{ "Event": { "analysis": "1", "date": "2025-05-02", "extends_uuid": "", "info": "[Threat Intel] DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists", "protected": false, "publish_timestamp": "1780041138", "published": true, "threat_level_id": "2", "timestamp": "1772902050", "uuid": "a4935432-8884-47bf-b4ad-ffcaa16c2cff", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"SentinelOne\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#eb2300", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Defacement - T1491\"", "relationship_type": "" }, { "colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#fda248", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Services - T1569\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": "" }, { "colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"dragonforce\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746616232", "to_ids": false, "type": "link", "uuid": "4d2534da-f976-4d02-8fc5-5c8b1058723c", "value": "https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1746616232", "to_ids": false, "type": "text", "uuid": "296b03e8-3b2e-4c90-8a2b-cdf0284ee6c0", "value": "The DragonForce ransomware group, initially a pro-Palestine hacktivist operation, has evolved into a profit-driven extortion enterprise targeting UK retailers and various global entities. Emerging in August 2023, the group now employs a multi-extortion model, threatening data leaks and reputational damage. Their tactics include phishing, vulnerability exploitation, and credential stuffing for initial access. DragonForce has developed its own ransomware based on leaked LockBit and Conti code, offering customizable payloads for different platforms. Recently, they introduced a 'white-label' service allowing affiliates to disguise attacks under different brands. The group's expansion and self-branding as a 'Ransomware Cartel' indicate a strategic move to elevate their status in the cybercrime landscape." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1746616232", "to_ids": false, "type": "text", "uuid": "98445f8a-555b-4693-b15c-24b70d48bba7", "value": "Name: DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists\nAuthor: AlienVault\nAdversary: DragonForce\nTags: [\"ransomware\", \"systembc\", \"multi-extortion\", \"cve-2024-21412\", \"cve-2024-21893\", \"dragonforce ransomware\", \"cve-2021-44228\", \"cobalt strike\", \"cve-2024-21887\", \"white-label\", \"cve-2023-46805\", \"extortion\"]\nTgtd countries: [\"British Indian Ocean Territory\", \"India\", \"Israel\", \"Malaysia\", \"Saudi Arabia\", \"United Kingdom of Great Britain and Northern Ireland\"]\nMlwr families: []\nAttack_ids: [\"T1003\", \"T1133\", \"T1489\", \"T1071\", \"T1005\", \"T1190\", \"T1567\", \"T1055\", \"T1021\", \"T1491\", \"T1020\", \"T1566\", \"T1078\", \"T1027\", \"T1486\", \"T1573\", \"T1095\", \"T1569\", \"T1046\", \"T1490\"]\nIndustries: [\"Retail\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1746616232", "to_ids": false, "type": "threat-actor", "uuid": "89e198f4-89e4-4882-9cf0-b6ed3dcd3862", "value": "DragonForce" }, { "category": "Network activity", "comment": "Victim Portals and Data Leak Sites", "deleted": false, "disable_correlation": false, "timestamp": "1746719396", "to_ids": true, "type": "domain", "uuid": "8245fee0-209a-4c3d-b62b-0f3a4276a4cd", "value": "3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Victim Portals and Data Leak Sites", "deleted": false, "disable_correlation": false, "timestamp": "1746719417", "to_ids": true, "type": "domain", "uuid": "943d916a-9873-4719-affc-985fef977363", "value": "ijbw7iiyodqzpg6ooewbgn6mv2pinoer3k5pzdecoejsw5nyoe73zvad.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Victim Portals and Data Leak Sites", "deleted": false, "disable_correlation": false, "timestamp": "1746719439", "to_ids": true, "type": "domain", "uuid": "7c59e7ca-4fce-480d-b1ba-ff310666a421", "value": "kfgjwkho24xiwckcf53x7qyruobbkhx4eqn2c6oe4hprbn23rcp6qcqd.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Victim Portals and Data Leak Sites", "deleted": false, "disable_correlation": false, "timestamp": "1746719460", "to_ids": true, "type": "domain", "uuid": "00a23751-f3a1-4c30-9cc0-f78652bb7362", "value": "rnc6scfbqslz5aqxfg5hrjel5qomxsclltc6jvhahi6qwt7op5qc7iad.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Victim Portals and Data Leak Sites", "deleted": false, "disable_correlation": false, "timestamp": "1746719482", "to_ids": true, "type": "domain", "uuid": "3ac5462e-b995-4301-a09d-5eeeb7fd6b86", "value": "rrrbay3nf4c2wxmhprc6eotjlpqkeowfuobodic4x4nzqtosx3ebirid.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Victim Portals and Data Leak Sites", "deleted": false, "disable_correlation": false, "timestamp": "1746719503", "to_ids": true, "type": "domain", "uuid": "540bfa55-475b-4748-a31f-31a791c55676", "value": "rrrbayguhgtgxrdg5myxkdc2cxei25u6brknfqkl3a35nse7f2arblyd.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Victim Portals and Data Leak Sites", "deleted": false, "disable_correlation": false, "timestamp": "1746719524", "to_ids": true, "type": "domain", "uuid": "43e296d4-1765-453d-af31-d61dcb89ec79", "value": "rrrbaygxp3f2qtgvfqk6ffhdrm24ucxvbr6mhxsga4faefqyd77w7tqd.