", "value": "4c40fcb2a12f171533fc070464db96d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "StealerBot - UACBypass No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147574", "to_ids": true, "type": "md5", "uuid": "0d5156e9-d244-4ba1-8ca0-fb5a8c10680e", "value": "eef9c0a9e364b4516a83a92592ffc831", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031620", "to_ids": true, "type": "domain", "uuid": "cf85a219-8891-45d5-a325-29168a0eabbc", "value": "126-com.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031641", "to_ids": true, "type": "domain", "uuid": "c0d8c1f9-751a-41ec-9488-8260cde7480c", "value": "163inc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031663", "to_ids": true, "type": "domain", "uuid": "0b77ee59-1d16-4cf6-b364-c905a31517d8", "value": "afmat.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031684", "to_ids": true, "type": "domain", "uuid": "1a7e97da-06e9-4484-aab3-87237db6fad3", "value": "alit.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031705", "to_ids": true, "type": "domain", "uuid": "06d7b381-d771-4b9b-a46d-1f2f580e62b1", "value": "aliyum.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031726", "to_ids": true, "type": "domain", "uuid": "61d671e6-1132-47cc-836e-cb96f9f0c839", "value": "aliyumm.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031747", "to_ids": true, "type": "domain", "uuid": "cc698a87-8999-4aef-9344-894c87151833", "value": "asyn.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031768", "to_ids": true, "type": "domain", "uuid": "a7013a76-eab9-41c4-91de-896fbe401944", "value": "ausibedu.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031789", "to_ids": true, "type": "domain", "uuid": "b0ed65b3-3949-4354-8a16-9e9910b0aa44", "value": "bol-south.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031810", "to_ids": true, "type": "domain", "uuid": "9d23ca8a-e3ae-44cd-a080-27186255148a", "value": "cnsa-gov.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031832", "to_ids": true, "type": "domain", "uuid": "2407599a-ce14-4e61-b360-b4484e429811", "value": "colot.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031853", "to_ids": true, "type": "domain", "uuid": "dd925864-16c0-498a-a782-dcb61942cff4", "value": "comptes.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031874", "to_ids": true, "type": "domain", "uuid": "ed763ada-7c83-4b5a-8426-5389000c128c", "value": "condet.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031895", "to_ids": true, "type": "domain", "uuid": "e0c8d16e-c170-43a9-b651-9d16312c6db1", "value": "conft.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031917", "to_ids": true, "type": "domain", "uuid": "766db322-52b8-4562-aa50-b60851445cce", "value": "dafpak.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031938", "to_ids": true, "type": "domain", "uuid": "d0c15504-3dbd-4ebc-8e6e-7e07226fd22a", "value": "decoty.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031959", "to_ids": true, "type": "domain", "uuid": "5a5f83fb-89e4-471b-8c2a-39dc03146771", "value": "defenec.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773031981", "to_ids": true, "type": "domain", "uuid": "3b209f4d-dff4-47c5-96af-64ee3b962995", "value": "defpak.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032003", "to_ids": true, "type": "domain", "uuid": "310daf35-8fc5-4de4-a58e-562151b8c2ad", "value": "detru.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032025", "to_ids": true, "type": "domain", "uuid": "1eec5545-879b-4664-940b-d32a22f5dd8e", "value": "dgps-govpk.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032046", "to_ids": true, "type": "domain", "uuid": "69768223-fd28-496c-b20c-cba9f7f662cb", "value": "dgps-govpk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032067", "to_ids": true, "type": "domain", "uuid": "70defcf0-bd95-460b-a291-020cc4a19207", "value": "dinfed.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032089", "to_ids": true, "type": "domain", "uuid": "ea3bc24e-4b22-4ecc-9500-009a0efdd7bf", "value": "dirctt88.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032111", "to_ids": true, "type": "domain", "uuid": "f5c14147-2d55-4d6c-9c73-45c71268205a", "value": "dirctt88.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032132", "to_ids": true, "type": "domain", "uuid": "66392381-2c8f-45ff-8b18-b3c5a612e7bf", "value": "direct888.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032153", "to_ids": true, "type": "domain", "uuid": "6697734c-37f3-4cee-9a12-c45d9034423a", "value": "direct88.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032174", "to_ids": true, "type": "domain", "uuid": "76f911f9-985f-46c3-9bf0-410699a0ef96", "value": "directt888.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032195", "to_ids": true, "type": "domain", "uuid": "8e633288-6c85-4e9b-8ce9-343e15050d11", "value": "donwload-file.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032216", "to_ids": true, "type": "domain", "uuid": "0e010ee2-f3ae-4dda-a3c1-2cc57e134e9a", "value": "donwloaded.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032237", "to_ids": true, "type": "domain", "uuid": "89db7aed-cdb4-4fc9-860b-1971bfb7168b", "value": "donwloaded.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032258", "to_ids": true, "type": "domain", "uuid": "f10f9ab0-1c2a-411b-8186-bdf79b81fa50", "value": "dowmload.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032280", "to_ids": true, "type": "domain", "uuid": "1ab37541-91b2-4853-96da-3078f50f7f4a", "value": "downld.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032302", "to_ids": true, "type": "domain", "uuid": "83df5864-0a9c-4865-865c-26d13b27535e", "value": "download-file.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032323", "to_ids": true, "type": "domain", "uuid": "23d7cfb1-e07a-4f5e-933d-9edc20f4654c", "value": "downloadabledocx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032345", "to_ids": true, "type": "domain", "uuid": "f416102e-5df2-4d52-ad24-5b6d02e67c60", "value": "dynat.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032366", "to_ids": true, "type": "domain", "uuid": "53d63cee-af96-4d8d-98c3-726a96103f74", "value": "dytt88.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032387", "to_ids": true, "type": "domain", "uuid": "a8678a6a-e8cd-4ecb-90b2-725936dea33c", "value": "e1ix.mov", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032410", "to_ids": true, "type": "domain", "uuid": "140808c7-86ac-4ae2-a6a8-0770e568d58a", "value": "e1x.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032431", "to_ids": true, "type": "domain", "uuid": "97913d19-e84e-483d-bd9c-31894227b258", "value": "fia-gov.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032452", "to_ids": true, "type": "domain", "uuid": "6854333e-4484-457f-bb84-a713f63f30b0", "value": "fia-gov.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032473", "to_ids": true, "type": "domain", "uuid": "089572c1-258d-4e85-acc8-059f95514298", "value": "gov-govpk.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032494", "to_ids": true, "type": "domain", "uuid": "8eaf300b-6bea-4c5e-b1e3-96b119a0982a", "value": "govpk.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032515", "to_ids": true, "type": "domain", "uuid": "e92c9aa4-f19c-46ea-8c90-6352ed16f3fb", "value": "govpk.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032536", "to_ids": true, "type": "domain", "uuid": "a8391f55-5808-489b-83a5-81b385a1c0bb", "value": "grouit.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032558", "to_ids": true, "type": "domain", "uuid": "42110592-bfcf-481c-b0f9-bc17e80a6559", "value": "gtrec.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032580", "to_ids": true, "type": "domain", "uuid": "b9b5f1a1-cca2-4b53-8d45-6b23f1b38bf0", "value": "healththebest.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032601", "to_ids": true, "type": "domain", "uuid": "707a8725-1c44-4b4f-8e88-7c1d511163c3", "value": "jmicc.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032622", "to_ids": true, "type": "domain", "uuid": "eff30854-7e1e-4520-9e59-e6b8baa22675", "value": "kernet.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032643", "to_ids": true, "type": "domain", "uuid": "57a784cd-c678-4311-86bb-920d68ff92f2", "value": "kretic.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032664", "to_ids": true, "type": "domain", "uuid": "98472c22-2113-4339-8ec6-4486bebc0492", "value": "lforvk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032685", "to_ids": true, "type": "domain", "uuid": "6afc2d4b-54d5-475e-8f22-fe24956fa623", "value": "mfa-gov.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032707", "to_ids": true, "type": "domain", "uuid": "c34890ae-beea-4d15-980b-33ede3839299", "value": "mfa-gov.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032728", "to_ids": true, "type": "domain", "uuid": "c08bc38e-bd3d-45fd-b57a-10f38dd6bbee", "value": "mfa-govt.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032749", "to_ids": true, "type": "domain", "uuid": "e5b167bf-c143-4176-9505-e0b4c611da6e", "value": "mfacom.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032770", "to_ids": true, "type": "domain", "uuid": "1e2d1948-85fa-4113-ae7d-28dd2039b1e4", "value": "mfagov.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032791", "to_ids": true, "type": "domain", "uuid": "cfb66af7-9dbf-4214-878d-febc5b3659cb", "value": "mfas.pro", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032813", "to_ids": true, "type": "domain", "uuid": "c3e6fef1-23ab-4410-b6d9-dac39533e02c", "value": "mitlec.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032834", "to_ids": true, "type": "domain", "uuid": "d4873fb7-2a7e-4a4b-894b-a06bcd5da78a", "value": "mod-gov-pk.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032855", "to_ids": true, "type": "domain", "uuid": "5ab83e34-aeab-4182-9669-b96cc1368910", "value": "mofa.email", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032876", "to_ids": true, "type": "domain", "uuid": "103c1ec4-f518-4c4b-bf31-f294e48f5b6e", "value": "mofagovs.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032897", "to_ids": true, "type": "domain", "uuid": "37459ba0-66af-4816-84bf-0681776c5db4", "value": "moittpk.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032919", "to_ids": true, "type": "domain", "uuid": "020f5fc5-3c57-4bab-9714-3f18213c2506", "value": "moittpk.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032940", "to_ids": true, "type": "domain", "uuid": "99a2aea0-60f0-44c8-a416-bc3a3f9cdd3a", "value": "mshealthcheck.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032961", "to_ids": true, "type": "domain", "uuid": "acfb1ea7-ef7c-4706-b7f6-37538dd5258e", "value": "nactagovpk.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773032982", "to_ids": true, "type": "domain", "uuid": "41091fd2-1b0a-4059-8e2d-d2a9ce560c63", "value": "navy-mil.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033003", "to_ids": true, "type": "domain", "uuid": "380edda5-c403-4c0a-a319-643afb3a17ad", "value": "newmofa.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033024", "to_ids": true, "type": "domain", "uuid": "ed2e236f-b6bb-4b53-99b8-2050dddf5a9e", "value": "newoutlook.