{ "Event": { "analysis": "2", "date": "2022-06-09", "extends_uuid": "", "info": "[Threat Intel] Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years", "protected": false, "publish_timestamp": "1772902010", "published": true, "threat_level_id": "2", "timestamp": "1772902009", "uuid": "bcc25902-9ad5-46bb-b91d-6bf7b5473669", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"SentinelOne\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Aoqin Dragon\"", "relationship_type": "" }, { "colour": "#d58a16", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Defense Evasion - T1211\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#fda248", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Services - T1569\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"heyoka\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"mongall\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740755089", "to_ids": false, "type": "link", "uuid": "fc0ddd1c-4cb4-42bf-b6a8-8677ce36d54e", "value": "https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/" }, { "category": "Payload delivery", "comment": "Mongall No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746791811", "to_ids": true, "type": "sha1", "uuid": "00dcb6c8-ddf9-472e-abe5-0b2326ea0af0", "value": "16a59d124acc977559b3126f9ec93084ca9b76c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746791812", "to_ids": true, "type": "sha1", "uuid": "006a9fee-8e81-4657-a09b-99a1c31ac3fd", "value": "d36c3d857d23c89bbdfefd6c395516a68ffa6b82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Modified Heyoka No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746791813", "to_ids": true, "type": "sha1", "uuid": "dfcd92ea-f893-4754-a314-10c7109f4601", "value": "155db617c6cf661507c24df2d248645427de492c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746791814", "to_ids": true, "type": "sha1", "uuid": "f3184724-85f1-425c-95f0-66a08d3306a4", "value": "683a3e0d464c7dcbe5f959f8fd82d738f4039b38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Upan component No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746791815", "to_ids": true, "type": "sha1", "uuid": "2df3a1de-6083-4ee5-ac04-f6dfd20c0e17", "value": "cd59c14d46daaf874dc720be140129d94ee68e39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006135", "to_ids": true, "type": "ip-dst", "uuid": "60b32773-003c-4287-b318-542ddabbdefa", "value": "10.100.0.34", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006156", "to_ids": true, "type": "ip-dst", "uuid": "ab398cf3-f9f7-4e4c-902c-4f019878eeea", "value": "10.100.27.4", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006177", "to_ids": true, "type": "ip-dst", "uuid": "bc02b7e0-1a6d-477d-973b-8c1ef5fca3ee", "value": "172.111.192.233", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006210", "to_ids": true, "type": "ip-dst", "uuid": "adb1a5d0-bfd0-4d04-b8d9-671c63651f4a", "value": "59.188.234.233", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006231", "to_ids": true, "type": "ip-dst", "uuid": "47f15dc9-d20f-452c-8b62-e6fd65190fad", "value": "64.27.4.157", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006252", "to_ids": true, "type": "ip-dst", "uuid": "8e487032-d38c-4a8c-838e-cbe5f91355fd", "value": "64.27.4.19", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006273", "to_ids": true, "type": "ip-dst", "uuid": "479f3746-9c33-43f2-8218-1fc3ebcb8bde", "value": "67.210.114.99", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006294", "to_ids": true, "type": "hostname", "uuid": "e20aee19-dfc1-4dfe-a183-1a0302a5277f", "value": "back.satunusa.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006315", "to_ids": true, "type": "hostname", "uuid": "c8fcf9da-b4e6-4871-a5b2-ad51f22b9376", "value": "baomoi.vnptnet.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006336", "to_ids": true, "type": "hostname", "uuid": "48034b1d-5482-4140-b89b-2be61f0941f0", "value": "bbw.fushing.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006357", "to_ids": true, "type": "hostname", "uuid": "f8ebec90-b739-4e47-96bc-9ad0d426c883", "value": "bca.zdungk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006379", "to_ids": true, "type": "hostname", "uuid": "c02f6108-4bd6-44ed-b34d-12529e5abd6f", "value": "bkav.manlish.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006400", "to_ids": true, "type": "hostname", "uuid": "58a54934-e268-46c4-bfc3-fbbb01ba70c7", "value": "bkav.welikejack.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006421", "to_ids": true, "type": "hostname", "uuid": "17087ed2-5a3f-4c0b-bf08-fae54de64af6", "value": "bkavonline.vnptnet.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006442", "to_ids": true, "type": "domain", "uuid": "4beda40c-7c24-499f-99fa-a866223badff", "value": "bush2015.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006464", "to_ids": true, "type": "hostname", "uuid": "25d145d0-2b6c-414f-88df-494ac0a83076", "value": "cl.weststations.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006485", "to_ids": true, "type": "domain", "uuid": "d127d98c-a94f-4d51-8138-dc4755776492", "value": "cloundvietnam.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006506", "to_ids": true, "type": "hostname", "uuid": "84e4d0a2-9ecc-40ab-ad3f-398f0c0f6aaa", "value": "dns.lioncity.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006528", "to_ids": true, "type": "hostname", "uuid": "8f18f261-df6f-4337-9085-6a8e22e4e96e", "value": "dns.satunusa.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006549", "to_ids": true, "type": "hostname", "uuid": "551a4495-3b3f-4d34-bcfd-421c8d386401", "value": "dns.zdungk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006570", "to_ids": true, "type": "hostname", "uuid": "fa462f73-7931-4bc5-a3c8-1a951e8983c7", "value": "ds.vdcvn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006592", "to_ids": true, "type": "hostname", "uuid": "7ec4eb33-c764-452c-ae08-b37b6d165d65", "value": "ds.xrayccc.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006613", "to_ids": true, "type": "domain", "uuid": "c2048036-f325-4aad-9f62-367a950d8128", "value": "facebookmap.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006634", "to_ids": true, "type": "hostname", "uuid": "3838213a-938f-4519-a6df-09495ed3f7c5", "value": "fbcl2.adsoft.name", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006655", "to_ids": true, "type": "hostname", "uuid": "51bbd977-09e4-4179-be3d-b86384defe14", "value": "fbcl2.softad.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006676", "to_ids": true, "type": "hostname", "uuid": "e10ac081-7518-4c13-b6c1-9f185de18ad8", "value": "flower2.yyppmm.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006698", "to_ids": true, "type": "hostname", "uuid": "124f5f0d-c801-4037-bdeb-86f50b8ce671", "value": "game.vietnamflash.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006719", "to_ids": true, "type": "hostname", "uuid": "8e6bdcc4-aea4-4223-abd2-3c0facb184d7", "value": "hello.bluesky1234.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006740", "to_ids": true, "type": "hostname", "uuid": "68f6215c-f34e-4f37-92f2-6344701b7886", "value": "ipad.vnptnet.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006761", "to_ids": true, "type": "hostname", "uuid": "00d0d1c5-6217-4011-b820-c1595d9e297b", "value": "ks.manlish.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006782", "to_ids": true, "type": "hostname", "uuid": "bb635744-eaa4-42b9-8282-6628d57291ba", "value": "lepad.fushing.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006804", "to_ids": true, "type": "hostname", "uuid": "bbba0359-15dc-468b-b23c-fb55bf2754b7", "value": "lllyyy.adsoft.name", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006825", "to_ids": true, "type": "hostname", "uuid": "a15bbb64-cf4b-49d4-a318-a1f874033c53", "value": "lucky.manlish.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006846", "to_ids": true, "type": "hostname", "uuid": "c8163286-52a5-4218-b12e-04b19220f918", "value": "ma550.adsoft.name", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006868", "to_ids": true, "type": "hostname", "uuid": "51d5035f-6aad-40d2-9391-48e6b17f0eb0", "value": "ma550.softad.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006889", "to_ids": true, "type": "hostname", "uuid": "237f8130-84a0-44e2-86b5-11531329534d", "value": "mail.comnnet.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006910", "to_ids": true, "type": "hostname", "uuid": "d27faaee-61aa-4a8c-bb03-f66b98f4cf17", "value": "mail.tiger1234.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006931", "to_ids": true, "type": "hostname", "uuid": "1d1b820e-7a22-4e31-a683-14b465c8f225", "value": "mail.vdcvn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006953", "to_ids": true, "type": "hostname", "uuid": "9f862322-befe-41c2-97d2-476c5bdbcaa7", "value": "mass.longvn.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006974", "to_ids": true, "type": "hostname", "uuid": "ff56b0d4-5da8-4223-82e3-fc08d4d1b89a", "value": "mcafee.bluesky1234.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747006996", "to_ids": true, "type": "hostname", "uuid": "2a3622e3-545e-4a5a-ad4e-2deed7943c46", "value": "media.vietnamflash.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007019", "to_ids": true, "type": "hostname", "uuid": "5d88bb69-d8d1-4679-b7bb-275679a178d5", "value": "mil.dungk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007040", "to_ids": true, "type": "hostname", "uuid": "0ad28e92-c909-4f4f-bb85-b31ebbfb2b3a", "value": "mil.zdungk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007062", "to_ids": true, "type": "hostname", "uuid": "e2598a9a-1d73-41e3-8c57-84eb3942f5b6", "value": "mmchj2.telorg.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007083", "to_ids": true, "type": "hostname", "uuid": "1227f7c7-ed54-4e90-b86b-f8106fefab56", "value": "mmslsh.tiger1234.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007104", "to_ids": true, "type": "hostname", "uuid": "fdc9511c-d329-4d39-b725-8974dbc2be0f", "value": "mobile.vdcvn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007125", "to_ids": true, "type": "hostname", "uuid": "4d50884c-109d-4deb-8424-f1d77d18ea9b", "value": "moit.longvn.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007147", "to_ids": true, "type": "hostname", "uuid": "b5f6627c-8e1d-4a66-9d7d-9ee1fa3d39c3", "value": "movie.vdcvn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007168", "to_ids": true, "type": "hostname", "uuid": "4d388c98-51e2-423f-985a-2af937bcbb2c", "value": "news.philstar2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007189", "to_ids": true, "type": "hostname", "uuid": "8e41a2e0-6d04-4f91-ada6-4a87df56a0db", "value": "news.welikejack.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007210", "to_ids": true, "type": "hostname", "uuid": "1bd79b46-e0be-4bf7-af7a-9b77406401a8", "value": "npt.vnptnet.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007231", "to_ids": true, "type": "hostname", "uuid": "7ad44ed3-447d-4861-ae29-019f796b577a", "value": "ns.fushing.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007252", "to_ids": true, "type": "hostname", "uuid": "890221cd-102c-4ec5-8796-bee23671380c", "value": "nycl.neverdropd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007273", "to_ids": true, "type": "hostname", "uuid": "39eebd1c-aa94-4e5a-8602-7d1b654db011", "value": "phcl.followag.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007294", "to_ids": true, "type": "hostname", "uuid": "2bb7461f-9bec-47d9-888d-b7af49b516ce", "value": "phcl.neverdropd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007315", "to_ids": true, "type": "hostname", "uuid": "2a716243-2a89-4a59-9944-5901e2cb48e7", "value": "pna.adsoft.name", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007336", "to_ids": true, "type": "hostname", "uuid": "ff2d6d81-1946-43fb-9fac-5e53506a0451", "value": "pnavy3.neverdropd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007358", "to_ids": true, "type": "hostname", "uuid": "23019c68-ef30-40fd-9cc4-3bc71a343316", "value": "sky.bush2015.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007379", "to_ids": true, "type": "hostname", "uuid": "d9807107-7791-43fc-b332-290674a0b294", "value": "sky.vietnamflash.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007400", "to_ids": true, "type": "hostname", "uuid": "dfb3ce68-fb31-4f1e-bcaa-1aaf7d0fb828", "value": "tcv.tiger1234.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007421", "to_ids": true, "type": "hostname", "uuid": "9fd36a16-1815-4144-92c7-809e8ef3b8cd", "value": "telecom.longvn.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007442", "to_ids": true, "type": "hostname", "uuid": "0a35c7a1-5242-4b9e-b895-e266e6d87ad0", "value": "telecom.manlish.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007463", "to_ids": true, "type": "hostname", "uuid": "1ee08e53-7195-422d-b9a2-c69be6e7614c", "value": "th-y3.adsoft.name", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007484", "to_ids": true, "type": "hostname", "uuid": "ec3f74d7-0f6a-43c6-ac61-34aea3f1e13c", "value": "th550.adsoft.name", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007505", "to_ids": true, "type": "hostname", "uuid": "b914da77-83e1-4b37-ae32-aba1a1a85b54", "value": "th550.softad.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007526", "to_ids": true, "type": "hostname", "uuid": "0905f43c-924b-4e72-b974-b3293ec7f0c2", "value": "three.welikejack.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007547", "to_ids": true, "type": "hostname", "uuid": "6d0bcb0d-55f6-41f5-8447-06b501431d26", "value": "thy3.softad.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007568", "to_ids": true, "type": "domain", "uuid": "8300a693-85f2-4910-bf3f-cb288471afd7", "value": "vdcvn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007589", "to_ids": true, "type": "hostname", "uuid": "ada3c771-c16f-48de-89ab-fbebaabc94a6", "value": "video.philstar2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007610", "to_ids": true, "type": "hostname", "uuid": "42600707-eb4b-4064-9a90-cc43865f9fb4", "value": "viet.vnptnet.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007632", "to_ids": true, "type": "hostname", "uuid": "978ae52b-6b23-48fa-b9dd-e810ae61481e", "value": "viet.zdungk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007653", "to_ids": true, "type": "hostname", "uuid": "298324ea-564e-40f6-8e73-5da31a2f887a", "value": "vietnam.vnptnet.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007674", "to_ids": true, "type": "domain", "uuid": "fe98abe8-6270-4ba1-8cd2-cc0d9a5229ff", "value": "vietnamflash.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007695", "to_ids": true, "type": "hostname", "uuid": "c372f319-2d20-4f35-b054-88a7dc5ee0fe", "value": "vnet.fushing.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007716", "to_ids": true, "type": "hostname", "uuid": "1c31aa3f-6432-4494-ab4f-80baad69f07d", "value": "vnn.bush2015.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007738", "to_ids": true, "type": "hostname", "uuid": "9408ebc6-6dbc-47aa-9801-f7f065f58d36", "value": "vnn.phung123.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007759", "to_ids": true, "type": "hostname", "uuid": "1c5168c9-dd84-4603-8b47-0f87d8f7c36e", "value": "webmail.philstar2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007780", "to_ids": true, "type": "hostname", "uuid": "fd891a08-db44-4151-9045-c289a41cc210", "value": "www.bush2015.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007801", "to_ids": true, "type": "hostname", "uuid": "3fad27d6-7290-4b4a-b39e-cdcd691eacdf", "value": "yok.fushing.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007822", "to_ids": true, "type": "hostname", "uuid": "044ce624-0a78-42de-8aee-f598bbdfca9d", "value": "yote.dellyou.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007843", "to_ids": true, "type": "hostname", "uuid": "479b432c-e757-41a9-ad1d-80a44f6f576c", "value": "zing.vietnamflash.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007865", "to_ids": true, "type": "hostname", "uuid": "f17154d8-d6c3-4c1b-ae7e-429443dcfe8d", "value": "zingme.dungk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007886", "to_ids": true, "type": "hostname", "uuid": "4cc9d5a7-e7bd-492e-8dd2-5600e3ed8fc4", "value": "zingme.longvn.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007907", "to_ids": true, "type": "hostname", "uuid": "f5f12a9c-031e-4e61-94a7-d60ba0af5a65", "value": "zw.dinhk.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mongall C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007928", "to_ids": true, "type": "hostname", "uuid": "0cd0ef00-34e2-4433-ba49-2c34c9dbf7dd", "value": "zw.phung123.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Modified Heyoka C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007950", "to_ids": true, "type": "ip-dst", "uuid": "302db47e-facb-4b7a-80db-959739bad2b6", "value": "45.77.11.148", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Modified Heyoka C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007971", "to_ids": true, "type": "hostname", "uuid": "3aacae65-a3c3-4af2-9332-d512ed596c76", "value": "cvb.hotcup.pw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Modified Heyoka C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747007993", "to_ids": true, "type": "hostname", "uuid": "7baf7ddc-1cc3-4dea-9db5-95e6d2536d8e", "value": "dns.foodforthought1.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Modified Heyoka C2 Server", "deleted": false, "disable_correlation": false, "timestamp": "1747008014", "to_ids": true, "type": "hostname", "uuid": "9efbd9a9-17f7-400f-8cbe-7ea9fafeb109", "value": "test.facebookmap.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008035", "uuid": "7f93550e-a2cb-41cd-8215-79b990e92bcf", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008035", "to_ids": true, "type": "md5", "uuid": "931741f5-c673-4bba-9fc1-fde2d73b49ff", "value": "c26389b700fb0afb5f92ffe6284234f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757024", "to_ids": true, "type": "sha1", "uuid": "ce239c4e-e2cb-4144-bd4e-0e88bdd739a2", "value": "a96caf60c50e7c589fefc62d89c27e6ac60cdf2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757024", "to_ids": true, "type": "sha256", "uuid": "6fe97431-6969-42aa-a591-c963c6d05a28", "value": "ea36f9de5f904c44fb8444d5c349c5a9edff13a2571ed1641caf57656442e8bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757024", "to_ids": true, "type": "ssdeep", "uuid": "a849cfac-7f3e-45b7-96d0-d304ec66cc3f", "value": "24576:guEjVueeA56XC1gQJ8HFspVEll/C3z6JiaRCRAFg3XePpkTAPb1G0bsStwQdleee:nEjVoA5d+k8lsHQ63Myu3PBGJMdlee" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757024", "to_ids": false, "type": "size-in-bytes", "uuid": "c85ec275-6e7d-4ba3-ab32-38752ea055b2", "value": "1740800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757024", "to_ids": true, "type": "vhash", "uuid": "c6b5cc54-8426-4b53-b9f9-58aafb7413b4", "value": "01606f7d0d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757024", "to_ids": true, "type": "filename", "uuid": "5aa6d2c4-5294-48c8-a2ee-a98f3d38e9d4", "value": "example.txt" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757024", "to_ids": false, "type": "text", "uuid": "d547965d-a71c-4aee-b1b6-d6057e7defff", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:57/72\nFirst Submission:2016-11-16T02:44:37.000000+00:00\nLast Submission:2025-04-28T17:33:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008057", "uuid": "1d1d949e-cc7a-4677-8808-196af0cf3cfb", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008057", "to_ids": true, "type": "md5", "uuid": "44890cf4-6464-496a-b6c5-1d156679d44b", "value": "387cec382766f78e3af6b370b73183bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757046", "to_ids": true, "type": "sha1", "uuid": "949c3c2d-65ad-4ff1-a570-d7108e112e34", "value": "ccccf5e131abe74066b75e8a49c82373414f5d95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757046", "to_ids": true, "type": "sha256", "uuid": "5f103cab-aafc-46da-8e4a-1fb850c839ba", "value": "b766590eda1f7a929b6db007502a177f92e66fed17bcddd4a3affdf038689aa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757046", "to_ids": true, "type": "ssdeep", "uuid": "93e93b8e-647f-48ca-9ef1-189abf41ebe1", "value": "1536:FTZlfVYqZrkSbr1PUorVNlNVmAmfNLowq4lA9Ekh4zTtA2:F9lfJZrkY1P/NlO52wq4xTtA2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757046", "to_ids": false, "type": "size-in-bytes", "uuid": "79463d48-48e2-485b-9b3b-49e0f0ea2d07", "value": "78336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757046", "to_ids": true, "type": "vhash", "uuid": "212b2950-368e-4938-a3f8-d68ee926f44d", "value": "174046151d151bzcnz1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757046", "to_ids": true, "type": "filename", "uuid": "0b65ed76-03a1-44ef-b2d9-c90b89242093", "value": "b766590eda1f7a929b6db007502a177f92e66fed17bcddd4a3affdf038689aa6.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/01/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757046", "to_ids": false, "type": "text", "uuid": "e0d272ac-c26b-420c-9a63-8b4a35ea8277", "value": "Mongall\r\nType Description: Win32 DLL\nMicrosoft: TrojanDropper:Win32/Krowod.A\nVT Total Detection:55/72\nFirst Submission:2013-10-01T03:25:02.000000+00:00\nLast Submission:2022-06-10T08:25:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008079", "uuid": "dbf290a9-a46b-4ff7-93f1-40e7b2f3c82c", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008079", "to_ids": true, "type": "md5", "uuid": "b4f6b5cc-5b5a-4642-93b9-dcbda84ea6b4", "value": "f073515cbd0e4590e1a02805b11299a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757067", "to_ids": true, "type": "sha1", "uuid": "999ccfbf-137f-4d0f-ac29-91f906d255d9", "value": "5408f6281aa32c02e17003e0118de82dfa82081e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757067", "to_ids": true, "type": "sha256", "uuid": "bbf03c4c-5eea-441e-b6ba-88c219798bf2", "value": "8a853c6c2a62e236e585f09036057b9825d4690c6cb980486376f6a06012faa4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757067", "to_ids": true, "type": "ssdeep", "uuid": "cc8c9f9d-8ae2-45f5-b7ef-ea07d4b4e5db", "value": "1536:ATZlfVYqZrkSbr1PUorVNlNVmAmfNLowq4lA9Ekh4zTtA2:A9lfJZrkY1P/NlO52wq4xTtA2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757067", "to_ids": false, "type": "size-in-bytes", "uuid": "3ed24088-f32c-4201-acf5-04629a0d63e9", "value": "78336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757067", "to_ids": true, "type": "vhash", "uuid": "16e91f47-734b-497d-b51c-9f4f06f84a33", "value": "174046151d151bzcnz1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757067", "to_ids": true, "type": "filename", "uuid": "b3abf1c8-2f8f-405f-a2e9-883df9f7e782", "value": "f073515cbd0e4590e1a02805b11299a4.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757067", "to_ids": false, "type": "text", "uuid": "dbb66e03-e47c-4d59-871d-23914403c94b", "value": "Mongall\r\nType Description: Win32 DLL\nMicrosoft: TrojanDropper:Win32/Krowod.A\nVT Total Detection:56/71\nFirst Submission:2013-09-25T14:18:30.000000+00:00\nLast Submission:2013-09-25T14:18:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008102", "uuid": "bf23fe41-f3ed-4bb7-8f71-d0d15d4dfe71", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008102", "to_ids": true, "type": "md5", "uuid": "a2916b61-9b1d-4b48-8477-2ca3d4bc078a", "value": "5b1cf30e372c9fee9b9b661148271c05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757088", "to_ids": true, "type": "sha1", "uuid": "5029c552-59f9-42f8-ae66-a70b8fa4dd2c", "value": "a37bb5caa546bc4d58e264fe55e9e9155f36d9d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757088", "to_ids": true, "type": "sha256", "uuid": "34b29697-468c-493f-8c5c-f8a08462412f", "value": "8161284cd84c2cc79d7ee7c00171bc0ce7259380637af66091ac45d11da7df8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757088", "to_ids": true, "type": "ssdeep", "uuid": "4659cc42-23fb-4e25-9d7f-058932c77b38", "value": "768:H8BjAeGtaLj6y6+X0fAiO3mQtaIXCTRrfhF5Vy8ackofn2XEDoEzBwIuH:cBHGQLBPkfaHtaaCTPFackYW7H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757088", "to_ids": false, "type": "size-in-bytes", "uuid": "2b0813de-b32b-465a-8451-5342923698b7", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757088", "to_ids": true, "type": "vhash", "uuid": "45fbcb9c-0702-41b0-98ef-53a591ed5bfb", "value": "064056655d15551az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757088", "to_ids": true, "type": "filename", "uuid": "cc350780-8e00-437e-af11-778d80346ebc", "value": "dw20.EXE" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 19/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757088", "to_ids": false, "type": "text", "uuid": "f9d9c8c0-e6ba-43df-995f-68ae14230327", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:53/73\nFirst Submission:2013-07-15T01:44:38.000000+00:00\nLast Submission:2017-10-26T18:55:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008123", "uuid": "763b50ae-846a-47c4-b4f6-a5cb41732f69", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008123", "to_ids": true, "type": "md5", "uuid": "d76eb55b-87ea-4f26-abd4-4229a3657b18", "value": "dd02118543e48aab3c3485d91dd51349", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757110", "to_ids": true, "type": "sha1", "uuid": "61b3dc5e-dba3-4319-befb-cae677fb8b45", "value": "779fa3ebfa1af49419be4ae80b54096b5abedbf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757110", "to_ids": true, "type": "sha256", "uuid": "1f4d04e2-abe9-4b06-983d-5a217dd239f3", "value": "00280dbca465454f52778f032f45ba171588864c20e0f8dcac74bacc370e32c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757109", "to_ids": true, "type": "ssdeep", "uuid": "49c99576-acd6-4f18-807b-556d9626cbea", "value": "1536:mytSTqwtKV3Eyba1IUifirVgQ9w0fLJx/XY1kC9WWEfD2uvUSy:HSTgV3EJ1Imvv9x1WEL2u8S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757109", "to_ids": false, "type": "size-in-bytes", "uuid": "8246a132-b81e-4153-aa59-a488cedc7f6e", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757109", "to_ids": true, "type": "vhash", "uuid": "0536702e-4d8a-4b6c-8537-87484adb77ca", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757109", "to_ids": true, "type": "filename", "uuid": "b9212535-b8cc-49f5-9f7d-1081506a2d12", "value": "BkavPro.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 02/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757109", "to_ids": false, "type": "text", "uuid": "aaa0e7d2-c081-4b73-a013-ba048d7bb97c", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:57/72\nFirst Submission:2014-12-12T04:58:20.000000+00:00\nLast Submission:2022-06-10T08:25:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008144", "uuid": "6b7aa728-44c3-43f2-bf9f-78710d0f08e9", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008144", "to_ids": true, "type": "md5", "uuid": "e92e4bb0-4089-496c-89d8-ff1a65dfa9db", "value": "f1c3f556e232aee253141a71cfaf95fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757131", "to_ids": true, "type": "sha1", "uuid": "482c10f4-8073-464f-94db-dd479d3d6bce", "value": "2748cbafc7f3c9a3752dc1446ee838c5c5506b23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757131", "to_ids": true, "type": "sha256", "uuid": "9c087b07-b607-4b69-8722-792b3036f2d6", "value": "5d0356adf5843fa448d558b8f0f0f7cda32e51f1ffeb56e38db8fd6b06f34049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757130", "to_ids": true, "type": "ssdeep", "uuid": "1f82bda8-6d19-4613-8b62-0cacabd2219f", "value": "49152:M+l4MCn3OAEuMLxmeGxcG1JJcW/TOMuZ41untksvWimPP:nE3OvmeGxj1JJcWrONZ4gn2sei" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757130", "to_ids": false, "type": "size-in-bytes", "uuid": "5b16725c-2944-409b-aeaf-da29a84eff9b", "value": "2372608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757130", "to_ids": true, "type": "vhash", "uuid": "84eebf03-fb38-4ae7-9563-c88b4a4d29b3", "value": "02606f7d1d1f1f7f51z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757130", "to_ids": true, "type": "filename", "uuid": "50a068c3-5e29-4c7a-81ab-44d4818bb3a1", "value": "browsers.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757130", "to_ids": false, "type": "text", "uuid": "f5482939-728f-4fb4-a099-61cc1043d06b", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:59/72\nFirst Submission:2018-05-11T04:02:34.000000+00:00\nLast Submission:2018-05-16T16:18:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008165", "uuid": "fc4715c1-c4b6-4c84-840d-b4e37a738a5f", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008165", "to_ids": true, "type": "md5", "uuid": "999c93f8-0ed0-47cf-ba58-f1b0aaa28add", "value": "394d436e51728afe51f03e8469f9d9a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757152", "to_ids": true, "type": "sha1", "uuid": "422feb7e-0533-4270-a278-659ac8eb5929", "value": "eaf9fbddf357bdcf9a5c7f4ad2b9e5f81f96b6a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757152", "to_ids": true, "type": "sha256", "uuid": "01446a84-e147-4af0-af69-e35093d74da0", "value": "67c470e18c423d3bc4af934c719a462bd30e5d30f98ff8dd4526e3b9a8f605e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757151", "to_ids": true, "type": "ssdeep", "uuid": "4b6fc46e-270d-4a9a-94da-022bb5aec3e5", "value": "49152:kD6kLYO5Itbf/DOUzrHWCzVmIp14dvGFp2rzLHokuFt7YBWoZiP+4MXf8t8k+:kufO5ItT6UtVP14DrzLNuFt7YdgA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757151", "to_ids": false, "type": "size-in-bytes", "uuid": "9e12cc00-0407-4a98-8070-f0a2bf40fc9e", "value": "2929664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757151", "to_ids": true, "type": "vhash", "uuid": "b98a17a6-15da-4da7-a3ab-d389fedc6075", "value": "02606f7d1d1f1f7f51z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757151", "to_ids": true, "type": "filename", "uuid": "a83636bd-8b02-442a-8b9a-edf6b628ba12", "value": "Chrome1.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757151", "to_ids": false, "type": "text", "uuid": "d0b64474-d5ed-44ee-87c7-0fded030febb", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Bladabind!MSR\nVT Total Detection:59/72\nFirst Submission:2018-01-22T02:22:48.000000+00:00\nLast Submission:2018-01-22T03:09:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008186", "uuid": "6ced81c7-fbd1-48b0-a64f-bc9dff08efaa", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008186", "to_ids": true, "type": "md5", "uuid": "83b38b5b-bcb9-4f95-b310-026e74c00bf3", "value": "6526ae8be60f5f6aef148aa8649998f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757173", "to_ids": true, "type": "sha1", "uuid": "a7ec1a77-2a10-4770-a0a4-84ab35b34a6b", "value": "6380b7cf83722044558512202634c2ef4bc5e786", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757173", "to_ids": true, "type": "sha256", "uuid": "f86ab337-0fc9-4f79-9e70-1c6fe973e8ae", "value": "dc89aa7f03d627fc84f4ecd0f3529a42ebc157160fe44f413b921394fd1131e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757173", "to_ids": true, "type": "ssdeep", "uuid": "b7198c58-ce00-42ca-9192-2f90d07e07ca", "value": "49152:q8G+lLeRKEnA35jBgFu/PDjaEk+/zGtYKuhU3LlIY8mc/J01n9XmscRsg58Puy4G:vVSRKEnAR3D5/a7uhUBIxhk9luC5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757173", "to_ids": false, "type": "size-in-bytes", "uuid": "09839c14-5856-4437-8c6d-0e73ac8ac23f", "value": "3590656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757173", "to_ids": true, "type": "vhash", "uuid": "fe74a038-a196-449a-88a5-4c034e79954f", "value": "03606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757173", "to_ids": true, "type": "filename", "uuid": "9870d5bf-1beb-405b-90f6-786d8785d87e", "value": "DropBox.