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Victim Portals and Data Leak Sites", "deleted": false, "disable_correlation": false, "timestamp": "1746719545", "to_ids": true, "type": "domain", "uuid": "20d6d9d6-9215-4ae9-b0e2-c215a21eaf90", "value": "z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719566", "uuid": "575c2e80-9797-4f3d-b363-65f5e8c66037", "Attribute": [ { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719566", "to_ids": true, "type": "md5", "uuid": "4a33f6f1-def7-4931-8a47-2352fb90f2d7", "value": "bbe65e9ef2fc18f40e1a56047f9e52a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715079", "to_ids": true, "type": "sha1", "uuid": "218b8e6b-0d69-47d4-a4c9-d95d492e247d", "value": "343220b0e37841dc002407860057eb10dbeea94d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715080", "to_ids": true, "type": "sha256", "uuid": "83336d44-e10b-4353-8650-db48fdde191a", "value": "fd091f36db2751d75cf3269aa823d80992f209f5ba508c4075922c8579979a15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715079", "to_ids": true, "type": "ssdeep", "uuid": "12e535f5-210b-4d81-a862-22a5f6559ecb", "value": "24:aWJ9rsxXB9xv1PCW7cIPd7xeqN8LL0xLxQrcUHboJTGzTKZhjsbPJkmwG51t9rd:akpshB31fgsjOSLFUHboGsWbK8rt9p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715079", "to_ids": false, "type": "size-in-bytes", "uuid": "c62353de-7975-487f-b654-93fa1ced06bc", "value": "1623" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715079", "to_ids": true, "type": "filename", "uuid": "9d5b3df3-0f7f-4391-a405-23876987ac13", "value": "readme.txt" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715079", "to_ids": false, "type": "text", "uuid": "436bf787-b4a6-4f92-9cae-0ec55df33966", "value": "Ransom Notes\r\nType Description: Text\nMicrosoft: None\nVT Total Detection:9/61\nFirst Submission:2025-02-13T10:55:12.000000+00:00\nLast Submission:2025-05-07T13:43:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719587", "uuid": "72b5c9b9-b2ee-4e1b-b94b-ced81828717d", "Attribute": [ { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719587", "to_ids": true, "type": "md5", "uuid": "b2e211df-557d-4bcd-89e1-ab74ea422268", "value": "4da3d898b4255e87bfd7bb998387cc4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715101", "to_ids": true, "type": "sha1", "uuid": "c964a967-7481-46d6-b0b6-bf084a5459ef", "value": "ae2967d021890a6a2a8c403a569b9e6d56e03abd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715102", "to_ids": true, "type": "sha256", "uuid": "47acb2e4-137f-4b6f-8966-f08b1fb587ca", "value": "bce6438cd00f3a9dbf39e2d597ffd8bd5f03df3bf0b7a122c0005cc58f4ba2cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715100", "to_ids": true, "type": "ssdeep", "uuid": "dcba6cb5-4289-4d98-b131-45bcb5fead37", "value": "192:95DEVqyfIg2B7+X+0hyJTyhCKAFSChMePXKHUmpdVXsL+SFv0lFvcho:DQV6t+XJhyJTy3YFmxsqemAo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715100", "to_ids": false, "type": "size-in-bytes", "uuid": "4e1fa411-271c-42e5-b3e7-79de1b53fa08", "value": "11865" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715100", "to_ids": true, "type": "filename", "uuid": "4e08ab73-7271-4344-afce-862c4718dbf2", "value": "attachment33.eml" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715100", "to_ids": false, "type": "text", "uuid": "15716fcc-a73e-4737-8388-aff1ba1106b0", "value": "Ransom Notes\r\nType Description: Email\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2025-03-18T10:20:15.000000+00:00\nLast Submission:2025-03-18T10:20:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719608", "uuid": "8918b731-0e96-43fb-9034-8d9e5dc1bf9b", "Attribute": [ { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719608", "to_ids": true, "type": "md5", "uuid": "fd05202a-c6fe-4980-a271-9eecd0cdb5b4", "value": "4d603199adf3d473340079b8b6d716b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715123", "to_ids": true, "type": "sha1", "uuid": "581f459b-287c-432b-b137-806d3188834c", "value": "c98e394a3e33c616d251d426fc986229ede57b0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715123", "to_ids": true, "type": "sha256", "uuid": "ae0f2485-4319-4fc9-9604-586f786e4f87", "value": "82e76f5a1f9b92031a55d3ac11535ecbb8fc269d6e207ccfd7469da11e11fbcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715122", "to_ids": true, "type": "ssdeep", "uuid": "d8bce75b-db77-4e66-8ec4-78f40d149383", "value": "24:aWJ9rsxXB9xv1PCW7cIPd7xeqN8LL0xLxQrcUzwoJTGzTKZhjsNkmwG51t9rd:akpshB31fgsjOSLFUzwoGsWW8rt9p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715122", "to_ids": false, "type": "size-in-bytes", "uuid": "1cf15388-e64c-47eb-96fa-d0fae44e368b", "value": "1625" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715122", "to_ids": true, "type": "filename", "uuid": "35c8ac65-ddd7-4a27-9e13-0d85f506e2ce", "value": "readme.txt" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715122", "to_ids": false, "type": "text", "uuid": "692fcb0d-cb11-48a1-a930-b69b8d6eff44", "value": "Ransom Notes\r\nType Description: Text\nMicrosoft: None\nVT Total Detection:9/61\nFirst Submission:2024-11-25T21:11:35.000000+00:00\nLast