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033045", "to_ids": true, "type": "domain", "uuid": "ca0d151a-29ef-4e80-a419-8a30738142d9", "value": "nopler.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033066", "to_ids": true, "type": "domain", "uuid": "9792c11b-68dd-41a5-aedb-c108b9f78444", "value": "ntcpak.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033087", "to_ids": true, "type": "domain", "uuid": "0b773050-9539-49a2-940a-80ea9f8a28b4", "value": "ntcpak.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033109", "to_ids": true, "type": "domain", "uuid": "b817f9dc-06bd-402f-af89-46158eb5447e", "value": "ntcpk.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033130", "to_ids": true, "type": "domain", "uuid": "51e90311-186f-414e-bba8-78d0b2a8a556", "value": "ntcpk.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033151", "to_ids": true, "type": "domain", "uuid": "a82d7d6b-1a22-4660-8d64-b2e0dafe7988", "value": "numpy.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033172", "to_ids": true, "type": "domain", "uuid": "8cbd147f-314d-42c8-9d72-96e5c41a153e", "value": "numzy.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033194", "to_ids": true, "type": "domain", "uuid": "82b5f787-000f-4f06-80e6-d8f4ddee1f9c", "value": "nventic.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033215", "to_ids": true, "type": "domain", "uuid": "df4bf1da-132b-4ea8-99b4-36d5495ab39d", "value": "office-drive.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033236", "to_ids": true, "type": "domain", "uuid": "f8e26499-031a-40ce-acb9-ac5f9e5739c0", "value": "pafgovt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033258", "to_ids": true, "type": "domain", "uuid": "d9031c12-9db9-4883-ac11-15336f1645b3", "value": "paknavy-gov.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033279", "to_ids": true, "type": "domain", "uuid": "6c2a3d82-7343-42e4-8507-2e6837c0da8e", "value": "paknavy-govpk.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033300", "to_ids": true, "type": "domain", "uuid": "fee45418-b855-414b-9b58-40d40279f2ae", "value": "paknavy-govpk.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033321", "to_ids": true, "type": "domain", "uuid": "76eabb57-ae26-4dba-8b89-e90bf800d2c5", "value": "pdfrdr-update.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033342", "to_ids": true, "type": "domain", "uuid": "615ca602-1b97-4c22-839b-4e86ecbb87a3", "value": "pdfrdr-update.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033365", "to_ids": true, "type": "domain", "uuid": "e2f0ef08-ad71-41c1-b96e-105f5809799b", "value": "pmd-office.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033386", "to_ids": true, "type": "domain", "uuid": "73c51712-8bbc-48ea-8d66-228fb1fba51c", "value": "pmd-office.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033408", "to_ids": true, "type": "domain", "uuid": "1363ee60-c4aa-4ac7-bf53-207734c37996", "value": "pmd-office.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033429", "to_ids": true, "type": "domain", "uuid": "999198dc-f6d6-4cf0-906c-a42aacf66b43", "value": "ptcl-net.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033450", "to_ids": true, "type": "domain", "uuid": "0e58ffeb-ed62-4c16-8ffe-6d71626a6e4c", "value": "scrabt.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033471", "to_ids": true, "type": "domain", "uuid": "8e13707a-5fa1-418d-97ff-028504c803be", "value": "shipping-policy.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033492", "to_ids": true, "type": "domain", "uuid": "833c1129-fdd2-4001-9127-f9d8fe143600", "value": "sjfu-edu.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033513", "to_ids": true, "type": "domain", "uuid": "f4e3b44f-4541-4c82-905a-90c167ab9595", "value": "support-update.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033535", "to_ids": true, "type": "domain", "uuid": "7b173270-1287-4e27-afdb-10548b4f9a7c", "value": "tazze.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033556", "to_ids": true, "type": "domain", "uuid": "f6b69ea8-d6c0-43ca-9933-2e92f7c20c1c", "value": "tex-ideas.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033577", "to_ids": true, "type": "domain", "uuid": "29d2cedb-1f62-48ba-a340-0a933c849230", "value": "tni-mil.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033598", "to_ids": true, "type": "domain", "uuid": "d4c294f0-f11d-4a12-8001-117078d4084a", "value": "tsinghua-edu.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033619", "to_ids": true, "type": "domain", "uuid": "0870d671-dcaa-4064-987c-8d4679ca65ee", "value": "tumet.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033640", "to_ids": true, "type": "domain", "uuid": "712bc761-6301-4dfe-acaf-8b5f1a3c72d3", "value": "u1x.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033661", "to_ids": true, "type": "domain", "uuid": "1510e30d-fbe1-4bdd-a0ce-cdec435c4140", "value": "ujsen.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033683", "to_ids": true, "type": "domain", "uuid": "03740d18-00f6-4e94-a887-758e93a6d666", "value": "update-govpk.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033704", "to_ids": true, "type": "domain", "uuid": "a950dcdc-6b59-4a4f-9315-7f39f119e32a", "value": "updtesession.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773033725", "to_ids": true, "type": "domain", "uuid": "fe5b2d2c-54a3-4634-a29c-e0ba56d5cb10", "value": "widge.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "\u201cBackdoor loader module\u201d dropped as devobj.dll No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147659", "to_ids": true, "type": "md5", "uuid": "b6c3f1f0-bb6e-460d-a015-5cc63be5f7a5", "value": "a7aad43a572f44f8c008b9885cf936cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "XML manifest No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147702", "to_ids": true, "type": "md5", "uuid": "5d7fdb6f-420c-4503-9ef5-62eb0d3a024a", "value": "d3136d7151f60ec41a370f4743c2983b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "\u201cBackdoor loader module\u201d dropped as propsys.dll No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147722", "to_ids": true, "type": "md5", "uuid": "b53e08b2-aee3-445a-9be7-0c23ff40adc7", "value": "56e7d6b5c61306096a5ba22ebbfb454e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033746", "to_ids": true, "type": "hostname", "uuid": "b3e6d23b-deb2-4f1f-b251-051596b0a229", "value": "nextgen.paknavy-govpk.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033767", "to_ids": true, "type": "hostname", "uuid": "122bc472-2000-4643-9050-1ab82e0c3c95", "value": "premier.moittpk.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033788", "to_ids": true, "type": "hostname", "uuid": "24734323-ce08-4932-aa01-2ee3931570d0", "value": "cabinet-division-pk.fia-gov.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033809", "to_ids": true, "type": "hostname", "uuid": "24952597-3e39-4755-b014-3297ea7a7207", "value": "navy-lk.direct888.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033831", "to_ids": true, "type": "hostname", "uuid": "a1d31b4b-4b3c-4bba-b1aa-3940dd95fcb9", "value": "srilanka-navy.lforvk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033852", "to_ids": true, "type": "hostname", "uuid": "73bedb92-ffe7-4edc-96e1-0c3af641cae2", "value": "portdjibouti.pmd-office.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033874", "to_ids": true, "type": "hostname", "uuid": "46b0ef5b-9c82-45d7-9726-98e52ec01877", "value": "portdedjibouti.shipping-policy.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033895", "to_ids": true, "type": "hostname", "uuid": "dad107c3-12f9-463f-b7d2-1230017c3d0f", "value": "mofa-gov-sa.direct888.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033918", "to_ids": true, "type": "hostname", "uuid": "ecf57046-d563-4a75-b85c-c80069ae705e", "value": "mod-gov-bd.direct888.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033939", "to_ids": true, "type": "hostname", "uuid": "ccc4b979-2eb9-45c1-a6ae-286b7758c37b", "value": "mmcert-org-mm.donwloaded.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The attacker registered numerous domains using Hostinger, Namecheap, and Hosting Concepts as providers", "deleted": false, "disable_correlation": false, "timestamp": "1773033960", "to_ids": true, "type": "hostname", "uuid": "c910baf2-5e22-48e5-a84f-e2817f782e81", "value": "opmcm-gov-np.fia-gov.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Library used to bypass UAC abusing IElevatedFactoryServer COM object No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147743", "to_ids": true, "type": "md5", "uuid": "1c34417a-7e3a-4637-ac67-7f67b17e8d77", "value": "7f357621ba88a2a52b8146492364b6e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious library used to download additional malware No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147765", "to_ids": true, "type": "md5", "uuid": "c8266593-6f51-4ac2-9a4c-af9ae6114b11", "value": "b0f0c29f4143605d5f958eba664cc295", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shellcode to run libraries in memory No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147786", "to_ids": true, "type": "md5", "uuid": "dc71d9b9-1192-4698-a91a-b18c9093f01f", "value": "f492b2d5431985078b85c78661e20c09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Program used for Slui UAC bypass technique No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147807", "to_ids": true, "type": "md5", "uuid": "1bf5f4ad-8132-4e14-ba64-a98bc3c6c5c1", "value": "ba2914b59c7ae08c346fc5a984dcc219", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 URLs embedded in the code", "deleted": false, "disable_correlation": false, "timestamp": "1773033982", "to_ids": true, "type": "url", "uuid": "f95cb158-7cba-4ea3-91b2-963c0530b739", "value": "https://dynamic.nactagovpk.org/735e3a_download", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 URLs embedded in the code", "deleted": false, "disable_correlation": false, "timestamp": "1773034003", "to_ids": true, "type": "url", "uuid": "d1cd7beb-8514-45af-a7d2-6e7ed9a50846", "value": "https://dynamic.nactagovpk.org/0df7b2_download", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 URLs embedded in the code", "deleted": false, "disable_correlation": false, "timestamp": "1773034024", "to_ids": true, "type": "url", "uuid": "1821ce25-6672-4c52-a55b-730bcebd8499", "value": "https://dynamic.nactagovpk.org/27419a_download", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 URLs embedded in the code", "deleted": false, "disable_correlation": false, "timestamp": "1773034045", "to_ids": true, "type": "url", "uuid": "4969080d-ad97-46b6-b5c8-455903e2aa2c", "value": "https://dynamic.nactagovpk.org/ef1c4f_download", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "C++ library used to download two malicious libraries and create persistence points No sample in VT\r\nLast check:02/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746147828", "to_ids": true, "type": "md5", "uuid": "ec56190e-dc8c-4486-abe8-7c5db2bd8731", "value": "a107f27e7e9bac7c38e7778d661b78ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "The loaded JavaScript downloads and executes additional script code from a remote