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757173", "to_ids": false, "type": "text", "uuid": "7a0f38da-c768-4de5-bff2-020ec78e0e09", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:62/72\nFirst Submission:2017-11-08T02:48:20.000000+00:00\nLast Submission:2017-12-10T17:52:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008209", "uuid": "e073bdba-cc23-44c2-bfb6-b356daea0d0b", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008209", "to_ids": true, "type": "md5", "uuid": "8c075575-892a-4296-ac0f-193af5daffb5", "value": "accbf1a3cb0ede1aaad848075edc56f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757194", "to_ids": true, "type": "sha1", "uuid": "7fa0370c-7d63-4a4d-a64b-98f2f342d2c4", "value": "31cddf48ee612d1d5ba2a7929750dee0408b19c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757194", "to_ids": true, "type": "sha256", "uuid": "7c1c178a-c713-4b4d-97c3-2a0248a4e308", "value": "4ad6f2e3158593e98aecaf70a248e6bf87744db6cedc839393119572a4befb57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757194", "to_ids": true, "type": "ssdeep", "uuid": "b45ba3ef-04cf-4021-8b3b-153435f0d322", "value": "98304:dDJZ0Y1d5gWQ/1UeX8ZPBVNmymQ/caxnVjAColZFSafZSniR5EKe1ASalmMW:dFNrglF8D7t/9xVEpnZSifEVCZW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757194", "to_ids": false, "type": "size-in-bytes", "uuid": "14d48a1c-3f9f-49b7-a8a8-ddb92fc5b939", "value": "5984768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757194", "to_ids": true, "type": "vhash", "uuid": "d349279f-5752-4032-9ad5-5f23cd821034", "value": "05606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757194", "to_ids": true, "type": "filename", "uuid": "e3d0a633-66ae-425c-8ca8-d89d70a32d69", "value": "kis.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757194", "to_ids": false, "type": "text", "uuid": "9cf15907-dd56-4254-a87c-527056eece58", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:58/72\nFirst Submission:2017-12-27T02:10:15.000000+00:00\nLast Submission:2022-10-05T11:40:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008230", "uuid": "46611367-ad8d-432d-9f43-1f3a9499c517", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008230", "to_ids": true, "type": "md5", "uuid": "8871cd27-79ec-43da-ad72-ec8367122ad1", "value": "376771e60ff41f6d2ad88d8dffcec0ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757215", "to_ids": true, "type": "sha1", "uuid": "c3062eba-6445-4413-8b90-f5c34c393bf6", "value": "677cdfd2d686f7148a49897b9f6c377c7d26c5e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757215", "to_ids": true, "type": "sha256", "uuid": "35dcd025-5c59-471e-ad11-2310e0b35d05", "value": "f8f726e5b0f896c6a0c757c914a17a7a23c85b962423631a4a6b56a700f830bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757215", "to_ids": true, "type": "ssdeep", "uuid": "fa233d6a-afd1-4606-ae3e-384161b001a7", "value": "98304:2SRXwMK0OxFr3L9477/kKxx9O6lWOrq5yHF4AQtuiy+cO:7g//rL947/kSOvSq5k4AGTy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757215", "to_ids": false, "type": "size-in-bytes", "uuid": "74a3a7c3-a04d-4899-9d8f-08eb25fa25d6", "value": "4810752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757215", "to_ids": true, "type": "vhash", "uuid": "2c602d52-834c-4f32-ae4f-e7254bbc9977", "value": "04606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757215", "to_ids": true, "type": "filename", "uuid": "1b8168ad-6d78-496d-9a6c-6ad75e140bb8", "value": "kis.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757215", "to_ids": false, "type": "text", "uuid": "b61ecfcc-9d66-4424-9b2c-c08c448cc32a", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:59/71\nFirst Submission:2021-04-06T07:26:30.000000+00:00\nLast Submission:2025-04-08T13:26:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008251", "uuid": "c8b297b8-2f27-401a-8f76-a53b14642b7c", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008251", "to_ids": true, "type": "md5", "uuid": "aff31b54-e6c5-49a5-a184-28ec387d9e8f", "value": "ed6f6a57082344c193ebbf1b4ec7e6f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757237", "to_ids": true, "type": "sha1", "uuid": "ca9b3192-5aff-4f5d-8681-a49a99ca8c61", "value": "911e4e76f3e56c9eccf57e2da7350ce18b488a7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757237", "to_ids": true, "type": "sha256", "uuid": "2870b093-cc42-47f6-b823-c805f2da5446", "value": "c499f30d7d3856c26319661996b11ddf1668e4255a082f9e28f6bbf8d557b8a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757236", "to_ids": true, "type": "ssdeep", "uuid": "8b19b963-cf3c-4535-a9d3-17c9f85f05db", "value": "49152:XCMtuEIZO+HiSJMHTI/UH/gtqYbcrgCAU:SMsvHijHTIUfg28k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757236", "to_ids": false, "type": "size-in-bytes", "uuid": "b9f38d17-7bad-4d40-a608-2d3a68983770", "value": "1776128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757236", "to_ids": true, "type": "vhash", "uuid": "492498ae-f22f-4a6c-aa16-86f03876206f", "value": "01606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757236", "to_ids": true, "type": "filename", "uuid": "b0e8a0db-3c1d-49a7-bab4-9a8a8fd0c5a3", "value": "McUpdate1.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757236", "to_ids": false, "type": "text", "uuid": "94a6fcdd-d3e9-48dc-aa23-258ad66cb2c2", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:63/72\nFirst Submission:2017-03-20T04:51:19.000000+00:00\nLast Submission:2017-12-08T03:45:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008272", "uuid": "68145f5e-8145-461c-b7f8-235ab63d0fd7", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008272", "to_ids": true, "type": "md5", "uuid": "10b3be5a-65d8-45e1-bb01-afdc6ded30b2", "value": "9daf7745f6c9cb18ad84f52361d80284", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757258", "to_ids": true, "type": "sha1", "uuid": "9ebcfb6d-457e-4820-be39-4988763e8059", "value": "c6b061b0a4d725357d5753c48dda8f272c0cf2ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757258", "to_ids": true, "type": "sha256", "uuid": "a96104c5-f9ea-463e-a772-db6893343bf0", "value": "a70a76483d53f44fb3a36fce6f2538e303d7b5c26d04d1b4843a085876ee9c5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757257", "to_ids": true, "type": "ssdeep", "uuid": "7a8e9ce7-8e58-4c5c-840d-f6c5a93ea40f", "value": "49152:zW8pCYTBjCf1YfXVU999LgWb+GEzI7KotFV1+5SA9qNfOhIudvAR33BOoU+CDdQF:zW76BjSCFon+GEc4Y2hIAmBYJS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757257", "to_ids": false, "type": "size-in-bytes", "uuid": "c252d2de-7ee1-45e7-91ed-44f69f5033ac", "value": "2642944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757257", "to_ids": true, "type": "vhash", "uuid": "01cca187-3b05-415e-9059-bf537493cc6c", "value": "02607f7d1d1f1f7f1f61z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757257", "to_ids": true, "type": "filename", "uuid": "60d13b79-1576-4da0-8b08-540c1bb1e3a9", "value": "ONENOTEM.EXE" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757257", "to_ids": false, "type": "text", "uuid": "ab30c747-d5c8-4bd0-a024-ba1ac114df22", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:60/72\nFirst Submission:2017-11-08T09:27:13.000000+00:00\nLast Submission:2017-12-08T02:49:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008293", "uuid": "db06a354-b7ee-4433-af90-2474c36f0ae7", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008293", "to_ids": true, "type": "md5", "uuid": "866ca19b-c351-4e1a-96ce-b101a4e87eb2", "value": "0d36e0e0d0f720205146df67cf8719c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757279", "to_ids": true, "type": "sha1", "uuid": "65e5d54f-6775-48ce-b542-f173f835e873", "value": "dc7436e9bc83deea01e44db3d5dac0eec566b28c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757279", "to_ids": true, "type": "sha256", "uuid": "a3baec2c-6d9f-47b5-aaee-f72f2952eee3", "value": "4ae1e40f2c3e552269c8e6c98ad85ecb3bbf28f0ad9daf844f63e0184fbde517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757279", "to_ids": true, "type": "ssdeep", "uuid": "ebbd1a00-3450-457a-a771-0492480d42e3", "value": "1536:mytSTSw4KV3Eyba1IUifirVgQ9w0fLJx/XY1kK9WWEfD2unUSy:HSTPV3EJ1Imvv9x9WEL2uUS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757279", "to_ids": false, "type": "size-in-bytes", "uuid": "4983b859-32eb-419c-b611-6ac13b465502", "value": "75777" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757279", "to_ids": true, "type": "vhash", "uuid": "727b7eeb-3c04-4241-9da1-165826ee2b23", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757279", "to_ids": true, "type": "filename", "uuid": "fbdd35b9-3baa-41a6-b1fb-3c21d058aebe", "value": "rmgTcy.gif" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757279", "to_ids": false, "type": "text", "uuid": "b6d77119-92e3-403f-8ea8-9008cdab5374", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Korplug!MSR\nVT Total Detection:59/71\nFirst Submission:2014-04-23T18:02:12.000000+00:00\nLast Submission:2022-06-10T08:26:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008314", "uuid": "ebb2d3f1-63cd-4657-90e0-3a7be5c513e7", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008314", "to_ids": true, "type": "md5", "uuid": "ba60dc59-5559-42c0-94fd-95c3b1b80b3b", "value": "ba6f3eb41867aa53fcc366bd1e2d94e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757301", "to_ids": true, "type": "sha1", "uuid": "d786d3ea-21a4-4395-89af-b7e5ab36f8b7", "value": "5cd555b2c5c6f6c6c8ec5a2f79330ec64fab2bb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757301", "to_ids": true, "type": "sha256", "uuid": "7aee69e9-72f0-49dc-b1af-6b9cf93afcb7", "value": "145a59f66be1d10bc93e4359dbda3c118acf63bdf38a888ca7cf3ad1cad02e08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757301", "to_ids": true, "type": "ssdeep", "uuid": "bd039343-6075-41d1-a151-cca998e10cae", "value": "1536:mytSTqw8KV3Eyba1IUifirVgQ9w0fLJx/XY1kC9WWEfD2uvUSy:HSTLV3EJ1Imvv9x1WEL2u8S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757301", "to_ids": false, "type": "size-in-bytes", "uuid": "ca5d3742-5ab1-4e68-9e91-32f4a57c5f46", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757301", "to_ids": true, "type": "vhash", "uuid": "5e878b90-0420-4939-ba78-66437b82968a", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757301", "to_ids": true, "type": "filename", "uuid": "b20fd384-fe8b-4519-a7aa-5b65a37a70c1", "value": "145a59f66be1d10bc93e4359dbda3c118acf63bdf38a888ca7cf3ad1cad02e08.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757301", "to_ids": false, "type": "text", "uuid": "823a4aff-ce7c-4f1f-ae5d-3f07e53ba96b", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:53/68\nFirst Submission:2014-10-25T11:18:29.000000+00:00\nLast Submission:2022-06-10T08:24:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008335", "uuid": "4b2fe28c-0eed-430e-af03-d768bf64e702", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008335", "to_ids": true, "type": "md5", "uuid": "dba89002-8993-4b10-9353-b8b224de1372", "value": "2857d0191b842c86915e64a71c235f6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757323", "to_ids": true, "type": "sha1", "uuid": "36f0107c-514b-483a-8c45-d071588499a6", "value": "668180ed487bd3ef984d1b009a89510c42c35d06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757323", "to_ids": true, "type": "sha256", "uuid": "96fdf44b-aeb7-4dc8-9949-683db4ad863a", "value": "ba2f127e3d8cecf71586cff213ab1436a716ad8d4783a43c183331ae4495dbb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757322", "to_ids": true, "type": "ssdeep", "uuid": "c44937fa-6998-44c3-a881-b4454b182101", "value": "98304:NDJZ0Y1d5gWQ/1UeX8ZPBVNmymQ/caxnVjAColZFSafZSniR5EKe1ASalmMW:NFNrglF8D7t/9xVEpnZSifEVCZW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757322", "to_ids": false, "type": "size-in-bytes", "uuid": "e1e4a1f9-63d6-4c43-8f7a-ff48364ce2e7", "value": "5984768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757322", "to_ids": true, "type": "vhash", "uuid": "3a36074e-0ecc-4d96-b57b-55841aeb3219", "value": "05606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757322", "to_ids": true, "type": "filename", "uuid": "2943ea00-ee52-4e1f-8856-8f531df2f9a2", "value": "kis.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757322", "to_ids": false, "type": "text", "uuid": "ba4b3273-2734-46b5-90c2-d83d6b5756a5", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/CryptInject!MSR\nVT Total Detection:54/68\nFirst Submission:2022-06-11T06:55:58.000000+00:00\nLast Submission:2022-06-11T06:55:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008358", "uuid": "5bfb7a80-3cac-4b1c-9a87-bcbd40c04c9a", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008358", "to_ids": true, "type": "md5", "uuid": "763f66de-a1f2-4aa6-89ea-27afe3676a91", "value": "1495df2dfd917e7c4dcecdd309ad6f57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757344", "to_ids": true, "type": "sha1", "uuid": "c64c59ab-465c-44d4-9f7c-7cf2b639db01", "value": "28a23f1bc69143c224826962f8c50a3cf6df3130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757344", "to_ids": true, "type": "sha256", "uuid": "4b5522ba-1279-4a6b-8cb4-264f478a55c4", "value": "6a7b920fda34add0b394ffda89ef6ae653c77a3d4e475ff30cd8c8324506ecee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757344", "to_ids": true, "type": "ssdeep", "uuid": "2a986680-76ba-4440-ad86-239ba3402a7b", "value": "98304:VI5I8/Iw52uzSn7SbXhh/1tW8BykD+rg5eYtyMcoh:VI2EIxumncNM8B1D0n6kE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757344", "to_ids": false, "type": "size-in-bytes", "uuid": "20202348-3331-4c4d-9106-6fbf085f8c13", "value": "4369408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757344", "to_ids": true, "type": "vhash", "uuid": "ffd0a369-a1ac-47e5-a285-84cbf8d423d7", "value": "04606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757344", "to_ids": true, "type": "filename", "uuid": "225b93e6-4dca-4c23-8326-762d083ddff7", "value": "kis.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757344", "to_ids": false, "type": "text", "uuid": "216622c7-2085-4e5c-8dea-bb4b32b0a511", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mongall!MSR\nVT Total Detection:58/72\nFirst Submission:2015-09-02T11:24:17.000000+00:00\nLast Submission:2015-09-02T11:24:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008379", "uuid": "52f47416-68ca-4523-9b8f-b729aeceac40", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008379", "to_ids": true, "type": "md5", "uuid": "9f856bc5-fe99-4752-8de1-e99c4d030444", "value": "1cd9bffee461b0c5ed4bc1c2133c5411", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757365", "to_ids": true, "type": "sha1", "uuid": "174b9fb3-b65b-40ff-a4a0-5e758b63dbe5", "value": "ab81f911b1e0d05645e979c82f78d92b0616b111", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757365", "to_ids": true, "type": "sha256", "uuid": "c51966ff-8381-4d98-8480-4c8bfcd32ea2", "value": "db6f5c41c94abfa4f3bade1d61ca2842a95b8fe739be9151cd14e97fd120b013", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757365", "to_ids": true, "type": "ssdeep", "uuid": "698d071b-79a5-4021-bf4a-3e2cb83b7f67", "value": "1536:ZytSTSw4KV3Eyba1IUifirVgQ9w0fLJx/XY1kK9WWEzD2u3USy:kSTPV3EJ1Imvv9x9WE32uES" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757365", "to_ids": false, "type": "size-in-bytes", "uuid": "7d4d9889-b449-4616-bc5e-14cbe7be5286", "value": "75777" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757365", "to_ids": true, "type": "vhash", "uuid": "95438876-10a2-484c-a275-22b1daeb4c0f", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757365", "to_ids": true, "type": "filename", "uuid": "870cdf1d-8a25-451d-ae9c-f33edc0f82e8", "value": "vt-upload-jsWLe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757365", "to_ids": false, "type": "text", "uuid": "705ee4d1-b9e2-45ce-89b4-be0222a07b84", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:54/67\nFirst Submission:2014-02-22T22:44:13.000000+00:00\nLast Submission:2016-05-24T14:24:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008401", "uuid": "237e98db-0d60-4d98-995b-21fec6e8b659", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008401", "to_ids": true, "type": "md5", "uuid": "f4dd28dd-43aa-42b2-98da-c4af1caa35df", "value": "80614c9f28e197ea3838f534c766dfb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757386", "to_ids": true, "type": "sha1", "uuid": "4640e178-cabf-44a9-a4ab-fe0ee822e2b2", "value": "47215f0f4223c1ecf8cdeb847317014dec3450fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757386", "to_ids": true, "type": "sha256", "uuid": "f5d9758a-7967-41a0-9310-da3d2af45a3e", "value": "8f297abdbe59b2716634c42498219665059a4b4c0497dc863c51a2b4e15c8522", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757386", "to_ids": true, "type": "ssdeep", "uuid": "b399f057-cba6-49f2-81ae-be90c2441f1e", "value": "1536:UZlfVYqZrkSbr1PUorVNlNVmAmfNLowq4lA9Ekh4zTtA2:alfJZrkY1P/NlO52wq4xTtA2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757386", "to_ids": false, "type": "size-in-bytes", "uuid": "b38643f5-3964-4501-bb44-4d612570d47a", "value": "75264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757386", "to_ids": true, "type": "vhash", "uuid": "02529e69-cf19-447e-965d-7bb42a6efea7", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757386", "to_ids": true, "type": "filename", "uuid": "ec81f22c-3db6-428c-9edc-1564599cfeca", "value": "thmanoon.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757386", "to_ids": false, "type": "text", "uuid": "7eb66a86-e853-4e32-8984-b69676147b46", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:53/68\nFirst Submission:2013-08-30T02:12:16.000000+00:00\nLast Submission:2013-08-30T02:12:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008425", "uuid": "5212c3b0-dee8-4fbf-a66b-46b1ea37812c", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008425", "to_ids": true, "type": "md5", "uuid": "adaae77c-4c61-4fe6-8cc1-4cb74548cfa9", "value": "718ede5180a0e6f0fc819375c5d1f744", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757407", "to_ids": true, "type": "sha1", "uuid": "a63a7bd5-c4bb-44bf-93e8-0e27029ef40b", "value": "061439a3c70d7b5c3aed48b342dda9c4ce559ea6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757408", "to_ids": true, "type": "sha256", "uuid": "5e0a0a7f-ea36-42f9-a25e-ba11ab7e1ab4", "value": "b0b5e8f5f5ff913c7a33f435af3f01eed23c51104c4721fe2d1cdf3d7d8e13ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757407", "to_ids": true, "type": "ssdeep", "uuid": "25f92b37-f1de-4c3e-b5f5-a3923490a10a", "value": "1536:UZlfVYqZrkSbr1PUorVNlNVmAmfNLowq4lA9Ekh4zTtA2:alfJZrkY1P/NlO52wq4xTtA2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757407", "to_ids": false, "type": "size-in-bytes", "uuid": "060c79b6-8ed9-4272-b2ad-4decec7957f9", "value": "75264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757407", "to_ids": true, "type": "vhash", "uuid": "b795066e-f20b-4697-a197-583e91a46450", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757407", "to_ids": true, "type": "filename", "uuid": "a7d6a9e3-fcdb-476d-a16f-b7b5ec10ae08", "value": "718ede5180a0e6f0fc819375c5d1f744.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 23/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757407", "to_ids": false, "type": "text", "uuid": "5402f5a8-d26b-4295-8939-9280da7ad886", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:54/66\nFirst Submission:2013-10-01T03:25:02.000000+00:00\nLast Submission:2013-10-01T03:25:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008447", "uuid": "ae2b1fd5-1959-431c-9b35-353085b516a6", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008447", "to_ids": true, "type": "md5", "uuid": "f56377a6-ce8b-4995-bdd0-43f4252c3b78", "value": "55438d73606b8b763d688a0a5142f0a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757429", "to_ids": true, "type": "sha1", "uuid": "6ce70488-58ad-41df-842a-c645c124bc5a", "value": "aa83d81ab543a576b45c824a3051c04c18d0716a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757429", "to_ids": true, "type": "sha256", "uuid": "db3c6f53-18f7-4877-a09e-3f8035e31590", "value": "85b8d08df40efdc9b99bf8bbd982fda22d733f610538ebb66bd62614eea184fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757428", "to_ids": true, "type": "ssdeep", "uuid": "ea1c886c-8ccb-4b09-bdcf-a3433d61b4ec", "value": "768:ws1+xPFfCtIhSCSyM+B0fAYO3CmwPAqlGJqdhhNf38BcktHgn2XEDs7zBwIuMCjC:AMtIhS29ifMdOA+GJMhMckwN7BW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757428", "to_ids": false, "type": "size-in-bytes", "uuid": "3a3d4852-d584-4aff-b6f0-229fcf68ef83", "value": "62464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757428", "to_ids": true, "type": "vhash", "uuid": "85242354-d8d8-4d66-8570-97a2e29b4d9e", "value": "064056655d15551az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757428", "to_ids": true, "type": "filename", "uuid": "60c0f97c-107e-4d03-a869-f1db86babf70", "value": "3.tmp" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757428", "to_ids": false, "type": "text", "uuid": "503ab869-4427-46ff-aa27-993e278aafc1", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/Oadfag.A\nVT Total Detection:52/68\nFirst Submission:2013-10-22T15:42:38.000000+00:00\nLast Submission:2015-03-12T05:54:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008468", "uuid": "d909e223-9404-417e-82af-552df7d38ff3", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008468", "to_ids": true, "type": "md5", "uuid": "49963e9f-5ac2-42a8-8440-82f5df00c815", "value": "1e78f9949f7dc8200e552e1cad51492a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757450", "to_ids": true, "type": "sha1", "uuid": "6fc42ce2-a5bf-4cdf-a8aa-41cbe96ed613", "value": "43d9d286a38e9703c1154e56bd37c5c399497620", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757450", "to_ids": true, "type": "sha256", "uuid": "82e22bf5-4bc5-44f2-9be1-261f5daf6eee", "value": "d69b6745204e6e5dff639ab0d2ac7f70f247d51eeff766d69e4518dcb868ae01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757450", "to_ids": true, "type": "ssdeep", "uuid": "d982818e-aab3-477d-88e3-e3ed7ad35a1a", "value": "768:ws1+xPFfCtIhSCSyM+B0fAYO3CmwPAqlGJqdhhNf38BcktHgn2XEDs7zBwIufCjC:AMtIhS29ifMdOA+GJMhMckwN7QW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757450", "to_ids": false, "type": "size-in-bytes", "uuid": "a67fb598-96b9-4d50-a85f-0076c9894ec7", "value": "62464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757450", "to_ids": true, "type": "vhash", "uuid": "a31c0a0f-67de-440b-b89d-4a8b51746ba7", "value": "064056655d15551az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757450", "to_ids": true, "type": "filename", "uuid": "39a6b18e-4772-4d5b-8373-8d87d11957be", "value": "vt-upload-356mU" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757450", "to_ids": false, "type": "text", "uuid": "fb6ffa7c-b3dc-44d1-be52-a036978585d5", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: TrojanDropper:Win32/CryptInject!MSR\nVT Total Detection:52/68\nFirst Submission:2013-11-06T23:32:52.000000+00:00\nLast Submission:2013-11-06T23:32:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008490", "uuid": "6d6c62b8-a9da-4215-a18b-884575ab6eb2", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008490", "to_ids": true, "type": "md5", "uuid": "e03b7bb9-7893-4d2d-b920-b42b8a2cbae1", "value": "672da96fd6c9b07cfa56c479d18d2829", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757471", "to_ids": true, "type": "sha1", "uuid": "3e837311-3b81-4e5c-8d9a-e6a3c8ba409a", "value": "435f943d20ab7b3ecc292e5b16683a94e50c617e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757471", "to_ids": true, "type": "sha256", "uuid": "bbc44ff4-a115-4a79-983d-3110f7b10ccd", "value": "079e3723943da72280ff913b8f8be66a9d11cd76dcd63606ce5cd5bac966a45c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757471", "to_ids": true, "type": "ssdeep", "uuid": "e4e50818-9cd1-476c-bed7-081d242d76ca", "value": "1536:GI9sngxVej6X6JvfjVxUorSa2h0pNZrQvJkknmKui1:bSyVf6JvBxcaD3BumKui" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757471", "to_ids": false, "type": "size-in-bytes", "uuid": "b8060a6a-9de2-44f1-9ebe-e79f1bfba199", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757471", "to_ids": true, "type": "vhash", "uuid": "3ec68013-d766-4f2e-96a6-ae606f46689b", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757471", "to_ids": true, "type": "filename", "uuid": "32d319b3-f101-4f29-9acd-c48c4f9a2cfe", "value": "079e3723943da72280ff913b8f8be66a9d11cd76dcd63606ce5cd5bac966a45c.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757471", "to_ids": false, "type": "text", "uuid": "462b0241-d162-428c-8e20-edb1b9ca61cc", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:54/67\nFirst Submission:2014-12-09T07:23:34.000000+00:00\nLast Submission:2022-06-10T08:23:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008511", "uuid": "cfa58e99-ce5e-4e04-9ae9-edc3db183075", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008511", "to_ids": true, "type": "md5", "uuid": "1aa26298-5dfa-4e02-90aa-4c805685c7da", "value": "30ffb3355611cd023a848711e0205ff3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757492", "to_ids": true, "type": "sha1", "uuid": "b098f36c-7f08-40d8-95d2-4a735beda08b", "value": "94b486d650f5ca1761ee79cdff36544c0cc07fe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757493", "to_ids": true, "type": "sha256", "uuid": "ff859973-bd5f-4d7b-b1ff-b362568138bd", "value": "1284c7f9675e88427151244b89e76a0f4ca48da30e654236ad5ebaea5e1ff72b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757492", "to_ids": true, "type": "ssdeep", "uuid": "3026d600-b597-43b9-8500-f745eafac6e7", "value": "49152:Na8NeRAQ+axFpXhC4mM9eyBmOrm0kgIHoDoavO2qZ/tEkIbCnnjLV3xlDzF/R7vh:rxtOtrm0v63NZ/tybCjLV3r7pThkwL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757492", "to_ids": false, "type": "size-in-bytes", "uuid": "4ec712f5-9a12-4039-bb75-b6af2adda6bd", "value": "4378664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757492", "to_ids": true, "type": "vhash", "uuid": "c184c56e-e7a2-4f32-8979-c2e834dfe592", "value": "04606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757492", "to_ids": true, "type": "filename", "uuid": "100b858c-f0f6-4180-9551-88ad8ae9f2a2", "value": "bkavpro_bk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757492", "to_ids": false, "type": "text", "uuid": "b20956ae-e31c-48d4-b290-16d6c37b5e6f", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:57/72\nFirst Submission:2015-07-16T18:54:33.000000+00:00\nLast Submission:2015-10-23T10:43:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008532", "uuid": "39564225-4c9f-4070-9a15-cb513bd7fa8e", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008532", "to_ids": true, "type": "md5", "uuid": "00902ee9-b8c9-4b54-98fb-8e7870632d4e", "value": "b2db7d59635dabf7263092f07a218419", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757514", "to_ids": true, "type": "sha1", "uuid": "84398a27-0b07-467f-b467-40849061475d", "value": "1bef29f2ab38f0219b1dceb5d37b9bda0e9288f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757514", "to_ids": true, "type": "sha256", "uuid": "2f15971b-3cc6-4439-8f19-fe3d46463b6b", "value": "b7f837ecff51459d0b4c207b50ebe18be70f4db04763901a9518979f7c84cfce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757513", "to_ids": true, "type": "ssdeep", "uuid": "4354dab5-a486-4efa-aa0e-186acb7e95ee", "value": "1536:jeI9sngxVKI06X6JvfjVxUorSa2h0pNZrQvJkkn9KuVbCwYeEOD7qx12QD:jDSyVf6JvBxcaD3Bu9KuZCwYeEOqx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757513", "to_ids": false, "type": "size-in-bytes", "uuid": "94803b47-b57c-40b4-afb5-386ebf3da116", "value": "116264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757513", "to_ids": true, "type": "vhash", "uuid": "c3b8f768-2d9c-46ff-a549-867f8ce962b6", "value": "015056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757513", "to_ids": true, "type": "filename", "uuid": "1c14836d-a64a-459b-8aa1-7ca132216b18", "value": "BkavPro.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757513", "to_ids": false, "type": "text", "uuid": "5c8d9295-426f-4cb7-997e-7c89049773bb", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:57/71\nFirst Submission:2015-10-23T09:28:27.000000+00:00\nLast Submission:2015-11-23T06:50:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008554", "uuid": "8f181f83-c5e5-46ba-9d3b-93958f8c7cea", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008554", "to_ids": true, "type": "md5", "uuid": "20d1a174-8ae4-43c1-9350-ce9fa059f8d2", "value": "56c023200ee51f9557d6d3ea61c2be7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757535", "to_ids": true, "type": "sha1", "uuid": "148af26b-078c-4140-81d1-c8acd01a93d1", "value": "01fb97fbb0b864c62d3a59a10e785592bb26c716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757535", "to_ids": true, "type": "sha256", "uuid": "14e5480d-1673-444e-8ab0-cf319128f668", "value": "54eb645e096657dc304e56892ae0905bd7a7e6620c7a1b2c1f7e670feae61954", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757534", "to_ids": true, "type": "ssdeep", "uuid": "5d118cbe-cd60-4803-b854-6366cf22376f", "value": "1536:GI9sngxVej6X6JvfjVxUorSa2h0pNZrQvJkknmKux1:bSyVf6JvBxcaD3BumKux" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757534", "to_ids": false, "type": "size-in-bytes", "uuid": "4eefc774-e47f-479c-b75e-aa832fb5c97d", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757534", "to_ids": true, "type": "vhash", "uuid": "dbfdf2ed-4401-4188-959a-2cd5ac8c3a80", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757534", "to_ids": true, "type": "filename", "uuid": "00bd29ab-e9a2-4728-a78b-bdff1cd582a5", "value": "54eb645e096657dc304e56892ae0905bd7a7e6620c7a1b2c1f7e670feae61954.