Submission:2024-11-25T21:11:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719629", "uuid": "3ea585db-876a-4266-ad7b-78c4ecc7bd68", "Attribute": [ { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719629", "to_ids": true, "type": "md5", "uuid": "9afa75e0-4894-4962-bb08-787208ee36bf", "value": "fa6f2ffdf5879ee73f64df9576124c7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715144", "to_ids": true, "type": "sha1", "uuid": "f0cd643c-a5dd-4a33-8216-9926c5e5e1da", "value": "f710573c1d18355ecdf3131aa69a6dfe8e674758", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransom Notes", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715144", "to_ids": true, "type": "sha256", "uuid": "90961e24-ab8c-4731-a958-6cbeef9cbf4e", "value": "ac46b6cf5a7b83c6c38fa0f979a3ac69fa9dc6d213b78d0f92ae6744df12a02b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715144", "to_ids": true, "type": "ssdeep", "uuid": "1ea3a124-e63b-4d6b-baa6-9420c0ba3d6e", "value": "24:aWJ9rsxXB9xv1PCW7cIPd7xeqN8LL0xLxQrcUZp0MoJTGzTKZhjs+dkmwG51t9rd:akpshB31fgsjOSLFUboGsW+m8rt9p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715144", "to_ids": false, "type": "size-in-bytes", "uuid": "5af580cc-9320-4c04-baa4-5f83ef753dd7", "value": "1623" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715144", "to_ids": true, "type": "filename", "uuid": "39ce1054-f0f4-4a1b-a66c-86d39e2ab294", "value": "readme.txt" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715144", "to_ids": false, "type": "text", "uuid": "bc485363-3fed-4d95-a757-48332552854e", "value": "Ransom Notes\r\nType Description: Text\nMicrosoft: None\nVT Total Detection:9/60\nFirst Submission:2024-11-18T06:07:56.000000+00:00\nLast Submission:2025-05-07T13:37:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719650", "uuid": "f4f7357e-8bf6-464e-a2ea-6a731dec5b68", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719650", "to_ids": true, "type": "md5", "uuid": "f6bfe832-a3f1-4067-862e-bacf1913f2a9", "value": "cd54780ee2213a05468fa0d24eedd576", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715166", "to_ids": true, "type": "sha1", "uuid": "971455b4-f090-4457-9776-7ca290ea0ef6", "value": "011894f40bab6963133d46a1976fa587a4b66378", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715166", "to_ids": true, "type": "sha256", "uuid": "027e288a-41f7-405c-a136-4ead896afbdc", "value": "6782ad0c3efc0d0520dc2088e952c504f6a069c36a0308b88c7daadd600250a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715165", "to_ids": true, "type": "ssdeep", "uuid": "17cf2ef4-f5f4-4fca-acb0-89f06f8d697c", "value": "12288:FnvxplpMAX99S4B009MqyQMKNT7tDfAD8xE:FvxplpMAtU4Bl9MdQFT7tDIoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715165", "to_ids": false, "type": "size-in-bytes", "uuid": "fba4bb83-e560-48b7-9787-ccd24c3c1a9a", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715165", "to_ids": true, "type": "vhash", "uuid": "7f0f5bf7-5088-4a6e-a16c-559bd8f3513c", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715165", "to_ids": true, "type": "filename", "uuid": "dd1cc436-02af-4370-8936-da512d84e061", "value": "2025-04-02_cd54780ee2213a05468fa0d24eedd576_bitrat_black-basta_cobalt-strike_luca-stealer" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715165", "to_ids": false, "type": "text", "uuid": "f285a223-e83a-4753-a0ec-fd1109c5c33e", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce.D\nVT Total Detection:60/72\nFirst Submission:2025-04-02T17:03:01.000000+00:00\nLast Submission:2025-04-02T20:04:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "adf6e399-e18d-432c-8f65-72359ed73b2d", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "9a79fd39-3928-44ff-ac73-e9d1f741a3d4", "value": "6c755a742f2b2e5c1820f57d0338365f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715187", "to_ids": true, "type": "sha1", "uuid": "ad76ef17-daa1-499e-8a91-bcc01c00b9a1", "value": "0b22b6e5269ec241b82450a7e65009685a3010fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715187", "to_ids": true, "type": "sha256", "uuid": "f5b65b0d-99c6-4937-a872-0274105dfdd3", "value": "82b336cd120ef07d8df5a3e3fa082bcca8b5c0a3481fae78cb5dd29072979f69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715186", "to_ids": true, "type": "ssdeep", "uuid": "4550be0b-b036-4c8f-bb00-b060c0c3db8c", "value": "1536:yvXFnGvewvD/F3nICjRM5CEL92vR2zh9ckMBsA1RXZN1Mevt5:Ow3FE79UUzh9mBjBZNe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715186", "to_ids": false, "type": "size-in-bytes", "uuid": "8c2b69e5-30ad-4bc2-892a-5f54820b439c", "value": "92160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715186", "to_ids": true, "type": "vhash", "uuid": "efebc50c-e263-4f3f-9627-b830eb83d961", "value": "09403e0f7d17z11z4nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715186", "to_ids": true, "type": "filename", "uuid": "af887be1-cc76-4be7-a092-c0cb8397f33c", "value": "82b336cd120ef07d8df5a3e3fa082bcca8b5c0a3481fae78cb5dd29072979f69.