website", "deleted": false, "disable_correlation": false, "timestamp": "1773034066", "to_ids": true, "type": "url", "uuid": "adb1dac8-adce-47a9-ba3e-08a98db36001", "value": "https://mofa-gov-sa.direct888.net/015094_consulategz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034087", "uuid": "6bdc27f9-d207-49c9-8f67-58878b15f4e1", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034087", "to_ids": true, "type": "md5", "uuid": "e23217e9-db55-4b60-8d41-2f407249baf6", "value": "6cf6d55a3968e2176db2bba2134bbe94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146684", "to_ids": true, "type": "sha1", "uuid": "0dd0a8d8-3b85-4205-b219-2f727f616f4d", "value": "1c28c495c6c8794afe594580fb2958874781698f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146684", "to_ids": true, "type": "sha256", "uuid": "1c55ef5a-8883-4092-92c9-6abd620d6700", "value": "931aee9ba0e51804cb354a3a41830721e41a0fab6758aa19a43eaf1abe621b4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146684", "to_ids": true, "type": "ssdeep", "uuid": "6a567977-83c7-4be4-a3bb-18278dd48b9d", "value": "12288:QJ5tp3UprUb3UVUa8Xb6pi3QtYvpTznjLKmZBMOF:QJ7mdUy9i3QMhznjLHnF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146684", "to_ids": false, "type": "size-in-bytes", "uuid": "34df1929-c633-4f90-8e2b-56cfe26aa0c4", "value": "422649" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146684", "to_ids": true, "type": "vhash", "uuid": "0f2229e2-6fda-412f-894a-1f2d655ab660", "value": "3e86d637f57041eeb9dde4d75c82e774" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146684", "to_ids": true, "type": "filename", "uuid": "68600343-2756-409f-ae56-b0942e6ea029", "value": "931aee9ba0e51804cb354a3a41830_edr721e41a0fab6758aa19a43eaf1abe621b4dXxX121Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 14/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146684", "to_ids": false, "type": "text", "uuid": "2e1f4b42-1aea-474b-9efc-196325ef8586", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Exploit:O97M/CVE-2017-0199!MSR\nVT Total Detection:34/66\nFirst Submission:2023-12-22T03:44:02.000000+00:00\nLast Submission:2024-10-27T16:16:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034108", "uuid": "67b120cc-6d13-4cad-a895-dfe150dbbe5e", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034108", "to_ids": true, "type": "md5", "uuid": "f587c9c3-4459-4bd3-886c-6bd3d52c6013", "value": "c87eb71ff038df7b517644fa5c097eac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146706", "to_ids": true, "type": "sha1", "uuid": "ba21e5c6-9876-455e-af70-a8ba9c6c117d", "value": "33f221579f95f623025b464f22a20da66be2b273", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146706", "to_ids": true, "type": "sha256", "uuid": "066561ea-d7d6-40f8-bc91-17daad31d13d", "value": "9d02bf092fdcf44a51ae6e264ec3e3e57afbe79622c92a797e33fb62ed495cda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146706", "to_ids": true, "type": "ssdeep", "uuid": "1e0212ca-c614-429b-8aa0-8b7f0fe19268", "value": "24576:q7YpQgl6XS55TfMjvuXtesnnfHOrM7WqHAGVgxpT6Wuzb3XgHztGV:5Ggl6XSG2XwsnbdHDApT6vngHzAV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146706", "to_ids": false, "type": "size-in-bytes", "uuid": "ebbc2c9e-9d07-4c91-ae02-a33187b66cf4", "value": "1428144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146706", "to_ids": true, "type": "vhash", "uuid": "9c857578-a622-4a97-a84d-652cf2fbc11c", "value": "36270d7d445a398102986a2b8e7fbe87" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146706", "to_ids": true, "type": "filename", "uuid": "e0ab2867-257b-4bd8-8451-26819e92838e", "value": "9d02bf092fdcf44a51ae6e264ec3e3e5_edr7afbe79622c92a797e33fb62ed495cdaXxX124Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 18/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146706", "to_ids": false, "type": "text", "uuid": "ddf7572b-00a8-4204-b04b-b3ef1dda4a1d", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Trojan:O97M/CVE-2017-0199!MSR\nVT Total Detection:33/66\nFirst Submission:2023-12-13T08:00:01.000000+00:00\nLast Submission:2024-12-13T11:38:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034130", "uuid": "9326d7d3-8c5f-4191-96a0-89fa90043e84", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034130", "to_ids": true, "type": "md5", "uuid": "221d6cf4-1fd7-4af8-9634-4795c91d7fb3", "value": "8202209354ece5c53648c52bdbd064f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146728", "to_ids": true, "type": "sha1", "uuid": "79077f4e-194e-4349-ab4d-57404bed53f0", "value": "683210af38ef15f1bacb67ddc42f085bee05cf35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146728", "to_ids": true, "type": "sha256", "uuid": "d5a5e2ac-39dc-4ee2-8686-146df0de8ef8", "value": "89d4d85592bf0b5e8b55c2d62c9050bfa8c3017f9f497134dbacbb2a0f13a09e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146727", "to_ids": true, "type": "ssdeep", "uuid": "12d818df-6595-45d7-91dd-e7067765536f", "value": "49152:JJb+67s4Y+WJ9UhMQzTDdwPaQx3fNdK1HAgCclqDhDAy:/f2mhMQ3DEaG3eHAgCclgEy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146727", "to_ids": false, "type": "size-in-bytes", "uuid": "17e22c87-d67e-43cf-81b1-c2893c9fa12d", "value": "1651194" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146727", "to_ids": true, "type": "vhash", "uuid": "886c6228-794b-4364-bc8f-9bb7d8149c6b", "value": "e724c26ac7dbaf11d6a72b4a41e9eb05" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146727", "to_ids": true, "type": "filename", "uuid": "fd405549-2bac-4014-8161-d171b47d608c", "value": "89d4d85592bf0b5e8b55c2d62c9050bfa8c301_edr7f9f497134dbacbb2a0f13a09eXxX117Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146727", "to_ids": false, "type": "text", "uuid": "62ca3b42-8c74-43f6-bd98-2b8833683b2a", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Trojan:O97M/Donoff!MSR\nVT Total Detection:34/69\nFirst Submission:2024-01-05T02:24:48.000000+00:00\nLast Submission:2024-12-14T05:52:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034151", "uuid": "98f35b4d-33ac-4583-9603-0c9450cf7843", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034151", "to_ids": true, "type": "md5", "uuid": "72bd878c-9517-49f1-8c44-151db97f7717", "value": "5cc784afb69c153ab325266e8a7afaf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146749", "to_ids": true, "type": "sha1", "uuid": "2e600e3c-9a8b-428e-87ba-164fd7806944", "value": "85500978ed7a617eb1eaae873498523bb9cb0b28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146749", "to_ids": true, "type": "sha256", "uuid": "17eba9fb-5bf3-4eea-a342-1ea65d52abb2", "value": "170ccf1225154fa0cd92a14219f0b912479cc4095203646c38a31bb78baafe9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146749", "to_ids": true, "type": "ssdeep", "uuid": "012d8fa5-e0fb-4c98-b688-7be358a342ca", "value": "192:8jyQO+GdUo3AqA3h17w3v+iEeKWW0TdoILLPieFuXrjzgTJyc/Ba:8jw+noZW1wgeh/hoSaeFcsTJLM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146749", "to_ids": false, "type": "size-in-bytes", "uuid": "9b6a8bfc-0e58-4f7e-b09b-180c18ebce4f", "value": "12318" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146749", "to_ids": true, "type": "vhash", "uuid": "0cf928e8-034d-470f-8ebd-955da460b6b8", "value": "1cca1b74911b11dc1e5bcf06c6eb0b5e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146749", "to_ids": true, "type": "filename", "uuid": "070613a8-10ed-46e6-b8a2-7616581f76d5", "value": "1_edr70ccf1225154fa0cd92a14219f0b912479cc4095203646c38a31bb78baafe9fXxX103Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 19/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146749", "to_ids": false, "type": "text", "uuid": "4b2e3930-572f-4f68-a0e6-297ad8cc2b49", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Trojan:O97M/Donoff!MSR\nVT Total Detection:34/66\nFirst Submission:2023-11-24T06:14:23.000000+00:00\nLast Submission:2025-02-07T13:28:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034172", "uuid": "b2ec2a3d-6f44-4586-b6a6-c3323a72642d", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034172", "to_ids": true, "type": "md5", "uuid": "33b17aff-a2a4-4a13-81ea-a46b01e1a495", "value": "3a6916192106ae3ac7e55bd357bc5eee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146771", "to_ids": true, "type": "sha1", "uuid": "86ad0f0e-bbdb-476e-9c83-cd128db02ea2", "value": "44c836f99f8b945830781d9580cb7f77bfafc843", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146771", "to_ids": true, "type": "sha256", "uuid": "f0eecf90-c786-4057-9152-816a14f8abe8", "value": "15ce7d3c879975ca81777cf58f47409283e34ec1fe8e966fde608bc7eda16646", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146770", "to_ids": true, "type": "ssdeep", "uuid": "358ce571-2f87-4b17-aa1a-aa605e115344", "value": "6144:HltWE8mVnJIu06Xes/jtII+XJdELg43fFebh3OZ/JyGD3x7CXPmrZ5d7TGknZFG:HzmknJQ6ucjsyg43AheFl7CXG5dpY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146770", "to_ids": false, "type": "size-in-bytes", "uuid": "618a9e01-bf26-4b4a-aedc-9d4b3a126159", "value": "393661" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146770", "to_ids": true, "type": "vhash", "uuid": "314e94e9-daf0-4fad-97d8-7f92fc8ae857", "value": "c59c55364f2277c06a011482498ab1fd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146770", "to_ids": true, "type": "filename", "uuid": "201c4829-3ef2-41ff-9226-6f1e2eca795a", "value": "15ce_edr7d3c879975ca81777cf58f47409283e34ec1fe8e966fde608bc7eda16646XxX102Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 27/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146770", "to_ids": false, "type": "text", "uuid": "60c0a7e2-a171-4333-b7dc-cb468c1eddbb", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Exploit:O97M/CVE-2017-0199.ARA!MTB\nVT Total Detection:34/66\nFirst Submission:2024-01-05T05:56:25.000000+00:00\nLast Submission:2024-11-17T11:50:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034193", "uuid": "afa853d8-eb9b-4f41-a34d-a5265870ce4f", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034193", "to_ids": true, "type": "md5", "uuid": "56666fc7-8acd-43d3-b329-4b1377904bb6", "value": "54aadadcf77dec53b2566fe61b034384", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146792", "to_ids": true, "type": "sha1", "uuid": "b1dfc5dd-417d-4cd6-a787-5d6b2f0a6732", "value": "4e95a0a27ff336f1193acdd975a53a6f02ee3443", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146792", "to_ids": true, "type": "sha256", "uuid": "0cd25352-c185-4573-a832-b885fb726aba", "value": "a11fab6de2c5111833e9e4a6f69ce5dded17085a3d8ae21c7fcfa00d7e113c9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146792", "to_ids": true, "type": "ssdeep", "uuid": "52c95eee-02ae-468b-9c1b-a9a1a011fa62", "value": "49152:Xb5ZwdQE8/INlfQP4hvuAiPRQ/p9ANtsCZfkPSZsX:Xkq41uQosCCP7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146792", "to_ids": false, "type": "size-in-bytes", "uuid": "3f0302e4-48b4-4738-bc7d-15d928dfcda1", "value": "1811812" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146792", "to_ids": true, "type": "vhash", "uuid": "f5be62d5-0b0e-40ed-bc61-33efff2d7dca", "value": "26c67950e2ed14c8f319db619aeb2df4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146792", "to_ids": true, "type": "filename", "uuid": "8c60f704-4b4f-4c3d-b003-da3691735bde", "value": "a11fab6de2c5111833e9e4a6f69ce5dded1_edr7085a3d8ae21c7fcfa00d7e113c9bXxX125Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 23/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146792", "to_ids": false, "type": "text", "uuid": "88678f28-9444-48be-92e4-7b6b4b640a60", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Exploit:O97M/CVE-2017-0199!MSR\nVT