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757534", "to_ids": false, "type": "text", "uuid": "a925ca65-bdac-49b9-aab7-14b9f7f359c7", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:58/71\nFirst Submission:2017-11-14T10:31:34.000000+00:00\nLast Submission:2022-06-10T08:26:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008575", "uuid": "44b321ee-57ab-406d-8859-8de19a7c1ff8", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008575", "to_ids": true, "type": "md5", "uuid": "d5d1d1a8-9f64-4d82-8ba1-21a88d2bea9b", "value": "0761177795a8990c4410124ff29a4b27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757556", "to_ids": true, "type": "sha1", "uuid": "742cc2d7-5515-4609-87e1-57b0504fee54", "value": "03a5bee9e9686c18a4f673aadd1e279f53e1c68f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757556", "to_ids": true, "type": "sha256", "uuid": "adb9823d-484f-42e7-bd7f-fddcbdf0b03f", "value": "686b7bc89c7f9d850000d42a9979d9b70df2067bc91429e4aea3dc2ef530f493", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757556", "to_ids": true, "type": "ssdeep", "uuid": "d1626d87-0b32-48fc-ad51-68a7245317a9", "value": "49152:n8JjAnqpXrmIY3pszcyKywZjYzQXflQhd51wmIqws+7:n+y2e2z//zadE/wO+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757556", "to_ids": false, "type": "size-in-bytes", "uuid": "50dafba2-8954-41bd-98c3-7d0feb68dab9", "value": "1998336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757556", "to_ids": true, "type": "vhash", "uuid": "79910c15-d1b0-4c13-8e62-d2ea1e19375d", "value": "01606f7d1d1f1f7f51z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757556", "to_ids": true, "type": "filename", "uuid": "9a950c4d-04dd-42b1-aaa6-c2bb44c1168a", "value": "0761177795A8990C4410124FF29A4B27.EXE" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757556", "to_ids": false, "type": "text", "uuid": "cc56e353-bf04-4141-98a8-a713d422d92c", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:61/72\nFirst Submission:2017-12-27T02:53:06.000000+00:00\nLast Submission:2018-01-18T11:27:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008597", "uuid": "a81b24d4-c5d7-4264-8cc1-de8b9e1ec6ee", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008597", "to_ids": true, "type": "md5", "uuid": "4084edb3-8ccf-4d54-abc7-eff4b2908014", "value": "a5c71335b4115262ad2cb28c6ef878f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757577", "to_ids": true, "type": "sha1", "uuid": "dcc2c55b-4d83-4fb0-b7ba-c2f92937148f", "value": "1270af048aadcc7a9fc0fd4a82b9864ace0b6fb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757577", "to_ids": true, "type": "sha256", "uuid": "016839dd-5208-40da-8c0a-f84d18696eec", "value": "c27dc89c553b36e79b9ba7294c374589fd1791895629640af6486a4bca4414e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757577", "to_ids": true, "type": "ssdeep", "uuid": "4ac98bfb-f4cc-4ca1-a82c-6bd215d0d27f", "value": "1536:jeI9sngxVKI06X6JvfjVxUorSa2h0pNZrQvJkknmKusbCwYeEOD7qx12QD:jDSyVf6JvBxcaD3BumKuKCwYeEOqx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757577", "to_ids": false, "type": "size-in-bytes", "uuid": "f9be2312-4a83-4d5c-89c0-d3bc4a97d41f", "value": "116264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757577", "to_ids": true, "type": "vhash", "uuid": "0f2507f7-116f-4aab-b08b-ddbff12da8dc", "value": "015056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757577", "to_ids": true, "type": "filename", "uuid": "7f138b76-dece-43a9-8fad-adc3fa146d30", "value": "134799474" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757577", "to_ids": false, "type": "text", "uuid": "90e0a66c-2f53-47ab-9155-3168e52b6fa2", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:59/71\nFirst Submission:2015-10-30T17:19:53.000000+00:00\nLast Submission:2015-11-13T15:36:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008618", "uuid": "84f3cabe-647d-40a3-8b56-6bd7bd9f1f0a", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008618", "to_ids": true, "type": "md5", "uuid": "c7207c43-4622-443e-a13a-4498ef2a1a86", "value": "54510ab05e1aac891a234624459103a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757598", "to_ids": true, "type": "sha1", "uuid": "2f18a4b3-68b0-443e-8ac9-72965f08abfa", "value": "e2e7b7ba7cbd96c9eec1bcb16639dec87d06b8dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757598", "to_ids": true, "type": "sha256", "uuid": "f345ee91-7e4e-4370-b35b-636ba893ac20", "value": "4bab4c4b7c46325f969cfdd68eb4a106c913ede75ff9429016ecbb40209c912a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757598", "to_ids": true, "type": "ssdeep", "uuid": "e81e3d61-1d39-49b4-87a6-9e9f837e493d", "value": "1536:GI9sngxVej6X6JvfjVxUorSa2h0pNZrQvJkknmKuC1:bSyVf6JvBxcaD3BumKuC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757598", "to_ids": false, "type": "size-in-bytes", "uuid": "541f80fa-9db0-4fe6-9988-c9a345ec5208", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757598", "to_ids": true, "type": "vhash", "uuid": "7c2ef1cd-a8e6-4607-8b09-a5a3c88aaa0d", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757598", "to_ids": true, "type": "filename", "uuid": "38c9426b-2764-4559-9c73-359785a5ee75", "value": "4bab4c4b7c46325f969cfdd68eb4a106c913ede75ff9429016ecbb40209c912a.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757598", "to_ids": false, "type": "text", "uuid": "abe2ba7c-f55c-4b5a-8b50-a9c94a38c2f9", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:60/71\nFirst Submission:2014-12-26T14:31:34.000000+00:00\nLast Submission:2016-05-21T12:31:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008638", "uuid": "7d0dc983-1033-4c3b-b6ba-28c84dc73550", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008638", "to_ids": true, "type": "md5", "uuid": "ca02c444-3e14-49ed-bb1d-1e751e80230a", "value": "37b25defaa01e3c5f390d774c8943a3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757620", "to_ids": true, "type": "sha1", "uuid": "d1dd87a7-ccca-45a3-a9a8-765175d09784", "value": "08d22a045f4b16a2939afe029232c6a8f74dcde2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757620", "to_ids": true, "type": "sha256", "uuid": "d39091e0-963b-4798-91b0-2d7a19b9998a", "value": "4f651f165825f726b2d3811d7dc621ca8c38c82fc484339d67d07cee8ae8f841", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757620", "to_ids": true, "type": "ssdeep", "uuid": "116f8bbb-50d5-4860-a4db-d9d38f500df1", "value": "1536:GI9sngxVKj6X6JvfjVxUorSa2h0pNZrQvJkknmKut1:bSyVT6JvBxcaD3BumKut" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757620", "to_ids": false, "type": "size-in-bytes", "uuid": "ccca37aa-1165-4a11-b413-811914e73130", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757620", "to_ids": true, "type": "vhash", "uuid": "834ce46b-c935-4559-b155-d2d19e9106bd", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757620", "to_ids": true, "type": "filename", "uuid": "b476ac1b-b54f-4679-9de3-ee8cd1211f22", "value": "37b25defaa01e3c5f390d774c8943a3f.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757620", "to_ids": false, "type": "text", "uuid": "770682e7-94d2-4852-b9fe-01ac1a5d8048", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:55/68\nFirst Submission:2017-01-05T22:53:42.000000+00:00\nLast Submission:2022-06-10T08:25:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008660", "uuid": "ac1efc52-1e7e-4b2f-9582-95b78dacc26f", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008660", "to_ids": true, "type": "md5", "uuid": "f4627a60-d872-4f9c-aede-51455596dbd5", "value": "6a8408637cca049d5dbbcddcc1737ef7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757642", "to_ids": true, "type": "sha1", "uuid": "6fcc1eb9-75a9-4065-a8d3-25a1a5a3729b", "value": "96bd0d29c319286afaf35ceece236328109cb660", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757642", "to_ids": true, "type": "sha256", "uuid": "fdca2efd-7b44-4cca-84f7-19b4981359bf", "value": "1f6dd3ea6f39f209192a255458ebdaadd6cd97889d4794cf214946d69ba0b28a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757641", "to_ids": true, "type": "ssdeep", "uuid": "cfce6cb8-0bb0-4b68-b7f6-c15aeabd1fc9", "value": "196608:0Y/76x2LiVHBcLnCS3WvfGGpwQKjgNGR6Ou56:0UOxqCBcbCSGvOcwQJaXu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757641", "to_ids": false, "type": "size-in-bytes", "uuid": "7d77b7e7-c593-4050-a3a2-ad0dcc978563", "value": "6608384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757641", "to_ids": true, "type": "vhash", "uuid": "f26bfef7-6f3b-4a39-826e-a35b0337aee9", "value": "06606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757641", "to_ids": true, "type": "filename", "uuid": "1b7a2f20-f2fc-4962-b277-13f3aa5bf109", "value": "6a8408637cca049d5dbbcddcc1737ef7.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757641", "to_ids": false, "type": "text", "uuid": "140098c9-1c0c-4f8a-9b43-38191446ae2a", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:57/72\nFirst Submission:2017-02-10T11:17:40.000000+00:00\nLast Submission:2024-03-09T03:00:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008682", "uuid": "3fe24cd4-44a2-489f-9436-56f412b84b0c", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008682", "to_ids": true, "type": "md5", "uuid": "cab3a1dd-e97b-448f-bde6-354dfe274066", "value": "d396d0709c0de53e24f1804d392ec968", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757663", "to_ids": true, "type": "sha1", "uuid": "1f7ec01a-6ccc-47c7-9462-671455f7b5f8", "value": "6cd9886fcb0bd3243011a1f6a2d1dc2da9721aec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757663", "to_ids": true, "type": "sha256", "uuid": "89ada784-5cec-4b62-8871-8c0f555d1d65", "value": "49b156392a410029a99d8a266e041c91ca51a3efcae45522e32a1047aacf7c2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757662", "to_ids": true, "type": "ssdeep", "uuid": "4ae5b01a-5442-44be-b42b-126ff1eec277", "value": "1536:jeI9sngxVKI06X6JvfjVxUorSa2h0pNZrQvJkknmKuvbCwYeEOD7qx12QD:jDSyVf6JvBxcaD3BumKuzCwYeEOqx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757662", "to_ids": false, "type": "size-in-bytes", "uuid": "f50e0edf-e09c-48b9-b0e6-0bc221a1b310", "value": "116264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757662", "to_ids": true, "type": "vhash", "uuid": "0404ce0b-efbc-4165-9fbc-7e81730e9183", "value": "015056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757662", "to_ids": true, "type": "filename", "uuid": "cb2be5a0-bbe1-4226-b940-97ae1569a18e", "value": "49b156392a410029a99d8a266e041c91ca51a3efcae45522e32a1047aacf7c2e.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757662", "to_ids": false, "type": "text", "uuid": "1368d467-1a2c-45ff-beb7-a0131d1886b8", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:54/68\nFirst Submission:2015-08-07T15:55:55.000000+00:00\nLast Submission:2022-06-10T08:26:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008703", "uuid": "eeddfa6e-0a17-47d0-b394-72eb58b9aead", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008703", "to_ids": true, "type": "md5", "uuid": "3c91eeb9-ebf2-4ea6-875a-c46ab6995f76", "value": "e7067bda0a9559d5ab677430d10ffb15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757684", "to_ids": true, "type": "sha1", "uuid": "511268a6-0a3b-4051-aba6-f7070fed5028", "value": "271bd3922eafac4199322177c1ae24b1265885e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757684", "to_ids": true, "type": "sha256", "uuid": "20d98e57-f2d8-46c7-a275-64244f512899", "value": "439a4c4c65499426cc70cac8eaaa28f728f1509c192ca7a80c91170c5c1f58a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757684", "to_ids": true, "type": "ssdeep", "uuid": "392f8edf-e285-4eca-b2d1-6cb2d1db48fb", "value": "196608:rDq+boLIingLqJGg0lKX3w89x2t84AV5hVXHgE431GSzhe3GlhE:v06qJGg3XAk68v5cES1zzXl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757684", "to_ids": false, "type": "size-in-bytes", "uuid": "cd68b404-2688-47c0-b251-fb4bea2d1d9e", "value": "6923264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757684", "to_ids": true, "type": "vhash", "uuid": "4833e8d2-8931-4c2d-8b56-8bc413936df5", "value": "06606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757684", "to_ids": true, "type": "filename", "uuid": "4b4e9b8b-bb3a-4444-99e9-8e35ba755b7f", "value": "e7067bda0a9559d5ab677430d10ffb15.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757684", "to_ids": false, "type": "text", "uuid": "dc3bea03-cb00-4a38-bf53-c346f6a3066b", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:60/73\nFirst Submission:2018-05-12T20:44:15.000000+00:00\nLast Submission:2018-05-14T13:16:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008724", "uuid": "effd1fa9-79e8-4105-a430-b054350f8dd0", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008724", "to_ids": true, "type": "md5", "uuid": "4c04013a-42b8-47e0-ac76-1646d4dca358", "value": "71a5daeea828651f7515388dc3180a36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757705", "to_ids": true, "type": "sha1", "uuid": "abe7a5db-9999-4eff-a788-e854f04593d9", "value": "e966bdb1489256538422a9eb54b94441ddf92efc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757706", "to_ids": true, "type": "sha256", "uuid": "8e5c8584-8860-4f8c-a507-b32fbc40c4f5", "value": "7e31a7da7322546220f74b3f0556467cc1c2c41846dd9d31f4e942128b3a894f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757705", "to_ids": true, "type": "ssdeep", "uuid": "d7326ce7-d6df-4d43-b5e5-b1d9e7e932d1", "value": "1536:pDGIXHm9vJfYscf0s6HIsrCYw14k/PV/tOpycVvY:pDGumrAo8UuXPV1OocBY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757705", "to_ids": false, "type": "size-in-bytes", "uuid": "a72fb20b-9977-4b74-a765-6fc59ac20692", "value": "102400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757705", "to_ids": true, "type": "vhash", "uuid": "a768a2bf-3a9a-4c92-b36c-576f9b2c0e8d", "value": "015056655d15651az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757705", "to_ids": true, "type": "filename", "uuid": "57f052a9-0d85-4afc-85b1-8b009e80c20d", "value": "vt-upload-XB9_y" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757705", "to_ids": false, "type": "text", "uuid": "60b7b44a-0255-460a-b477-fc0704a457c8", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:57/72\nFirst Submission:2014-07-07T16:47:28.000000+00:00\nLast Submission:2022-06-10T08:25:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008746", "uuid": "753cff5a-3827-4d8d-8f76-a4ac9f8e2f94", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008746", "to_ids": true, "type": "md5", "uuid": "7ccad664-ce87-4c39-9c0c-6898306e9c31", "value": "59abf512e8b6e287b349bc81dea470c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757727", "to_ids": true, "type": "sha1", "uuid": "e690d2ea-6d1d-4ae9-9b3b-6c859b4b8ad6", "value": "134d5662f909734c1814a5c0b4550e39a99f524b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757727", "to_ids": true, "type": "sha256", "uuid": "7ce75dbe-eaaf-4271-94e5-3837b25f6463", "value": "9211a584ce32883437fba00adaa8df462683daad165bd740e43f2a4d6022b9a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757726", "to_ids": true, "type": "ssdeep", "uuid": "18fc5e0e-3f6b-4252-93a6-f504b2101a56", "value": "1536:wJGIXHm9vJfYscf0s6HIsrCYw14k/PVv:wJGumrAo8UuXPVv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757726", "to_ids": false, "type": "size-in-bytes", "uuid": "9e4fa12f-e62d-4ccd-a4f6-33120bdb11bc", "value": "62976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757726", "to_ids": true, "type": "vhash", "uuid": "a542f45c-bdfd-4dfe-97c8-1d3d7fcdd8d4", "value": "064056655d15551az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757726", "to_ids": true, "type": "filename", "uuid": "b70e86cf-c6d5-4d71-8f45-36fc0625cba8", "value": "60064bea1b65b3694b717d8ed9846ffac0fb761e176b5ea1980aef379661d5d3.pdpd" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757726", "to_ids": false, "type": "text", "uuid": "0f92295f-0ad2-4145-a1ad-4b1c3017bd58", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:53/67\nFirst Submission:2014-06-19T15:58:01.000000+00:00\nLast Submission:2014-06-19T15:58:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008767", "uuid": "cf39c609-a14e-4dde-b6a9-d04f574a67ee", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008767", "to_ids": true, "type": "md5", "uuid": "78312154-7307-488f-8cae-56d5edd4c6c4", "value": "d25804aa6bd05177e905554e5b06176a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757750", "to_ids": true, "type": "sha1", "uuid": "c424446b-e792-4319-9d69-6d32151f0aa1", "value": "93eb2e93972f03d043b6cf0127812fd150ca5ec5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757750", "to_ids": true, "type": "sha256", "uuid": "e029069f-f7e7-4b84-91d3-2f60654d5c0b", "value": "41ed3a1f7287ba2a0d2b116c049ce9eef6cfd07636908b758fbc2f91fae62dae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757749", "to_ids": true, "type": "ssdeep", "uuid": "25d37577-c993-4af1-9435-cab2969b6ea2", "value": "49152:/mlxqzkcmcBR+2gxN68ic/BwKcn2QfBtUzo:/mlOTBR+Fx20BBktT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757749", "to_ids": false, "type": "size-in-bytes", "uuid": "f28528a0-cee3-41c0-8403-5bb05bb3a8bd", "value": "1675264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757749", "to_ids": true, "type": "vhash", "uuid": "6bb4def4-7448-4f02-93fc-53dbfec332ac", "value": "01606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757749", "to_ids": true, "type": "filename", "uuid": "819c9468-ee31-47e9-9fb9-5e105c31d71d", "value": "acres.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 08/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757749", "to_ids": false, "type": "text", "uuid": "02b55ed6-4154-4782-82ef-4ce00b7c1f78", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:60/73\nFirst Submission:2016-10-26T04:56:19.000000+00:00\nLast Submission:2025-02-13T23:36:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008788", "uuid": "929a37c7-1db3-463a-8f78-9b2584c616a4", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008788", "to_ids": true, "type": "md5", "uuid": "b4926ca3-6d22-42de-bfd8-d0b61e4bdc9e", "value": "929e2ceca042dfec03410088417e1ec9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757771", "to_ids": true, "type": "sha1", "uuid": "92c550b6-431e-40c3-9414-e437ee337835", "value": "a8e7722fba8a82749540392e97a021f7da11a15a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757771", "to_ids": true, "type": "sha256", "uuid": "4a867284-482c-4bfd-90f8-1013dd7e849d", "value": "4922b1d0956d96acd6d5b78c6a271bc2a60f89049534e16892bc1a609b491617", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757771", "to_ids": true, "type": "ssdeep", "uuid": "09809960-56a0-42a8-8012-b37379273093", "value": "196608:fW/3OXYUiKiS46IXAV9k7IFEiC4E36njt37:fWGoUgS46wtYFs2jtr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757771", "to_ids": false, "type": "size-in-bytes", "uuid": "d5899dc8-a84b-450c-abfe-dd514a26bdad", "value": "6975488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757771", "to_ids": true, "type": "vhash", "uuid": "930d74c4-e2cc-4ff1-8ae1-e96d67840d4f", "value": "06606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757771", "to_ids": true, "type": "filename", "uuid": "83a56d63-92e4-471b-8894-92dc78955bc0", "value": "avp.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757771", "to_ids": false, "type": "text", "uuid": "08e9aeaa-58d3-4440-a226-f931cc0d667a", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:61/72\nFirst Submission:2018-01-03T01:24:36.000000+00:00\nLast Submission:2022-06-10T08:24:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008809", "uuid": "3a83c074-614a-4856-90a4-f65789f1ff9b", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008809", "to_ids": true, "type": "md5", "uuid": "94803288-bbe9-4b0f-ada6-2ac714e9a687", "value": "ab0ad2328ad1723f54a1ff56dcb99b7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757792", "to_ids": true, "type": "sha1", "uuid": "3f93b1df-0da6-43f8-b2e4-114d19be896e", "value": "436a4f88a5c48c9ee977c6fbcc8a6b1cae35d609", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757793", "to_ids": true, "type": "sha256", "uuid": "6d4e8727-5329-4943-a1c2-daf073d01531", "value": "307f7f6399c9df463af31048be3c02b0b2db3bd770f593d52dd6f1d45644f56e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757792", "to_ids": true, "type": "ssdeep", "uuid": "632af34a-ac9b-4ccc-8f67-da8f70f4d8a4", "value": "49152:nhmUNtvumTQrw3NS6rBjb1F1TqO3C8SKZSJkz2QiOH3l7B:n/NthNrrlb1FUMC8SKl2dOHpB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757792", "to_ids": false, "type": "size-in-bytes", "uuid": "11160c91-f119-42e6-8c1f-3c5da627b2b1", "value": "2351616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757792", "to_ids": true, "type": "vhash", "uuid": "5b93fa11-7bb5-441a-b64c-4b7477dab510", "value": "02606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757792", "to_ids": true, "type": "filename", "uuid": "081cc2d5-1f68-4879-9689-f6bcdaba8617", "value": "Browser.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 08/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757792", "to_ids": false, "type": "text", "uuid": "dd03534e-dbcd-4df7-b2bd-41b79be1cda6", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:57/72\nFirst Submission:2017-03-20T04:49:57.000000+00:00\nLast Submission:2017-03-20T04:49:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008830", "uuid": "408da9c7-ca6a-4070-b44e-94c2d7a5ff16", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008830", "to_ids": true, "type": "md5", "uuid": "ad9d54f2-012e-4e00-bacf-4af6d4ce4a09", "value": "88f7bfa6abb9b2dfbbbe1105698ac89f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757814", "to_ids": true, "type": "sha1", "uuid": "8e478a70-a725-4fe8-ba93-4708cc102956", "value": "ab4cd6a3a4c1a89d70077f84f79d5937b31ebe16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757814", "to_ids": true, "type": "sha256", "uuid": "5196aa64-cbe4-4a0d-9462-934b1ef231ab", "value": "04053c70403aaab738bbd72667fb432a4b4bead0deb52112026d5ea9ee5dbadf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757813", "to_ids": true, "type": "ssdeep", "uuid": "4ac53a73-6278-4839-a45a-523ef1a1198d", "value": "196608:bGza7gQnetmUvUFvGs6HJV/h8SCJiZfKsPAiWuS:C27zemGpHXqSCJiZfnPX3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757813", "to_ids": false, "type": "size-in-bytes", "uuid": "86304df0-396d-458f-844f-efc28a9623c6", "value": "7214592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757813", "to_ids": true, "type": "vhash", "uuid": "c64073f3-bf89-4b25-aeec-d38aa5d26e48", "value": "07606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757813", "to_ids": true, "type": "filename", "uuid": "38352e0e-b8f3-454c-9157-f5aaba22c984", "value": "1024-ab4cd6a3a4c1a89d70077f84f79d5937b31ebe16" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757813", "to_ids": false, "type": "text", "uuid": "1379233e-2887-40b6-88ed-0d0d5c4adc78", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:57/72\nFirst Submission:2017-11-16T06:42:12.000000+00:00\nLast Submission:2017-11-16T06:42:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008851", "uuid": "0fa82695-3715-4311-bcf3-868bad3ab5be", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008851", "to_ids": true, "type": "md5", "uuid": "40150455-003a-43bb-a85a-ac7eb9dbaf55", "value": "6f42a8dc61ec71369186c039b2bfabf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757835", "to_ids": true, "type": "sha1", "uuid": "606575f6-c634-4214-a6d3-ffe8587862b1", "value": "8340a9bbae0ff573a2ea103d7cbbb34c20b6027d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757835", "to_ids": true, "type": "sha256", "uuid": "0a6a910e-8216-4d49-bd90-b38052120396", "value": "5edbcdd6380eabd88f4c59058b507b5ebdabd2c347f73ec9cf18305ff872cdd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757835", "to_ids": true, "type": "ssdeep", "uuid": "878fb451-e3af-4e6c-add8-b414ac5f0b72", "value": "98304:nVo7S0N0eZwNLxVPXkquQb8J+0tuqjozp/M:nVmDBZwSqb++0tToz6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757835", "to_ids": false, "type": "size-in-bytes", "uuid": "f86652c0-0349-42ec-9418-71a673d9d463", "value": "3513856" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757835", "to_ids": true, "type": "vhash", "uuid": "f78d3f14-6456-4d0c-aeb1-8dbb7f49c69e", "value": "03606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757835", "to_ids": true, "type": "filename", "uuid": "a13f3ce5-4307-4860-8db4-94334fc7c23b", "value": "UniKeyNT.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757835", "to_ids": false, "type": "text", "uuid": "fff15ead-df70-4fa4-a49d-5f2bf30ff33a", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:61/72\nFirst Submission:2017-11-08T02:13:20.000000+00:00\nLast Submission:2017-11-08T12:49:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008872", "uuid": "19571cb9-c2f9-475f-a445-f14ceb344ba0", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008872", "to_ids": true, "type": "md5", "uuid": "da39e87f-feef-4795-b007-2fb952de8191", "value": "8c2274264b2797e30d44411bbd36f942", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757856", "to_ids": true, "type": "sha1", "uuid": "3e138afe-ecc8-46cb-9b5e-aac54a9d1d21", "value": "31b37127440193b9c8ecabedc214ef51a41b833c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757856", "to_ids": true, "type": "sha256", "uuid": "22510d7a-5833-4254-b739-8a8e6edf8907", "value": "7cc1ba586fee26473559976f3f42c89ad62c43872e65341c156aa1d5f9af811c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757856", "to_ids": true, "type": "ssdeep", "uuid": "98aeabe1-1cfb-4ae3-bf8c-156ffdfc2636", "value": "49152:u9hzVlHgIJa177HiK+FcON6s90UoSE+yRiW/6A0d2pJ2j73+e:urLAW4HMz9+XyP2pEv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757856", "to_ids": false, "type": "size-in-bytes", "uuid": "90ab4db9-62c2-4f37-a1a1-9ac6704f79a2", "value": "2651648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757856", "to_ids": true, "type": "vhash", "uuid": "62057fbf-a35d-45ce-a375-fc852a507c32", "value": "02606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757856", "to_ids": true, "type": "filename", "uuid": "84d15118-59c8-4640-8e58-1afcc2f3fbe7", "value": "winhelp.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757856", "to_ids": false, "type": "text", "uuid": "aec55aa9-222d-43a3-add8-75067e73afe5", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:56/72\nFirst Submission:2017-10-31T01:18:47.000000+00:00\nLast Submission:2017-11-07T09:09:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008894", "uuid": "beaa218d-5064-4b05-9e4c-656ca82a23b4", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008894", "to_ids": true, "type": "md5", "uuid": "f36203fd-b93e-4b6a-8471-ebfb451f687b", "value": "1bb1c17dc83059b988f9bebdbff1e229", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757877", "to_ids": true, "type": "sha1", "uuid": "053d8c5b-276d-423b-9a37-bb613c03c74e", "value": "ed441509380e72961b263d07409ee5987820d7ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757878", "to_ids": true, "type": "sha256", "uuid": "c3ff6c71-6c5e-40b0-aa15-728775a0fe1e", "value": "700b25a17ca70514e52c3ba431d71b62142b4b71a956d0b32f1dea1221ebaada", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757877", "to_ids": true, "type": "ssdeep", "uuid": "9d679ebc-8d49-4622-8e52-adea930bf66e", "value": "49152:kTIUeZBtIFvrUaeJ1+de3c0QrZDFq27NGsdfV/g/JzautI:kcUeZBVn+MkPq27xbUzK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757877", "to_ids": false, "type": "size-in-bytes", "uuid": "941a12a6-8e1b-4caa-b0c2-ffa5408069f8", "value": "2154496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757877", "to_ids": true, "type": "vhash", "uuid": "0f7f137a-ccd3-41bd-ab70-6eab6d915c7b", "value": "02606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757877", "to_ids": true, "type": "filename", "uuid": "e55f5e6c-f62a-4afa-8074-99fba10d5487", "value": "wmiprvse.exe.txt" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757877", "to_ids": false, "type": "text", "uuid": "3e5af10d-8ea4-4de0-a888-37f043335d6f", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mongall!MSR\nVT Total Detection:51/72\nFirst Submission:2016-07-11T09:18:28.000000+00:00\nLast Submission:2016-07-11T09:18:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008915", "uuid": "230ba868-d751-471d-86a9-0aa12b32e56d", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008915", "to_ids": true, "type": "md5", "uuid": "19bc87e1-e1d1-4b80-9f14-3711e901968e", "value": "cebafe920fe3252d37c0491209b33dd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757899", "to_ids": true, "type": "sha1", "uuid": "a535eec2-0cd3-4edf-b03f-2d6df11bb776", "value": "45d156d2b696338bf557a509eaaca9d4bc34ba4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757899", "to_ids": true, "type": "sha256", "uuid": "d38e633f-d298-43c9-8b90-ab8eae3fdef3", "value": "29c68263fecc7ed65217d9266518d345a8c6a8d2862cd23770889059d59ebb4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757898", "to_ids": true, "type": "ssdeep", "uuid": "47aab7dd-1798-4e4d-90d1-c85202f2c618", "value": "1536:0K4BJJGuLkBavEDtezUjr6zd1rZWe5OBVFAzCwFkZ++O:0K4BbG1BavYezhzdb9Sk0++O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757898", "to_ids": false, "type": "size-in-bytes", "uuid": "da6306f2-89fa-4051-8368-ce9e1824efc3", "value": "76288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757898", "to_ids": true, "type": "vhash", "uuid": "6797f1f9-72b0-4262-8f63-f1f3843f31ef", "value": "074056655d15551018z55jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757898", "to_ids": true, "type": "filename", "uuid": "19ab9ca9-529b-4a65-9630-c7fe2bac77b0", "value": "cebafe920fe3252d37c0491209b33dd9.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757898", "to_ids": false, "type": "text", "uuid": "2d52b518-8d0f-4de8-bbbd-8ca92e77e2e2", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:56/70\nFirst Submission:2016-12-12T17:36:54.000000+00:00\nLast Submission:2022-06-10T08:23:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008936", "uuid": "5722e2cf-bb55-4dfc-aec3-b36a7f9daf68", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008936", "to_ids": true, "type": "md5", "uuid": "c1f79072-cf85-4a5b-aeee-f825b8aabcbe", "value": "c2d67a0ad30b627995dee6023e7de5fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757920", "to_ids": true, "type": "sha1", "uuid": "09f94d0c-bf6d-4ecb-81b4-7e207affac69", "value": "bac8248bb6f4a303d5c4e4ce0cd410dc447951ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757920", "to_ids": true, "type": "sha256", "uuid": "a9aca6c4-b5dc-4d88-874d-9bd1f04da29a", "value": "51062fc1aa47138a8e79cc9c4a0f2da23b92ee02200bf07514ec7a2dff16260d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757920", "to_ids": true, "type": "ssdeep", "uuid": "ec204cf6-88da-4ef1-8823-670d0c83347f", "value": "1536:Y6muU9yaJfKjOf0F9kIsrtY919kdbtVQ:ltgFyhxUmotV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757920", "to_ids": false, "type": "size-in-bytes", "uuid": "f05c155a-bee7-4de6-8ea7-efe27fac2a9c", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757920", "to_ids": true, "type": "vhash", "uuid": "052a252e-2a78-47dc-8f53-789e1dca7a98", "value": "064056655d15551az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757920", "to_ids": true, "type": "filename", "uuid": "e6bca17f-aa01-4722-a55d-b5cbce355e88", "value": "51062fc1aa47138a8e79cc9c4a0f2da23b92ee02200bf07514ec7a2dff16260d.