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715186", "to_ids": false, "type": "text", "uuid": "07b29ff3-5ddd-47f7-8168-954456f3bb88", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/LockBit!rfn\nVT Total Detection:65/72\nFirst Submission:2024-06-14T06:15:48.000000+00:00\nLast Submission:2025-04-25T19:56:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "aa22a29b-26cf-4a7a-8e8e-b053f511a923", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "4aab3900-369f-45ce-b645-cf0712e6f703", "value": "9a218d69ecafe65eae264d2fdb52f1aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715208", "to_ids": true, "type": "sha1", "uuid": "a9fcbb5a-5069-4892-a4f5-55e0e58a85ad", "value": "196c08fbab4119d75afb209a05999ce269ffe3cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715208", "to_ids": true, "type": "sha256", "uuid": "37476d23-5ca6-4234-a1c9-3adff0f6c94a", "value": "d626eb0565fac677fdc13fb0555967dc31e600c74fbbd110b744f8e3a59dd3f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715208", "to_ids": true, "type": "ssdeep", "uuid": "446d0448-caad-4ace-afe4-4f305def4c8e", "value": "12288:HZph8TCQS9dQ1GH4wKcmY8FYkEv+NT5XqU6KDBxE:HZpCTCQS9dQ104wdV8FImT5XqiS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715208", "to_ids": false, "type": "size-in-bytes", "uuid": "66490305-b944-4b00-8f67-f686edfba2ad", "value": "476917" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715208", "to_ids": true, "type": "vhash", "uuid": "aa5b0a13-0148-4425-95f7-26143f0ef8cf", "value": "045056655d55556158z5d7z404bz25z27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715208", "to_ids": true, "type": "filename", "uuid": "49ab12f1-6074-45e4-acb7-c6be108932ae", "value": "d626eb0565fac677fdc13fb0555967dc31e600c74fbbd110b744f8e3a59dd3f9.bin" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715208", "to_ids": false, "type": "text", "uuid": "366b4611-3662-42d1-8331-9d27e416ce93", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/Conti.IPA!MTB\nVT Total Detection:62/72\nFirst Submission:2025-01-14T04:22:53.000000+00:00\nLast Submission:2025-02-27T23:18:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719714", "uuid": "dbe182ec-55f0-4266-9973-937accc4599c", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719714", "to_ids": true, "type": "md5", "uuid": "821470be-5222-414b-be81-e72169505253", "value": "770c1dc157226638f8ad1ac9669f4883", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715230", "to_ids": true, "type": "sha1", "uuid": "1b073e9a-1137-48e9-9f2b-3d3a1237e3ee", "value": "1f5ae3b51b2dbf9419f4b7d51725a49023abc81c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715230", "to_ids": true, "type": "sha256", "uuid": "d3524971-90b0-442d-a0b7-9822de47bdb7", "value": "d67a475f72ca65fd1ac5fd3be2f1cce2db78ba074f54dc4c4738d374d0eb19c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715229", "to_ids": true, "type": "ssdeep", "uuid": "054409d8-3956-4274-b78c-7ecb156625ab", "value": "12288:FnvxplpMAX99S4B009MqyQMKNT7g+fAD8xE:FvxplpMAtU4Bl9MdQFT7g+IoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715229", "to_ids": false, "type": "size-in-bytes", "uuid": "015233bb-a91d-4604-b157-1be52a8bd120", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715229", "to_ids": true, "type": "vhash", "uuid": "4b5f05d6-ea85-4cfd-a572-ad792c64cc4a", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715229", "to_ids": false, "type": "text", "uuid": "0cdacef8-e46b-4ad2-b563-7135e8bb9740", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce.D\nVT Total Detection:60/72\nFirst Submission:2025-03-22T09:04:22.000000+00:00\nLast Submission:2025-03-22T09:04:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719736", "uuid": "83aef6e1-d56a-4d7d-965a-0172855baf28", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719736", "to_ids": true, "type": "md5", "uuid": "e3bb0623-fdc7-493c-b1ae-31aa74e79705", "value": "91acae0fff5ecbf0b65c3ddebb5a824a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715251", "to_ids": true, "type": "sha1", "uuid": "132ffdc8-0caf-4f27-8b92-faf979c8dcd3", "value": "229e073dbcbb72bdfee2c244e5d066ad949d2582", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715251", "to_ids": true, "type": "sha256", "uuid": "ea7f034b-5363-44ed-b70c-3260cecd688e", "value": "8a193db0ff08237f63c036d422f52276a4e575476763dc391455ed5b12269c07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715251", "to_ids": true, "type": "ssdeep", "uuid": "922c47db-1463-4f4b-ac4c-929237a1c672", "value": "12288:FnvxplpMAX99S4B009MqyQMKNT7ZxfAD8xE:FvxplpMAtU4Bl9MdQFT7ZxIoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715251", "to_ids": false, "type": "size-in-bytes", "uuid": "7a7e07e7-d8b8-41a6-98dd-b149e2d2b41e", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715251", "to_ids": true, "type": "vhash", "uuid": "eda4c1cf-d64a-4b98-aee5-a2ea96b9e7d3", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715251", "to_ids": true, "type": "filename", "uuid": "7d0e1dce-0749-43bc-8dd4-b4b8a19fb1b6", "value": "2025-03-31_91acae0fff5ecbf0b65c3ddebb5a824a_bitrat_black-basta_cobalt-strike_luca-stealer" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715251", "to_ids": false, "type": "text", "uuid": "d12af66c-f422-488c-9c32-a9d9d1d7ffd9", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce.D\nVT Total Detection:59/72\nFirst Submission:2025-03-31T18:53:39.000000+00:00\nLast