Total Detection:36/66\nFirst Submission:2023-12-29T06:01:22.000000+00:00\nLast Submission:2024-12-14T12:13:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034214", "uuid": "67378029-e92b-45ab-8e39-12e56b3c6990", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034214", "to_ids": true, "type": "md5", "uuid": "8746359b-45f3-4225-92c3-f47b5b9a63fb", "value": "8f83d19c2efc062e8983bce83062c9b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146814", "to_ids": true, "type": "sha1", "uuid": "7d6fa3d9-8beb-4e82-98a9-1900a9700a11", "value": "c50caa49156a1ce5cfb2df20ab3a5292e81c54bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146814", "to_ids": true, "type": "sha256", "uuid": "0f7cd75a-8f78-4ff1-a0c3-72270b808b13", "value": "1a88ef58675971eb18eeb267b1be90594cd6c7ebddf1c67d66729fa3e68de323", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146813", "to_ids": true, "type": "ssdeep", "uuid": "fe883d0a-2068-4688-9780-7883a228fc13", "value": "3072:jwwaT2Qxib7LleOC8qAW4UwRiFD7M7uwszhbuKs:jaT4bNel8q5mi3q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146813", "to_ids": false, "type": "size-in-bytes", "uuid": "1c779635-87cc-4a52-9b2d-910efa36ea08", "value": "104317" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146813", "to_ids": true, "type": "vhash", "uuid": "df0b208b-81b3-4c00-a550-67de21cbde80", "value": "9d5e4e5ed78cbc0754a38abf22181d64" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146813", "to_ids": true, "type": "filename", "uuid": "27c118ee-5829-4588-8d46-73b2ac1d5e0d", "value": "1a88ef586_edr75971eb18eeb267b1be90594cd6c7ebddf1c67d66729fa3e68de323XxX105Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 30/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146813", "to_ids": false, "type": "text", "uuid": "0099ce86-5f89-469e-a07c-e91f750935c5", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Exploit:O97M/CVE-2017-0199!MSR\nVT Total Detection:37/67\nFirst Submission:2023-12-23T15:18:33.000000+00:00\nLast Submission:2024-10-27T16:35:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034235", "uuid": "2290fe70-1f4d-4219-8be0-468cc26a2ab5", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034235", "to_ids": true, "type": "md5", "uuid": "827f40bf-1d5b-4897-9e93-dc857e53dc08", "value": "8e8b61e5fb6f6792f2bee0ec947f1989", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146835", "to_ids": true, "type": "sha1", "uuid": "24fcbeb9-7e8f-4f38-a114-3e71c43dc5d1", "value": "c9614bc93ccde8ddf06ba06512c218473cad8256", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146835", "to_ids": true, "type": "sha256", "uuid": "33b921fd-33e8-496d-b4ff-db06f465dfdf", "value": "b565bd60e9182746de76feeebe7f85902e22ee3a22d5d55a278be7340923806e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146834", "to_ids": true, "type": "ssdeep", "uuid": "15ddbfac-7a00-4fd0-ae68-5d3dd3ef43a2", "value": "384:o2fQ+vZ4D6L9bIsQj0OUeZFpLKQ+axX/mc7Tmmi9:8ZD6L98sQjmSmM5ecumG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146834", "to_ids": false, "type": "size-in-bytes", "uuid": "1f04416b-6635-44c3-9cd4-5194d50a4afd", "value": "17414" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146834", "to_ids": true, "type": "vhash", "uuid": "11acc38e-0d39-476d-8d97-b203ee830430", "value": "1cca1b74911b11dc1e5bcf06c6eb0b5e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146834", "to_ids": true, "type": "filename", "uuid": "cc5c1a38-ad87-433b-8029-7749b036bcfb", "value": "b565bd60e9182_edr746de76feeebe7f85902e22ee3a22d5d55a278be7340923806eXxX130Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146834", "to_ids": false, "type": "text", "uuid": "ccb02459-6db1-4f61-bba3-c818d573e000", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Trojan:Win32/Acll\nVT Total Detection:36/66\nFirst Submission:2023-12-27T13:34:10.000000+00:00\nLast Submission:2024-10-28T04:20:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034256", "uuid": "79e416e2-1cc2-4a93-b2d7-0dfe9de854e6", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034256", "to_ids": true, "type": "md5", "uuid": "202b69d3-1a07-49d2-ab92-1f5fd0476d53", "value": "86eeb037f5669bff655de1e08199a554", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146856", "to_ids": true, "type": "sha1", "uuid": "53fba237-5a18-4dc1-875d-899e2ab2e379", "value": "f0a2bb57da87b579e5027631066a9652d64d67b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146856", "to_ids": true, "type": "sha256", "uuid": "a0c6edfd-f4b8-4508-b0f0-1dcd8d5bcb27", "value": "c8a8e382ba1f7d1ab4b00d3e03f63ca65b2e459f3b01006bf44b3cf9950b7ceb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146856", "to_ids": true, "type": "ssdeep", "uuid": "f4919d9e-9954-44e6-be66-a9c2a984ec2d", "value": "384:o2fQ+vZ4D6L9bIsQj0OUeZFpLKQ+axX/mc7TmmK5:8ZD6L98sQjmSmM5ecum6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146856", "to_ids": false, "type": "size-in-bytes", "uuid": "4f7716f5-203e-492a-8b2f-20ae309d3f23", "value": "17414" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146856", "to_ids": true, "type": "vhash", "uuid": "7093caf1-312c-4c89-8b8b-05844ee6adc8", "value": "1cca1b74911b11dc1e5bcf06c6eb0b5e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146856", "to_ids": true, "type": "filename", "uuid": "5b5d91a2-f4c8-41f1-b89c-331f04761c01", "value": "c8a8e382ba1f7d1ab4b00d3e03f63ca65b2e459f3b01006bf44b3cf9950b7ceb.docx.doc" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146856", "to_ids": false, "type": "text", "uuid": "398218a0-1e32-4c81-8119-389b2754e291", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Trojan:O97M/Phish!MSR\nVT Total Detection:34/67\nFirst Submission:2024-01-04T14:36:09.000000+00:00\nLast Submission:2024-12-14T07:01:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034278", "uuid": "c20bd569-244c-4df7-9083-490208652950", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034278", "to_ids": true, "type": "md5", "uuid": "fa64a047-0109-4996-9fbc-e8609887d852", "value": "1c36177ac4423129e301c5a40247f180", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146877", "to_ids": true, "type": "sha1", "uuid": "b7b01235-2b3b-4a23-bba2-ed5856c7e29b", "value": "b3453e58af7d90949ef6843f380f5ccfa9b4943d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146877", "to_ids": true, "type": "sha256", "uuid": "4ad09d04-9f45-4f41-93ff-90425232ea32", "value": "55a0bbde3e32c559715cdc9c7d30d003b9e14725a6369d30edef20c1ed6dd994", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146877", "to_ids": true, "type": "ssdeep", "uuid": "a7df2da8-d576-40a2-9875-880a60edd250", "value": "6144:i4EGSIITjgtYLpzNDmjpVs6NSgPZK1mLY8djo/GAUcTkBj2Pn10R0TbMcrF:ijG0ot4HYpVs6NSgPZK10djK+csj2P1N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146877", "to_ids": false, "type": "size-in-bytes", "uuid": "4345fe8c-d189-434c-adba-3f19b82dce7e", "value": "363820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146877", "to_ids": true, "type": "vhash", "uuid": "48b47b61-23eb-4908-86a8-662f06d4e0ce", "value": "c59c55364f2277c06a011482498ab1fd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146877", "to_ids": true, "type": "filename", "uuid": "24f222b0-9fb2-4012-abaa-d2c1755a8850", "value": "55a0bbde3e32c559_edr715cdc9c7d30d003b9e14725a6369d30edef20c1ed6dd994XxX111Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 23/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146877", "to_ids": false, "type": "text", "uuid": "e9b210c1-008a-4a11-b454-eda433133127", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Exploit:O97M/CVE-2017-0199!MSR\nVT Total Detection:36/66\nFirst Submission:2024-01-30T08:54:05.000000+00:00\nLast Submission:2024-10-27T16:26:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034299", "uuid": "c16a9893-86d2-47b7-afff-ccc8429cd94b", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034299", "to_ids": true, "type": "md5", "uuid": "d5304a73-876e-4bcb-ad19-c769980bcd20", "value": "873079cd3e635adb609c38af71bad702", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146898", "to_ids": true, "type": "sha1", "uuid": "5b16d390-bd7e-4919-8b48-db414f6125f3", "value": "06e99708dc53c6c2437e5653832119c67f440710", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146898", "to_ids": true, "type": "sha256", "uuid": "45e57d92-dd1b-4c2d-94d6-4600c895e6a4", "value": "82669f343fb6e2fd43c8e8477c32adc31fe2bac1cbeb384e1316cb5e5971d11b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146898", "to_ids": true, "type": "ssdeep", "uuid": "c18f87dd-05ee-4c5b-a181-4df61b8aab0d", "value": "6144:do7C9OaAMrsKBR/JYUvM6zvhVYUzmRNaN+:2+QaAC/uWLLYIwaN+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146898", "to_ids": false, "type": "size-in-bytes", "uuid": "d329a87c-d3ad-45cd-a127-5df1ac2cb63b", "value": "197401" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146898", "to_ids": true, "type": "vhash", "uuid": "39119e7f-6c5f-4b58-aa7b-ae48d32b49fe", "value": "c59c55364f2277c06a011482498ab1fd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146898", "to_ids": true, "type": "filename", "uuid": "8a9ff292-9729-44d0-903b-ccfd3142f404", "value": "82669f343fb6e2fd43c8e8477c32adc31fe2bac1cbeb384e1316cb5e5971d11bdocx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 01/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146898", "to_ids": false, "type": "text", "uuid": "e4a58df8-5d85-4ea0-bcd6-b6942a497845", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Trojan:O97M/Phish!MSR\nVT Total Detection:30/66\nFirst Submission:2023-12-15T11:17:54.000000+00:00\nLast Submission:2024-12-14T07:13:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034320", "uuid": "2a3a6f7a-807a-456a-b4ad-64d763175329", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034320", "to_ids": true, "type": "md5", "uuid": "c78a89c0-27a3-4d56-83f9-0e7d91ea2002", "value": "423e150d91edc568546f0d2f064a8bf1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146919", "to_ids": true, "type": "sha1", "uuid": "6c82a25d-b7d2-4b08-b93e-aab5f5ed9d05", "value": "d65c2f100acd9f42138661ee3620ff51471b4e1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146920", "to_ids": true, "type": "sha256", "uuid": "aa65a46c-e55f-4d01-b009-4fbfeee75104", "value": "e1ae44d26899969d520789e23c777d6c07785da23454664ad12b2783946a617c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146919", "to_ids": true, "type": "ssdeep", "uuid": "9eb85725-9b98-47e2-846b-73c47361a516", "value": "3072:KqoGv1uMkApI3CTHAKMaH2davWSk6P3uSJEBeyLuQA9Jol6o:KPEkFCTHAKlH4av262SSBt+9Jol6o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146919", "to_ids": false, "type": "size-in-bytes", "uuid": "962d1d49-6dab-4b45-819d-d90caf1c5d9b", "value": "147132" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146919", "to_ids": true, "type": "vhash", "uuid": "4569bda8-d32b-4cc0-a5af-59a4813c739a", "value": "3e86d637f57041eeb9dde4d75c82e774" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146919", "to_ids": true, "type": "filename", "uuid": "49a7f82d-02d7-49ea-8496-2d3d4536cffd", "value": "e1ae44d26899969d520_edr789e23c777d6c07785da23454664ad12b2783946a617cXxX131Docx.