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757920", "to_ids": false, "type": "text", "uuid": "68340fa5-13af-4834-9db7-db1fc8f2e60c", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:58/73\nFirst Submission:2020-12-23T06:47:47.000000+00:00\nLast Submission:2022-06-10T08:24:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008957", "uuid": "d2fdcaa7-0639-464f-ba7f-d58074c908bb", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008957", "to_ids": true, "type": "md5", "uuid": "9e1f9ef9-f734-4d6e-bb3c-5bf6dc79a0f3", "value": "6c04dd8bd201035b89adc64f3fcd3520", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757941", "to_ids": true, "type": "sha1", "uuid": "3d178062-d100-4dc0-9ebf-8656fcbb768c", "value": "15350967659da8a57e4d8e19368d785776268a0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757942", "to_ids": true, "type": "sha256", "uuid": "9d14c319-a7dc-45ca-91f2-eb77f9211c5c", "value": "0c1d69b16989ef50f6f7d2975871ed82461a398b07a412d153ca2fa864129f61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757941", "to_ids": true, "type": "ssdeep", "uuid": "fc7cc806-8344-44c0-bbd6-00c25ab1f7e2", "value": "49152:Zop0Nuyl7OzdxQki1Re/GvdsWODJf8PQukatAja:ZRNu4Ad+kij4MsWwJfrud" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757941", "to_ids": false, "type": "size-in-bytes", "uuid": "667987a8-2688-4272-a713-17bd4e448fce", "value": "1984000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757941", "to_ids": true, "type": "vhash", "uuid": "68fc76bf-8948-4f39-bf6e-20027828147d", "value": "01606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757941", "to_ids": true, "type": "filename", "uuid": "20ca14f7-0a4b-4d7a-9da2-a01dde881036", "value": "kis.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757941", "to_ids": false, "type": "text", "uuid": "f1111bd3-9bcf-443e-89d3-db891f7cf633", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!rfn\nVT Total Detection:60/72\nFirst Submission:2016-10-01T05:38:25.000000+00:00\nLast Submission:2018-05-28T04:20:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008978", "uuid": "df1f84be-673e-4f8a-be0d-da3067ec707f", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008978", "to_ids": true, "type": "md5", "uuid": "aaa62d16-d41d-4309-ab1d-ca68c6fc160d", "value": "9bc0476aa6166193563403e672576de3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757963", "to_ids": true, "type": "sha1", "uuid": "36f6aea5-4284-4f5a-8fe1-cf819cf346f6", "value": "008dd0c161a0d4042bdeb1f1bd62039a9224b7f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757963", "to_ids": true, "type": "sha256", "uuid": "18e6d014-ac63-4b5a-ae82-c41bd951cc84", "value": "b69106e06dc008e4fa1e4a0b0b58fcb1dc6d2016422a35cb3111168fd3fae577", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757962", "to_ids": true, "type": "ssdeep", "uuid": "f8b18cdc-ee85-4f5b-8366-ffa0b0795df5", "value": "1536:36muU9yaJfKjOf0F9kIsrtY919kdbtVs:qtgFyhxUmotV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757962", "to_ids": false, "type": "size-in-bytes", "uuid": "a4277e9d-f248-4d42-a9dc-8f61c8e17ced", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757962", "to_ids": true, "type": "vhash", "uuid": "28a36e1d-6e6f-47f4-921a-75dfc88d1c73", "value": "064056655d15551az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757962", "to_ids": true, "type": "filename", "uuid": "0cc3f558-1a31-4b3d-8e72-d7550d04d01f", "value": "b69106e06dc008e4fa1e4a0b0b58fcb1dc6d2016422a35cb3111168fd3fae577.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 02/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757962", "to_ids": false, "type": "text", "uuid": "bc596b72-3a7b-4f78-adf3-e574076cc7f2", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Gamarue!MSR\nVT Total Detection:60/72\nFirst Submission:2014-11-19T02:30:01.000000+00:00\nLast Submission:2016-05-20T18:48:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747008999", "uuid": "3c73be4f-dae9-4c04-88c0-18bc56e3d9c2", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747008999", "to_ids": true, "type": "md5", "uuid": "de6dcb38-a2be-43e6-a0e5-3a629c7aa2b1", "value": "e82c0e38734b13a5be3ffdbd75420ecd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746757984", "to_ids": true, "type": "sha1", "uuid": "018ea17f-405e-41fd-a694-a03e47a68e95", "value": "7e1f5f74c1bf2790c8931f578e94c02e791a6f5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746757984", "to_ids": true, "type": "sha256", "uuid": "15a7a67d-3f88-4b1f-a622-3a57e93eac08", "value": "1d57be04fe71d8ec745f84b16948b59bae55feb795bc89f012dcd90ce7d159b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746757984", "to_ids": true, "type": "ssdeep", "uuid": "827c1d2d-ac05-477e-b9ce-fd5b6634575d", "value": "1536:Q6muU9yaJfKjOf0F9kIsrtY919kdbtVx:9tgFyhxUmotV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746757984", "to_ids": false, "type": "size-in-bytes", "uuid": "10e12ef0-bae0-43b7-bd82-5b15eef6ffd2", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746757984", "to_ids": true, "type": "vhash", "uuid": "01d3e2dd-4203-4a03-a1c3-39ef1a872946", "value": "064056655d15551az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746757984", "to_ids": true, "type": "filename", "uuid": "6d14eef9-328c-439d-9e02-751ba5d89f3f", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746757984", "to_ids": false, "type": "text", "uuid": "dde8acf9-4923-47f0-9b25-3bbb9a72ba63", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Worm:Win32/Gamarue!MSR\nVT Total Detection:56/68\nFirst Submission:2014-12-26T14:31:46.000000+00:00\nLast Submission:2015-02-11T17:58:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009020", "uuid": "29ffa518-56b2-4de8-afc4-9ec125cccf65", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009020", "to_ids": true, "type": "md5", "uuid": "7b99de80-7121-4c07-a73c-373d9085f2a4", "value": "0a117b9eaf9d8e6225ca4f2ecc4827e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758027", "to_ids": true, "type": "sha1", "uuid": "f452d2b8-88b9-424c-90f2-00f3c361c2c4", "value": "38ba46a18669918dea27574da0e0941228427598", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758027", "to_ids": true, "type": "sha256", "uuid": "1051b3d9-505f-4bc5-ae9e-a0267625d6b9", "value": "7929078ddd2e993ba58907c95de1396a4e5aa6acb572b30c74a3c78f70712704", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758026", "to_ids": true, "type": "ssdeep", "uuid": "74ede544-c12d-4888-a8fd-811d57e5dca6", "value": "1536:xwBxH93xJfhhxf0ttQIss3Yj1YkWrVYtOpycVv:6f933ZMFz2OrVwOocB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758026", "to_ids": false, "type": "size-in-bytes", "uuid": "fe96d009-867c-4ada-a3d7-3bc1426f6852", "value": "101376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758026", "to_ids": true, "type": "vhash", "uuid": "5ddc32c6-4ce9-4468-91dd-8852d0ceb89b", "value": "015056655d15651az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758026", "to_ids": true, "type": "filename", "uuid": "e98213ea-f4d1-4451-8193-60d93088cf65", "value": "7929078ddd2e993ba58907c95de1396a4e5aa6acb572b30c74a3c78f70712704.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 18/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758026", "to_ids": false, "type": "text", "uuid": "ec62f9f3-c4fd-494c-b30e-6946c1bb5c69", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:60/73\nFirst Submission:2014-12-12T04:49:07.000000+00:00\nLast Submission:2014-12-12T04:49:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009041", "uuid": "1cf0d3ef-2a2b-4b40-956b-73ddffbe17f4", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009041", "to_ids": true, "type": "md5", "uuid": "4696ef91-d13b-4dd4-b36c-450a8df7792c", "value": "a4b9e69a5b93b77ed283542c5e8461c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758048", "to_ids": true, "type": "sha1", "uuid": "56c98a01-0a59-4d22-86fb-2b2e5532fc18", "value": "19814580d3a3a87950fbe5a0be226f9610d459ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758048", "to_ids": true, "type": "sha256", "uuid": "4a8133c3-7d7d-4e70-8db5-f0492fe57a9d", "value": "6ba332db14622c5020b0178c6252b03f8988cbe78fa6ddd3b10e58e00d5105ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758047", "to_ids": true, "type": "ssdeep", "uuid": "84d0b670-0d12-409e-95e0-c95f62fb3b04", "value": "768:WheK6uBGg+dfUJ9ZntHiNtDf8HGy35N0Y2JUB9PZPhxIikRWn2vEDphn2IIvQ:WheK6m7+dMJ9FlSf4JNYJUBpZ5Vk6kV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758047", "to_ids": false, "type": "size-in-bytes", "uuid": "c69b5b26-edde-4a4a-84a1-e93e484d8b3b", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758047", "to_ids": true, "type": "vhash", "uuid": "5980cf49-f823-4284-8d98-891a62150b7b", "value": "064056655d15551az4dvz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758047", "to_ids": true, "type": "filename", "uuid": "25a9fce9-2849-4232-a700-2a7d57fc3c8f", "value": "6ba332db14622c5020b0178c6252b03f8988cbe78fa6ddd3b10e58e00d5105ea.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758047", "to_ids": false, "type": "text", "uuid": "80afaefd-1460-4b3c-ba54-44d3fc0ea2fc", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:54/72\nFirst Submission:2015-03-27T09:41:59.000000+00:00\nLast Submission:2022-06-10T08:25:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009062", "uuid": "05964c35-0fe2-4456-b2b9-f5bb1052bbda", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009062", "to_ids": true, "type": "md5", "uuid": "50610666-f0d0-4dc4-b2eb-7fae6429e55d", "value": "1ffed0355a74f0ac1e729d4bb911e2a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758069", "to_ids": true, "type": "sha1", "uuid": "fe167318-fb31-4b9e-9e2b-fa292bbb9ed4", "value": "d82ebb851db68bce949ba6151a7063dab26a4d54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758069", "to_ids": true, "type": "sha256", "uuid": "ed6682d6-2067-4149-8dfa-160b550080fd", "value": "6912bdeb15d19230b48e8c3b0377ff0d418ec4f5b2a6c6562590ba3547913bcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758069", "to_ids": true, "type": "ssdeep", "uuid": "d660e607-eaa9-46ec-95e8-3c1b8de03545", "value": "98304:vLXacX7EvPfLri+AyhzHHdJtImSczc3J4XE9sGL:jXrrEvlhznNI3aU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758069", "to_ids": false, "type": "size-in-bytes", "uuid": "83658e88-1b48-42cd-bd3d-8972b436d50f", "value": "3522560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758069", "to_ids": true, "type": "vhash", "uuid": "a3b1bda9-4a59-4f32-9f60-29dd9b3eae10", "value": "03606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758069", "to_ids": true, "type": "filename", "uuid": "b710de40-1b49-42ee-8cd5-ec85c6d1d5df", "value": "javaupdate.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758069", "to_ids": false, "type": "text", "uuid": "40b594e4-8a7b-47cd-8543-02dcb4916cc7", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:54/72\nFirst Submission:2017-05-23T05:48:54.000000+00:00\nLast Submission:2017-05-23T05:48:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009083", "uuid": "74c12130-8bad-4ec2-8c0d-45c237b6f541", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009083", "to_ids": true, "type": "md5", "uuid": "675383e6-f4c2-4763-8266-1185adf36212", "value": "7cfe4ad192f8bdd03c43edf378924e02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758090", "to_ids": true, "type": "sha1", "uuid": "d27156a6-1c78-4c3d-84fb-6ea36c2af45d", "value": "0b2956ad5695b115b330388a60e53fb13b1d48c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758090", "to_ids": true, "type": "sha256", "uuid": "c32d354f-3d1c-4af7-aabf-efc3111f7267", "value": "163ca3c9bd63f4145161ce9364a31efb0207e400938e390251d373ed228283ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758090", "to_ids": true, "type": "ssdeep", "uuid": "0e529bce-fe8b-4e2f-85c1-1c97afc610fc", "value": "24576:bgnzrLoa9HeiZXUuy7ex21W3h5v5+zTYeTn4FPjmd8Y1AjShP0:b+rMaIakxS0ch5R+zTYrFrc8iOA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758090", "to_ids": false, "type": "size-in-bytes", "uuid": "8e6494d4-c1df-488f-b1c0-86aee1396bfd", "value": "1661440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758090", "to_ids": true, "type": "vhash", "uuid": "e3555249-f9ab-407b-b1bb-f06851a069c5", "value": "01606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758090", "to_ids": true, "type": "filename", "uuid": "ce302fa9-c44e-4b55-87b8-b11fd2d26557", "value": "acres.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758090", "to_ids": false, "type": "text", "uuid": "49a219b5-642e-4195-ac28-0bb8f0f108ec", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:60/73\nFirst Submission:2019-10-01T06:34:59.000000+00:00\nLast Submission:2019-10-01T06:34:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009104", "uuid": "65dad54a-53a1-4b66-b1ad-0ec88553298e", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009104", "to_ids": true, "type": "md5", "uuid": "c658d25a-d999-476d-aa9e-4dfb3e06bcea", "value": "d01d692242b7257c0f92dfa355c8985a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758112", "to_ids": true, "type": "sha1", "uuid": "df915406-425a-4617-bddd-d1125a77cc9b", "value": "7fb2838b197981fbc6b5b219d115a288831c684c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758112", "to_ids": true, "type": "sha256", "uuid": "68406446-e465-48eb-bd3d-c0baf6cb7958", "value": "51d177c2741378151eb14138ffe45f6c854651bf17bea8c44397eda7f894cf2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758111", "to_ids": true, "type": "ssdeep", "uuid": "b0ba9e8a-c84a-48aa-9b10-57f7ffabf721", "value": "1536:3vf7UhjjLkM4vEDsecUl3KjdTzNip5VBVNTEzZAdkjvPW:3vfmjsM4vpecDjdNmhEBvPW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758111", "to_ids": false, "type": "size-in-bytes", "uuid": "7ab230c4-dd7f-400b-8523-803c92a486cf", "value": "76288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758111", "to_ids": true, "type": "vhash", "uuid": "d92880bd-fffb-46af-aee4-13fc802304a6", "value": "074056655d15551018z56jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758111", "to_ids": true, "type": "filename", "uuid": "c9f61746-7f16-4fb2-9ab4-e870893094cf", "value": "BkavPro.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758111", "to_ids": false, "type": "text", "uuid": "6affea78-414e-4bd0-ad40-54f16de7ce23", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:53/72\nFirst Submission:2015-05-21T03:53:29.000000+00:00\nLast Submission:2022-06-10T08:24:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009125", "uuid": "b15be986-9e83-4a6e-98b7-b40a24ebc708", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009125", "to_ids": true, "type": "md5", "uuid": "23b38fcf-47a5-4003-abd5-7128d68d589e", "value": "4e2d85d9325f68b4913d842cfe1f6aa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758133", "to_ids": true, "type": "sha1", "uuid": "d713fb93-ab20-4f19-af60-3ce2e487990d", "value": "af8209bad7a42871b143ad4c024ed421ea355766", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758133", "to_ids": true, "type": "sha256", "uuid": "6055e353-694a-499c-aaea-6fbd89b9bfd5", "value": "988200d04227364fbc88cdb204468f54ba21e72cc42fa71e052af3b69fb6f7fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758132", "to_ids": true, "type": "ssdeep", "uuid": "f1bc9095-f775-4832-b86e-20d0bf60c190", "value": "1536:3vf7UhjjLkM4vEDsecUl3KjdTzNip5VBVNTEzZAdkjvPW:3vfmjsM4vpecDjdNmhEBvPW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758132", "to_ids": false, "type": "size-in-bytes", "uuid": "a4fc2927-2289-4f67-9a3c-72bd834649f4", "value": "76288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758132", "to_ids": true, "type": "vhash", "uuid": "4d205a97-1c83-47c2-bc5e-d5ea43e21b2c", "value": "074056655d15551018z56jz29z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758132", "to_ids": true, "type": "filename", "uuid": "49b5a9fa-4b0f-4f25-ae30-dbc360053926", "value": "Service.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 20/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758132", "to_ids": false, "type": "text", "uuid": "29f7ccd5-f6a9-48ec-aae0-e91c493fb403", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:59/72\nFirst Submission:2017-12-08T03:04:16.000000+00:00\nLast Submission:2022-06-10T08:26:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009146", "uuid": "ec70d9a4-188f-47a7-b3f6-c51e8d098523", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009146", "to_ids": true, "type": "md5", "uuid": "4f4dc293-b53e-41ba-9dbf-29117452df71", "value": "e4e2a99c627074f819f043965c947d51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758154", "to_ids": true, "type": "sha1", "uuid": "e63512a1-66b0-4c27-a25d-15dde06f8c19", "value": "72d563fdc04390ba6e7c3df058709c652c193f9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758154", "to_ids": true, "type": "sha256", "uuid": "07853410-8ab7-4b8e-8881-1e03322bd25f", "value": "5fae42f11e8ff231ff5034e284b54350938578ae71e3f43f0683424725fcbc2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758154", "to_ids": true, "type": "ssdeep", "uuid": "0dc3b152-b1ec-4f5c-bafb-6d27cbec29d3", "value": "49152:euZx5PCjEPJjuZ68unlmYCpBUlgzqeqgF/FNp7:euZnajEPJjuZeTCFv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758154", "to_ids": false, "type": "size-in-bytes", "uuid": "0b1fc452-2ae0-459e-b36e-be92707f9ce3", "value": "1914880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758154", "to_ids": true, "type": "vhash", "uuid": "615aec43-bfc1-4553-87df-063a04d21513", "value": "01606f7d1d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758154", "to_ids": true, "type": "filename", "uuid": "5d50ba60-af0f-4e58-ad20-f676be28462c", "value": "WmiPrvSE.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758154", "to_ids": false, "type": "text", "uuid": "b46b96dd-1ca5-4eba-9a81-7c9147dfd1e3", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:61/72\nFirst Submission:2016-07-11T06:00:01.000000+00:00\nLast Submission:2016-07-12T14:29:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009167", "uuid": "a71085e8-ae7b-4f6e-bcd8-abcef0b3e089", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009167", "to_ids": true, "type": "md5", "uuid": "c9e69c95-6ee6-4456-9359-00f2d7b48053", "value": "4d9732711edfb9826fae4795d31bad69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758176", "to_ids": true, "type": "sha1", "uuid": "2d75c088-d08b-4673-b23e-e1bf97f580a9", "value": "db4b1507f8902c95d10b1ed601b56e03499718c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758176", "to_ids": true, "type": "sha256", "uuid": "ac142532-81ec-4150-bd5f-36853f0d1247", "value": "313355f5ecf62401247c61e147b43f74eb7fcbfdf4856c7270079265cac07026", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758175", "to_ids": true, "type": "ssdeep", "uuid": "f5b87672-8a9a-4901-a605-3e3589dee4e5", "value": "768:+0wE4QLfTUp9PnNw6mDj8HPhDPNuojb0BEHuh59l76kbB5n2vEDnoCHn2IYR+w:NhNLfop9/+j4Rlvb0Bgi5XukF1Jox9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758175", "to_ids": false, "type": "size-in-bytes", "uuid": "558f8585-c43d-4cd0-9249-bbd7e4e48b94", "value": "62976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758175", "to_ids": true, "type": "vhash", "uuid": "a4d344e0-29ce-4a95-ac33-f5d857a41573", "value": "064056655d15551az5wz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758175", "to_ids": true, "type": "filename", "uuid": "170282d4-a490-4045-821e-fb4a2cfd0131", "value": "Swordd.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758175", "to_ids": false, "type": "text", "uuid": "24e06b13-5540-418d-911b-3ac9d94f6a41", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:49/73\nFirst Submission:2019-09-25T06:53:44.000000+00:00\nLast Submission:2022-06-10T08:25:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009189", "uuid": "b85e3046-7e99-466d-8733-48dbfda29ec1", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009189", "to_ids": true, "type": "md5", "uuid": "7f2df51e-12b0-48ad-82ea-a866f4489cf0", "value": "e2a57f67d229762fb469c0e8c79bf44a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758197", "to_ids": true, "type": "sha1", "uuid": "e4611e69-8283-416a-8880-e5093f4e90ae", "value": "f5cc1819c4792df19f8154c88ff466b725a695f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758197", "to_ids": true, "type": "sha256", "uuid": "9b765c2d-59ed-401e-8dc7-c363c763017e", "value": "9f55c45e466c2a5a683c2bdd2a88c63ac9fb40d4a006c24b6afe206dacada186", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758197", "to_ids": true, "type": "ssdeep", "uuid": "7dbf97a0-838d-4bd8-a75c-856322928216", "value": "1536:5hNLfop9/+j4Rlvb0Bgi5XukF1Jox9YtOpycVv:XN7CVtRVyxR9JS9wOocB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758197", "to_ids": false, "type": "size-in-bytes", "uuid": "c2584c0f-e362-466a-bbf3-52dfc5d8ca6d", "value": "102400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758197", "to_ids": true, "type": "vhash", "uuid": "935a42e0-7a53-404f-ab81-da53f8b266a6", "value": "015056655d15651az5wz27z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758197", "to_ids": true, "type": "filename", "uuid": "5d8d15b1-a59f-49f3-9d67-0bda9fcf8d50", "value": "ss.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 02/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758197", "to_ids": false, "type": "text", "uuid": "67d01292-299b-4198-8a31-859b78a55b6d", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:58/73\nFirst Submission:2019-10-11T00:40:01.000000+00:00\nLast Submission:2019-10-11T00:40:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009210", "uuid": "ff0a1381-dae9-4f50-9885-b08dd04d1317", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009210", "to_ids": true, "type": "md5", "uuid": "b213416b-ab8e-4954-bbfb-ce4baddf0b68", "value": "ff80e8d4fee8d32cb4b75a97e822333e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758218", "to_ids": true, "type": "sha1", "uuid": "877ee589-4b41-485d-8ba0-a5b3a0d1431b", "value": "86e04e6a149fd818869721df9712789d04c84182", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758218", "to_ids": true, "type": "sha256", "uuid": "4172f0ab-96e9-4d8d-a582-946a3886e88f", "value": "d4234fce7b07a3ccefeb650e6e138762d9f9a0c6da5d77a3bec775fa0ae47feb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758218", "to_ids": true, "type": "ssdeep", "uuid": "69cf0be3-dcb1-4f7c-a1e5-dcff93c96fcd", "value": "196608:NnsbRe+xYGG1YUs72DSG2w68VTI0tpO6jCNU:NnsbRbnGCd7IAUskCN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758218", "to_ids": false, "type": "size-in-bytes", "uuid": "1e4e7fc4-edc9-4631-91cb-0c3abc0efa95", "value": "6770688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758218", "to_ids": true, "type": "vhash", "uuid": "ee2dc12f-b6db-4ebf-baf3-cc31b6576bc0", "value": "06606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758218", "to_ids": true, "type": "filename", "uuid": "46f99508-7fa3-4729-9c9a-89cf16ffad4f", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758218", "to_ids": false, "type": "text", "uuid": "d6647d1d-c4e4-4c72-a048-7f13467865f6", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:62/72\nFirst Submission:2016-10-01T09:32:12.000000+00:00\nLast Submission:2016-10-01T09:32:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009231", "uuid": "e7e6ee5a-fc8b-4020-a6f3-e87e4b9a26b6", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009231", "to_ids": true, "type": "md5", "uuid": "2e196480-1329-4e3c-a86d-3ff5a39fa967", "value": "131f799cb4338b04981c5753db77f02f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758240", "to_ids": true, "type": "sha1", "uuid": "93777672-2728-4850-a776-a8a1b7d8a971", "value": "a64fbd2e5e47fea174dd739053eec021e13667f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758240", "to_ids": true, "type": "sha256", "uuid": "ffc82408-e6fb-423a-8cd3-737119997655", "value": "0a9b387bd4dabc604b5aa83f214afc8a97ccde68327c5220653deecdff9f2475", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758239", "to_ids": true, "type": "ssdeep", "uuid": "7c8dde9f-46c0-4a2c-80bb-951135d94df9", "value": "196608:qnsbRe+xYGG1YUs72DSG2w68VTI0tpO6jCNU:qnsbRbnGCd7IAUskCN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758239", "to_ids": false, "type": "size-in-bytes", "uuid": "83a1d5d1-4be4-4d7b-997b-07b607ff2240", "value": "6770688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758239", "to_ids": true, "type": "vhash", "uuid": "aeb1b463-93c9-40a2-9b84-835d437e8e3f", "value": "06606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758239", "to_ids": true, "type": "filename", "uuid": "a716f308-b2c3-4a1d-a31a-a7b966da0ab3", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758239", "to_ids": false, "type": "text", "uuid": "6932e68e-9bef-453e-86f0-0386d7d45461", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:62/71\nFirst Submission:2017-04-26T09:03:06.000000+00:00\nLast Submission:2017-04-26T09:03:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009253", "uuid": "d221fbb7-7071-4269-822f-043be6d75962", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009253", "to_ids": true, "type": "md5", "uuid": "10c133d1-6e16-4669-b373-378647ae8fb7", "value": "0e95ed3973f2139e9b0adc768254af5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758283", "to_ids": true, "type": "sha1", "uuid": "3ad39d09-bb2d-426b-af15-fa9fb58b87b7", "value": "d15947ba6d65a22dcf8eff917678e2b386c5f662", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758283", "to_ids": true, "type": "sha256", "uuid": "9cc6b8d6-f928-4c4f-b20e-f722fd59aedd", "value": "182dfae58ea76ebb88c640221870a6d23232b3f850f3ae4ddb6ff4e7300c5abf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758283", "to_ids": true, "type": "ssdeep", "uuid": "c32731fc-b089-4921-8d7d-20505ac17f3a", "value": "768:VllXjIIDVWg1dZPn+GWzTjlmxZWURJaQiBOEoO:VrzIIP5OAxZAoO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758283", "to_ids": false, "type": "size-in-bytes", "uuid": "3f770ea0-b54d-48ae-91b0-25b74d5f0bb5", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758283", "to_ids": true, "type": "vhash", "uuid": "c3453645-b30b-4a5a-ba5b-d50af935aec1", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758283", "to_ids": true, "type": "filename", "uuid": "62d5fc4e-d431-4499-b66f-1b8005ea5bb2", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758283", "to_ids": false, "type": "text", "uuid": "f1665143-4533-414e-9942-e841cb9c674d", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:56/71\nFirst Submission:2011-09-24T12:55:23.000000+00:00\nLast Submission:2014-01-13T02:07:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009274", "uuid": "54f3c65c-7c77-41f4-b49b-84e4a862775b", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009274", "to_ids": true, "type": "md5", "uuid": "94d19b5e-3d72-48ef-b858-4aa7fdf151b7", "value": "13147904965caf1a5e9ae29cf8885241", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758304", "to_ids": true, "type": "sha1", "uuid": "2a7ca016-a1e2-4506-86e8-5646822d0c7e", "value": "5fa90cb49d0829410505b78d4037461b67935371", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758305", "to_ids": true, "type": "sha256", "uuid": "27a77073-945e-4b95-8864-bacaac5bc468", "value": "ebdadc3a8628319182c012ce8fbcbea4aaad0c9ef02cdd9af07d4c903930c2f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758304", "to_ids": true, "type": "ssdeep", "uuid": "7fceeb12-429a-487e-9c32-9ee429dcc40c", "value": "768:tTl75hMmo2GM8MDZFxeJWXTjypgwW8JhaQiBOEoH:t5Vh/AMdxTwwoH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758304", "to_ids": false, "type": "size-in-bytes", "uuid": "f2e83eee-d4b5-4cef-b81e-1b30f9724178", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758304", "to_ids": true, "type": "vhash", "uuid": "297c8ad7-c360-4297-83ee-5b8a112742f7", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758304", "to_ids": true, "type": "filename", "uuid": "304b96f5-1177-4f9a-9232-7b847761a3cb", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758304", "to_ids": false, "type": "text", "uuid": "3f3d8867-a803-44c1-a2a0-4c841640e613", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:56/71\nFirst Submission:2012-10-02T09:33:29.000000+00:00\nLast Submission:2019-08-06T07:00:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009295", "uuid": "c13e3f68-f997-4178-9055-2ec3b4ca2951", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009295", "to_ids": true, "type": "md5", "uuid": "0b027fe1-bf2d-4f92-bfca-d9ae363e55f0", "value": "ca5fb28af2505d8392d65fdb5112aeac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758326", "to_ids": true, "type": "sha1", "uuid": "0a144b67-4e2f-4a93-8179-f943c5ca20ed", "value": "f2bf467a5e222a46cd8072043ce29b4b72f6a060", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758326", "to_ids": true, "type": "sha256", "uuid": "a7ced5a0-79b2-494f-87b7-dffe517cd815", "value": "de0a4816c12a7bf1e010adf542373e43fae31177617921c06c13ee8981646370", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758325", "to_ids": true, "type": "ssdeep", "uuid": "2f7fe73e-f2d9-4836-b77f-311378ed7093", "value": "768:tTl75hMmo2GkkMDZhxeJWXTjypgwW8JhaQiBOEoy:t5Vh/gMpxTwwoy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758325", "to_ids": false, "type": "size-in-bytes", "uuid": "8cd3292f-fdf9-4071-ac1b-17bbaafe93e0", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758325", "to_ids": true, "type": "vhash", "uuid": "c10a6d0d-8e77-4c5e-a493-b4d48929fe00", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758325", "to_ids": true, "type": "filename", "uuid": "43e196d5-53de-40bb-9172-0770cde18097", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758325", "to_ids": false, "type": "text", "uuid": "11849879-8a05-4ff8-814f-66842c9b06bb", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:57/68\nFirst Submission:2019-07-10T12:05:36.000000+00:00\nLast Submission:2019-07-10T12:05:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009316", "uuid": "d88c27f4-d6f5-4fa5-a838-1aa3b6d52e02", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009316", "to_ids": true, "type": "md5", "uuid": "88e63123-737b-42f3-ab91-d9702eadeaaa", "value": "08eb7f29c1d3e5c76305797df4e08d21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758347", "to_ids": true, "type": "sha1", "uuid": "3cddb368-9c20-4291-9d7a-05ac824b6a21", "value": "e061de5ce7fa02a90bbebf375bb510158c54a045", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758347", "to_ids": true, "type": "sha256", "uuid": "667e23dd-9d69-4521-9186-ab200c63adc3", "value": "ca19dff556934cb20df676fe046516f4f58d16bc218b8c07ef105145b6452018", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758347", "to_ids": true, "type": "ssdeep", "uuid": "03beaa34-0f98-4e92-82ec-e7ab56da6eef", "value": "768:tblT5hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEo6:tBdh/YMdxTwwo6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758347", "to_ids": false, "type": "size-in-bytes", "uuid": "b32d4305-b150-4f62-927e-1f27a845c6f1", "value": "53250" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758347", "to_ids": true, "type": "vhash", "uuid": "73acb368-e60a-4ab1-95e7-e97b286c4549", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758347", "to_ids": true, "type": "filename", "uuid": "cb26c791-c647-4175-9b0a-c5012267bf08", "value": "66h4u.txt" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 20/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758347", "to_ids": false, "type": "text", "uuid": "9c268265-8fae-4527-903b-da2f156cafff", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:53/68\nFirst Submission:2013-05-06T19:53:00.000000+00:00\nLast