Submission:2025-03-31T18:53:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "7f723104-72a7-49c7-89c9-5ad82c487c1c", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "1a0c33c8-4e42-40b7-abb8-4b1c9f24aac5", "value": "b97812a2e6be54e725defbab88357fa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715273", "to_ids": true, "type": "sha1", "uuid": "4d6ccef6-1c11-4445-aef7-b5a491d12417", "value": "29baab2551064fa30fb18955ccc8f332bd68ddd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715273", "to_ids": true, "type": "sha256", "uuid": "e7172c2c-bb55-4e5a-b5c1-b1eb5cd7575e", "value": "b9bba02d18bacc4bc8d9e4f70657d381568075590cc9d0e7590327d854224b32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715272", "to_ids": true, "type": "ssdeep", "uuid": "3b291d2f-8807-42e7-a328-42a23f3a7257", "value": "12288:FnvxplpMAX99S4B009MqyQMKNT7lVfAD8xE:FvxplpMAtU4Bl9MdQFT7lVIoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715272", "to_ids": false, "type": "size-in-bytes", "uuid": "de846127-2b1a-4628-8228-9de5025ba29c", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715272", "to_ids": true, "type": "vhash", "uuid": "c0f944e9-e805-427f-80f0-3f6276b7d7ae", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715272", "to_ids": true, "type": "filename", "uuid": "3f4842e3-24d1-4634-a4a1-6a928e985bc3", "value": "b9bba02d18bacc4bc8d9e4f70657d381568075590cc9d0e7590327d854224b32.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715272", "to_ids": false, "type": "text", "uuid": "864c4829-c6ea-411a-a9ff-0750c243627f", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce.D\nVT Total Detection:62/72\nFirst Submission:2025-01-20T13:25:20.000000+00:00\nLast Submission:2025-02-17T15:48:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "1ff61639-9ee7-4e13-9dd9-b2457ea2c421", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "15040835-3fe3-420e-9338-b2b35e1dc1fd", "value": "d44071f255785c73909d64f824331ebf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715294", "to_ids": true, "type": "sha1", "uuid": "9e7aa70d-5263-4909-84af-3e288260137d", "value": "577b110a8bfa6526b21bb728e14bd6494dc67f71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715294", "to_ids": true, "type": "sha256", "uuid": "2957749e-4d53-4605-8cfc-f4f5fdd1bbac", "value": "ba1be94550898eedb10eb73cb5383a2d1050e96ec4df8e0bf680d3e76a9e2429", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715294", "to_ids": true, "type": "ssdeep", "uuid": "46806047-0ce0-4272-80fd-fe57a771774a", "value": "12288:FnvxplpMAX99S4B009MqyQMKNT75tfAD8xE:FvxplpMAtU4Bl9MdQFT75tIoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715294", "to_ids": false, "type": "size-in-bytes", "uuid": "a9cceb38-a4fd-43c0-b684-5fa6d962c062", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715294", "to_ids": true, "type": "vhash", "uuid": "319eff75-f2ab-4b02-bf76-83280ac94147", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715294", "to_ids": true, "type": "filename", "uuid": "c8b5f0c5-7eb7-4eb9-9ced-049a0077b521", "value": "ba1be94550898eedb10eb73cb5383a2d1050e96ec4df8e0bf680d3e76a9e2429.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715294", "to_ids": false, "type": "text", "uuid": "441746cb-b873-4845-b239-235246b35561", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce.D\nVT Total Detection:61/72\nFirst Submission:2025-02-13T10:50:45.000000+00:00\nLast Submission:2025-03-02T10:57:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "b53e8d83-6b47-42e1-8549-2402c2a69a59", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "1b97b443-b40f-4699-8b3b-ee8095bec626", "value": "2dd7cd2bf15eec7d62689435fca9c49c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715319", "to_ids": true, "type": "sha1", "uuid": "a4112b6e-ef75-40de-96a1-107de138354e", "value": "7db52047c72529d27a39f2e1a9ffb8f1f0ddc774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715319", "to_ids": true, "type": "sha256", "uuid": "86320c6e-c256-436f-8a7c-8afed1890ca9", "value": "01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715318", "to_ids": true, "type": "ssdeep", "uuid": "308f6df7-b198-4163-97e1-709d03999715", "value": "12288:FnvxplpMAX99S4B009MqyQMKNT7jZBWfAD8xE:FvxplpMAtU4Bl9MdQFT79BWIoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715318", "to_ids": false, "type": "size-in-bytes", "uuid": "26dd38ad-a9ad-45b8-9707-5b0f3f78d06a", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715318", "to_ids": true, "type": "vhash", "uuid": "c5dbffc8-597d-4258-a423-576122e2ace8", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715318", "to_ids": true, "type": "filename", "uuid": "fab1e303-fe1f-486b-964b-26280543ab6a", "value": "01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715318", "to_ids": false, "type": "text", "uuid": "23af1916-ee29-4dbc-8351-1f3f08d4c717", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce!rfn\nVT Total Detection:61/72\nFirst Submission:2024-11-18T05:05:01.000000+00:00\nLast