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 29/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146919", "to_ids": false, "type": "text", "uuid": "731e60bd-ce83-4768-b661-246714384df4", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Exploit:O97M/CVE-2017-0199!MSR\nVT Total Detection:33/66\nFirst Submission:2023-12-05T06:29:23.000000+00:00\nLast Submission:2024-12-27T17:32:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034342", "uuid": "6a2c567b-e636-4bc1-a816-095141bcaf11", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034342", "to_ids": true, "type": "md5", "uuid": "65821c72-9809-4a97-9443-57b88a64dbde", "value": "4a5e818178f9b2dc48839a5dbe0e3cc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146941", "to_ids": true, "type": "sha1", "uuid": "c1e38040-4070-47cf-b4ee-57ad79dd1521", "value": "02a7d2b318d1c8eee61cb75cae0fc54c808cb236", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146941", "to_ids": true, "type": "sha256", "uuid": "e7b7a926-d5ab-432b-beeb-42f80c75e4ac", "value": "e36e8244c06d88a5650783bfb3e0e85acd76b803a33018d48391f1ebcc849622", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146940", "to_ids": true, "type": "ssdeep", "uuid": "f00b482c-a723-41c5-b842-ef46efd4ae94", "value": "768:gjaxpo7+nZmwu1vSD5NaJk2NQYRstg4K6NJfeVJpvmmFGBLl+b0XmiZm8ddfHTwM:Vpo7+nZK1vSDyeYSOoh8fvmmFGBx+bEN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146940", "to_ids": false, "type": "size-in-bytes", "uuid": "611e557b-c9ac-4204-a90c-5e90edfa5cb0", "value": "40860" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146940", "to_ids": true, "type": "vhash", "uuid": "3e80f0c6-b37f-44da-8a89-16ef3bdff94b", "value": "9e434438c18ed4678e0a17fa0c787cca" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146940", "to_ids": true, "type": "filename", "uuid": "f06a71ff-5538-41d4-a062-093654f58d31", "value": "e36e8244c06d88a5650783bfb3e0e85acd76b803a33018d48391f1ebcc849622.docx" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146940", "to_ids": false, "type": "text", "uuid": "a8b55dad-8c79-4676-8c32-ee38c59e3be8", "value": "Malicious document\r\nType Description: Office Open XML Document\nMicrosoft: Trojan:O97M/Phish!MSR\nVT Total Detection:25/67\nFirst Submission:2023-09-28T10:32:17.000000+00:00\nLast Submission:2024-12-14T14:06:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034363", "uuid": "185ec930-b69d-40ba-97a3-26ba624247cd", "Attribute": [ { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034363", "to_ids": true, "type": "md5", "uuid": "38e72b48-b859-4960-a03f-6394ed72bec6", "value": "26aa30505d8358ebeb5ee15aecb1cbb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146962", "to_ids": true, "type": "sha1", "uuid": "49928ba1-6e5c-490c-9811-f7ad0428ea90", "value": "07b82b4c566d5b887f8e9c4966887b378e4dc29e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146962", "to_ids": true, "type": "sha256", "uuid": "209d8026-60a2-41b5-9a56-5f476ec96aeb", "value": "c869b11b085ccbde029c20615c8182fe49fae04244de2a888284eb4763e2561c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146961", "to_ids": true, "type": "ssdeep", "uuid": "eea43f3a-5809-414d-952e-90eed180c631", "value": "96:kOTkXx6/cwCAMHLBaPgaKYbWv+GOw9+Mm2M:kO4OVMNcKYb4+rDpP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146961", "to_ids": false, "type": "size-in-bytes", "uuid": "10a9259d-8b6a-4fe1-834f-f547f5db6436", "value": "4076" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146961", "to_ids": true, "type": "vhash", "uuid": "75cddef2-0d8a-42ea-a3b3-5de6c8841d94", "value": "879f197513b3c8a939e47d724011e53ed" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146961", "to_ids": true, "type": "filename", "uuid": "2bfa81a0-428a-406f-b6a5-87ed3c82f16e", "value": "c869b11b085ccbde029c20615c8182fe49fae04244de2a888284eb4763e2561c.rtf" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146961", "to_ids": false, "type": "text", "uuid": "9b73058e-6d1e-4e0b-84c4-17f7c64e97a4", "value": "Rtf\r\nType Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-11882.MAE!MTB\nVT Total Detection:38/61\nFirst Submission:2023-10-13T11:32:11.000000+00:00\nLast Submission:2024-12-13T15:13:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034384", "uuid": "6de415ac-2cce-498d-9abc-0f15be0bc9c3", "Attribute": [ { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034384", "to_ids": true, "type": "md5", "uuid": "acf95cfa-4515-4f94-87ef-4b388fc473f8", "value": "3233db78e37302b47436b550a21cdaf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746146983", "to_ids": true, "type": "sha1", "uuid": "a19fa3cc-2e52-411c-b5cf-6bc8a903f631", "value": "3f26b7480d1db1234b998c65fae542c6fee0ef21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746146983", "to_ids": true, "type": "sha256", "uuid": "96922efe-a47f-48d7-8138-8d4e07d254ae", "value": "613068422c214b944c7b2e3fb60412ed99d35c9e18d53d45b16965c5a36f734a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746146983", "to_ids": true, "type": "ssdeep", "uuid": "f07de916-7125-4f97-ab6a-c9576761c569", "value": "192:j7j4rIbadfwQkkS3KiZ6pL9XmOVMNcKYb4+r7RMj:j7jqDha+vcYRMj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746146983", "to_ids": false, "type": "size-in-bytes", "uuid": "01f03cd8-c953-48d6-809e-b25c80b62b9d", "value": "7603" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746146983", "to_ids": true, "type": "vhash", "uuid": "fac5de77-7968-458d-bbf7-90b45f00c2dc", "value": "8d901bd24dcd1d489b3fe6e9ddd903b9e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746146983", "to_ids": true, "type": "filename", "uuid": "d3d55821-ad3a-4494-9ef8-2c860e6dfcc1", "value": "613068422c214b944c_edr7b2e3fb60412ed99d35c9e18d53d45b16965c5a36f734aXxX113Rtf.rtf" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 23/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746146983", "to_ids": false, "type": "text", "uuid": "6935bb39-72ea-474b-855a-a82d97baa527", "value": "Rtf\r\nType Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-11882.ALY!MTB\nVT Total Detection:40/61\nFirst Submission:2023-12-14T06:29:52.000000+00:00\nLast Submission:2024-07-30T16:59:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034405", "uuid": "6d9d2610-2c03-4347-8ebc-9fb14975e261", "Attribute": [ { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034405", "to_ids": true, "type": "md5", "uuid": "14710ad1-3a33-463f-8de4-0e1e114d519b", "value": "8d7c43913eba26f96cd656966c1e26d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147004", "to_ids": true, "type": "sha1", "uuid": "34e66bed-5f5c-438b-977f-9b107f3e2df8", "value": "b8d6ec69b83954467c392b8fccdc60d4a459c718", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147005", "to_ids": true, "type": "sha256", "uuid": "80692f9b-9f19-4746-a2e7-275da05c1944", "value": "e21396bf5f9936310b4f53273db330a9620d78c1c744277b0e9126f0afdbc29d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147004", "to_ids": true, "type": "ssdeep", "uuid": "4b10f558-f670-4f6f-89f6-6baef0f92ccf", "value": "192:j7j4rIbadfwQkkS3KiZ6pL9lDOVMNcKYb4+rqwc2:j7jqJqa+vcBwc2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147004", "to_ids": false, "type": "size-in-bytes", "uuid": "8a80b7e7-271c-4732-97e5-fef8e01477e9", "value": "7565" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147004", "to_ids": true, "type": "vhash", "uuid": "66305f65-72e7-43ce-9a7d-47d520cafd31", "value": "8d901bd24dcd1d489b3fe6e9ddd903b9e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147004", "to_ids": true, "type": "filename", "uuid": "28c789eb-e263-425d-a502-27e03f4049b9", "value": "e21396bf5f9936310b4f532_edr73db330a9620d78c1c744277b0e9126f0afdbc29dXxX132Rtf.rtf" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147004", "to_ids": false, "type": "text", "uuid": "e93abe3a-d988-482f-99fe-02072207c025", "value": "Rtf\r\nType Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199.ALY!MTB\nVT Total Detection:41/63\nFirst Submission:2024-01-05T14:00:40.000000+00:00\nLast Submission:2024-01-05T14:00:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034426", "uuid": "560cf1c9-7e63-4fba-8298-e41de5f83c25", "Attribute": [ { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034426", "to_ids": true, "type": "md5", "uuid": "0a0cd40b-00cc-43ab-9bf4-a181c6e6e21a", "value": "d0d1fba6bb7be933889ace0d6955a1d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147026", "to_ids": true, "type": "sha1", "uuid": "ec7ef4a7-340e-4183-aa8b-459a64f93442", "value": "97b1bf8f984ce9c17e48473409b9670741260ed5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147026", "to_ids": true, "type": "sha256", "uuid": "6d955922-94f3-4c98-a0c6-53841917044a", "value": "9ce32ce5e2b70fec7f749e7868d89a4e3e739fed9c75cd6c4ec6eafde4c3711a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147025", "to_ids": true, "type": "ssdeep", "uuid": "eb00ee41-ec37-4acc-816a-1f9eb72f4e20", "value": "192:j7j4rIbadfwQkkS3KiZ6pL9lDOVMNcKYb4+r/ewc2:j7jqJqa+vc4ewc2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147025", "to_ids": false, "type": "size-in-bytes", "uuid": "250257a5-d699-4b30-8f08-c4f44f869444", "value": "7565" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147025", "to_ids": true, "type": "vhash", "uuid": "b72dc4a1-8081-4403-8cc4-252433efa8fa", "value": "8d901bd24dcd1d489b3fe6e9ddd903b9e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147025", "to_ids": true, "type": "filename", "uuid": "d21adb7c-8d5d-4214-8585-7faf8c4654f4", "value": "9ce32ce5e2b_edr70fec7f749e7868d89a4e3e739fed9c75cd6c4ec6eafde4c3711aXxX123Rtf.rtf" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147025", "to_ids": false, "type": "text", "uuid": "60ced6af-5296-456a-81d1-2b865552712f", "value": "Rtf\r\nType Description: Rich Text Format\nMicrosoft: Exploit:O97M/CVE-2017-0199.ALY!MTB\nVT Total Detection:41/63\nFirst Submission:2024-01-05T06:27:18.000000+00:00\nLast Submission:2024-07-30T18:44:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034448", "uuid": "70d4c295-00a7-4c4c-b389-15c6b39ee7af", "Attribute": [ { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034448", "to_ids": true, "type": "md5", "uuid": "0e447623-cede-418c-a248-aee16479bdf9", "value": "e706fc65f433e54538a3dbb1c359d75f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147047", "to_ids": true, "type": "sha1", "uuid": "f53630f6-0e8a-49fe-93dc-63e8970e95ac", "value": "50bd5dc57690dff1504bd9814b8c5d560a26bf3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rtf", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147047", "to_ids": true, "type": "sha256", "uuid": "a9054ba3-2905-4909-8b0a-db4bd4f9396c", "value": "e0e30050fc6b44a48b0d517417e9ceb6ad04d8aff34837f397382af9bb8dc5a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147047", "to_ids": true, "type": "ssdeep", "uuid": "bea6bf1f-5234-4b81-8c66-e74183930ebe", "value": "48:rYy5dYZi+g0T815E1/ZiV/Zi/F/ZiovZiV/ZiovZi:Uyp30TI5E1AVA/FA5VA5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147047", "to_ids": false, "type": "size-in-bytes", "uuid": "c0d1abc3-89ab-40af-be87-9f8d90df60c7", "value": "16384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147047", "to_ids": true, "type": "vhash", "uuid": "d88a359e-d876-4adb-b973-f442cfcb89b4", "value": "fe43cc098163d8fb4f1b2b088de0949b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147047", "to_ids": true, "type": "filename", "uuid": "98b24b55-0d94-4d63-bd6e-1fa85244184e", "value": "~WRF{110B5B57-93BF-49AE-B522-8207D8325B6C}.tmp" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 