Submission:2019-01-07T10:35:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009337", "uuid": "35013349-6a10-4d92-8bb0-699c21cca0a9", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009337", "to_ids": true, "type": "md5", "uuid": "7e4b1553-0431-48ef-82e6-40052b1a94bf", "value": "4f85f9cd8a584447c66790f0e6269a0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758369", "to_ids": true, "type": "sha1", "uuid": "2ce6175c-55fc-4919-b20e-905e33486992", "value": "4e0b42591b71e35dd1edd2e27c94542f64cfa22f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758369", "to_ids": true, "type": "sha256", "uuid": "24d8d9c7-a3c9-4b50-8c63-e103bcbee4a8", "value": "5000b13410a01da682e2de35020d55eed44f2edf821df197bea67c7f36b7add1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758368", "to_ids": true, "type": "ssdeep", "uuid": "979b50e2-56e6-4809-bd71-eabf484f347d", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoD:t5Vh/oMdxTwwoD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758368", "to_ids": false, "type": "size-in-bytes", "uuid": "a52ca294-d71e-4cdc-8f3b-880229765bee", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758368", "to_ids": true, "type": "vhash", "uuid": "cd1c1051-3846-4999-9800-7ef6553ba054", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758368", "to_ids": true, "type": "filename", "uuid": "d7eb2936-89ee-4720-a346-e5d2bf6a8f2e", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758368", "to_ids": false, "type": "text", "uuid": "37608924-0975-48a3-95c4-c8a225cf28e6", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:55/68\nFirst Submission:2012-09-15T07:36:33.000000+00:00\nLast Submission:2018-09-26T07:19:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009358", "uuid": "98fdd45b-e3f9-4538-a93a-c0b21332436f", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009358", "to_ids": true, "type": "md5", "uuid": "ba4a82c8-9cea-48c3-b3d7-58929b1fcbba", "value": "c51ff325e4e17f00354af55815a62c63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758390", "to_ids": true, "type": "sha1", "uuid": "70ab4a28-61b7-4853-9766-2f0e58041e5e", "value": "330402c612dc9fafffca5c7f4e97d2e227f0b6d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758390", "to_ids": true, "type": "sha256", "uuid": "cd7c1058-3cd4-4553-9aed-bcac11ca5ce1", "value": "27fab8e36b2be0b987e4242e410e9e08d12c0ac1edb371255dc7c89107669588", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758389", "to_ids": true, "type": "ssdeep", "uuid": "57d84014-6623-4715-8a3b-2758ee7345b2", "value": "768:tTlI5hMmo2GKcDZFxeJWXTjypgwW8JhaQiBOEom:t5yh/ncdxTwwom" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758389", "to_ids": false, "type": "size-in-bytes", "uuid": "97f0fe77-5fe4-4050-896d-3d1d76e4764e", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758389", "to_ids": true, "type": "vhash", "uuid": "4ff4f0ea-b45b-4f81-b109-f3613baf8d9f", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758389", "to_ids": true, "type": "filename", "uuid": "ff50ac38-0bc5-4d6b-860e-dbbdeb237981", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758389", "to_ids": false, "type": "text", "uuid": "55aa366f-77ff-4a80-82dd-4877ce37710e", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Backdoor:Win32/Bladabindi!MSR\nVT Total Detection:54/68\nFirst Submission:2013-05-15T16:15:27.000000+00:00\nLast Submission:2018-05-19T01:58:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009378", "uuid": "5d209e1b-95d7-49e3-ad63-92f206c1f47a", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009378", "to_ids": true, "type": "md5", "uuid": "763f9718-6b36-4e5a-b941-1c95d9525665", "value": "43c7d52affc57bf9773a42632cc818db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758411", "to_ids": true, "type": "sha1", "uuid": "38e80d06-a7d1-41c9-adb5-7954339043da", "value": "5f4cd9cd3d72c52881af6b08e58611a0fe1b35bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758411", "to_ids": true, "type": "sha256", "uuid": "bfff59fe-6478-4616-8a8d-491e5517c0f6", "value": "6627731b620f4208c0f2f46671938edc0207a0aa5c9a628c4b137876fce10e3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758411", "to_ids": true, "type": "ssdeep", "uuid": "f77a2cf0-32a9-49a5-afd0-3aab35ab74b2", "value": "768:tTl75hMmo2GCcDZFxeJWXTjyRgwW8JhaQiBOEow:t5Vh/Pcdx7wwow" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758411", "to_ids": false, "type": "size-in-bytes", "uuid": "af16dae6-f1da-40d4-a026-2d6da3c6ba30", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758411", "to_ids": true, "type": "vhash", "uuid": "a1ba92cf-57dd-4578-bb70-fefae81bc2f8", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758411", "to_ids": true, "type": "filename", "uuid": "77e93e3d-f705-474e-abb0-12dab7f20fff", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758411", "to_ids": false, "type": "text", "uuid": "925b5444-fb4d-4d79-8cc1-d5a3b0e97801", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:53/68\nFirst Submission:2013-07-05T06:41:43.000000+00:00\nLast Submission:2018-05-19T00:42:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009400", "uuid": "64cc9f4b-d6ef-43f4-a042-bea6d22f296a", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009400", "to_ids": true, "type": "md5", "uuid": "dd3aaa02-2a15-4631-a021-fec94c546774", "value": "04d6a171aa4bfa20fcd1485730daf91e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758432", "to_ids": true, "type": "sha1", "uuid": "abca6b58-07ce-45a8-97d7-9df80eb2a17e", "value": "2de1184557622fa34417d2356388e776246e748a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758433", "to_ids": true, "type": "sha256", "uuid": "af166b91-fd80-4bfa-b925-28a754bb14d0", "value": "ec2047f2c8d356967f86f343d4d75c9c6ba53a29b431702d86d5ad7ec13ce47b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758432", "to_ids": true, "type": "ssdeep", "uuid": "22b9fa6b-5b1e-4a1c-aad3-d1def251d4f4", "value": "768:tTlI5hMmo2GQPcDZFxeJWXTjypgwW8JhaQiBOEoX:t5yh/fcdxTwwoX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758432", "to_ids": false, "type": "size-in-bytes", "uuid": "011dbcfe-ee81-4431-a051-af81835bba1e", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758432", "to_ids": true, "type": "vhash", "uuid": "853f69f2-f319-4d8e-a823-409255e84cec", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758432", "to_ids": true, "type": "filename", "uuid": "fbca8dd2-f468-4429-991c-62b546842723", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758432", "to_ids": false, "type": "text", "uuid": "14385b9a-fc99-48d5-9d09-2d24bf2b7946", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:50/68\nFirst Submission:2017-11-14T09:30:52.000000+00:00\nLast Submission:2017-11-14T09:30:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009421", "uuid": "6db8fc02-57e1-457a-abbc-9994e5c64b6d", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009421", "to_ids": true, "type": "md5", "uuid": "d956e03f-6004-46fe-b5f0-c5c2ced74113", "value": "1519450d608fa001595f887482e84f4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758454", "to_ids": true, "type": "sha1", "uuid": "25a8172e-a40e-43db-b8f8-bdb8e9518576", "value": "9a9aff027ad62323bdcca34f898dbcefe4df629b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758454", "to_ids": true, "type": "sha256", "uuid": "916c8165-85ab-441e-b087-14b6aefa65ce", "value": "0167241542fe2171ea5b958b9ef0d476d43afde67273d306dc83bff7d0a79e79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758453", "to_ids": true, "type": "ssdeep", "uuid": "a94aa330-8fff-426b-82c3-9b2b3d8577c3", "value": "768:tTl75hMmo2GQ8MDZFxeJWXTjypgwW8JhaQiBOEoY:t5Vh/sMdxTwwoY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758453", "to_ids": false, "type": "size-in-bytes", "uuid": "d73c4b10-a749-4288-b04b-2afb7d3f505f", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758453", "to_ids": true, "type": "vhash", "uuid": "6959d81c-ddf5-4650-be61-191b332c8c03", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758453", "to_ids": true, "type": "filename", "uuid": "22e319c0-3ae7-4eab-a377-37fa0f9dd177", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758453", "to_ids": false, "type": "text", "uuid": "03841c59-b7ce-465f-8159-8b2b41837847", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:56/71\nFirst Submission:2012-11-16T17:00:03.000000+00:00\nLast Submission:2016-01-18T07:43:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009442", "uuid": "2270310b-3f4b-45ea-9c29-1abe48a94f82", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009442", "to_ids": true, "type": "md5", "uuid": "641ec538-d0ad-47ac-bc46-a568be2344fd", "value": "b7ad4476c510d958ceee005ce306aa6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758475", "to_ids": true, "type": "sha1", "uuid": "fd7208f5-7ab2-4ab1-9603-d9effeb57e4c", "value": "9cd48fddd536f2c2e28f622170e2527a9ca84ee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758475", "to_ids": true, "type": "sha256", "uuid": "e5677143-e7d7-4801-83a6-7cbefbfe4563", "value": "03671580fe9e99b87da789f4ec8ecafa9dbd413df69b1b63a662f427d787e1c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758475", "to_ids": true, "type": "ssdeep", "uuid": "ad3a6d06-7cd3-483f-9352-072e307c2040", "value": "768:tTlP5hMmo2GQPcDZFxeJWXTjypgwW8JhaQiBOEoF:t5Rh/fcdxTwwoF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758475", "to_ids": false, "type": "size-in-bytes", "uuid": "501c9119-2145-497a-93a1-bc09d0dc5592", "value": "54044" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758475", "to_ids": true, "type": "vhash", "uuid": "a8565b81-394a-4efe-810f-2aede1a29720", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758475", "to_ids": true, "type": "filename", "uuid": "66fa802e-7b1e-4bfa-965e-6fa732391970", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758475", "to_ids": false, "type": "text", "uuid": "d77d36a7-7993-406e-b1b4-77f688a8005f", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:55/72\nFirst Submission:2013-04-12T18:22:27.000000+00:00\nLast Submission:2013-04-12T18:22:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009465", "uuid": "ae8c132f-1a7b-46cd-a6d1-2adcc04a549e", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009465", "to_ids": true, "type": "md5", "uuid": "079fbed1-7075-42c1-beca-6fb4e6c53231", "value": "00da48d53ec27b4c1e9a847f0d7a8751", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758497", "to_ids": true, "type": "sha1", "uuid": "7ec79de7-e386-4c7c-a458-43c5b5c37d35", "value": "2c99022b592d2d8e4a905bacd25ce7e1ec3ed3bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758497", "to_ids": true, "type": "sha256", "uuid": "a52f4aec-a115-49c4-96f4-927df7eed1e8", "value": "0374ae5029626ed55cc05fe93bc0932f2f22980f31603b20d64c75990b9b97c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758497", "to_ids": true, "type": "ssdeep", "uuid": "7ecf6a0f-75cf-4aca-9750-34405f95e50f", "value": "768:tblT5hMmo2Gs8MDZ9xeJWXTjypgwW8JhaQiBOEoj:tBdh/gM1xTwwoj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758497", "to_ids": false, "type": "size-in-bytes", "uuid": "5a0beac7-9d6f-4642-912e-f28a45acea38", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758497", "to_ids": true, "type": "vhash", "uuid": "525b1aa9-8a9a-44d2-a4c0-3392e9f007ee", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758497", "to_ids": true, "type": "filename", "uuid": "444ed85b-d6f1-49d4-9583-ba74f9b7dada", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758497", "to_ids": false, "type": "text", "uuid": "09a1d42d-efa2-4960-82ea-a5077519a811", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:54/68\nFirst Submission:2014-05-23T18:06:19.000000+00:00\nLast Submission:2014-05-23T18:06:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009486", "uuid": "fba45709-ef8d-438a-9737-26535ffa5aa4", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009486", "to_ids": true, "type": "md5", "uuid": "0489af8e-693a-498d-b09f-f4cca89be0bb", "value": "38127803f5b495be5e40d8e37de22f1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758519", "to_ids": true, "type": "sha1", "uuid": "e750d7c2-a12a-411a-90d5-215420c0c967", "value": "69e0fcdc24fe17e41ebaee71f09d390b45f9e5c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758519", "to_ids": true, "type": "sha256", "uuid": "c6ac8448-a319-4c98-8521-b77016263de5", "value": "0674aeac49d076af07a7e2aef74d05356f2906cf39bbbe3ad3b7ae42b0d326f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758518", "to_ids": true, "type": "ssdeep", "uuid": "a36472f7-d162-400d-b8f7-fb444513214a", "value": "768:tbl75hMmo2GM8MDZhxeJWXTjypgwW8JhaQiBOEod:tBVh/AMpxTwwod" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758518", "to_ids": false, "type": "size-in-bytes", "uuid": "cb5178dc-1785-405c-9194-3b653775c841", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758518", "to_ids": true, "type": "vhash", "uuid": "0c027eef-0bf0-4ea2-8203-00d7f5704df8", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758518", "to_ids": true, "type": "filename", "uuid": "285aa87b-8c3b-4cfa-8f49-8c846857d103", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758518", "to_ids": false, "type": "text", "uuid": "3b532bc0-ba1a-4c87-b645-f0ef71741130", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:54/68\nFirst Submission:2013-04-19T23:50:50.000000+00:00\nLast Submission:2013-04-19T23:50:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009508", "uuid": "8557a70b-1b61-405e-a67b-afb4d3088c04", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009508", "to_ids": true, "type": "md5", "uuid": "3d975a2b-3db9-4f52-962e-5024b5664188", "value": "618a55565c06222d907f877630a58def", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758550", "to_ids": true, "type": "sha1", "uuid": "f9385338-4289-4b05-804b-9fe35c65f50e", "value": "a2ea8a9abf749e3968a317b5dc5b95c88edc5b6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758550", "to_ids": true, "type": "sha256", "uuid": "30b8fa83-8901-4638-aa63-df3518353518", "value": "0af3db6b52889fd1e35b3a6383d995976ce97b2fbeafb9bb8760f7654c4544fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758550", "to_ids": true, "type": "ssdeep", "uuid": "cdd4e217-6951-4f57-947d-3b0996fd9d4e", "value": "768:tblg5hMmo2GA8cDZhxeJWXTjypgwW8JhaQiBOEoH:tBah/McpxTwwoH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758550", "to_ids": false, "type": "size-in-bytes", "uuid": "7daf92e8-11db-47e1-8b16-ae18945b8f93", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758550", "to_ids": true, "type": "vhash", "uuid": "009897b9-0d99-4010-8884-23c46d8226ef", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758550", "to_ids": true, "type": "filename", "uuid": "6241013a-9ae0-464f-862f-5b562725971b", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758550", "to_ids": false, "type": "text", "uuid": "3b56d055-709c-4004-b904-90fd7b6f2a1d", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:53/68\nFirst Submission:2013-02-21T02:38:56.000000+00:00\nLast Submission:2022-06-10T08:26:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009529", "uuid": "a754e005-48d1-45e5-8428-2e3189dae210", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009529", "to_ids": true, "type": "md5", "uuid": "e119b8a5-00f6-459b-99ee-fd4e227c8811", "value": "22f9f57e88e9fc501ed4a4c5a414b427", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758575", "to_ids": true, "type": "sha1", "uuid": "30619c59-665c-4c9c-993c-cae086722c1f", "value": "0a8e432f63cc8955e2725684602714ab710e8b0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758575", "to_ids": true, "type": "sha256", "uuid": "5417e317-fccd-48e4-959f-c24cdb542acd", "value": "2424b9e6f7c58e4d64258e1bf425f2fb3d8077ab1b8cfd1a631bde05a0e109a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758575", "to_ids": true, "type": "ssdeep", "uuid": "2c89355e-156d-4a64-baad-3704e7e65fea", "value": "768:tTlI5hMmo2GKcDZFxeJWXTjypgwW8JhaQiBOEoF:t5yh/ncdxTwwoF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758575", "to_ids": false, "type": "size-in-bytes", "uuid": "25418d52-16c0-45cd-bb14-134a2ffe7efa", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758575", "to_ids": true, "type": "vhash", "uuid": "6afc6434-6a7d-4c03-ab19-573637b64840", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758575", "to_ids": true, "type": "filename", "uuid": "788be75b-26f2-47b8-a450-8fc5dfded9c6", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758575", "to_ids": false, "type": "text", "uuid": "5b5928d6-dfa1-4983-ac76-3d7ee28e26c9", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:56/68\nFirst Submission:2013-08-25T01:09:36.000000+00:00\nLast Submission:2013-08-25T01:09:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009551", "uuid": "42d6879f-750e-468a-b5e5-17ec8684c333", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009551", "to_ids": true, "type": "md5", "uuid": "86dc6ead-e72e-41bb-9b8f-61b66c6437ef", "value": "b513f69811fd9d622dae3e0b26f8c40c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758597", "to_ids": true, "type": "sha1", "uuid": "f9e739cf-9600-4f2c-b578-90cd7af59e76", "value": "309accad8345f92eb19bd257cfc7dd8d0c00b910", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758597", "to_ids": true, "type": "sha256", "uuid": "f53088c7-8526-4070-8f93-75506611097d", "value": "263316d1c03d1d6eacbff77e30d97659eb14b3ceee25b4eba126af2048f48e4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758596", "to_ids": true, "type": "ssdeep", "uuid": "63238fe9-c4c7-4354-bf33-7cdbc525bd55", "value": "768:tblX5hMmo2GA8cDZhxeJWXTjypgwW8JhaQiBOEoa:tBph/McpxTwwoa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758596", "to_ids": false, "type": "size-in-bytes", "uuid": "111ed586-775d-4942-b6f5-32d9ce5a1fd4", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758596", "to_ids": true, "type": "vhash", "uuid": "1f2f9517-86b4-4dda-8150-bdc1d551a1a2", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758596", "to_ids": true, "type": "filename", "uuid": "cf9737c7-1f1a-46e9-b544-e91f19c72156", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758596", "to_ids": false, "type": "text", "uuid": "3e6026e1-0738-41c9-889a-e5d57565838e", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:55/68\nFirst Submission:2014-10-14T03:14:36.000000+00:00\nLast Submission:2014-10-14T03:14:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009572", "uuid": "8a37b55e-f990-41fc-94ab-eba4164d5602", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009572", "to_ids": true, "type": "md5", "uuid": "e0042f3f-6ec1-4f9e-bbb0-7739d786788a", "value": "34945880fcdbeab725b99e1bab8c3405", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758618", "to_ids": true, "type": "sha1", "uuid": "247a7f83-5dbc-44b0-b80c-97f2ee8729a3", "value": "89937567c575d38778b08289876b938a0e766f14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758619", "to_ids": true, "type": "sha256", "uuid": "f64c7b8c-fd04-4475-952b-93f1f88c44fd", "value": "296ee816c4a164758c69ed0adcd81e625acf85b1ed2d7a676aa68b2fe58c4755", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758618", "to_ids": true, "type": "ssdeep", "uuid": "87a1a679-5d37-45ce-a863-1b22b7ab3e37", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoS:t5Vh/oMdxTwwoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758618", "to_ids": false, "type": "size-in-bytes", "uuid": "bb7ffc5e-1f6b-4498-8a2e-43d92c702aa1", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758618", "to_ids": true, "type": "vhash", "uuid": "0e178766-f160-4bc7-a4d4-23f34a63d29b", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758618", "to_ids": true, "type": "filename", "uuid": "f7e13412-6855-41e2-9987-87a38d321832", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 12/02/2015", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758618", "to_ids": false, "type": "text", "uuid": "0cbd4c35-8175-4d76-b715-d983dbcaab3d", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:44/57\nFirst Submission:2013-03-31T17:27:56.000000+00:00\nLast Submission:2013-06-27T20:49:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009593", "uuid": "2fc402ad-5f90-4a4f-8ec0-7e75ea7756b1", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009593", "to_ids": true, "type": "md5", "uuid": "b93058c1-c7c7-4578-b0ca-ccb9df47c8cb", "value": "c6ef71accb050b9a78167368a08f625a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758640", "to_ids": true, "type": "sha1", "uuid": "2dd8fce2-b1dc-4b92-baa5-def6834b69ed", "value": "19bd1573564fe2c73e08dce4c4ad08b2161e0556", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758641", "to_ids": true, "type": "sha256", "uuid": "e63ad4ef-26f3-49a8-9663-bfca5fb31172", "value": "2f8772f591b7850342c13be8b43dc5ff792e9e8de5efac3a969cc6c4bc4c7e7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758640", "to_ids": true, "type": "ssdeep", "uuid": "62475f56-3e3f-476d-a2d6-b842a4c92438", "value": "768:tTl75hMmo2GkkMDZhxeJWXTjypgwW8JhaQiBOEoq:t5Vh/gMpxTwwoq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758640", "to_ids": false, "type": "size-in-bytes", "uuid": "0ebe71f0-45b8-4289-a82f-0ff4c0e13d4c", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758640", "to_ids": true, "type": "vhash", "uuid": "3b319e5c-30ad-49ca-a6e0-e834dbb9a292", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758640", "to_ids": true, "type": "filename", "uuid": "580f6259-d3aa-446a-bfd8-cfc889fe856e", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758640", "to_ids": false, "type": "text", "uuid": "c9beb892-dc40-4381-809f-368045c6bbae", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:59/71\nFirst Submission:2013-02-05T15:53:05.000000+00:00\nLast Submission:2013-02-05T15:53:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009614", "uuid": "e1043251-889e-41f9-8f73-322ca13cb756", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009614", "to_ids": true, "type": "md5", "uuid": "3c049893-bf08-4b3d-a844-ec78908c4139", "value": "e12e6c2f85e1e02d2508215fccec4268", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758662", "to_ids": true, "type": "sha1", "uuid": "2ab5f31c-cd5f-4460-9955-536a845fa157", "value": "a1d0c96db49f1eef7fd71cbed13f2fb6d521ab6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758662", "to_ids": true, "type": "sha256", "uuid": "4464f189-6fb6-4b80-82b5-1f9d8af98cda", "value": "317f61cbcf4bc9b91df061aadd4a55ca31be856f96cf6d7fe76109cc19d1d6b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758661", "to_ids": true, "type": "ssdeep", "uuid": "6ac96ac7-53b2-4343-ad17-7edeb5eaea99", "value": "768:tTl75hMmo2GCcDZFxeJWXTjyRgwW8JhaQiBOEoh:t5Vh/Pcdx7wwoh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758661", "to_ids": false, "type": "size-in-bytes", "uuid": "2a123932-4eec-41cf-bfc1-934811ba458b", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758661", "to_ids": true, "type": "vhash", "uuid": "b5ff8810-a581-4282-b2e8-b2a86f90f157", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758661", "to_ids": true, "type": "filename", "uuid": "4281fdbb-fb44-4992-966a-e9b4f4dcc8db", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758661", "to_ids": false, "type": "text", "uuid": "8b075d4f-8e3c-4334-9974-9fd0074c388e", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:59/71\nFirst Submission:2014-10-07T04:41:26.000000+00:00\nLast Submission:2014-10-07T04:41:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009635", "uuid": "2e11ed0d-610e-465d-87e6-7700696a7f9c", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009635", "to_ids": true, "type": "md5", "uuid": "2bd0c4dd-c06b-4f5b-b951-058a11cf4cbb", "value": "e462c2eeda9a9b49e8f21198c229dacb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758683", "to_ids": true, "type": "sha1", "uuid": "a6cc8d04-f7db-403c-838d-1c4f0ae1da96", "value": "936748b63b1c9775cef17c8cdbba9f45ceba3389", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758683", "to_ids": true, "type": "sha256", "uuid": "c00a9711-3a70-4fd7-a4c1-5e216f9ccf66", "value": "31bcb97a9654b4bb5541bf40923a9a8bce753f62debcde1b2d4b31a91be3fdf1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758683", "to_ids": true, "type": "ssdeep", "uuid": "62af02e4-2996-40d9-8ebe-75c060d2c055", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEog:t5Vh/oMdxTwwog" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758683", "to_ids": false, "type": "size-in-bytes", "uuid": "1f20ad27-557a-48e8-895e-64e0090e6b49", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758683", "to_ids": true, "type": "vhash", "uuid": "bdf71ae4-8bec-4954-9a45-87af54884aa9", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758683", "to_ids": true, "type": "filename", "uuid": "d64929ad-1256-4f38-bcd1-4d8649face16", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758683", "to_ids": false, "type": "text", "uuid": "54f9438c-eb76-421c-b03b-4bbf8efaa1ea", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mongall!MSR\nVT Total Detection:59/71\nFirst Submission:2012-09-11T18:23:33.000000+00:00\nLast Submission:2016-01-23T18:56:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009656", "uuid": "e786f7a9-d697-4158-9b78-f6cde3584cf6", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009656", "to_ids": true, "type": "md5", "uuid": "c4563cf8-92e8-41f1-a761-be58e9ec6e54", "value": "13019ad4f00fce86aa6ade585ca6d005", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758707", "to_ids": true, "type": "sha1", "uuid": "37032b1c-9f31-4a31-a926-e63875b9f50e", "value": "46d54a3de7e139b191b999118972ea394c48a97f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758707", "to_ids": true, "type": "sha256", "uuid": "85915924-f4a3-4571-951b-284ea89817ff", "value": "359fdf5a481bb12f1577d38438aaa1ede0a9cd6a5ff76796fecba5acda97b0ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758706", "to_ids": true, "type": "ssdeep", "uuid": "2857a3a7-e62e-40b4-9d5d-0d41a52b549b", "value": "768:tTl75hMmo2Oc8MDZhxeJWXTjyp+wW8JhaQiBOEoM:t5Vh/4MpxJwwoM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758706", "to_ids": false, "type": "size-in-bytes", "uuid": "04b52519-855a-45b7-ae82-c3c0a5ed8fcb", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758706", "to_ids": true, "type": "vhash", "uuid": "73cec89d-acba-4dc1-bc0f-374854cbfac0", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758706", "to_ids": true, "type": "filename", "uuid": "8573b84b-9b40-4cfe-a4c2-178f7dff1d6d", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758706", "to_ids": false, "type": "text", "uuid": "fbedb98a-25fa-4766-984e-0b1c8fda2eca", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:57/71\nFirst Submission:2011-12-02T14:47:55.000000+00:00\nLast Submission:2014-01-23T21:54:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009677", "uuid": "2fe9d972-8221-4405-9562-61f315061323", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009677", "to_ids": true, "type": "md5", "uuid": "d59f11b3-81de-4b72-855a-b72c95d363bb", "value": "9b66a41ee6973edd5df25cc8cf40d600", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758730", "to_ids": true, "type": "sha1", "uuid": "7e6773a2-c77d-4f76-847d-9c8fc8d93694", "value": "4786066b29066986b35db0bfce1f58ec8051ba6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758731", "to_ids": true, "type": "sha256", "uuid": "e6c828fe-25a5-4110-b709-9bd0fad85b77", "value": "387a264a8d2dc7ca37a2cd80c7fdd8efb269c3351b08c91b9b2a1d140aa5214d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758730", "to_ids": true, "type": "ssdeep", "uuid": "56721061-e14a-4c91-be20-7b4acb44b69b", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoX:t5Vh/YMdxTwwoX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758730", "to_ids": false, "type": "size-in-bytes", "uuid": "1c620557-b00c-470f-ae10-9a41be565949", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758730", "to_ids": true, "type": "vhash", "uuid": "47c16a44-c563-471f-b0d9-fe315abd7dec", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758730", "to_ids": true, "type": "filename", "uuid": "016af767-94ff-430c-8bcf-d848364eddfe", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758730", "to_ids": false, "type": "text", "uuid": "89701b71-7c84-4414-bd9f-13422bc26583", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:60/71\nFirst Submission:2013-03-01T21:25:56.000000+00:00\nLast Submission:2013-03-01T21:25:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009698", "uuid": "ad3a6bda-1d35-4b8b-bfd2-d0c49ee73d20", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009698", "to_ids": true, "type": "md5", "uuid": "e382e8c2-0d60-426a-9a19-454a1328994e", "value": "38825f50ce7d5cbbbfe261bb407ee97d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758752", "to_ids": true, "type": "sha1", "uuid": "e955225d-9647-434d-b461-3b4963a25578", "value": "b1d84d33d37526c042f5d241b94f8b77e1aa8b98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758752", "to_ids": true, "type": "sha256", "uuid": "c46e859a-deea-47c3-b046-ada1140d4ae9", "value": "430462d1becc0e68e8084615b0df9cf10a3940268cbd6213eb31871a87ec2463", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758752", "to_ids": true, "type": "ssdeep", "uuid": "dd3abf73-47bb-4898-a148-9147226753f4", "value": "768:tblT5hMmo2GI8MDZ9xeJWXTjypgwW8JhaQiBOEoC:tBdh/EM1xTwwoC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758752", "to_ids": false, "type": "size-in-bytes", "uuid": "6dfd9308-f419-4dab-9134-0040c5ef10e3", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758752", "to_ids": true, "type": "vhash", "uuid": "4a7812fa-f4f0-4adf-8e2b-841f0d599c30", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758752", "to_ids": true, "type": "filename", "uuid": "ffdaf4ab-afeb-47d1-a22e-281e391dc18c", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758752", "to_ids": false, "type": "text", "uuid": "94a23f8a-36c4-4105-a973-ed00d943832f", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mongall!MSR\nVT Total Detection:61/71\nFirst Submission:2015-07-04T16:43:26.000000+00:00\nLast Submission:2015-07-04T16:43:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009719", "uuid": "f7cd9d44-d1d1-4f27-a37f-1cdcc9a85727", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009719", "to_ids": true, "type": "md5", "uuid": "be52f0b1-c316-48c9-b8ac-1acd4e79ab51", "value": "94d744074772d3a363053f783fdbfa47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758775", "to_ids": true, "type": "sha1", "uuid": "521c5b34-3362-4ef7-8268-913b260c728a", "value": "7bb500f0c17014dd0d5e7179c52134b849982465", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758775", "to_ids": true, "type": "sha256", "uuid": "404ec434-c8f9-4e0e-8471-dead05dbf756", "value": "46b62a4995011788d09d8814713734b5282b485b35e401a88e59a844ba6a7d82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758774", "to_ids": true, "type": "ssdeep", "uuid": "e3ed7c20-eb40-4ed6-a0d2-bfd45bb79d70", "value": "768:tTlI5hMmo2GKcDZFxeJWXTjypgwW8JhaQiBOEoX:t5yh/ncdxTwwoX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758774", "to_ids": false, "type": "size-in-bytes", "uuid": "c8cf832a-ebea-4341-9090-07bf5d0e5bee", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758774", "to_ids": true, "type": "vhash", "uuid": "a7b67690-7d02-4e6e-8167-00cf91723497", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758774", "to_ids": true, "type": "filename", "uuid": "f7d64219-cba5-4229-8a4e-92e77af5bd02", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758774", "to_ids": false, "type": "text", "uuid": "9e9a863d-5e6b-4143-aa6b-44aaf0f2c55d", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:59/71\nFirst Submission:2013-06-02T02:32:58.000000+00:00\nLast