Submission:2024-11-27T12:46:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "48061d19-b56c-4b40-b37c-df80e123b7da", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "a09da50e-36cd-4112-bc18-00784ab11fc7", "value": "e4a4fc96188310b7b07e7c0525b5c0aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715340", "to_ids": true, "type": "sha1", "uuid": "51243ee0-3aaf-40ad-9952-2d7c82a643fc", "value": "81185dd73f2e042a947a1bf77f429de08778b6e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715340", "to_ids": true, "type": "sha256", "uuid": "458cfbba-43e6-4904-bc95-943f6fd01f24", "value": "d4de7d7990114c51056afeedb827d880549d5761aac6bdef0f14cb17c25103b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715340", "to_ids": true, "type": "ssdeep", "uuid": "20959e90-a98a-4dc9-b0cd-29e954d26089", "value": "12288:HZph8TCfS9dQ1GH4wKcmY8FYkEv+NTjUU1GaJyixE:HZpCTCfS9dQ104wdV8FImTjUYGViS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715340", "to_ids": false, "type": "size-in-bytes", "uuid": "328b0a68-f228-4950-b11d-61612cae31d5", "value": "476917" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715340", "to_ids": true, "type": "vhash", "uuid": "8aa7b134-bf8c-414a-85d5-378696b78a21", "value": "045056655d55556158z5d7z404bz25z27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715340", "to_ids": true, "type": "filename", "uuid": "854906c7-9926-4e25-92b1-d56728a9eff7", "value": "sample.exe.jpg" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715340", "to_ids": false, "type": "text", "uuid": "8ea4e7e5-2b9f-4d90-8077-dbb1d9ea1b63", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/Conti.IPA!MTB\nVT Total Detection:61/72\nFirst Submission:2024-07-08T02:28:07.000000+00:00\nLast Submission:2024-11-26T16:08:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "73b176a5-3a28-419d-be13-8f72c793db5e", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "291d9a1e-7534-4eeb-a832-68db3804fc46", "value": "15634dc79981e7fba25fb8530cedb981", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715362", "to_ids": true, "type": "sha1", "uuid": "9fcf90e9-9bb4-4138-943f-45671313cb7e", "value": "a4bdd6cef0ed43a4d08f373edc8e146bb15ca0f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715362", "to_ids": true, "type": "sha256", "uuid": "13763faf-99bd-45f9-9862-8c3d3193f0b1", "value": "312ca1a8e35dcf5b80b1526948bd1081fed2293b31d061635e9f048f3fe5eb83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715361", "to_ids": true, "type": "ssdeep", "uuid": "12cddd43-df14-4687-bd9e-fad0f52bfd1f", "value": "12288:HZph8TCfS9dQ1GH4wKcmY8FYkEv+NT5XqU6KDBxE:HZpCTCfS9dQ104wdV8FImT5XqiS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715361", "to_ids": false, "type": "size-in-bytes", "uuid": "84c9bda4-278d-4f06-8ca5-3dee16f82044", "value": "476917" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715361", "to_ids": true, "type": "vhash", "uuid": "9cbef6dc-3c54-4166-a743-8535d0f6017d", "value": "045056655d55556158z5d7z404bz25z27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715361", "to_ids": true, "type": "filename", "uuid": "dc39b570-58a4-4bf4-aff3-53b9c73c4a2b", "value": "312ca1a8e35dcf5b80b1526948bd1081fed2293b31d061635e9f048f3fe5eb83.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715361", "to_ids": false, "type": "text", "uuid": "d69a9592-7e11-4010-8070-8c7fbd1d0713", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/Conti.IPA!MTB\nVT Total Detection:61/72\nFirst Submission:2024-07-16T16:15:03.000000+00:00\nLast Submission:2024-11-20T11:44:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "c3ce2728-4b86-4819-a1d4-677c7f2c961a", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "f0798bab-2517-4f90-a3e7-8d145d280ae4", "value": "8bcd83352bbd52ca7bda998a52dd0e5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715383", "to_ids": true, "type": "sha1", "uuid": "e6bf7325-f4b6-4ed2-a554-0f505f9fe0fc", "value": "b3e0785dbe60369634ac6a6b5d241849c1f929de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715383", "to_ids": true, "type": "sha256", "uuid": "421f5bcb-2c71-4956-955e-bd773c8fcc6a", "value": "188bc243cc42f8ffa4c1ed02aad5a76c9000e3d58104f45fe71af66536a274da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715382", "to_ids": true, "type": "ssdeep", "uuid": "b49ca757-a05a-49ac-af60-d41292515a16", "value": "3072:YPdoV0ryvKNik1sv3xU5R6Izz6uUA1O5V53sl34gQ02Z+V0pi:YP4vSr1s/xUXAuB1O5/3sl3802Z+V00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715382", "to_ids": false, "type": "size-in-bytes", "uuid": "1181e0f0-92ca-4cbf-b3bd-a8830a20e00c", "value": "165216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715382", "to_ids": true, "type": "vhash", "uuid": "ccbcdcc5-8dd4-436a-a2b7-07589a685332", "value": "41e3621e3eb0e644847a2d8a5792df77" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715382", "to_ids": true, "type": "filename", "uuid": "455f438c-5b01-4084-b424-377630a400d3", "value": "ransomware.elf" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715382", "to_ids": false, "type": "text", "uuid": "5eb6b0f6-6110-4fb6-8bd4-1d86ad22953f", "value": "Payload\r\nType Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:36/64\nFirst Submission:2024-11-04T16:09:37.000000+00:00\nLast