28/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147047", "to_ids": false, "type": "text", "uuid": "3f4f6537-70f2-4261-add0-4db95602d37d", "value": "Rtf\r\nType Description: MS Word Document\nMicrosoft: None\nVT Total Detection:25/62\nFirst Submission:2023-12-22T03:50:35.000000+00:00\nLast Submission:2024-11-28T10:12:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034469", "uuid": "058258c8-61a9-40c3-86c9-9c09d04a3941", "Attribute": [ { "category": "Payload delivery", "comment": "Lnk", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034469", "to_ids": true, "type": "md5", "uuid": "881498bb-66bd-4005-8246-186e0b40aa55", "value": "412b6ac53aeadb08449e41dccffb1abe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Lnk", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147068", "to_ids": true, "type": "sha1", "uuid": "63994e72-535c-4a1f-91c8-70d2908d49fa", "value": "848e1880211a544a8c9b82cc45e2969e42e86168", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Lnk", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147068", "to_ids": true, "type": "sha256", "uuid": "a75a3449-68f0-4201-aecf-674fa0238599", "value": "be271f5e1c588e8f46c988bdae35cef90b0621c42e4195bec5e456d167097f0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147068", "to_ids": true, "type": "ssdeep", "uuid": "ac930e0e-da97-40b7-8b30-0b612ffa424a", "value": "24:8tbReq8tVB8AnH2vE8+/X+MLpQv0I0/wO4I036XQaR3+rCGO+/Tm:8tlellH2+bLpG0I9RI26Xv3MvOg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147068", "to_ids": false, "type": "size-in-bytes", "uuid": "67fdccd4-53fa-4f93-af5e-bb6606e86203", "value": "2304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147068", "to_ids": true, "type": "vhash", "uuid": "0e1dc51a-54d9-491a-b583-142da8755e1c", "value": "d97147165dc6dec5c7dd28c7258b29e6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147068", "to_ids": true, "type": "filename", "uuid": "d22b45d4-73ba-49af-b2a4-99b7383ced17", "value": "412b6ac53aeadb08449e41dccffb1abe.bin.lnk" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147068", "to_ids": false, "type": "text", "uuid": "657c344d-176c-490e-a424-9c51b52c5c33", "value": "Lnk\r\nType Descriptio%WINDIR%\\shortcut\nMicrosoft: None\nVT Total Detection:33/62\nFirst Submission:2024-02-26T14:34:24.000000+00:00\nLast Submission:2025-02-21T13:05:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034490", "uuid": "73d6ee6b-1e0d-4181-8731-d893ee7e6bfd", "Attribute": [ { "category": "Payload delivery", "comment": "Lnk", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034490", "to_ids": true, "type": "md5", "uuid": "4b71cbef-9c87-4a32-a9aa-728bb0836653", "value": "2f4ba98dcd45e59fca488f436ab13501", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Lnk", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147089", "to_ids": true, "type": "sha1", "uuid": "f38a1f76-f624-410d-8137-4ec7a54aaeef", "value": "888505c6f1ee1998f66fbcaf7e3ec6e8452b8efb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Lnk", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147089", "to_ids": true, "type": "sha256", "uuid": "7183e327-2451-4dd1-a36d-3d1033e292ab", "value": "8d4b11acce641ec5b33b3fc90ec82a2fcdf2e243cb33558e16d7321488a2c70b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147089", "to_ids": true, "type": "ssdeep", "uuid": "9d0a67fa-5b8d-4ce5-a748-fbf4be806c56", "value": "48:8tlellH2Xxgdj+c8sHoII9RI26Xv3MvOg:8tlOoxgdtoIY+vMW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147089", "to_ids": false, "type": "size-in-bytes", "uuid": "d9f9159e-e3df-4917-bede-efc19bce9ea2", "value": "2314" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147089", "to_ids": true, "type": "vhash", "uuid": "2baaeda3-ddcc-4dd1-8055-47bb6027b696", "value": "d97147165dc6dec5c7dd28c7258b29e6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147089", "to_ids": true, "type": "filename", "uuid": "362f6f9d-1bf2-4f9c-b619-c88597203a1f", "value": "Special Envoy Speech at NCA.jpg .lnk" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147089", "to_ids": false, "type": "text", "uuid": "344e72e6-1c58-45c2-afe2-f869f1a8411f", "value": "Lnk\r\nType Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/LNK!MSR\nVT Total Detection:31/63\nFirst Submission:2024-02-28T03:49:19.000000+00:00\nLast Submission:2024-02-28T03:49:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034511", "uuid": "c0ed6d72-0702-46c3-a047-c068e81087ea", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034511", "to_ids": true, "type": "md5", "uuid": "d254f5c4-c4ca-43ab-bec0-327ad363870f", "value": "b69867ee5b9581687cef96e873b775ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147111", "to_ids": true, "type": "sha1", "uuid": "b669fad5-0c25-4ec1-88a3-236053a90c14", "value": "a2c01e82c7434bc01768f8dd5b39f0febab863c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147111", "to_ids": true, "type": "sha256", "uuid": "d3062cde-ded5-4b09-a1e4-9d487ea472e9", "value": "5f6142358cd74edbf0f1d8716f1b036c1ed0c0d2b75eb839c5d3ca5f71f18e57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147111", "to_ids": true, "type": "ssdeep", "uuid": "9a85e4ff-2506-410e-be55-cbc8c88424fc", "value": "768:nsNVs5SPduqvI/Fd42Rp3+nNDJNtuPPkLLN5vCzVMLTil7hWG3Uz4Eq:nfS1fvmFd4KRyNNuKN5vCZMLTi+GNEq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147111", "to_ids": false, "type": "size-in-bytes", "uuid": "38e7b925-355f-4b3c-bfc4-d0aca2816f32", "value": "51200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147111", "to_ids": true, "type": "vhash", "uuid": "04f3df90-9d63-4021-9dc6-58aad940ca12", "value": "3540465d55155a01fd01031" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147111", "to_ids": true, "type": "filename", "uuid": "42319d21-63bd-48e8-80a2-77f1855d59c9", "value": "propsys.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147111", "to_ids": false, "type": "text", "uuid": "af2e5187-d471-4088-80f1-e533ac48ae87", "value": "Backdoor Loader - propsys.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:43/72\nFirst Submission:2023-09-04T23:07:04.000000+00:00\nLast Submission:2023-09-04T23:07:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034532", "uuid": "b541c05d-7524-47d5-8725-1cb214322314", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034532", "to_ids": true, "type": "md5", "uuid": "c0a66cf2-bf7e-497a-96d7-174e8d9697f2", "value": "c3ce4094b3411060928143f63701aa2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147132", "to_ids": true, "type": "sha1", "uuid": "8fc2869e-a2a8-47b3-90c6-e7fc3b125d97", "value": "34227b593c97413e88274b255bbe1135803e96e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147132", "to_ids": true, "type": "sha256", "uuid": "6c5a047d-06e4-48d1-8057-ff20bc0db0c2", "value": "4d3392cb600c19ddd020bd307cfffeed3fdd66231fef16a95f14c9a44ebe2504", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147132", "to_ids": true, "type": "ssdeep", "uuid": "56ad8be8-9cee-47cd-9c6e-e4a5a7c17b9b", "value": "768:nsENB1W75xDnTODqR/xfyiZhzrBwD8YiJ5eN8OB5hlG3Uz4E0T:nN1W75RTOyfyyhzKD8YiJ5ezBtGNE0T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147132", "to_ids": false, "type": "size-in-bytes", "uuid": "e4d86f33-9cb4-4b64-aba4-6c2491598db8", "value": "50688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147132", "to_ids": true, "type": "vhash", "uuid": "47767c52-04e0-460f-b62d-469c9747ee5c", "value": "3540465d55155a01fd01031" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147132", "to_ids": true, "type": "filename", "uuid": "63781822-0613-48e9-870c-4f2a4b471b53", "value": "propsys.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147132", "to_ids": false, "type": "text", "uuid": "e520d541-90da-4d20-974e-3a95c92ddf59", "value": "Backdoor Loader - propsys.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:47/72\nFirst Submission:2023-08-31T22:27:33.000000+00:00\nLast Submission:2023-08-31T22:27:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034554", "uuid": "629e37ca-5480-4954-9903-0ea45e55c211", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034554", "to_ids": true, "type": "md5", "uuid": "28031e5f-01df-4745-9cc7-8e21115af742", "value": "e1bdfa55227d37a71cdc248dc9512296", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147153", "to_ids": true, "type": "sha1", "uuid": "272ad457-fa1d-4a34-9da2-6d75fbf9091e", "value": "e5b1d96070415422d79fe323eb3be74da54bf523", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147154", "to_ids": true, "type": "sha256", "uuid": "a7db473a-a146-46a8-8182-e9e207d9bd6b", "value": "9ef7b670dacc44f29f6a398e6226091cf81111790246c5106b091dc0416b6898", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147153", "to_ids": true, "type": "ssdeep", "uuid": "c9044514-f7f9-45f1-bf55-8494bde4ec43", "value": "768:7BORGU6fUK/It0SfRgDBEAQOh5CG39EF:7gofUug0SfRgFEAkGNEF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147153", "to_ids": false, "type": "size-in-bytes", "uuid": "5df87f91-eefa-4e98-97c6-9728ad1b52bf", "value": "41984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147153", "to_ids": true, "type": "vhash", "uuid": "d200c6a4-dbe2-4b68-9468-1b6c3b46d514", "value": "3440465d55155a01fe02031" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147153", "to_ids": true, "type": "filename", "uuid": "161de982-4468-46a1-9b1e-f286f84eb987", "value": "propsys.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147153", "to_ids": false, "type": "text", "uuid": "ee507cd8-b846-4bdf-8203-474242bb37ab", "value": "Backdoor Loader - propsys.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:44/72\nFirst Submission:2023-09-18T22:16:09.000000+00:00\nLast Submission:2024-11-12T18:49:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034576", "uuid": "10c326ae-7346-465b-bb7d-40721c1c7fab", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034576", "to_ids": true, "type": "md5", "uuid": "13aa6c81-2cbc-4df1-923a-c90c86dd50d6", "value": "ea4b3f023bac3ad1a982cace9a6eafc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147175", "to_ids": true, "type": "sha1", "uuid": "2a26118a-36cc-4a13-bdde-8bc915f54e66", "value": "1b9a1ae430b77d2bdf3f47b43e18384aef2977da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147175", "to_ids": true, "type": "sha256", "uuid": "f5ef9f6e-a59b-4c1a-b4be-714f3259ff40", "value": "13d766a94150772c54e3dfa57957bad05e8722baa0168429ea27c84916b052cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147174", "to_ids": true, "type": "ssdeep", "uuid": "9e5a01e0-80e2-4cbb-87a5-477647499288", "value": "768:KsKrleoaFDj7Cn0QnwiQVGHs1TOx03YxhDG3Uz4Ed:KXmFP7CnzwiQMM1ygYDGNEd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147174", "to_ids": false, "type": "size-in-bytes", "uuid": "7e40af0e-c3fc-4e8b-bec5-b9247bd9d019", "value": "50176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147174", "to_ids": true, "type": "vhash", "uuid": "a2386194-b4e3-4a56-8e41-453706d768b7", "value": "3540465d55155901fd01031" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147174", "to_ids": true, "type": "filename", "uuid": "4be3165f-3188-44ca-a231-db267aacca60", "value": "propsys.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147174", "to_ids": false, "type": "text", "uuid": "f9e51f75-fcdd-4bbe-8348-7fca2aeb4cbe", "value": "Backdoor Loader - propsys.