Submission:2013-06-02T02:32:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009741", "uuid": "e180648a-772e-417b-b36e-0cf78e3915ac", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009741", "to_ids": true, "type": "md5", "uuid": "c81924ee-19cc-4066-9917-4eeb5ffe73a2", "value": "13380db2b5df86d6bb2f35798860e19b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758797", "to_ids": true, "type": "sha1", "uuid": "99c3d748-05af-4b75-ae88-549bf7abd041", "value": "d1d3219006fdfd4654c52e84051fb2551de2373a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758797", "to_ids": true, "type": "sha256", "uuid": "31ff9dee-b5d4-49a4-abfa-88075dfc6e72", "value": "4d57d0023b8f9c20881bb124dad514219f4f553faaec24ed0d974db3f9c6cc5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758797", "to_ids": true, "type": "ssdeep", "uuid": "8416da6a-0591-4496-b6c5-0f4759be6510", "value": "768:tTlP5hMmo2GQPcDZFxeJWXTjypgwW8JhaQiBOEoF:t5Rh/fcdxTwwoF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758797", "to_ids": false, "type": "size-in-bytes", "uuid": "b58cd24e-b353-4ad1-acf1-508af356df4a", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758797", "to_ids": true, "type": "vhash", "uuid": "f7d4271b-9ad0-4d56-99c7-b9197e2cb431", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758797", "to_ids": true, "type": "filename", "uuid": "4679198c-fb72-4f00-b0da-398dcc1fb56a", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758797", "to_ids": false, "type": "text", "uuid": "93e5b0b2-9575-4fd1-a73f-f5d69400659b", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:59/71\nFirst Submission:2013-04-04T12:25:58.000000+00:00\nLast Submission:2013-04-04T12:25:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009762", "uuid": "03ced581-ff45-4aa0-8a8c-87f42881ce61", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009762", "to_ids": true, "type": "md5", "uuid": "f460ba93-df65-44f0-a30b-cda24034249d", "value": "8395ca8354fb8a7ea9ffdb0cc29380d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758819", "to_ids": true, "type": "sha1", "uuid": "2b270a69-d3be-435c-b038-77ba422f6863", "value": "0ffa5e49f17bc722c37a08041e6d80ee073d0d8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758819", "to_ids": true, "type": "sha256", "uuid": "47bd09d4-07b4-41dd-81a6-283129062732", "value": "4fb1e72d3384e2b2a0ee39b00211b572e96b2146832a73b4858ef39cd3126f35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758819", "to_ids": true, "type": "ssdeep", "uuid": "0525080a-54fd-46e3-a3bd-691d87f650f7", "value": "768:tOlI5hMmo2GKcDZFxeJWXTjypgwW8JhaQiBOEoF:t4yh/ncdxTwwoF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758819", "to_ids": false, "type": "size-in-bytes", "uuid": "25355d9a-9702-4927-9b12-60d6fe6ca179", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758819", "to_ids": true, "type": "vhash", "uuid": "ef4bdb37-16af-4294-85e0-fe946e86a159", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758819", "to_ids": true, "type": "filename", "uuid": "3a9dd719-c815-49f0-b73c-8069763363fe", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758819", "to_ids": false, "type": "text", "uuid": "25fdd7b5-b1c9-4a96-8034-cb6a1966eff4", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:61/71\nFirst Submission:2013-08-27T17:04:56.000000+00:00\nLast Submission:2013-08-27T17:04:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009783", "uuid": "3952bc88-3bf7-4dfd-9a78-33734ee37b55", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009783", "to_ids": true, "type": "md5", "uuid": "0b535bcc-379d-4694-89e8-1fa08f04f46c", "value": "c6362e61c53b4cbb4645aacf56984ac8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758843", "to_ids": true, "type": "sha1", "uuid": "91ec1d62-a0dc-40d9-8dbc-3bf9a5b780d0", "value": "dceecf543f15344b875418ad086d9706bfef1447", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758843", "to_ids": true, "type": "sha256", "uuid": "27b3a55e-75dc-483d-b2e9-ed3267ea017c", "value": "5073e6d85352244ce5ede57bcef04580b7d81f4d96ebf49db47b59b5694e1c07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758842", "to_ids": true, "type": "ssdeep", "uuid": "8f0175e6-c757-4a21-a249-4529e4aac39a", "value": "768:tblT5hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEo+:tBdh/oMdxTwwo+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758842", "to_ids": false, "type": "size-in-bytes", "uuid": "64a6329b-be39-414b-bd15-668b299902b4", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758842", "to_ids": true, "type": "vhash", "uuid": "4411a4c4-383b-4d3a-99ec-bff2a41c1517", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758842", "to_ids": true, "type": "filename", "uuid": "119aa97c-9f06-4605-8d54-da3c8336d809", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758842", "to_ids": false, "type": "text", "uuid": "856ac56d-0eb6-42a6-9ca1-4a641a956f6b", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:62/71\nFirst Submission:2012-10-17T13:05:40.000000+00:00\nLast Submission:2012-10-17T13:05:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009804", "uuid": "c208c069-c992-4980-986e-9cc0ca820a11", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009804", "to_ids": true, "type": "md5", "uuid": "2d803976-5c84-414d-a123-ca9f41c9abe5", "value": "b884d40a5a96ed2159e9316c995a3ec6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758868", "to_ids": true, "type": "sha1", "uuid": "25325c7a-213b-4009-8175-1d59990a8687", "value": "fa177d9bd5334d8e4d981a5a9ab09b41141e9dcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758868", "to_ids": true, "type": "sha256", "uuid": "4c86ea2a-f745-4f72-ab2c-113bd6f87b61", "value": "54c5517541187165fd9720dfe8cff67498d912d189d649cc652d8b113bae8802", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758868", "to_ids": true, "type": "ssdeep", "uuid": "c2df61c4-b82e-4b77-aacb-65355ee117f6", "value": "768:tTlI5hMmo2GKcDZFxeJWXTjypgwW8JhaQiBOEoD:t5yh/ncdxTwwoD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758868", "to_ids": false, "type": "size-in-bytes", "uuid": "1ae4df3f-7ef8-48b0-8994-d3692f86bf9a", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758868", "to_ids": true, "type": "vhash", "uuid": "136362cf-990d-4045-801c-868a63ab6674", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758868", "to_ids": true, "type": "filename", "uuid": "518b9162-6123-4e05-bfef-0f8d751121f1", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758868", "to_ids": false, "type": "text", "uuid": "09d9ddf0-8008-448a-83d2-da0d2b2347e1", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:58/71\nFirst Submission:2013-06-19T11:57:32.000000+00:00\nLast Submission:2013-06-19T11:57:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009825", "uuid": "765d6b9f-20c3-495e-9cc4-f5f9eeb523a0", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009825", "to_ids": true, "type": "md5", "uuid": "efce7a12-8273-4b8f-b688-21ccd4f8c523", "value": "5128e6a864adf21d3254eb031f7d3a66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758892", "to_ids": true, "type": "sha1", "uuid": "b70d1677-cf26-4a56-b71a-c832c4a33e64", "value": "07aab5761d56159622970a0213038a62d53743c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758892", "to_ids": true, "type": "sha256", "uuid": "a8cb33d7-16ad-41c6-ba5d-044bcdb8dd64", "value": "550fd54e49db7b795fbb7cc29b2a58c2a751d863f76dccfb5a08f711342b9fd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758892", "to_ids": true, "type": "ssdeep", "uuid": "08e32e88-aa9c-4e62-9190-25df59423a22", "value": "768:tTlI5hMmo2GKcDZFxeJWXTjypgwW8JhaQiBOEoO:t5yh/ncdxTwwoO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758892", "to_ids": false, "type": "size-in-bytes", "uuid": "4ea03c8f-4e0b-43a4-af4b-29c8c07f255f", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758892", "to_ids": true, "type": "vhash", "uuid": "f5b9b8fe-af01-46eb-a159-20759039a62c", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758892", "to_ids": true, "type": "filename", "uuid": "38316572-e281-4166-b325-3fea6ba1534f", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758892", "to_ids": false, "type": "text", "uuid": "01517fbd-0513-47b2-8042-dcad08a3822c", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:60/71\nFirst Submission:2014-06-18T19:13:00.000000+00:00\nLast Submission:2014-06-18T19:13:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009847", "uuid": "10c70c64-2f81-41b7-a8c9-26a008bc473a", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009847", "to_ids": true, "type": "md5", "uuid": "fb457a8e-aa6b-4865-baf5-c6a033ce9652", "value": "776c97156a4f9ede1336712a4bbbf726", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758917", "to_ids": true, "type": "sha1", "uuid": "54c6123d-6e04-4271-856c-bce20cef4e1b", "value": "d83dde58a510bdd3243038b1f1873e7da3114bcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758917", "to_ids": true, "type": "sha256", "uuid": "b961fd9a-5f9a-49bc-aa87-07dfebba71e8", "value": "601f7b924c19a2e9fbe0e5a9728434416afb6adcb58df43f83236f173a30539c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758916", "to_ids": true, "type": "ssdeep", "uuid": "8d5345fa-7a87-483f-9de4-b848441dd817", "value": "768:tTlP5hMmo2GQPcDZFxeJWXTjypgwW8JhaQiBOEo5:t5Rh/fcdxTwwo5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758916", "to_ids": false, "type": "size-in-bytes", "uuid": "1bd99954-2e48-4a26-b03b-9b8a72b93659", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758916", "to_ids": true, "type": "vhash", "uuid": "e6060cf8-cde8-4dc0-8401-70ef8e38c819", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758916", "to_ids": true, "type": "filename", "uuid": "5c54109f-c0b5-4b73-809f-106aec993a17", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758916", "to_ids": false, "type": "text", "uuid": "8a8fb2f4-cafa-47c8-97a8-0c53d605dffb", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:60/71\nFirst Submission:2013-03-13T03:43:01.000000+00:00\nLast Submission:2014-02-26T04:04:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009868", "uuid": "680e3fe5-d1a6-4d23-aca8-695b8c799e1e", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009868", "to_ids": true, "type": "md5", "uuid": "7abdc84a-2d1d-4b45-92b8-b1c5fd5365ed", "value": "4f4576464162f993dcbd3b325cb979af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758939", "to_ids": true, "type": "sha1", "uuid": "9b916b25-7073-43eb-8b66-ea747a055343", "value": "a0da713ee28a17371691aaa901149745f965eb90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758939", "to_ids": true, "type": "sha256", "uuid": "7ae72c42-fbb3-4c7b-b7f1-aa21e50adf34", "value": "60695d527c76ab7d7a4e31ff29015c3856d868db31e55b88bfc2066461eb938a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758939", "to_ids": true, "type": "ssdeep", "uuid": "2474fdb6-8d60-44dc-9552-e1051388b038", "value": "768:tTlg5hMmo2GUPcDZFxeJWXTjypgwW8JhaQiBOEow:t5ah/TcdxTwwow" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758939", "to_ids": false, "type": "size-in-bytes", "uuid": "af40ec70-7adc-404e-b8d1-db14a565ac06", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758939", "to_ids": true, "type": "vhash", "uuid": "cdcc8fa7-6d57-48b8-a8ba-d96bb6de6172", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758939", "to_ids": true, "type": "filename", "uuid": "408e7152-1cf3-468c-91cb-685574a7f402", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758939", "to_ids": false, "type": "text", "uuid": "dbe8530e-b937-4cce-b8c8-36f49832b9ad", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:60/71\nFirst Submission:2013-04-13T00:35:21.000000+00:00\nLast Submission:2013-04-13T00:35:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009889", "uuid": "d6db091d-d068-4373-ad55-48f238805f0f", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009889", "to_ids": true, "type": "md5", "uuid": "2be5a702-9634-4003-bea3-b4037a949284", "value": "c156332b5f1b9f16ed8b79e1562344df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758964", "to_ids": true, "type": "sha1", "uuid": "998b069c-eeef-472a-a683-8831252f5048", "value": "c5b644a33fb027900111d5d4912e28b7dcce88ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758964", "to_ids": true, "type": "sha256", "uuid": "f73c6db9-04f9-44c3-8b0c-9545bf359c0f", "value": "62370f77d8cdbe770ed1f0bea1df0720dcd0e3f1da78c62b3db46b18372c5392", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758963", "to_ids": true, "type": "ssdeep", "uuid": "3c3ad06f-72c1-4c06-9909-2cfe1fc27177", "value": "768:tTl75hMmo2GCcDZFxeJWXTjyRgwW8JhaQiBOEo+:t5Vh/Pcdx7wwo+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758963", "to_ids": false, "type": "size-in-bytes", "uuid": "1b6d016d-7197-4ad5-9b6c-a543e3ba3aa2", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758963", "to_ids": true, "type": "vhash", "uuid": "fa94bb95-d3e6-4bb2-807c-600f4b5faa9a", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758963", "to_ids": true, "type": "filename", "uuid": "a27b6782-0253-4d0c-b2a8-d8338b9654ad", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758963", "to_ids": false, "type": "text", "uuid": "1108153b-f20a-4bcc-95bb-7fffd43c8df5", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:60/71\nFirst Submission:2013-07-05T06:50:47.000000+00:00\nLast Submission:2013-07-10T13:34:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009911", "uuid": "9193906a-c194-4e35-97af-1f9b0e9fea0d", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009911", "to_ids": true, "type": "md5", "uuid": "094dcf75-db08-48e8-9a3a-d1501d80211b", "value": "b6aad95e547969cab4312e32c60373ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746758987", "to_ids": true, "type": "sha1", "uuid": "c2e35501-e57f-4d0d-9353-fab65bcb6fec", "value": "db5437fec902cc1bcbad4bef4d055651e9926a89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746758987", "to_ids": true, "type": "sha256", "uuid": "84424117-f5de-4edc-9baf-f355c3a5cc5c", "value": "6a9e5b62f7c52ced7a382bf1fc6bc09f823c8d6da113864e03d2bc3a9180d897", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746758987", "to_ids": true, "type": "ssdeep", "uuid": "1d7462f9-88de-4fc3-a386-aae827953c81", "value": "768:tTl75hMmo2uU8MDZhxeJWXTjypwwW8JhaQiBOEoV:t5Vh/QMpxXwwoV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746758987", "to_ids": false, "type": "size-in-bytes", "uuid": "6bf3d75a-9625-4992-92af-4f0e5d1655ef", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746758987", "to_ids": true, "type": "vhash", "uuid": "787368c2-1fe9-4e10-bc12-2c3cfa43e4ba", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746758987", "to_ids": true, "type": "filename", "uuid": "484e5312-3b05-4066-90b8-ef4c848aa47d", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746758987", "to_ids": false, "type": "text", "uuid": "6070b8c8-100d-475d-8b3d-a3f3e4ce3310", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:57/71\nFirst Submission:2013-07-30T05:53:27.000000+00:00\nLast Submission:2014-03-28T15:25:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009933", "uuid": "ee48e1e8-8d21-4d98-bc7d-7c2d86cc5650", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009933", "to_ids": true, "type": "md5", "uuid": "4fc52dcd-56bd-47c1-a851-e6864914da91", "value": "aeffbe136fc974c67d34c67b7f0ac5d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759009", "to_ids": true, "type": "sha1", "uuid": "dc315979-ddf0-4bb5-b87a-b976f9dd0209", "value": "ff42d2819c1a73e0032df6c430f0c67582adba74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759009", "to_ids": true, "type": "sha256", "uuid": "5b5f0be1-de26-4ff1-9c18-3b2492526c47", "value": "6dcc0df07afbe1a2cf60cf4addc13fdefa4350914c35e52547ee370a783097c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759009", "to_ids": true, "type": "ssdeep", "uuid": "94fccdc3-e783-4048-beb6-224b212878fd", "value": "768:tTl75hMmo2uk8MDZhxeJWXTjyp+wW8JhaQiBOEoV:t5Vh/gMpx1wwoV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759009", "to_ids": false, "type": "size-in-bytes", "uuid": "3cb370d8-66c6-437a-ad7b-90fd14ca41cc", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759009", "to_ids": true, "type": "vhash", "uuid": "8ce1991d-46ce-4e9b-b2c7-a47234dec9cd", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759009", "to_ids": true, "type": "filename", "uuid": "5cd0bf13-7d51-4c13-b8ea-afc8a6990870", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759009", "to_ids": false, "type": "text", "uuid": "dc13e6a6-99bf-4e87-8e90-40e4f88d20fb", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:56/73\nFirst Submission:2012-06-08T00:33:59.000000+00:00\nLast Submission:2016-01-12T17:46:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009956", "uuid": "bf23a710-f9af-479e-9620-c50e87eec894", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009956", "to_ids": true, "type": "md5", "uuid": "980aea28-8091-4555-999c-72ddac19b20d", "value": "ce98a66abe4e2bda8d4d00f2e65ab85f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759031", "to_ids": true, "type": "sha1", "uuid": "e2e0f5aa-d52d-4ad3-83f6-749fd276b5d9", "value": "3b2d858c682342127769202a806e8ab7f1e43173", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759031", "to_ids": true, "type": "sha256", "uuid": "8cc7dc1c-f410-4dbf-b78a-95c11f773793", "value": "6e6e86fa79cd7401c9abd6d370fea0e10748b306af57645349367c27fa5dd20f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759031", "to_ids": true, "type": "ssdeep", "uuid": "64b1841d-160f-4f0d-b767-17f7c4266bf2", "value": "768:tilI5hMmo2GKcDZFxeJWXTjypgwW8JhaQiBOEoF:t0yh/ncdxTwwoF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759031", "to_ids": false, "type": "size-in-bytes", "uuid": "44cac883-c2a9-452b-ac19-a8f6813e67b0", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759031", "to_ids": true, "type": "vhash", "uuid": "d1ffb731-d7fa-4a80-9ce9-c9b8dda92943", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759031", "to_ids": true, "type": "filename", "uuid": "60f0ba0a-e98b-4a32-90cd-5e5707959858", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759031", "to_ids": false, "type": "text", "uuid": "72470936-4898-49ff-a96d-e5b0005d0939", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:59/72\nFirst Submission:2013-08-29T14:33:04.000000+00:00\nLast Submission:2013-08-29T14:33:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747009978", "uuid": "19154e24-a634-4f44-89bd-9dcc46e83f38", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747009978", "to_ids": true, "type": "md5", "uuid": "ff1ed22a-50ac-424e-a52e-792a99a4dccc", "value": "779871ed1b8288121483e046d0fcd7f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759052", "to_ids": true, "type": "sha1", "uuid": "19a0492e-b085-47cd-af5a-1d128c4069f6", "value": "c08bf3ae164e8e9d1d9f51dffcbe7039dce4c643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759052", "to_ids": true, "type": "sha256", "uuid": "28ec234f-5f91-445d-8f5b-099593dc0abf", "value": "7829e1599b918c5787d510882dfaa1aacff9a076bd3b79e748098b56bd462a6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759052", "to_ids": true, "type": "ssdeep", "uuid": "46f87a73-badc-4b4a-8f13-6eef28c65ca6", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoH:t5Vh/YMdxTwwoH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759052", "to_ids": false, "type": "size-in-bytes", "uuid": "efcda4e5-09fd-4554-b53d-860db04595d3", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759052", "to_ids": true, "type": "vhash", "uuid": "97cd2af2-1768-42a2-baf1-5c8d4a782c26", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759052", "to_ids": true, "type": "filename", "uuid": "994b1a7c-0118-458e-9f50-cde61f8e17c8", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759052", "to_ids": false, "type": "text", "uuid": "958b4581-758e-4475-b866-fc21e813b561", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:58/71\nFirst Submission:2012-11-10T17:11:02.000000+00:00\nLast Submission:2012-11-10T17:11:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010000", "uuid": "73583849-cbeb-48f8-a5d4-6d4ee72d3077", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010000", "to_ids": true, "type": "md5", "uuid": "526c2cc7-af97-4a6e-bcde-5d4c129e988a", "value": "50cde9de42a0506431942d6deebaa379", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759076", "to_ids": true, "type": "sha1", "uuid": "59f572ea-ede3-4588-9013-ac5fbc8be4af", "value": "f41d1966285667e74a419e404f43c7693f3b0383", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759076", "to_ids": true, "type": "sha256", "uuid": "a5050357-a621-4e4d-9bf0-6e6195be9e24", "value": "7975c688279327459175d85e0cd3a674fbd9af31a3f471e685a4dfcaffa9bf7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759075", "to_ids": true, "type": "ssdeep", "uuid": "45bee8ae-43e9-4342-8119-7fe1fdce251d", "value": "768:tTl75hMmo2uM8MDZhxeJWXTjypwwW8JhaQiBOEoV:t5Vh/4MpxXwwoV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759075", "to_ids": false, "type": "size-in-bytes", "uuid": "f8183179-c1d2-4b4d-b712-726c3fcf690d", "value": "54044" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759075", "to_ids": true, "type": "vhash", "uuid": "95e6b0ad-6e9e-43e9-a52a-66c421062bcf", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759075", "to_ids": true, "type": "filename", "uuid": "c89b94b1-8e08-47bd-a2e1-8ba229d94a2c", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759075", "to_ids": false, "type": "text", "uuid": "0fc2e659-108a-49b6-897c-7a8b4484483e", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:54/72\nFirst Submission:2013-08-07T05:04:53.000000+00:00\nLast Submission:2013-08-07T05:04:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010022", "uuid": "6af2e661-7b6e-4eb4-9bd4-5983181edab7", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010022", "to_ids": true, "type": "md5", "uuid": "ff948d57-93d0-4c84-ac23-e58993045eb2", "value": "80f476609b9aa2345da94456dd443d9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759098", "to_ids": true, "type": "sha1", "uuid": "84660c35-cbd6-4cfa-93fe-ed057630cbe3", "value": "3ccb546f12d9ed6ad7736c581e7a00c86592e5dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759098", "to_ids": true, "type": "sha256", "uuid": "ef814fd7-3f3a-49d2-a77f-457474ed80b1", "value": "7b76051a22eef9be48d8c1b710315388f47503724df7522499c3ec433e8214ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759097", "to_ids": true, "type": "ssdeep", "uuid": "15abf37c-c93a-4a93-8c8b-ba6ff76904ae", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEom:t5Vh/YMdxTwwom" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759097", "to_ids": false, "type": "size-in-bytes", "uuid": "21ce77a9-08b9-40f8-8e4a-53c417ae0e5d", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759097", "to_ids": true, "type": "vhash", "uuid": "eb36a33f-bda6-4952-9858-426fc7990b32", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759097", "to_ids": true, "type": "filename", "uuid": "8ddf7c78-0031-4860-a8a8-5d2ba8e3cec2", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759097", "to_ids": false, "type": "text", "uuid": "f16596d1-7c03-483d-a181-a6bd794102f2", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mongall!MSR\nVT Total Detection:57/71\nFirst Submission:2012-11-22T14:20:08.000000+00:00\nLast Submission:2012-11-22T14:20:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010043", "uuid": "02e60ddc-5498-4bea-a9ee-3c0c890e0d4a", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010043", "to_ids": true, "type": "md5", "uuid": "cead6509-991d-4aa3-9a44-1b2d45815b8f", "value": "c1d9dda6deb682f60de84c6eb8d4d3ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759120", "to_ids": true, "type": "sha1", "uuid": "3b573711-2ee2-4cc5-a022-4be09e206372", "value": "904556fed1aa00250eee1a69d68f78c4ce66a8dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759121", "to_ids": true, "type": "sha256", "uuid": "3e8df33f-faa1-457b-b930-0182c630c8d8", "value": "7bfb72b35015554b142076428e1c9ba99943a89ce1756cbce6ef9fbf8bd46fc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759120", "to_ids": true, "type": "ssdeep", "uuid": "f345ecfb-2304-43b0-a061-ccb40c7aa18a", "value": "768:tTlI5hMmo2GQPcDZFxeJWXTjypgwW8JhaQiBOEoa:t5yh/fcdxTwwoa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759120", "to_ids": false, "type": "size-in-bytes", "uuid": "89cedd22-d798-44f4-a8f9-801852e01cfa", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759120", "to_ids": true, "type": "vhash", "uuid": "b9767985-1a82-4fdd-9549-d1b655a0f7ab", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759120", "to_ids": true, "type": "filename", "uuid": "140da54f-301f-4a39-9075-6a7e8eba929d", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759120", "to_ids": false, "type": "text", "uuid": "f845d7e6-b7ec-4203-9b1b-7f675d8d1595", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:58/71\nFirst Submission:2013-02-15T18:03:59.000000+00:00\nLast Submission:2022-06-10T08:24:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010064", "uuid": "7763344c-4fb3-405d-9d2f-7a6393ad96b7", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010064", "to_ids": true, "type": "md5", "uuid": "565cdc6b-b39c-4b74-8cf1-686df868e99d", "value": "f02eaf2f567e37fa5209afb37176e6f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759143", "to_ids": true, "type": "sha1", "uuid": "9ed503ea-b433-45b5-bf23-452d8cce6e1f", "value": "bd9dec094c349a5b7d9690ab1e58877a9f001acf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759143", "to_ids": true, "type": "sha256", "uuid": "b04f42ed-b054-4808-b1ba-11e55483309f", "value": "7c9420b4b2f902fd9e97ae1ca26ae621fbaaf17bcca304bb59496708f8f13e99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759142", "to_ids": true, "type": "ssdeep", "uuid": "70d6677b-e33f-4e13-bc6a-e3e43e58b171", "value": "768:t/l75hMmo2GQ8cDZFxeJWXTjypgwW8JhaQiBOEoX:t9Vh/scdxTwwoX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759142", "to_ids": false, "type": "size-in-bytes", "uuid": "c16baff2-cf80-40f7-96da-075bb5faa525", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759142", "to_ids": true, "type": "vhash", "uuid": "f4ea0464-2a64-4eb8-a6f5-a4e7a40ddd7e", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759142", "to_ids": true, "type": "filename", "uuid": "f6f87c9d-d4bf-4425-9f06-32f0e0e573cc", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759142", "to_ids": false, "type": "text", "uuid": "d9a36a43-1236-4ff8-a8fe-5173d24b62c3", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:60/71\nFirst Submission:2012-10-23T08:21:10.000000+00:00\nLast Submission:2015-10-01T02:58:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010085", "uuid": "f96f8e45-cbb3-4d6d-82fe-bae60b33e5f6", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010085", "to_ids": true, "type": "md5", "uuid": "65a66b63-910a-4939-b471-5ce12b324d8f", "value": "7802c38267ab30667c13bd2d3598ae7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759165", "to_ids": true, "type": "sha1", "uuid": "a13ea73a-5ac8-4047-8b66-8ead3c9ed070", "value": "87e6ab15f16b1ed3db9cc63d738bf9d0b739a220", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759165", "to_ids": true, "type": "sha256", "uuid": "c98bada2-a18a-4e66-b2c2-b06d10af88a8", "value": "825d6660d138e5bdcb5102bea6d87440e68528c25e5e5bfaf3bab5c99ebc4656", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759165", "to_ids": true, "type": "ssdeep", "uuid": "269e262d-3489-4472-bc47-502eb03230c1", "value": "768:tblT5hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEob:tBdh/YMdxTwwob" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759165", "to_ids": false, "type": "size-in-bytes", "uuid": "c79bcb8c-235b-47a7-991b-a3863801b362", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759165", "to_ids": true, "type": "vhash", "uuid": "3e7c3d01-4ff4-4176-833a-81fd04687508", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759165", "to_ids": true, "type": "filename", "uuid": "b2482bd1-d7d8-48ec-a571-d5ddc9384d1e", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759165", "to_ids": false, "type": "text", "uuid": "2befba3f-5ae9-43c9-b3d8-8c89b848b9a1", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:59/71\nFirst Submission:2012-10-02T06:01:08.000000+00:00\nLast Submission:2012-10-02T06:01:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010107", "uuid": "83a82c4b-1cea-4565-8f19-2aa4e9694c0a", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010107", "to_ids": true, "type": "md5", "uuid": "a72ca19b-316e-47c3-b351-826135b223a2", "value": "93066d4a028f65a5f35c84e30c9935b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759188", "to_ids": true, "type": "sha1", "uuid": "680b59fb-f840-4601-944f-910199438f3e", "value": "f8fc307f7d53b2991dea3805f1eebf3417a7082b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759188", "to_ids": true, "type": "sha256", "uuid": "a582bf4b-e412-4f59-84d2-f914c720b495", "value": "8f546ce41efb47efed3da91d8f274bfdd578660e9e0963db8ad32b81e3eb2d8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759187", "to_ids": true, "type": "ssdeep", "uuid": "295bcc98-dd80-47cc-b618-47ff12cb418c", "value": "768:t/l75hMmo2GQ8cDZFxeJWXTjypgwW8JhaQiBOEoz:t9Vh/scdxTwwoz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759187", "to_ids": false, "type": "size-in-bytes", "uuid": "35d0ccf3-6b19-42a6-bd79-56bed2600e23", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759187", "to_ids": true, "type": "vhash", "uuid": "d52637f8-079b-449d-aa0a-a3a06ac66501", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759187", "to_ids": true, "type": "filename", "uuid": "15f4058e-f2ff-454e-933d-08674166178d", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759187", "to_ids": false, "type": "text", "uuid": "f0ea54ec-9685-426b-9a6f-4b4d342b23d1", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:59/71\nFirst Submission:2012-10-24T12:22:06.000000+00:00\nLast Submission:2012-10-24T12:22:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010128", "uuid": "03356f0d-806f-4759-b6fb-2f0cac535559", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010128", "to_ids": true, "type": "md5", "uuid": "61be898b-f2a4-4b69-88e7-75f19a2f52a8", "value": "e593d73fc866ebba6b6340d74124cc70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759210", "to_ids": true, "type": "sha1", "uuid": "47879868-c958-4b66-9cce-2c841c969bd2", "value": "ece4c9fc15acd96909deab3ff207359037012fd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759210", "to_ids": true, "type": "sha256", "uuid": "2dc094b7-efd6-4de4-a50a-b3a990406f0d", "value": "900ab8ef69edb7c4351bf1fd90c50d8385b76f9e0495fb5d099b366823339484", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759209", "to_ids": true, "type": "ssdeep", "uuid": "5fb46fb8-4a9d-4ddd-9bb0-853caa862a90", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoz:t5Vh/YMdxTwwoz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759209", "to_ids": false, "type": "size-in-bytes", "uuid": "433006a8-7978-4be3-9d87-10a0c9b8ef6a", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759209", "to_ids": true, "type": "vhash", "uuid": "78535224-6720-4b10-a222-4b1f25e4b419", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759209", "to_ids": true, "type": "filename", "uuid": "0140cbfe-2a8a-4477-af58-2ec8c8082623", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759209", "to_ids": false, "type": "text", "uuid": "ace3df45-6f41-4f47-a63a-c7f49f11c575", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mongall!MSR\nVT