Submission:2024-12-25T04:10:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "c3631c3b-c175-43aa-b05e-a7773368c3e8", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "ca3e3e2f-4b49-4264-bf8c-f64b81750fe7", "value": "296cca79bbb3ca764de8fcdc2070ecc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715404", "to_ids": true, "type": "sha1", "uuid": "10d59785-79fa-451c-9ee8-1715310d864b", "value": "b571e60a6d2d9ab78da1c14327c0d26f34117daa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715404", "to_ids": true, "type": "sha256", "uuid": "2d2f8ad7-5c61-4961-be47-fa885a8c8c4c", "value": "822ceefb12b030f2ff28dcda6776addda77b041dbb48d2e3a8c305721f4cc8ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715404", "to_ids": true, "type": "ssdeep", "uuid": "6931d5f0-017f-4b3e-9229-4e3f49555bcc", "value": "12288:FnvxplmMAX99S4B009MqyQMKNT7jZBWfAD8xE:FvxplmMAtU4Bl9MdQFT79BWIoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715404", "to_ids": false, "type": "size-in-bytes", "uuid": "fef7c904-a3ae-4c70-8ac2-fd7e399fab35", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715404", "to_ids": true, "type": "vhash", "uuid": "12cd349c-e0a1-4767-9f90-16fb0994eb7e", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715404", "to_ids": true, "type": "filename", "uuid": "6e41648d-060c-4663-8276-bb4b186b03d9", "value": "822ceefb12b030f2ff28dcda6776addda77b041dbb48d2e3a8c305721f4cc8ef.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715404", "to_ids": false, "type": "text", "uuid": "8c70cc9e-f5b7-4125-9d74-ba44d6ccbd78", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce.D\nVT Total Detection:61/72\nFirst Submission:2025-01-14T14:21:38.000000+00:00\nLast Submission:2025-02-17T15:49:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719905", "uuid": "d8c50f34-3856-41d3-bb98-6f8c0181e287", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719905", "to_ids": true, "type": "md5", "uuid": "1d2dd4b7-faab-4630-90a2-c0169d96630d", "value": "7bdbd180c081fa63ca94f9c22c457376", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715426", "to_ids": true, "type": "sha1", "uuid": "bb722f29-29a6-4445-bd96-74e246b5b0c9", "value": "bcfac98117d9a52a3196a7bd041b49d5ff0cfb8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715426", "to_ids": true, "type": "sha256", "uuid": "e53f31e9-63d9-4962-b4a0-13b3b1c203dc", "value": "a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715425", "to_ids": true, "type": "ssdeep", "uuid": "dc28be35-ac2b-4264-adb4-ed4dddafd265", "value": "49152:t21suqSLce1OQiyvaYQT0KEAwa10RQ1kC0rHLOdWjhofQ4WZTWRgHn8dW5EYr:t217qS1DxQT03cDiX1wnWZqRQ8s+Yr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715425", "to_ids": false, "type": "size-in-bytes", "uuid": "d70b0bf3-c038-492d-befe-bd5e9ab0c9b1", "value": "3397823" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715425", "to_ids": true, "type": "vhash", "uuid": "a5771056-125a-45fd-bdba-8303be8baee9", "value": "036056655d5c05709043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715425", "to_ids": true, "type": "filename", "uuid": "86f81251-9924-40ae-879e-34142d2d768a", "value": "img001.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715425", "to_ids": false, "type": "text", "uuid": "c366ba21-3537-42ea-9968-61c0b6969d9c", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/CoinMiner.AQ\nVT Total Detection:65/72\nFirst Submission:2019-11-22T10:15:35.000000+00:00\nLast Submission:2025-01-16T10:39:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "fe9b3e88-b76d-45d3-aa60-e52c6d446427", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "cdd9902e-523c-4053-b495-23be07c7ebbc", "value": "d54bae930b038950c2947f5397c13f84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715447", "to_ids": true, "type": "sha1", "uuid": "ae3514ec-df71-4b63-b8fa-571521a160ea", "value": "e164bbaf848fa5d46fa42f62402a1c55330ef562", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715447", "to_ids": true, "type": "sha256", "uuid": "29d67c5b-9700-4322-8b24-789764d15750", "value": "1250ba6f25fd60077f698a2617c15f89d58c1867339bfd9ee8ab19ce9943304b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715446", "to_ids": true, "type": "ssdeep", "uuid": "d24bfd0c-5a29-4319-8124-23c0e9d230c7", "value": "3072:e6glyuxE4GsUPnliByocWep6v6JMdoKkgwfHweVg2sp+:e6gDBGpvEByocWe+oKT+g2a+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715446", "to_ids": false, "type": "size-in-bytes", "uuid": "8118dfe3-6bce-4b33-bf23-a693e397a29b", "value": "150528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715446", "to_ids": true, "type": "vhash", "uuid": "070b6d1a-1f54-417b-9b31-b4fd8675edaf", "value": "01506666151d7d7567z61z7nzbfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715446", "to_ids": true, "type": "filename", "uuid": "6a17f06c-bfb4-46d5-ade4-9c2fd7a63d4c", "value": "1250ba6f25fd60077f698a2617c15f89d58c1867339bfd9ee8ab19ce9943304b.