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:46/72\nFirst Submission:2023-08-31T22:29:13.000000+00:00\nLast Submission:2024-11-12T18:49:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034597", "uuid": "9cd52316-5a64-40eb-9a22-c8e5c2d89c2e", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034597", "to_ids": true, "type": "md5", "uuid": "81abd8ce-dce1-4ff7-8f36-05ecb971c3b7", "value": "44dbdd87b60c20b22d2a7926ad2d7bea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147196", "to_ids": true, "type": "sha1", "uuid": "c63f89cc-957e-4fc3-ac14-7338cf3c2c9d", "value": "c69ddab74b224a0a8642f5455f4fca30147af4e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147196", "to_ids": true, "type": "sha256", "uuid": "e77bd286-4004-450b-b13d-a77f417e4688", "value": "e858d6d5e93f768e0cb9271a6e9a841086a14ff7abe3ee51d5f69f9a6c325028", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147195", "to_ids": true, "type": "ssdeep", "uuid": "4cf91176-e6fe-4f3f-a27e-694df2d0a520", "value": "1536:wrHWqh4HkzjLO3Zf9AxTOBO203s0VpPNNys3jy8y27B3KMUGxE0:wHY7lSOBP080VZNcGyQE0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147195", "to_ids": false, "type": "size-in-bytes", "uuid": "2cd7b9e4-c32e-4bf9-a072-c409c176eaa8", "value": "154624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147195", "to_ids": true, "type": "vhash", "uuid": "3aa8949c-4b40-47ab-a290-b19ec8ad8ed7", "value": "3150465d55155a01fe01033" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147195", "to_ids": true, "type": "filename", "uuid": "8be47160-212f-4383-b4fb-5d251c1826e1", "value": "propsys.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147195", "to_ids": false, "type": "text", "uuid": "ac83df4c-c9c4-4eeb-8341-f087502f0dab", "value": "Backdoor Loader - propsys.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Malgent!MSR\nVT Total Detection:46/72\nFirst Submission:2023-09-02T16:50:12.000000+00:00\nLast Submission:2024-11-09T16:34:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034618", "uuid": "0bfb847a-ec62-44d6-a480-6056f5feb64a", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034618", "to_ids": true, "type": "md5", "uuid": "6ad4ec75-5646-4da9-ad6f-5ad690ba4e34", "value": "7e97cbf25eef7fc79828c033049822af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147218", "to_ids": true, "type": "sha1", "uuid": "e643e8a7-9075-40d8-85eb-a6f1a77db498", "value": "70f75ff5db9aa931878e64ad68b342fb641f6310", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - propsys.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147218", "to_ids": true, "type": "sha256", "uuid": "bffdd805-6bfd-4f7b-b4eb-29b5abe9808d", "value": "a8165ae0693248dc9c967bf598f8f79d59748c6d5c4280b6885db73d3f41316c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147218", "to_ids": true, "type": "ssdeep", "uuid": "6d1d63a5-2e14-4355-b6ae-9b17dd1e6a89", "value": "768:1sg8HZUvdCWqlqy8qjzqoLDCtSOFPTHvTI9YG1J7v7hgG3Uz4EI:1Bn2ky7jzpLGtvPjbI9R1JrGGNEI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147218", "to_ids": false, "type": "size-in-bytes", "uuid": "5bb73c24-7e03-4617-9331-39da71e32185", "value": "50688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147218", "to_ids": true, "type": "vhash", "uuid": "f13c3c7f-34d3-466b-9702-26bf624e8e79", "value": "3540465d55155a00fc1z30" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147218", "to_ids": true, "type": "filename", "uuid": "6bd38319-e6ac-42e8-9463-9ad4ae5f3d2a", "value": "propsys.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147218", "to_ids": false, "type": "text", "uuid": "a5b0826f-f9f8-4edc-82ea-0797903205b4", "value": "Backdoor Loader - propsys.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Malgent!MSR\nVT Total Detection:42/72\nFirst Submission:2023-08-31T22:31:27.000000+00:00\nLast Submission:2024-11-12T18:48:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034639", "uuid": "20c106b9-95a6-46b7-9ad0-8ab108f23436", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034639", "to_ids": true, "type": "md5", "uuid": "554eb475-360a-4d2a-a1c9-393917ac7b82", "value": "101a63ecdd8c68434c665bf2b1d3ffc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147239", "to_ids": true, "type": "sha1", "uuid": "0ac8c267-5154-40da-bd0c-e81bd43b8816", "value": "02cb2c5e31961b9b3229f14b35a003da23928778", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147240", "to_ids": true, "type": "sha256", "uuid": "9b11372c-13e2-4d90-a893-931b3e28c459", "value": "8780e03bbbe833f797509f9ca0b3fd37eb84b63299a88723c82d9518c56bd5a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147239", "to_ids": true, "type": "ssdeep", "uuid": "83672eb9-4377-4459-bcb2-894cf6e37a81", "value": "768:XQJLpcuGpLwDOwad4G3zcAfaiI1Nj3CUL/Hb:GdcugKEXjcMQLvb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147239", "to_ids": false, "type": "size-in-bytes", "uuid": "8e0d199c-bbba-4330-a0c0-277908b7b120", "value": "27136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147239", "to_ids": true, "type": "vhash", "uuid": "43c365a7-5bfa-4303-a656-be7ff8ac3570", "value": "3240465d1515171z41z20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147239", "to_ids": true, "type": "filename", "uuid": "643cc764-e675-4743-a2f9-abb740b67cc7", "value": "vsstrace.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 25/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147239", "to_ids": false, "type": "text", "uuid": "07cf3ad0-4e3a-4fd9-9560-9c37b99308ae", "value": "Backdoor Loader - vsstrace.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:49/73\nFirst Submission:2024-01-20T21:20:51.000000+00:00\nLast Submission:2025-03-24T12:41:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034660", "uuid": "b1cf82ae-45e6-4285-942d-632e209361e7", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034660", "to_ids": true, "type": "md5", "uuid": "e9ce66a8-7c5c-4398-b102-c8c78f739f73", "value": "d885df399fc9f6c80e2df0c290414c2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147261", "to_ids": true, "type": "sha1", "uuid": "2fd1d262-e51a-4f58-b6f4-9f8ec103ce35", "value": "016c5652dd1e2ce1b6fe87ff47558d45fcfd216f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147261", "to_ids": true, "type": "sha256", "uuid": "c9ca95bb-e9cc-4e30-acfa-ed549e32c8e3", "value": "d45206e333f32368fcfc1cf0a60953b3b44e7786b05129f206cbcc58065510ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147260", "to_ids": true, "type": "ssdeep", "uuid": "25abfad0-79d4-4101-b31e-2ab74fcc8340", "value": "768:m9GBr6bUHAyHuD7eu9jEZcbQnXjP8IiKuoGI:QGsbUgyzcujKKsI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147260", "to_ids": false, "type": "size-in-bytes", "uuid": "d8488d68-eb65-4835-8cf3-c3589fe3eaf2", "value": "27136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147260", "to_ids": true, "type": "vhash", "uuid": "92a0a0d9-c537-4923-95a9-4bd8d46c79cd", "value": "3240465d1515171z41z20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147260", "to_ids": true, "type": "filename", "uuid": "221bf205-2c97-4afd-8c6b-fd99f3bc3bc3", "value": "vsstrace.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147260", "to_ids": false, "type": "text", "uuid": "ebc8233e-bb88-4427-b177-482eaa3096f9", "value": "Backdoor Loader - vsstrace.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:46/72\nFirst Submission:2024-02-23T17:41:33.000000+00:00\nLast Submission:2025-03-24T12:49:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034681", "uuid": "29110403-47d2-4293-a8f9-3206f7b31deb", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034681", "to_ids": true, "type": "md5", "uuid": "61c29cc7-f2e5-480b-b852-ad05ce8c95da", "value": "92dd91a5e3dfb6260e13c8033b729e03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147282", "to_ids": true, "type": "sha1", "uuid": "612310b1-4202-4f7f-8240-3807a3109edc", "value": "68e76d8bcc94a74ff9b207322dc1d8ffa87fb893", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147282", "to_ids": true, "type": "sha256", "uuid": "5d55d380-fd34-4787-bd06-2eaa9f997d02", "value": "d1d78929f853dd6a9415ba11b8ed09e5cbd887d668d4057791b1b20f2b3a916a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147281", "to_ids": true, "type": "ssdeep", "uuid": "3a01378d-ab44-455f-addb-cd1d8281f6d6", "value": "768:hMChnbB39+O9AaKWFt8Zd+4oudkExDYpr:qybBQWFyhmExgr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147281", "to_ids": false, "type": "size-in-bytes", "uuid": "69b56fe0-f802-4631-b08a-b96b206fbc3a", "value": "27136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147281", "to_ids": true, "type": "vhash", "uuid": "5319d56a-70c8-42f1-80bb-b752e8f13ce0", "value": "3240465d1515171z41z20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147281", "to_ids": true, "type": "filename", "uuid": "2b340bed-93b8-4555-9ac3-1f00d5682022", "value": "vsstrace.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147282", "to_ids": false, "type": "text", "uuid": "8f7a3d2d-bd9d-4a91-b229-7877b10866ac", "value": "Backdoor Loader - vsstrace.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:47/72\nFirst Submission:2024-02-23T18:07:03.000000+00:00\nLast Submission:2024-11-21T20:51:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034703", "uuid": "8f98ea8d-0380-4c43-9c93-a83f28218804", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034703", "to_ids": true, "type": "md5", "uuid": "58181c63-4d30-48f0-b1ed-877f2659f75d", "value": "515d2d6f91ba4b76847301855dfc0e83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147303", "to_ids": true, "type": "sha1", "uuid": "eb44200a-6c4c-4884-9615-39ae86d63981", "value": "ddd82f5719d9fbb1d4ddc1ff666a2e8002efba67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147303", "to_ids": true, "type": "sha256", "uuid": "bcf090a7-2ad0-4bc6-aadd-182b0b4c5d3f", "value": "7343b454a5f85e650ac781d0aacbfe062d6ec73f891442961f740bd96f357823", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147303", "to_ids": true, "type": "ssdeep", "uuid": "a2a5f8be-d22d-4a06-a299-aa19dc2b159e", "value": "768:wAjC+1RmTcAJ/iEijAFYyskjAHIYoa1aY7A2V2F:wECiRIJVDijA/h27DV2F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147303", "to_ids": false, "type": "size-in-bytes", "uuid": "68d3a5a4-b3a5-40c3-8ef2-2593f61ab39e", "value": "28160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147303", "to_ids": true, "type": "vhash", "uuid": "f2bbb0fc-e7f6-4434-9bbc-62697c7ead70", "value": "3240465d1515181z61z20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147303", "to_ids": true, "type": "filename", "uuid": "278650ca-4629-4766-b204-144607838d5c", "value": "vsstrace.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147303", "to_ids": false, "type": "text", "uuid": "3c60fe39-a1d2-42cd-94be-7fbfbdeabb56", "value": "Backdoor Loader - vsstrace.