Total Detection:60/71\nFirst Submission:2013-03-07T01:58:57.000000+00:00\nLast Submission:2013-03-10T12:10:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010149", "uuid": "7138bbe3-05cf-404e-862a-347dd5e25f06", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010149", "to_ids": true, "type": "md5", "uuid": "b8fe80b7-dc19-4d5e-9022-ccc195393124", "value": "b898884b79c5177f4e5bdf1c1fff15e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759236", "to_ids": true, "type": "sha1", "uuid": "d02034b3-a1ac-4d79-b430-3af5079d58b6", "value": "7fdfec70c8daae07a29a2c9077062e6636029806", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759236", "to_ids": true, "type": "sha256", "uuid": "125dad8b-1959-4ef1-b5ab-0d18e3ab3a5a", "value": "91389c33516b1e2418d0d4f90d1e9c8afbfc359064293fa5ad60093cecc86b18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759235", "to_ids": true, "type": "ssdeep", "uuid": "c255ae02-58d6-4a63-97be-61712ee49835", "value": "768:trlI5hMmo2GKcDZFxeJWXTjypgwW8JhaQiBOEoF:txyh/ncdxTwwoF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759235", "to_ids": false, "type": "size-in-bytes", "uuid": "fa8a1e37-fab5-44f4-ad86-0c1f17d61534", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759235", "to_ids": true, "type": "vhash", "uuid": "a8071605-7519-4ae7-88d7-aeef0c8c1bf6", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759235", "to_ids": true, "type": "filename", "uuid": "d0b1889b-3a2e-4e9c-8e16-6fb9a2d1775a", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759235", "to_ids": false, "type": "text", "uuid": "f73fee5f-6d89-491b-886e-41cf08ff78cb", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:60/71\nFirst Submission:2013-07-22T09:21:16.000000+00:00\nLast Submission:2013-07-28T08:49:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010170", "uuid": "dba17a00-7ac2-47c7-b479-096fa1683ae0", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010170", "to_ids": true, "type": "md5", "uuid": "5523dce6-da6d-4bec-9801-2bdd8a894f54", "value": "8fa47430e86740d2642dfb31cc3cdae5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759259", "to_ids": true, "type": "sha1", "uuid": "e6b839d3-4bd8-42c2-86db-5ce7513f8f45", "value": "17d548b2dca6625271649dc93293fdf998813b21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759259", "to_ids": true, "type": "sha256", "uuid": "0b996996-6a5d-4646-b031-e300d918c137", "value": "951749139dfb4e7001895426c146a80c77fd2d32eda42f246b4f4196e41ba73f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759258", "to_ids": true, "type": "ssdeep", "uuid": "10a2f3d7-bee1-4d07-b3d8-857313c69d39", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoM:t5Vh/oMdxTwwoM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759258", "to_ids": false, "type": "size-in-bytes", "uuid": "8def9563-4951-4e1b-93b5-13feb5401f3c", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759258", "to_ids": true, "type": "vhash", "uuid": "7c4d46c6-10f9-4e40-957f-b20dafe20bf0", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759258", "to_ids": true, "type": "filename", "uuid": "7211cd33-9408-4ae3-bf55-01f3c4135488", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759258", "to_ids": false, "type": "text", "uuid": "094bfc87-8760-419d-9dbe-2f3c47d0356d", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mongall!MSR\nVT Total Detection:59/71\nFirst Submission:2012-08-15T22:55:40.000000+00:00\nLast Submission:2012-10-11T20:07:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010191", "uuid": "280d5d88-b116-47fc-89a0-6fe0c9c16649", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010191", "to_ids": true, "type": "md5", "uuid": "f4a0087a-d02a-46fa-8f2f-ccf1d59cfa7a", "value": "0702006cc5dbe09860ceafc76a9c5992", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759281", "to_ids": true, "type": "sha1", "uuid": "ba3d853a-ca47-4cc2-92ce-859ff134b25a", "value": "6a7ac7ebab65c7d8394d187aafb5d8b3f7994d21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759281", "to_ids": true, "type": "sha256", "uuid": "6b7924dc-c87c-4a64-9b9a-ff9d60a8a80c", "value": "98081eddab2e7a5ee3415ed9ffd18dffadee9a45faa8c41f9b95ad94dc857ec4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759281", "to_ids": true, "type": "ssdeep", "uuid": "96c5251b-7e42-4e5f-88cd-2042e79c1649", "value": "768:tTl75hMmo2uU8MDZhxeJWXTjypwwWhhaQiBOEoV:t5Vh/QMpxXwBoV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759281", "to_ids": false, "type": "size-in-bytes", "uuid": "e54937f5-9109-41c4-86e2-6b5006320e30", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759281", "to_ids": true, "type": "vhash", "uuid": "daac27d6-8842-423b-b2f2-c1db4f2d181b", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759281", "to_ids": true, "type": "filename", "uuid": "a85bfa77-7067-42ae-b109-ddb982b5ef9c", "value": "vt-upload-vsbgT" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759281", "to_ids": false, "type": "text", "uuid": "a8cc038e-0f37-4bde-8a82-cf3db9cfed35", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:59/71\nFirst Submission:2013-10-24T05:37:07.000000+00:00\nLast Submission:2013-10-24T05:37:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010212", "uuid": "07c46f67-e0f7-43f5-a858-6c5e6e9372e3", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010212", "to_ids": true, "type": "md5", "uuid": "15a70275-8fb0-4eec-9425-43e45eb6e7d8", "value": "2180ab458da8b13d982b15afdd010877", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759303", "to_ids": true, "type": "sha1", "uuid": "dd13c162-29ec-442a-b453-7681e610e8b9", "value": "fee78ccadb727797ddf51d76ff43bf459bfa8e89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759303", "to_ids": true, "type": "sha256", "uuid": "f607f0a5-d0fe-4013-8eee-5136be44fa32", "value": "98c07af6652ce2870076856a9f32be1ad4208dbbf5cf2492963cfd70765f1e47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759303", "to_ids": true, "type": "ssdeep", "uuid": "c1f3edff-b08a-4b6c-9902-33d9a04fb098", "value": "768:tTl75hMmo2GCcDZFxeJWXTjypgwW8JhaQiBOEoZ:t5Vh/PcdxTwwoZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759303", "to_ids": false, "type": "size-in-bytes", "uuid": "e59e6c87-597d-47ba-a55d-f3bd003a8891", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759303", "to_ids": true, "type": "vhash", "uuid": "d8d2befe-231d-48ed-bd55-a82f42005339", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759303", "to_ids": true, "type": "filename", "uuid": "1a02ab7c-a699-4228-947d-585b3d6a64b1", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759303", "to_ids": false, "type": "text", "uuid": "19959314-a37b-48a3-8bef-30191193669f", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:58/71\nFirst Submission:2014-08-11T09:22:18.000000+00:00\nLast Submission:2022-06-10T08:25:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010233", "uuid": "d5d55bd3-fa72-493b-bc2a-17b033e92828", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010233", "to_ids": true, "type": "md5", "uuid": "595796e7-55b7-4a26-ad51-efc26c4a4e86", "value": "d6cb3641656d61a49ff461bd57f04acc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759326", "to_ids": true, "type": "sha1", "uuid": "09d0a01e-6f3a-4086-b4b8-8bf2cc7d7704", "value": "4bf58addcd01ab6eebca355a5dda819d78631b44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759326", "to_ids": true, "type": "sha256", "uuid": "a03b9e0b-305d-45f0-b180-502405be4f19", "value": "9b28e318f322323d0aa81a92ac54052965c39d719c1c06bf54c21e9a80a3f5a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759326", "to_ids": true, "type": "ssdeep", "uuid": "4b32ca8e-7c1e-4fa2-ad84-ec4b7c75a1a7", "value": "768:tblT5hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoG:tBdh/YMdxTwwoG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759326", "to_ids": false, "type": "size-in-bytes", "uuid": "8598dfd2-f9d7-47f0-be18-3dfbfe52e7bd", "value": "53250" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759326", "to_ids": true, "type": "vhash", "uuid": "8741571c-6a0c-4149-ab65-66a1c0214c82", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759326", "to_ids": true, "type": "filename", "uuid": "0cf03f11-0cf8-41e9-afb0-e0db6ad31e6f", "value": "d6cb3641656d61a49ff461bd57f04acc.4bf58addcd01ab6eebca355a5dda819d78631b44" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759326", "to_ids": false, "type": "text", "uuid": "e21d7747-706d-463a-bd2a-fcdc27569c95", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:55/71\nFirst Submission:2013-03-08T04:52:25.000000+00:00\nLast Submission:2013-03-13T19:51:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010255", "uuid": "2d8acfaa-0930-4245-8498-2c2d60e1fd35", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010255", "to_ids": true, "type": "md5", "uuid": "5fc49fce-2d3c-49f1-ac5e-938405dc3f99", "value": "f23605563a6f0e402f376ce102de16f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759349", "to_ids": true, "type": "sha1", "uuid": "a67bad56-db42-4f38-aed7-520fc7f25be0", "value": "fd9f0e40bf4f7f975385f58d120d07cdd91df330", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759349", "to_ids": true, "type": "sha256", "uuid": "d72bfc00-930e-42dd-a910-47cef61dad00", "value": "9ce50b172718cb101a1e9062f306c67a8dcdae7601d317eb6931914caa6ca901", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759349", "to_ids": true, "type": "ssdeep", "uuid": "3d881bbf-486c-43b1-9890-4e5d477da7b8", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoc:t5Vh/oMdxTwwoc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759349", "to_ids": false, "type": "size-in-bytes", "uuid": "bd80c996-f89f-4f60-a289-891053150aa5", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759349", "to_ids": true, "type": "vhash", "uuid": "c16cc62a-93e4-42a6-8ccb-9d324a1b92ee", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759349", "to_ids": true, "type": "filename", "uuid": "d1015c29-bd85-4bb0-86e3-0da8711249ba", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759349", "to_ids": false, "type": "text", "uuid": "ea4c7aac-a541-49f9-aace-6aa21a362aae", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:57/71\nFirst Submission:2013-02-09T04:14:34.000000+00:00\nLast Submission:2013-02-11T03:30:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010276", "uuid": "08f0b6de-837d-445f-a104-222895b609c0", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010276", "to_ids": true, "type": "md5", "uuid": "5be392de-8c8f-451e-88a2-2d79d9021336", "value": "b309a0c44a5b909827a566380805f418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759372", "to_ids": true, "type": "sha1", "uuid": "3e3aec8a-35ae-4a68-bfad-d1f71d5f4b16", "value": "a76c21af39b0cc3f7557de645e4aaeccaf244c1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759372", "to_ids": true, "type": "sha256", "uuid": "b7dc79f0-7a81-4558-8dd5-d3f406ff23c1", "value": "9f441bbaba76b92003126006fb1191c6e62d43ced958bfd271b0e3e612e9fca2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759372", "to_ids": true, "type": "ssdeep", "uuid": "f91465ef-63f3-4723-a4be-a4f8a64f9ec3", "value": "768:tTl75hMmo2Gk8MDZhxeJWXTjypgwW8JhaQiBOEoG:t5Vh/oMpxTwwoG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759372", "to_ids": false, "type": "size-in-bytes", "uuid": "fefd3279-b4e2-461d-a05c-cd8265858a9e", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759372", "to_ids": true, "type": "vhash", "uuid": "b96e4303-402c-4361-a9fc-99c5c540d7b7", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759372", "to_ids": true, "type": "filename", "uuid": "8c3d044f-4f66-4575-9dce-09012940b00e", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759372", "to_ids": false, "type": "text", "uuid": "0cb2da1c-6219-4d1a-82ab-1fa6310064ff", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:58/71\nFirst Submission:2013-08-16T20:06:26.000000+00:00\nLast Submission:2013-08-16T20:06:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010297", "uuid": "93d1f690-5ff0-453f-bcac-45f3c6b8b09f", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010297", "to_ids": true, "type": "md5", "uuid": "cd76ab42-764b-4175-8c81-024ef23e8699", "value": "cf251699bfa4d7e44960ffd88e744719", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759395", "to_ids": true, "type": "sha1", "uuid": "9b4495ee-e465-437a-a605-c07851995774", "value": "7ff9511ebe6f95fc73bc0fa94458f18ee0fb395d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759395", "to_ids": true, "type": "sha256", "uuid": "75e28f52-a89d-4799-b568-fb58fe844b26", "value": "a750f23483df9fafa3cbd6c6c1cc77f0e83556a954b58869706e518aa4fc038b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759395", "to_ids": true, "type": "ssdeep", "uuid": "aca50728-5c94-4ec5-9c74-a2e6bb87cdd3", "value": "768:tTlI5hMmo2GQPcDZFxeJWXTjypgwW8JhaQiBOEoR:t5yh/fcdxTwwoR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759395", "to_ids": false, "type": "size-in-bytes", "uuid": "d6ce7dde-6716-4efc-807a-aeee7eca6ad6", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759395", "to_ids": true, "type": "vhash", "uuid": "1b223d8d-badd-41dc-bd7f-265ec2e588bb", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759395", "to_ids": true, "type": "filename", "uuid": "e1a964f6-dea9-4822-97bf-6591f1e65cc0", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759395", "to_ids": false, "type": "text", "uuid": "d96a0df9-16ba-473e-8e6b-00910e8558cb", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:59/71\nFirst Submission:2015-02-17T09:46:05.000000+00:00\nLast Submission:2015-02-17T09:46:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010318", "uuid": "356560c9-51c7-4d2a-98e0-d419706a810e", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010318", "to_ids": true, "type": "md5", "uuid": "b16f3787-36c5-4770-a038-ade48e035b9e", "value": "e06ceaa34ab28ef7955ed42bed4da98f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759419", "to_ids": true, "type": "sha1", "uuid": "7e18013a-69f2-49d0-a860-360f305033de", "value": "97c5003e5eacbc8f5258b88493f148f148305df5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759419", "to_ids": true, "type": "sha256", "uuid": "e20618a0-270f-46ed-a5bf-929d5a25febe", "value": "adf61b60e971b5c050105eb5a87f6d5397fb573ebdea93e89a6aa6528ea3d232", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759419", "to_ids": true, "type": "ssdeep", "uuid": "85df697b-53fe-497b-9ce7-96c2b25c4e2f", "value": "768:tTl75hMmo2uk8MDZhxeJWXTjyp+wW8JhaQiBOEoD:t5Vh/gMpx1wwoD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759419", "to_ids": false, "type": "size-in-bytes", "uuid": "d54375d6-8898-42eb-b64d-960ec54115e7", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759419", "to_ids": true, "type": "vhash", "uuid": "e7135cbe-a00b-4354-9356-d9516a0913a9", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759419", "to_ids": true, "type": "filename", "uuid": "3f3c4615-2ee2-4fdc-bd7c-8957ac4740e5", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759419", "to_ids": false, "type": "text", "uuid": "51f9b13e-bef9-437c-95c5-b23d8c96a4f9", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:57/71\nFirst Submission:2013-01-24T17:37:15.000000+00:00\nLast Submission:2013-07-12T21:09:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010339", "uuid": "ad7070d8-902a-409f-a7ab-3554dbb7ec43", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010339", "to_ids": true, "type": "md5", "uuid": "2a87798e-8c1e-4566-aa1d-691af7dd813e", "value": "c95028c75f483f7027f388aac8960de2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759441", "to_ids": true, "type": "sha1", "uuid": "79af0942-b754-4e1f-8c5c-f466c3f76085", "value": "f92edf91407ab2c22f2246a028e81cf1c99ce89e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759442", "to_ids": true, "type": "sha256", "uuid": "c4369267-bc3a-45e8-8598-426b8b50cfdc", "value": "b456b789b9990bceb1ab6d9e39efe3093a0c8aa3ace9e6b81acda9e661ceca75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759441", "to_ids": true, "type": "ssdeep", "uuid": "b73107f8-d62a-402a-a4ab-ca6c54008f6b", "value": "768:tTl75hMmo2uk8MDZhxeJWXTjyp+wW8JhaQiBOEoX:t5Vh/gMpx1wwoX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759441", "to_ids": false, "type": "size-in-bytes", "uuid": "a5ece769-6175-4f64-a7e4-2cca66d94c68", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759441", "to_ids": true, "type": "vhash", "uuid": "58491375-54c4-4e8c-91fa-bca8c1efa512", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759441", "to_ids": true, "type": "filename", "uuid": "15118041-2154-4e6f-9cc8-d87bec863923", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 05/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759441", "to_ids": false, "type": "text", "uuid": "492ff660-30ac-4544-ac3f-d1724640c9fb", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mongall!MSR\nVT Total Detection:57/69\nFirst Submission:2012-07-07T04:28:04.000000+00:00\nLast Submission:2016-01-13T08:39:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010360", "uuid": "21a80f5b-d2ed-460a-804e-37f9334c26db", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010360", "to_ids": true, "type": "md5", "uuid": "446c1f5f-ab8a-4a05-8e26-a03ac6d700d3", "value": "4a69981d404b26698e431a5408cd186b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759464", "to_ids": true, "type": "sha1", "uuid": "a126a683-a8e5-447a-80c5-b898a6920f48", "value": "d932f7d11f8681a635e70849b9c8181406675930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759464", "to_ids": true, "type": "sha256", "uuid": "721ce214-b413-4593-95e4-67815d1c1331", "value": "b4708926485b6621447a912901944d8395c371c1a952e1c5377d3a561a31bee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759463", "to_ids": true, "type": "ssdeep", "uuid": "39d82379-134b-4884-8797-9073471a8b25", "value": "768:tTl75hMmo2GQ8cDZFxeJWXTjypgwW8JhaQiBOEoq:t5Vh/scdxTwwoq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759463", "to_ids": false, "type": "size-in-bytes", "uuid": "7cc06344-5a45-4da1-8c5b-23ba838241ab", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759463", "to_ids": true, "type": "vhash", "uuid": "cc84edb5-8951-4bb2-bec1-3012a24415d0", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759463", "to_ids": true, "type": "filename", "uuid": "1826bd3f-67c8-4fbf-96e6-fcac8d6dbeb3", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759463", "to_ids": false, "type": "text", "uuid": "28045453-2151-4f01-8e05-0951c57baf9a", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:56/72\nFirst Submission:2012-10-20T04:04:33.000000+00:00\nLast Submission:2012-10-20T04:04:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010381", "uuid": "933742c6-69cc-41cc-87c5-621b8c1cffc6", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010381", "to_ids": true, "type": "md5", "uuid": "dc08b44e-9ff3-4d16-8178-25568c5eea92", "value": "0080a61524528b138822f3b2bab902ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759485", "to_ids": true, "type": "sha1", "uuid": "6b3e19be-bf3b-4dbc-a635-d8ac5c48dff1", "value": "b0b13e9445b94ed2b69448044fbfd569589f8586", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759485", "to_ids": true, "type": "sha256", "uuid": "35568e64-5cc9-45be-834c-422b409649cc", "value": "b4f2ced2b214adbd7f64bb071d750607e2a01b0dc500405129cc47606fce75fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759484", "to_ids": true, "type": "ssdeep", "uuid": "29285f1b-b777-4575-a0ee-256d72ae0430", "value": "768:tTl75hMmo2Oc8MDZhxeJWXTjyp+wWhhaQiBOEoP:t5Vh/IMpxJwBoP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759484", "to_ids": false, "type": "size-in-bytes", "uuid": "aacbf537-2b2f-4906-98e9-e3f0e245eb18", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759484", "to_ids": true, "type": "vhash", "uuid": "2a6aaa24-3dd6-48e4-b4a9-df33dcc95474", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759485", "to_ids": true, "type": "filename", "uuid": "85b09265-c041-49e7-abb6-7e8b3908a832", "value": "b4f2ced2b214adbd7f64bb071d750607e2a01b0dc500405129cc47606fce75fc.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759485", "to_ids": false, "type": "text", "uuid": "10393d8d-3d6b-4a0b-b746-c952b6ad3520", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:57/71\nFirst Submission:2013-10-22T19:59:28.000000+00:00\nLast Submission:2022-06-10T08:26:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010402", "uuid": "ec59e2c0-3731-4e14-bfb1-4a569d4c6a8e", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010402", "to_ids": true, "type": "md5", "uuid": "bb061d50-f00d-427c-8609-efb930f64c3a", "value": "5245a2bb87138e225954b7f0a4f3ee6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759506", "to_ids": true, "type": "sha1", "uuid": "79958889-6665-4e2c-ba7b-a9fd8f764581", "value": "b194b26de8c1f31b0c075ceb0ab1e80d9c110efc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759506", "to_ids": true, "type": "sha256", "uuid": "ded04aff-9a11-4cdb-946a-a8552b90607a", "value": "c0d31328865a51084cdd5f798c01a5fe3a6e2abd5cc2a21e6ee031d257f83676", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759506", "to_ids": true, "type": "ssdeep", "uuid": "150e5c68-7c4c-48da-a7cf-e07564961e0a", "value": "768:tTl75hMmo2Gk8MDZhxeJWXTjypgwW8JhaQiBOEo/:t5Vh/oMpxTwwo/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759506", "to_ids": false, "type": "size-in-bytes", "uuid": "95e7a97a-a7cb-4246-b7fa-7dbd451e4448", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759506", "to_ids": true, "type": "vhash", "uuid": "a8589af7-0515-4c88-b3a6-ef32067e306f", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759506", "to_ids": true, "type": "filename", "uuid": "6207fb66-119c-454c-8c20-0839f029d033", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759506", "to_ids": false, "type": "text", "uuid": "aa39d09e-857b-4c4d-8c35-e7c82ce459dc", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:57/71\nFirst Submission:2012-10-20T13:00:23.000000+00:00\nLast Submission:2012-10-20T13:00:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010423", "uuid": "553373de-12c6-4e77-849e-98d44cd5d900", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010423", "to_ids": true, "type": "md5", "uuid": "071c696e-366f-4a5f-9e08-09fd9dc007a1", "value": "061e3ab057215c624794747a49f3f8c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759529", "to_ids": true, "type": "sha1", "uuid": "c021b14e-7dd4-4ceb-8950-b8492792dd8c", "value": "df26b43439c02b8cd4bff78b0ea01035df221f68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759529", "to_ids": true, "type": "sha256", "uuid": "7894f1f5-872f-420e-918e-8dc9b8b49514", "value": "c89a61a7fb9f748a1833ba35bf21889d7b96faef1efbbd726ad231a6a3d140ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759528", "to_ids": true, "type": "ssdeep", "uuid": "b39ac894-27ec-47a7-9bc0-52e46b7e2aa1", "value": "768:tTl75hMmo2OckMDZhxeJWXTjyp+wW8JhaQiBOEo+:t5Vh/QMpxJwwo+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759528", "to_ids": false, "type": "size-in-bytes", "uuid": "c6d9a1a4-53f1-41e7-bf32-801425ac3285", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759528", "to_ids": true, "type": "vhash", "uuid": "eecead4b-6fb9-4b3b-a3e2-e8d24ecf7619", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759528", "to_ids": true, "type": "filename", "uuid": "32aa8c2c-c312-4b36-847e-c835a25e7cf2", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759528", "to_ids": false, "type": "text", "uuid": "13e503c1-9a9b-4be9-8097-928af0812f66", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:54/71\nFirst Submission:2012-10-16T21:08:29.000000+00:00\nLast Submission:2012-10-17T17:05:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010444", "uuid": "8645fbf6-b506-4311-8bd4-de795c343f62", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010444", "to_ids": true, "type": "md5", "uuid": "042fded0-9d6f-4978-93e4-076d728e2f53", "value": "8126bc2f4b5af6358050521a81de5713", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759550", "to_ids": true, "type": "sha1", "uuid": "d444da99-af2f-4f13-a19d-fa80c93184eb", "value": "60bd17aa94531b89f80d7158458494b279be62b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759550", "to_ids": true, "type": "sha256", "uuid": "31df90ea-f0b0-4c66-9ee3-b4ef6295a424", "value": "d043d2bc5fb476a92705da250dd44438a5bbf8d6f09ce0d4c47a3c46c29760f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759550", "to_ids": true, "type": "ssdeep", "uuid": "5fd87e6c-cd2a-45ae-ada1-8f034657c5e7", "value": "768:tbls5hMmo2GAkcDZhxeJWXTjypgwW8JhaQiBOEol:tBuh/UcpxTwwol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759550", "to_ids": false, "type": "size-in-bytes", "uuid": "fe1e3b2d-044a-49f0-b554-44755d7a4dc8", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759550", "to_ids": true, "type": "vhash", "uuid": "f09aca7f-6f17-44b4-9812-513f1841bb82", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759550", "to_ids": true, "type": "filename", "uuid": "bef0b1da-4cfb-4580-ad89-4518f09e0f0e", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759550", "to_ids": false, "type": "text", "uuid": "c828c5e9-9d85-46e5-aba4-ed9e2fbe0451", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:58/71\nFirst Submission:2014-06-23T23:24:55.000000+00:00\nLast Submission:2014-06-23T23:24:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010465", "uuid": "9d59d7b3-4b34-421a-8e09-c34349de7ebd", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010465", "to_ids": true, "type": "md5", "uuid": "1c498aed-f02f-4290-9380-34f77099f338", "value": "ca6eb738b83694c7881e5387e7630b4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759575", "to_ids": true, "type": "sha1", "uuid": "b533e884-bbc7-488e-86f9-36b6e8b8d1fa", "value": "33abee43acfe25b295a4b2accfaf33e2aaf2b879", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759576", "to_ids": true, "type": "sha256", "uuid": "1c538dcc-9ee7-4af0-b0a8-b580edea2681", "value": "e9c7a90246e13047dfa75be44fc6292c028dbdd2c5af4f230d91051c5d41e53e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759575", "to_ids": true, "type": "ssdeep", "uuid": "721069db-cf54-4a9f-868f-d99387d8e9be", "value": "768:tTl75hMmo2Oc8MDZhxeJWXTjyp+wW8JhaQiBOEo+:t5Vh/4MpxJwwo+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759575", "to_ids": false, "type": "size-in-bytes", "uuid": "2799176f-e07c-4d87-9c37-8527ad02d38d", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759575", "to_ids": true, "type": "vhash", "uuid": "335a575d-0bde-43dc-9bec-529a6a1df5ab", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759575", "to_ids": true, "type": "filename", "uuid": "1f25ef3c-875d-4567-9a9c-89d79bf05d6d", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759575", "to_ids": false, "type": "text", "uuid": "a8afa816-0387-49f4-847f-8fbc737fc9b3", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:54/71\nFirst Submission:2012-01-09T17:46:48.000000+00:00\nLast Submission:2012-01-09T17:46:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010486", "uuid": "752e8415-a576-47d0-b9b5-5ef6c7ac87b9", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010486", "to_ids": true, "type": "md5", "uuid": "2f156050-80a0-4019-8791-06d48a88f3cc", "value": "0f5acee0dd888663828e638dc33aa5bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759598", "to_ids": true, "type": "sha1", "uuid": "5b694b0f-098a-4ad9-bd5f-866c8ab4dc7e", "value": "c87a8492de90a415d1fbe32becbafef5d5d8eabb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759598", "to_ids": true, "type": "sha256", "uuid": "0b3d074a-dd3d-42db-bdf2-33407d6880b1", "value": "ef04845601b9083ab712b10f217b856aefb4f3f5cc5b39134b4368320351801e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759597", "to_ids": true, "type": "ssdeep", "uuid": "3a0ed499-5820-438d-abb9-ad71171dde0a", "value": "768:tbl75hMmo2GM8cDZhxeJWXTjypgwW8JhaQiBOEoo:tBVh/AcpxTwwoo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759597", "to_ids": false, "type": "size-in-bytes", "uuid": "cc47789a-a8b7-4d07-846b-6df051357ef4", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759597", "to_ids": true, "type": "vhash", "uuid": "9f7bd780-d802-46ae-a40b-88b864489abb", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759597", "to_ids": true, "type": "filename", "uuid": "155ce906-06dc-4860-8dde-41d944f215b1", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759597", "to_ids": false, "type": "text", "uuid": "5b72493b-87c1-4ea8-b766-9e3441e77213", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:58/71\nFirst Submission:2015-04-14T09:50:10.000000+00:00\nLast Submission:2015-04-14T09:50:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010507", "uuid": "5674a5e3-8ead-4d06-9f0e-83dc8641bea8", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010507", "to_ids": true, "type": "md5", "uuid": "26cb8557-e6dd-49b6-a1b2-f675874fe72f", "value": "7f652edb0a67e25b16fc0a6810bb2f82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759619", "to_ids": true, "type": "sha1", "uuid": "1e307d2e-1059-4385-a3c5-79ab62892045", "value": "68b731fcb6d1a88adf30af079bea8efdb0c2ee6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759619", "to_ids": true, "type": "sha256", "uuid": "01fd36ac-7e45-484d-bf15-34d436eb3a3a", "value": "f108a28a960375a166528414703185d4f2b38ce85620948dae3b433a54f84a3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759619", "to_ids": true, "type": "ssdeep", "uuid": "09bef543-06ee-4aa7-904c-5272c6cd04e4", "value": "768:tTl75hMmo2Oc8MDZhxeJWXTjyp+wW8JhaQiBOEoj:t5Vh/IMpxJwwoj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759619", "to_ids": false, "type": "size-in-bytes", "uuid": "74e91410-c759-497a-9fb3-fc288a378cb8", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759619", "to_ids": true, "type": "vhash", "uuid": "a1aaae3d-4e8d-45cf-a076-9d185f5fe2c7", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759619", "to_ids": true, "type": "filename", "uuid": "8cb010de-23fc-4bc4-b15a-72e0c4162a12", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759619", "to_ids": false, "type": "text", "uuid": "096abf73-eabe-465d-8cad-de13edd9b957", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall.MA!MTB\nVT Total Detection:59/71\nFirst Submission:2012-03-02T20:32:59.000000+00:00\nLast Submission:2015-09-30T06:04:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010529", "uuid": "46017382-edda-42d3-8cd1-465fdb65e5b3", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010529", "to_ids": true, "type": "md5", "uuid": "cf51d5d5-c500-4afb-a869-23298c819929", "value": "471312ef9897dcea1221c9eb33387fbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759643", "to_ids": true, "type": "sha1", "uuid": "4a7cbf49-4e68-4d74-9f0e-1fbc96de685f", "value": "cf7c5d32d73fb90475e58597044e7f20f77728af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759643", "to_ids": true, "type": "sha256", "uuid": "36d5d7a0-0917-4558-84e7-ff39710643d0", "value": "f5fcd998a9b707fbbe006dba840febdd249bc8e1433415a5c714cf3b8d81d3a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759643", "to_ids": true, "type": "ssdeep", "uuid": "85f51ae5-a6f4-472d-8d95-a8c92f35ff49", "value": "768:tTl75hMmo2Gk8MDZFxeJWXTjypgwW8JhaQiBOEoc:t5Vh/YMdxTwwoc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759643", "to_ids": false, "type": "size-in-bytes", "uuid": "b0afca4e-c34f-44c6-b23f-50507cb74182", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759643", "to_ids": true, "type": "vhash", "uuid": "11568bb5-1a2d-41f0-925a-12fd8d45e5bf", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759643", "to_ids": true, "type": "filename", "uuid": "2eabb063-1cb0-4889-aed1-48640f2b1fe6", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759643", "to_ids": false, "type": "text", "uuid": "a166f5bb-a316-49e5-b0d6-2746c4fc90e4", "value": "Mongall\r\nType