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715446", "to_ids": false, "type": "text", "uuid": "751f2e39-d762-4aef-b1e6-f5a632b043a5", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/Lockbit.AK!ibt\nVT Total Detection:66/72\nFirst Submission:2024-04-08T11:51:10.000000+00:00\nLast Submission:2025-02-18T19:43:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "09ae2095-b6be-4164-822e-05eb48e8de74", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "cd3b613d-f662-4647-bb4b-d9bf9988f211", "value": "12e22f588f6128cf1a042d1122556cd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715468", "to_ids": true, "type": "sha1", "uuid": "507e5336-2660-4c24-bed9-1f69da7555f0", "value": "e1c0482b43fe57c93535119d085596cd2d90560a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715468", "to_ids": true, "type": "sha256", "uuid": "01c52608-afb4-4fc7-af85-d9db8d6a90b8", "value": "005ed5de8a3e72a91f8a2e0d2a3088c41c681feb70dffbd9097e22c288b6b70c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715468", "to_ids": true, "type": "ssdeep", "uuid": "44041513-c178-4f6b-882f-8549b2bbdcd1", "value": "6144:ySvVrLiVfmVQQxNM+GKbCaHC4XhCaJPXR:leV4pwahzXYaJPR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715468", "to_ids": false, "type": "size-in-bytes", "uuid": "6133205d-f706-414c-b86c-031787168a1b", "value": "263481" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715468", "to_ids": true, "type": "vhash", "uuid": "b50d6dc8-2a0d-49e9-a537-12af4f87198e", "value": "c2bb37133e65b065117e626879f80f95" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715468", "to_ids": true, "type": "filename", "uuid": "55d9ede9-2f16-49fa-8aef-be588df32ceb", "value": "46263093.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 08/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715468", "to_ids": false, "type": "text", "uuid": "7f204209-b406-4567-b53b-be58302b8f48", "value": "Payload\r\nType Description: ZIP\nMicrosoft: Ransom:Win32/Conti!rfn\nVT Total Detection:52/68\nFirst Submission:2024-11-25T21:06:36.000000+00:00\nLast Submission:2024-11-25T22:05:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981842", "uuid": "7018a76b-bc71-4749-9cb8-7127a2e99f38", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981842", "to_ids": true, "type": "md5", "uuid": "e9a2e321-85e0-41ab-be51-17c6c7cf2261", "value": "9db8f7378e2df01c842cfcb617e64475", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715489", "to_ids": true, "type": "sha1", "uuid": "5e9ae9a6-3659-4741-84c2-7a7035e5df8c", "value": "eada05f4bfd4876c57c24cd4b41f7a40ea97274c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715490", "to_ids": true, "type": "sha256", "uuid": "1fc957f5-649c-4adf-a53d-12c93ff7fdb5", "value": "c844d02c91d5e6dc293de80085ad2f69b5c44bc46ec9fdaa4e3efbda062c871c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715489", "to_ids": true, "type": "ssdeep", "uuid": "700f4de2-ace2-4c89-97b6-659bfd8549d3", "value": "12288:FnvxplpMAX99S4B009MqyQMKNT7T2fAD8xE:FvxplpMAtU4Bl9MdQFT7T2IoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715489", "to_ids": false, "type": "size-in-bytes", "uuid": "096f168e-ca9f-457f-a663-3e211e7fe750", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715489", "to_ids": true, "type": "vhash", "uuid": "dd808df4-eb8c-40df-a5d7-32bf30de43f6", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715489", "to_ids": true, "type": "filename", "uuid": "c7ad601d-663a-4a18-93f0-6e870cab1c80", "value": "c844d02c91d5e6dc293de80085ad2f69b5c44bc46ec9fdaa4e3efbda062c871c.exe" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715489", "to_ids": false, "type": "text", "uuid": "b759e815-14c2-4666-9ccf-d29001e03574", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce!rfn\nVT Total Detection:61/72\nFirst Submission:2025-02-04T14:59:10.000000+00:00\nLast Submission:2025-02-06T15:20:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746719990", "uuid": "eb7c2445-a0b7-493f-a957-ed4f432db50b", "Attribute": [ { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746719990", "to_ids": true, "type": "md5", "uuid": "4adbc301-e761-4737-9347-15a50c9e632b", "value": "e67e7b8e0fb6baff4f25bb05dd5a5e21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746715511", "to_ids": true, "type": "sha1", "uuid": "f2a7868f-0a75-4e35-9d7b-f0b9786212e5", "value": "fc75a3800d8c2fa49b27b632dc9d7fb611b65201", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746715511", "to_ids": true, "type": "sha256", "uuid": "1e7fbe17-f861-4d00-804f-a4e0def94a1b", "value": "b10129c175c007148dd4f5aff4d7fb61eb3e4b0ed4897fea6b33e90555f2b845", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746715510", "to_ids": true, "type": "ssdeep", "uuid": "affabb46-b83b-4951-8813-748aa997e4e0", "value": "12288:FnvxplpMAX99S4B009MqyQMKNT7elfAD8xE:FvxplpMAtU4Bl9MdQFT7elIoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746715510", "to_ids": false, "type": "size-in-bytes", "uuid": "94f57109-4607-4bc6-af4d-45a8bbc24dfd", "value": "428552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746715510", "to_ids": true, "type": "vhash", "uuid": "f79d4a47-b589-4766-aa58-c25fa9e22d06", "value": "045056655d55556158z7d1z23z5045z1021z25zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746715510", "to_ids": true, "type": "filename", "uuid": "e000a444-c60c-4fbb-bd97-297b7b84d0a6", "value": "windows-da16a626-d163-4b48-93b8-a5b5107429a7.exx" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746715510", "to_ids": false, "type": "text", "uuid": "fe8ce51b-6989-42b6-8fec-84ee5e4b6600", "value": "Payload\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/DragonForce.D\nVT Total Detection:60/72\nFirst Submission:2025-02-24T18:05:36.000000+00:00\nLast Submission:2025-02-24T18:05:36.000000+00:00" } ] } ] } }