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:43/72\nFirst Submission:2023-08-25T20:20:42.000000+00:00\nLast Submission:2024-11-12T18:50:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034724", "uuid": "2a73041a-78bb-4f9f-8e5f-a2ceef298fa8", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034724", "to_ids": true, "type": "md5", "uuid": "81e5f3c6-993c-4873-8569-b516dbdee706", "value": "3ede84d84c02aa7483eb734776a20dea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147324", "to_ids": true, "type": "sha1", "uuid": "f25fb63f-1e17-41df-b4b2-7e573af2d265", "value": "e6bf05453890dd1650a9e8d826715c021862276d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147324", "to_ids": true, "type": "sha256", "uuid": "55072880-db55-4b82-8527-0f4b01aa3994", "value": "5190832f54ce9565e2c1d780b9f925cb34881245f333228ee5aa8c5fdede6381", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147324", "to_ids": true, "type": "ssdeep", "uuid": "dd036e34-093b-40aa-83eb-9cf555405962", "value": "768:wAjC+1RmTcAJ/iEijAFYyskjAHIYoa1aY7A2V2F:wECiRIJVDijA/h27DV2F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147324", "to_ids": false, "type": "size-in-bytes", "uuid": "d3b099fb-7070-4224-b43e-c29e78110a94", "value": "28160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147324", "to_ids": true, "type": "vhash", "uuid": "4e770b4c-1cf0-4eab-b055-d7136c918d67", "value": "3240465d1515181z61z20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147324", "to_ids": true, "type": "filename", "uuid": "449ddcfc-2237-46a6-b3d0-a0455876ab9c", "value": "vsstrace.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147324", "to_ids": false, "type": "text", "uuid": "de663c83-a9ae-4336-a7b9-2bb89b91c08b", "value": "Backdoor Loader - vsstrace.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:47/72\nFirst Submission:2023-11-02T07:11:24.000000+00:00\nLast Submission:2024-11-12T18:50:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034745", "uuid": "26961f42-19ae-4805-b236-14a7daa2ae19", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034745", "to_ids": true, "type": "md5", "uuid": "2571d70e-668e-42ea-b99a-91f46d52fdcd", "value": "2011658436a7b04935c06f59a5db7161", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147345", "to_ids": true, "type": "sha1", "uuid": "78c1f3aa-812b-4e97-b706-100d1f0c4ad1", "value": "7001056a744748ad5d245a9f80a51beadbef01bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader - vsstrace.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147345", "to_ids": true, "type": "sha256", "uuid": "e66a1057-61c7-4271-b27b-40c69d76b9e1", "value": "37bcd5be0bc3af2fc9cf51f2b163ab4c280d61167cf271f896d770fff388b6e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147345", "to_ids": true, "type": "ssdeep", "uuid": "48270c31-705c-481d-b31a-f402b0799ce0", "value": "384:s3zAhlEN0M2FUA2NxV/N6XL35PIiH+iYk1+WTWQfY2Ym0qJo1hoEqFF99Ayru1:qAfC03FUxdNI3NH+iJ15dYnqM2E2AMU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147345", "to_ids": false, "type": "size-in-bytes", "uuid": "68eb7756-3a59-4f12-a846-40d583a4f6f6", "value": "27648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147345", "to_ids": true, "type": "vhash", "uuid": "7e439247-b023-4989-8c9d-350f25b276f0", "value": "3240465d1515181z61z20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147345", "to_ids": true, "type": "filename", "uuid": "d933a321-9e82-4b37-8697-af5bb6e1ce65", "value": "vsstrace.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147345", "to_ids": false, "type": "text", "uuid": "56abcb5c-151f-402e-8eee-ee48550e6a7e", "value": "Backdoor Loader - vsstrace.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:45/72\nFirst Submission:2023-09-22T23:57:13.000000+00:00\nLast Submission:2024-11-21T19:40:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034766", "uuid": "0f61cc62-56a2-4908-83e6-59be8fd637cb", "Attribute": [ { "category": "Payload delivery", "comment": "SyncBotServiceHijack.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034766", "to_ids": true, "type": "md5", "uuid": "98e009a7-9d95-44ce-b1d3-ee4b1c8b41ea", "value": "1be93704870afd0b22a4475014f199c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SyncBotServiceHijack.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147575", "to_ids": true, "type": "sha1", "uuid": "fdbbf654-c6dd-428d-a2aa-df25cc8b95ef", "value": "a0f80514111f19580833b093ab30c46c3ab0dbf8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SyncBotServiceHijack.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147575", "to_ids": true, "type": "sha256", "uuid": "9c24649e-a458-4d4b-8d2e-3d08be5dcf47", "value": "3312ff7799202d43e367f857c40bed748ef270ffcd23ca89092cf4accb771c0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147575", "to_ids": true, "type": "ssdeep", "uuid": "657fa0a4-68e5-4199-b161-3d2e57824f5a", "value": "3072:qtC1HHeAgmlZ6m8G5blIfLAY6g3q3gVryPh+TV:qIHHe0lZ6mBrgT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147575", "to_ids": false, "type": "size-in-bytes", "uuid": "7e0ef913-a8fa-4a54-9360-82bfa88c949f", "value": "109056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147575", "to_ids": true, "type": "vhash", "uuid": "a09c352f-68e2-43c4-8e45-5609dd957914", "value": "115076655d155515155az49=zb4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147575", "to_ids": true, "type": "filename", "uuid": "c4656e4a-e69d-45f1-98ca-c4d408305dcb", "value": "winmm.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147575", "to_ids": false, "type": "text", "uuid": "f560d7a4-fcd6-4148-b3e4-e439d2b82cba", "value": "SyncBotServiceHijack.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Malgent!MSR\nVT Total Detection:45/73\nFirst Submission:2024-01-18T06:17:12.000000+00:00\nLast Submission:2024-11-02T11:26:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034787", "uuid": "faf9c4b6-042b-40ff-8cf9-e90bda1ee6ba", "Attribute": [ { "category": "Payload delivery", "comment": "Service Hijack", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034787", "to_ids": true, "type": "md5", "uuid": "405b43c7-fe8e-4e89-804d-822220d17466", "value": "f840c721e533c05d152d2bc7bf1bc165", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Service Hijack", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147596", "to_ids": true, "type": "sha1", "uuid": "bca2e74e-56f7-44bb-a1d6-51814b40fbfd", "value": "750e8859da34931702580181c2543caa048ddbb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Service Hijack", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147596", "to_ids": true, "type": "sha256", "uuid": "b30021d9-efcf-47f7-8dd1-a9d690286678", "value": "187da8dc2330dda1cb06dc1f9aeeb3bd1fb433d4a00bdf46a05337935ba92e42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147596", "to_ids": true, "type": "ssdeep", "uuid": "2e5af56f-f38a-40e6-a512-b84a1c5078d8", "value": "48:6Ey81kN8TIj20ehQJodJYo42/8eC/HWcuulFJshQiqkpfbNtm:11kN8TIq0sQiAo42d0HP/J2QGzNt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147596", "to_ids": false, "type": "size-in-bytes", "uuid": "e926cea2-c766-4dc6-90e0-b5cbbedb8326", "value": "4608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147596", "to_ids": true, "type": "vhash", "uuid": "1cbaf45a-cbf6-404a-a718-b591006c2c38", "value": "2430361515152z20021" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147596", "to_ids": true, "type": "filename", "uuid": "ef177519-6849-433e-84a5-4c660b080d1c", "value": "Manage.exe" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147596", "to_ids": false, "type": "text", "uuid": "816ec9da-0cea-4c5e-927c-27a875dc50e6", "value": "Service Hijack\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Malgent!MSR\nVT Total Detection:46/73\nFirst Submission:2023-07-14T10:22:47.000000+00:00\nLast Submission:2024-11-02T11:35:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034809", "uuid": "7a3205a6-b6cb-47fe-b659-687878fd3046", "Attribute": [ { "category": "Payload delivery", "comment": "Backdoor Loader devobj.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034809", "to_ids": true, "type": "md5", "uuid": "81c4249b-dad9-4e0e-9e91-6a3718ef71ca", "value": "5718c0d69939284ce4f6e0ce580958df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader devobj.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746147618", "to_ids": true, "type": "sha1", "uuid": "343e6d20-ce1d-4e3f-9af8-79f9842349be", "value": "2f7195a3b2f6e83a974b18d98348731bcecb4b3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Backdoor Loader devobj.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746147618", "to_ids": true, "type": "sha256", "uuid": "dd842d82-02a5-41f5-824e-a4a6dbd21f46", "value": "16517cbc61f42c478b1e045f3e56e5a35f03614e31e6b3e92b34a2294bbb23b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147617", "to_ids": true, "type": "ssdeep", "uuid": "f0408d12-24d2-4a88-b12e-f4373e3318c2", "value": "384:8NdkwcdLp73Jx3roIS57RKrByRL5UyFLskYA9:gkw6SJsgRL5xLsFA9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147617", "to_ids": false, "type": "size-in-bytes", "uuid": "3959f2c6-f31d-4926-a3ce-d9f8b260bef9", "value": "27648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147617", "to_ids": true, "type": "vhash", "uuid": "52a3ad5e-f3b5-4eca-a324-eef7fae60c71", "value": "3240465d551519043f21051" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147617", "to_ids": true, "type": "filename", "uuid": "78ef8170-87e4-4ee4-8aea-f0196d1a53e7", "value": "devobj.dll" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147617", "to_ids": false, "type": "text", "uuid": "02355d5f-22df-4c67-a3d6-8efd2782fc12", "value": "Backdoor Loader devobj.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:48/72\nFirst Submission:2024-01-18T06:09:49.000000+00:00\nLast Submission:2025-03-24T12:41:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773034831", "uuid": "3ac477a5-9535-4313-b380-34740ea9b68c", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate program signed by Microsoft", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773034831", "to_ids": false, "type": "md5", "uuid": "28418331-2029-45ff-aab6-fc566429bc9e", "value": "ba54013cad72cd79d2b7843602835ed3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate program signed by Microsoft", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746149217", "to_ids": false, "type": "sha1", "uuid": "df5b9ea2-e0c9-4343-9597-02376831c72f", "value": "f89261d8ab16cfeca8a26a9e49dab0aeebf1f0db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate program signed by Microsoft", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746149219", "to_ids": false, "type": "sha256", "uuid": "8d1a68a4-5e32-4b2f-b0e7-e2a2870570d1", "value": "323d09a48b982f2e880f4bc529f6756bbe53cb59ced8deabbf3705cd5de935e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746147659", "to_ids": true, "type": "ssdeep", "uuid": "b34c185a-5b29-47c9-a981-5df9120920a0", "value": "1536:4Cyn7pGs+ZZp4FYwtsv4+LThW3dFMyYvXAlxM3lFJnhIK:Hs+bp43tsAmW3dFMrAlKVDh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746147659", "to_ids": false, "type": "size-in-bytes", "uuid": "29e3e745-90b7-4029-9b0d-51e349d093e5", "value": "128512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746147659", "to_ids": true, "type": "vhash", "uuid": "609b9c2d-3425-40c0-ad62-0f5e38351f85", "value": "0150566d15551560a02021z4003e2c1z11zd3z21zd0b001c4z18z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746147659", "to_ids": true, "type": "filename", "uuid": "910256da-9664-4993-987c-5ef31b7ab895", "value": "fsquirt.exe" }, { "category": "Other", "comment": "Checked: 02/05/2025\nLast-scan\t: 29/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746147659", "to_ids": false, "type": "text", "uuid": "a5abe089-3cfd-464a-9922-29e9fb7ccfb6", "value": "Legitimate program signed by Microsoft\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2020-01-13T15:18:21.000000+00:00\nLast Submission:2024-06-04T10:24:49.000000+00:00" } ] } ] } }