Description: Win32 EXE\nNoneMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:53/68\nFirst Submission:2016-10-07T02:46:11.000000+00:00\nLast Submission:2016-11-04T02:00:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010550", "uuid": "a0493815-79e1-4781-8b52-817907f4285a", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010550", "to_ids": true, "type": "md5", "uuid": "46d1645d-1d25-4bbd-8e27-07839b3faa7a", "value": "35aaa03edbc3bb6e4e5668512f1c59dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759667", "to_ids": true, "type": "sha1", "uuid": "e538f6d3-486f-45a5-a5e8-e19f0ae429f9", "value": "1ab85632e63a1e4944128619a9dafb6405558863", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759667", "to_ids": true, "type": "sha256", "uuid": "c36a3dea-72c6-439b-bda1-bdb632bc197c", "value": "fb7007f7ee032252b911625417e2186d39bb3fe8f563e184ddf7a7269f83018f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759667", "to_ids": true, "type": "ssdeep", "uuid": "b21c2747-e1ff-4bad-a750-1a1bf2b8b3bc", "value": "768:tTl75hMmo2GCcDZFxeJWXTjyRgwW8JhaQiBOEoK:t5Vh/Pcdx7wwoK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759667", "to_ids": false, "type": "size-in-bytes", "uuid": "a257901e-7d7f-424d-b291-dae6105b8488", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759667", "to_ids": true, "type": "vhash", "uuid": "32eca9b8-9d3d-4a4e-9549-203449b5dcfc", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759667", "to_ids": true, "type": "filename", "uuid": "341dade1-f407-4c04-b163-c18065394502", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759667", "to_ids": false, "type": "text", "uuid": "86c7c076-90b9-40b4-aa8f-99c74114da5b", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:59/71\nFirst Submission:2013-08-29T07:14:53.000000+00:00\nLast Submission:2013-08-29T07:14:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010571", "uuid": "53fdf397-52cc-4e03-8f1d-ed31f78779ce", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010571", "to_ids": true, "type": "md5", "uuid": "7cb42d09-9a1d-4e45-b758-ab3e5b9e4cdf", "value": "75f3685508fc2c5b7bd250b217f20b12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759689", "to_ids": true, "type": "sha1", "uuid": "e45d0133-005e-4a2d-a49c-5e666a32ac36", "value": "1f0d3c8e373c529a0c3e0172f5f0fb37e1cdd290", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759689", "to_ids": true, "type": "sha256", "uuid": "6e9f34cc-b33a-4010-8f63-9bc240fa3c7d", "value": "fc58ddd2deda83dfbdd3096a228c7fdd2e91a8814e73a73c875aa37daab2b847", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759688", "to_ids": true, "type": "ssdeep", "uuid": "bd46a7d4-0611-4d67-ac1c-8e7ffbc0875c", "value": "768:tTlI5hMmo2GQPcDZFxeJWXTjypgwW8JhaQiBOEo2:t5yh/fcdxTwwo2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759688", "to_ids": false, "type": "size-in-bytes", "uuid": "1cca5acb-4e31-437a-9316-a1e6e6d8259d", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759688", "to_ids": true, "type": "vhash", "uuid": "72303989-522e-456e-8f4d-6a4286c48f16", "value": "054046655d151018z44jz25z61z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759688", "to_ids": true, "type": "filename", "uuid": "f3481dd4-7cee-44af-86c0-cd47d443a656", "value": "chdsk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759688", "to_ids": false, "type": "text", "uuid": "b01b9dbb-a398-40e0-9d35-c70c2bba1384", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:58/71\nFirst Submission:2013-01-25T17:03:41.000000+00:00\nLast Submission:2013-01-25T17:03:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010592", "uuid": "fda48c25-f48a-430a-805f-9ab0ff9e3973", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010592", "to_ids": true, "type": "md5", "uuid": "cdc38ed2-4eb5-477f-ac4a-4f8a09320155", "value": "41419bb8ba3719e4132f388bb7683616", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759716", "to_ids": true, "type": "sha1", "uuid": "38f66ca5-d581-4679-a8ba-3ec44843e871", "value": "f69050c8bdcbb1b5f16ca069e231b66d52c0a652", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759716", "to_ids": true, "type": "sha256", "uuid": "4f9bc0cb-a99b-4b13-8eec-20e7bab37cde", "value": "232bc2f0459538af053e2f58c42e7c65fbe36ff82de7ffc98cd9c5b802800e6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759716", "to_ids": true, "type": "ssdeep", "uuid": "ed424535-850d-4bca-8ad4-bd41ce2e75a8", "value": "768:TbtafBvPCZ9sHlZotqYbkWhllCbrVQYXlBt66Hao:vohPqsHlZtS8b7Wo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759716", "to_ids": false, "type": "size-in-bytes", "uuid": "214a64d2-b136-4d9d-93f5-8e39a543011d", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759716", "to_ids": true, "type": "vhash", "uuid": "5d115307-6c73-4ba2-b89e-769caf4b3fff", "value": "054036655d1018z44jz25z61z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759716", "to_ids": true, "type": "filename", "uuid": "7f457f59-decf-4e54-9b48-5af892aa8399", "value": "232bc2f0459538af053e2f58c42e7c65fbe36ff82de7ffc98cd9c5b802800e6b.vir" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759716", "to_ids": false, "type": "text", "uuid": "4723b7f7-8747-456f-b627-4e0209f9453a", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:60/71\nFirst Submission:2012-05-25T18:09:23.000000+00:00\nLast Submission:2016-01-12T05:35:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010613", "uuid": "4aea637f-87e8-4d9e-b84b-f594544ef52f", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010613", "to_ids": true, "type": "md5", "uuid": "4df06ab0-b858-48f8-bba7-d0234d5c073f", "value": "42b699af7d995aac022fe20dae82b4b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759737", "to_ids": true, "type": "sha1", "uuid": "cd4595ef-354c-43df-837e-f4b427642ee0", "value": "6ff079e886cbc6be0f745b044ee324120de3dab2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759738", "to_ids": true, "type": "sha256", "uuid": "54368f24-ed0d-4d4b-98b7-867215abdfeb", "value": "c57bc203dca9dfd24cad72bee445b3dabdcc7cad6dc30640033335e32e833389", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759737", "to_ids": true, "type": "ssdeep", "uuid": "58ed4669-2a8e-425a-81d7-b5d992a57c40", "value": "768:TbtafBvPaZ9sH9ZotqYbkWhlXCbrVQYXlBt66Hao:vohPisH9ZtSyb7Wo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759737", "to_ids": false, "type": "size-in-bytes", "uuid": "ccd7109d-04e4-4619-a3b2-832b4613abe1", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759737", "to_ids": true, "type": "vhash", "uuid": "58516715-59be-4668-8855-ddcf0f90d58e", "value": "05403e655d1018z44jz25z61z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759737", "to_ids": true, "type": "filename", "uuid": "d2ef0570-c94c-44a8-9cfa-dbea7dcff83e", "value": "svchost.exe.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759737", "to_ids": false, "type": "text", "uuid": "fd8ba153-dcd4-4d8b-b861-c96a5d13aa36", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:56/73\nFirst Submission:2015-04-01T09:27:12.000000+00:00\nLast Submission:2015-04-01T09:27:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010634", "uuid": "d982b793-eeee-466f-9df5-ee3f21da01d1", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010634", "to_ids": true, "type": "md5", "uuid": "01027056-d1b1-4c6c-b9c2-cfc07bc40f4f", "value": "062ea5b3dc558b2141b3e13837cd7cae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759759", "to_ids": true, "type": "sha1", "uuid": "bee5f332-20e0-4427-ab93-b02f4b83c176", "value": "8c90aa0a521992d57035f00d3fbdfd0fa7067574", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759759", "to_ids": true, "type": "sha256", "uuid": "bf2fd76c-699e-43a5-a4e4-42077bc01784", "value": "25ae8f7b7a865bf8a5463b57939b9d46b1225d532d0e23c18baaa98f045a83ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759759", "to_ids": true, "type": "ssdeep", "uuid": "ca67bb02-0844-4e28-bc88-52d1f3fd8cc1", "value": "768:TbtafBvPaZ9sH9ZotqYbkWhlXCbrVQYXlBt66Hao:vohPisH9ZtSyb7Wo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759759", "to_ids": false, "type": "size-in-bytes", "uuid": "93e2c89c-e9ec-42fb-904a-82a946f64970", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759759", "to_ids": true, "type": "vhash", "uuid": "b9b5376a-c67c-4989-b272-e90a472a08b4", "value": "05403e655d1018z44jz25z61z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759759", "to_ids": true, "type": "filename", "uuid": "163e7eef-f055-4ea2-8f4e-b8d3d74a8036", "value": "wmiprvse.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759759", "to_ids": false, "type": "text", "uuid": "fa3d2bf1-8315-4ab4-97db-7e9a34b70a15", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:54/71\nFirst Submission:2014-11-19T02:44:26.000000+00:00\nLast Submission:2023-05-15T07:17:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010655", "uuid": "23f256a3-261f-4f70-81c8-1eec1e157651", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010655", "to_ids": true, "type": "md5", "uuid": "ec08ef14-472c-4067-8412-bc0413140f9a", "value": "beecbceb185b089a3f61d02b497d623f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759781", "to_ids": true, "type": "sha1", "uuid": "86742ab0-41ab-4fe6-8a05-e42df6dd955d", "value": "5e32a5a5ca270f69a3bf4e7dd3889b0d10d90ec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759782", "to_ids": true, "type": "sha256", "uuid": "697e10fb-8709-460f-9744-e7a6abc20e9c", "value": "1a570f8c93c45efc9060fd091b94995f1d88c09f21c84d13301900a60c778293", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759781", "to_ids": true, "type": "ssdeep", "uuid": "c5795b29-b4cc-4147-bf02-0478c8420220", "value": "768:TbtafBPanZ9sH9ZotqYbkWhlXCbrVQYXlBt66Hao:voxansH9ZtSyb7Wo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759781", "to_ids": false, "type": "size-in-bytes", "uuid": "e6048690-17e5-4e35-9a91-4e330f758906", "value": "53248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759781", "to_ids": true, "type": "vhash", "uuid": "17cb971d-7232-4d38-b8e3-f4bb57427646", "value": "054036655d1018z44jz25z61z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759781", "to_ids": true, "type": "filename", "uuid": "a73866b6-a51c-4387-81d0-6efbda5f3b70", "value": "1a570f8c93c45efc9060fd091b94995f1d88c09f21c84d13301900a60c778293.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759781", "to_ids": false, "type": "text", "uuid": "7834dcb3-0c6c-4c49-a8e7-02be024bd2fb", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:56/71\nFirst Submission:2012-12-29T19:55:07.000000+00:00\nLast Submission:2022-06-10T08:25:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010676", "uuid": "697e89dd-4fd7-4860-8751-cf7df78feac7", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010676", "to_ids": true, "type": "md5", "uuid": "60ae2cf0-1578-4e11-8438-e9347472ab23", "value": "f6d3435e43871ba002706b346e854ada", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759804", "to_ids": true, "type": "sha1", "uuid": "bcea8153-e66f-4c27-b921-bead46512c4e", "value": "0db3626a8800d421c8b16298916a7655a73460de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759804", "to_ids": true, "type": "sha256", "uuid": "cfd082fc-c178-4b38-9254-a0b0870a19f1", "value": "66cc2450c78ad2440415220037b2562b144eb3dc4da3ae066d6a1ea6d859ff08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759804", "to_ids": true, "type": "ssdeep", "uuid": "6f757166-5b06-4fa2-b159-09e57a2041af", "value": "768:VH/x7vUiZMBFYAjbvYlGLJTvToTPKz02zRHWSffsDzixF5C5o6ywojZ4U:VfxAuMEwCTPKz02hWwMzU/CrojZV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759804", "to_ids": false, "type": "size-in-bytes", "uuid": "1c689da4-9975-4509-80eb-7cd8cd462c1f", "value": "77824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759804", "to_ids": true, "type": "vhash", "uuid": "7502155c-2749-49aa-acd2-8a97fa33fb4b", "value": "174056651d15151018z51jz25z61z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759804", "to_ids": true, "type": "filename", "uuid": "019b144a-e50b-4e7e-9452-5b095a122108", "value": "ntshrui.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759804", "to_ids": false, "type": "text", "uuid": "a03259e5-c08a-4c70-bfcc-608f61edcf74", "value": "Mongall\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/AgentTesla!MSR\nVT Total Detection:54/73\nFirst Submission:2014-04-26T19:15:07.000000+00:00\nLast Submission:2016-01-01T10:26:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010697", "uuid": "b8d537d3-80a8-48dc-aa02-2c6b303497f2", "Attribute": [ { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010697", "to_ids": true, "type": "md5", "uuid": "08041e39-f3d2-4cf7-a283-43260b9feb0d", "value": "222628913a374abf51f626af8d0f2b63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759828", "to_ids": true, "type": "sha1", "uuid": "d127cff0-074d-46c3-8992-379748fdf020", "value": "01751ea8ac4963e40c42acfa465936cbe3eed6c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mongall", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759828", "to_ids": true, "type": "sha256", "uuid": "37edb18d-989e-48b7-b825-fed169f9b3c3", "value": "6c6fbb3b1807a907f622d271b44573eabbfec17405a4fd1e10ee31fb307d032e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759827", "to_ids": true, "type": "ssdeep", "uuid": "4ebe7b88-1bce-44c1-9f21-f637ec91e7d0", "value": "1536:p8gr1sqKhTboBfxAuMEwCTPKz02hWwMzU/CrojZV:laJboM2KIwMI/CroN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759827", "to_ids": false, "type": "size-in-bytes", "uuid": "cf764793-00be-4de4-9768-c8e71bdb12ef", "value": "122880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759827", "to_ids": true, "type": "vhash", "uuid": "305ab600-afc0-4df5-9809-9e21f6825490", "value": "015046651d151az36!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759827", "to_ids": true, "type": "filename", "uuid": "15375ebd-fdce-4bae-ad82-4b35cd4f7b9b", "value": "222628913a374abf51f626af8d0f2b63.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759827", "to_ids": false, "type": "text", "uuid": "6862c47a-51e0-4c95-bd4e-a6c195dbadd3", "value": "Mongall\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Mongall!MSR\nVT Total Detection:53/71\nFirst Submission:2022-02-04T17:42:48.000000+00:00\nLast Submission:2022-02-04T17:42:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010718", "uuid": "de323c46-a353-4178-a968-b53b2e6b0366", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010718", "to_ids": true, "type": "md5", "uuid": "ebb27cb4-3957-4232-8189-f20e991f7ac7", "value": "ef457d2536923e09a57c6a018d8087a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759850", "to_ids": true, "type": "sha1", "uuid": "0b98b81a-f0cf-4f34-9657-4a9409b0478e", "value": "6b3032252b1f883cbe817fd846181f596260935b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759850", "to_ids": true, "type": "sha256", "uuid": "abe624b6-b064-4c4b-b654-77cd7c5e51b2", "value": "6b8a3d7d5ff45d76efb2ffa5f293fab0a7e92280ee9a8a648f0cb554e4d179b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759850", "to_ids": true, "type": "ssdeep", "uuid": "41070a46-c853-41df-b6f5-c8ba2876c50f", "value": "196608:VMaEL3nFw/0lSp2HD9weITRWRI53ExAaiwXCu/8o6ANaCwvVGQ:2nFwF2H65RfIryzoEGQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759850", "to_ids": false, "type": "size-in-bytes", "uuid": "c2ca7fad-92a5-42fc-b6aa-f8495f042c64", "value": "9736192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759850", "to_ids": true, "type": "vhash", "uuid": "dee3b899-042e-4ad8-a84d-97bbf7d28d8b", "value": "09606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759850", "to_ids": true, "type": "filename", "uuid": "0e02373a-67b4-4ff2-b5d8-f1eb6b26603c", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 08/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759850", "to_ids": false, "type": "text", "uuid": "7be94760-433d-4c06-a88f-cd92a630a905", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:60/72\nFirst Submission:2015-11-27T08:05:01.000000+00:00\nLast Submission:2025-04-08T13:22:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010739", "uuid": "b9a6fde7-1ab4-4288-8f95-81ec8c4bdfcf", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010739", "to_ids": true, "type": "md5", "uuid": "bcbfe5d6-23cf-4964-a713-86fc60ce16b1", "value": "b3f69477875174eefc1f251717e0d951", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759873", "to_ids": true, "type": "sha1", "uuid": "2fda4bb1-1462-46b9-955d-e0cbcd203602", "value": "741168d01e7ea8a2079ee108c32893da7662bb63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759873", "to_ids": true, "type": "sha256", "uuid": "b88f0433-af8e-4f57-a201-32bd55552b7e", "value": "0791b1bb7e4ed624f71d48d82ec53a67af143ed45432786538c84c93e5a68e65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759872", "to_ids": true, "type": "ssdeep", "uuid": "a767ae27-766d-46b0-8e44-b09cb7d619a4", "value": "196608:VVaEL3nFw/0lSp2HD9weITRWRI53ExAaiwXCu/8o6ANaCwvVGQ:tnFwF2H65RfIryzoEGQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759872", "to_ids": false, "type": "size-in-bytes", "uuid": "681c2657-64e6-4528-a358-7fdc0487e269", "value": "9736192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759872", "to_ids": true, "type": "vhash", "uuid": "49b7707c-b200-4e48-905b-d8fc71012d85", "value": "09606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759872", "to_ids": true, "type": "filename", "uuid": "3750e6ce-52a9-42a8-a1b3-fd68a4de21f2", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759872", "to_ids": false, "type": "text", "uuid": "2a95bb7a-5f17-4f52-b6bf-65e6a825c4aa", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Bladabindi!ml\nVT Total Detection:61/73\nFirst Submission:2018-07-07T13:23:23.000000+00:00\nLast Submission:2022-06-10T08:26:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010760", "uuid": "75e91fb5-4dde-41b2-99ec-299ac163de2b", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010760", "to_ids": true, "type": "md5", "uuid": "b73dba9b-8fda-4c7c-bb74-87dcd7cb3ad4", "value": "48a52af050cf60dbb8cf6d718cff11cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759895", "to_ids": true, "type": "sha1", "uuid": "44b364b2-eadc-44c2-a3c9-8284d2aea7b0", "value": "b9cc2f913c4d2d9a602f2c05594af0148ab1fb03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759895", "to_ids": true, "type": "sha256", "uuid": "dc3b0c71-0195-4a60-81cf-a54e5efccf06", "value": "4aa6ca202a239ec1312ada5192a74103aa3bbe3a7385556b76c1b1acb7d6f8b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759894", "to_ids": true, "type": "ssdeep", "uuid": "dda6b69e-6061-443a-9c2f-58fabcfe08a4", "value": "196608:ZnsbRe+xYGG1YUs72DSG2w68VTI0tpO6jCNU:ZnsbRbnGCd7IAUskCN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759894", "to_ids": false, "type": "size-in-bytes", "uuid": "83c30f51-06b9-414f-b9fa-daeca757b733", "value": "6770688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759894", "to_ids": true, "type": "vhash", "uuid": "2458e17e-b5c2-497e-b2d2-965c72284d08", "value": "06606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759895", "to_ids": true, "type": "filename", "uuid": "ccd40ec0-d6a9-4d07-86bc-c9e764843212", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759895", "to_ids": false, "type": "text", "uuid": "202e808d-92c0-4743-93e2-559e41479773", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: TrojanDropper:Win32/CryptInject!MSR\nVT Total Detection:61/72\nFirst Submission:2020-06-13T01:57:50.000000+00:00\nLast Submission:2020-06-13T01:57:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010782", "uuid": "edb8bbf6-4944-479a-bee9-d8701e9297e8", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010782", "to_ids": true, "type": "md5", "uuid": "d47323c5-b1d1-4c38-ba62-4c398ce95e57", "value": "d31ed2c2698bed2dc3debcdfc94c8b71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759920", "to_ids": true, "type": "sha1", "uuid": "0741e24e-0f05-4cb7-85f2-a8f7819d66dd", "value": "c7e6f7131eb71d2f0e7120b11abfaa3a50e2b19e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759920", "to_ids": true, "type": "sha256", "uuid": "c9e0c616-fa2b-43ad-bee9-0d63916ff27e", "value": "b03b990d6356510eebf1d993927ba29d8c4009fdcf4f2d3cda864075644e7dbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759920", "to_ids": true, "type": "ssdeep", "uuid": "07d7fa85-a6b8-4930-bf66-81f14820be8d", "value": "196608:kplZIiJ3WXLyJ+tMsgeW+/UQHFzlNWAi7BoN:sZ3ALyJXeJVHBlNzc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759920", "to_ids": false, "type": "size-in-bytes", "uuid": "8fd49b50-f34f-4270-91b6-a39c96ca8f30", "value": "7561216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759920", "to_ids": true, "type": "vhash", "uuid": "1bce6368-0ab1-4ca0-ad14-593867fa1787", "value": "07606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759920", "to_ids": true, "type": "filename", "uuid": "6399a8c1-3d3d-442a-8bff-ce58342ccadb", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759920", "to_ids": false, "type": "text", "uuid": "0504f910-9e20-424e-8696-aa9ba9deb903", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: TrojanDropper:Win32/CryptInject!MSR\nVT Total Detection:63/72\nFirst Submission:2020-11-15T14:31:04.000000+00:00\nLast Submission:2020-11-15T14:31:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010803", "uuid": "6702ba59-ed41-4792-92e4-7527fbaed31c", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010803", "to_ids": true, "type": "md5", "uuid": "291cea52-3709-4c9b-ae9f-7c5597ecf14c", "value": "0b030a195c5161d963631ede129b797f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759944", "to_ids": true, "type": "sha1", "uuid": "d33251a7-7ce0-4abe-9a2f-1cb54b52e2c9", "value": "ae0fdf2ab73e06c0cd04cf79b9c5a9283815bacb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759944", "to_ids": true, "type": "sha256", "uuid": "d64c570c-4cfd-4216-bb13-34532d9f03c1", "value": "92335bdf8f8ba45673acf4d30c4e08d17b8dea706a3a5c7e0ca333a30edfc32e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759944", "to_ids": true, "type": "ssdeep", "uuid": "8142caed-228a-4677-9dfb-932789b1bcd8", "value": "196608:tplZIiJ3WXLyJ+tMsgeW+/UQHFzlNWAi7BoN:RZ3ALyJXeJVHBlNzc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759944", "to_ids": false, "type": "size-in-bytes", "uuid": "e72f6903-977e-4910-a02a-dc3d99c4bbb0", "value": "7561216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759944", "to_ids": true, "type": "vhash", "uuid": "c98fe0ff-543c-49cf-9ec2-44363142bc16", "value": "07606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759944", "to_ids": true, "type": "filename", "uuid": "6b28fc4a-d715-45ab-acae-d222c7e1c8b8", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759944", "to_ids": false, "type": "text", "uuid": "adc315bd-8f7c-4115-b0be-f58e680e082b", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: TrojanDropper:Win32/CryptInject!MSR\nVT Total Detection:63/73\nFirst Submission:2019-07-29T06:17:41.000000+00:00\nLast Submission:2022-06-10T08:25:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010824", "uuid": "9811d556-08bd-4bc2-b957-eeaf36b4eed8", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010824", "to_ids": true, "type": "md5", "uuid": "8124c0b2-0892-48ab-95b7-0e9f42165f3b", "value": "38009d2e337103690e12f1ea346b4384", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759966", "to_ids": true, "type": "sha1", "uuid": "e2de7d35-c455-4cd2-897f-84e38726d0c8", "value": "67f2cd4f1a60e1b940494812cdf38cd7c0290050", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759967", "to_ids": true, "type": "sha256", "uuid": "c7445d93-765e-438e-aeed-4b5c063241ed", "value": "88e88522d3085fcd9e3a93fdf0f1fe55efcb104fa9f12123224fdfa05dff90fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759966", "to_ids": true, "type": "ssdeep", "uuid": "1a23ed3f-709e-4af8-bf89-8ab10c7548d7", "value": "196608:DplZIiJ3WXLyJ+tMsgeW+/UQHFzlNWAi7BoN:TZ3ALyJXeJVHBlNzc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759966", "to_ids": false, "type": "size-in-bytes", "uuid": "0f9c1832-bd0e-48c9-8f10-f88752e747b4", "value": "7561216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759966", "to_ids": true, "type": "vhash", "uuid": "c5b2efb4-727f-42eb-9910-4dd65397f551", "value": "07606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759966", "to_ids": true, "type": "filename", "uuid": "ac2f734c-eb8a-47de-9bc4-453b3d0cef13", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759966", "to_ids": false, "type": "text", "uuid": "c0004ec9-b6a5-412a-a25e-01be4deac851", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: TrojanDropper:Win32/CryptInject!MSR\nVT Total Detection:63/72\nFirst Submission:2020-09-01T05:00:50.000000+00:00\nLast Submission:2022-06-10T08:24:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010845", "uuid": "de9dfe7a-ea6a-4a13-869b-0c5980733c74", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010845", "to_ids": true, "type": "md5", "uuid": "9d874ef5-4014-4627-88b6-cb5d00906864", "value": "80a0c2491323f7797136bdb0c7a00911", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746759989", "to_ids": true, "type": "sha1", "uuid": "fdd63eb8-f337-4b49-9abf-6ec11894e2e4", "value": "aca99cfd074ed79c13f6349bd016d5b65e73c324", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746759989", "to_ids": true, "type": "sha256", "uuid": "b6eae978-427a-45da-87e1-85a5e48f17c7", "value": "8d574feb615721bebc32403e6ea6e0b5ac7912d3adf9e8805426d03128340d8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746759989", "to_ids": true, "type": "ssdeep", "uuid": "e0085bfe-f63b-4bb8-8751-5293c33f45cf", "value": "196608:6plZIiJ3WXLyJ+tMsgeW+/UQHFzlNWAi7BoN:GZ3ALyJXeJVHBlNzc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746759989", "to_ids": false, "type": "size-in-bytes", "uuid": "389ddb85-eb82-4a64-954f-1ca3265cf109", "value": "7561216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746759989", "to_ids": true, "type": "vhash", "uuid": "82356ba6-e8bd-42aa-9e16-a8e73b8135d5", "value": "07606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746759989", "to_ids": true, "type": "filename", "uuid": "4ea5c1d9-8446-4823-b4ae-b97c75d357cf", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746759989", "to_ids": false, "type": "text", "uuid": "3059ad7a-d893-4217-a226-9656de554fde", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: TrojanDropper:Win32/CryptInject!MSR\nVT Total Detection:62/72\nFirst Submission:2020-10-21T05:07:20.000000+00:00\nLast Submission:2022-06-10T08:26:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010867", "uuid": "994b348a-ebf9-4165-ad25-c7036ddd8895", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010867", "to_ids": true, "type": "md5", "uuid": "bf353db3-2756-4400-8717-9af8109ea59c", "value": "c55ad0a839ff21cc3bda4f2232d77af5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760013", "to_ids": true, "type": "sha1", "uuid": "98ecacda-67fa-4755-b359-1c6deaa57a74", "value": "ba7142e016d0e5920249f2e6d0f92c4fadfc7244", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760013", "to_ids": true, "type": "sha256", "uuid": "f42c95fe-03e2-4106-967d-3a47df53d679", "value": "aa5df923a914ea198f1e2065a694ebd6d3069babf5e8233a28fbc3c050c1a930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760012", "to_ids": true, "type": "ssdeep", "uuid": "93573288-2970-4382-9a41-50b59c2a2efa", "value": "196608:bplZIiJ3WXLyJ+tMsgeW+/UQHFzlNWAi7BoN7:7Z3ALyJXeJVHBlNzc4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760012", "to_ids": false, "type": "size-in-bytes", "uuid": "b0484130-fb99-4145-a09e-edfafe850570", "value": "7561472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760012", "to_ids": true, "type": "vhash", "uuid": "7480b937-fc88-4abf-866c-88dc626b614a", "value": "07606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760012", "to_ids": true, "type": "filename", "uuid": "677e5990-1941-416d-8f2c-c6f80a535067", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760012", "to_ids": false, "type": "text", "uuid": "19ab0ec4-24ca-4dae-b357-74333deb4c29", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:62/72\nFirst Submission:2018-05-18T14:22:32.000000+00:00\nLast Submission:2018-05-18T14:22:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010888", "uuid": "07999dd5-7ee7-43be-a657-dc147fd1cb22", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010888", "to_ids": true, "type": "md5", "uuid": "5eada92e-5613-4875-8e5f-d14156c23ea4", "value": "b6b5d6030d43968309c4fbf96b7bf43a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760036", "to_ids": true, "type": "sha1", "uuid": "ac6fe700-57de-4165-a7be-657b40aa10f5", "value": "98a907b18095672f92407d92bfd600d9a0037f93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760036", "to_ids": true, "type": "sha256", "uuid": "0184a063-edc3-4eb4-9b66-2e1206a7a6d5", "value": "1e59b377c4465222ae2d219f26ef7cf607d0b0afb430d06377956840f787fca4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760036", "to_ids": true, "type": "ssdeep", "uuid": "566b1927-8eea-46e4-bca4-befc2db158f9", "value": "196608:KplZIiJ3WXLyJ+tMsgeW+/UQHFzlNWAi7BoN:WZ3ALyJXeJVHBlNzc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760036", "to_ids": false, "type": "size-in-bytes", "uuid": "208e22f0-f142-4b99-8c9d-b180dae4bcc9", "value": "7586191" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760036", "to_ids": true, "type": "vhash", "uuid": "b7b2d28a-77cf-455d-81b8-b22a23a6d21f", "value": "07606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760036", "to_ids": true, "type": "filename", "uuid": "acea798c-496e-4c27-9631-d5483f98ea0f", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760036", "to_ids": false, "type": "text", "uuid": "f20eb463-dc3a-4fe9-a8e0-2e8cd475808c", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Tnega!MSR\nVT Total Detection:60/73\nFirst Submission:2021-05-11T23:23:24.000000+00:00\nLast Submission:2021-05-11T23:23:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010909", "uuid": "70736dea-5dec-4c79-888f-f2f595cf9e1e", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010909", "to_ids": true, "type": "md5", "uuid": "acf462ad-d77e-490a-8151-86be2ede03f0", "value": "56ca486e0ca7a8c7446042f2ba364bd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760059", "to_ids": true, "type": "sha1", "uuid": "90fb993d-02bc-48d9-ac25-592496c69fea", "value": "afaffef28d8b6983ada574a4319d16c688c2cb38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760059", "to_ids": true, "type": "sha256", "uuid": "0ed953c6-b09a-4c92-a46d-6a5d0147bf04", "value": "eedb475eb03ec0b9d00907155c21ef593fb05be5758e10ec16e9be2182b5f0a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760058", "to_ids": true, "type": "ssdeep", "uuid": "a8d03d68-3cd3-4d8e-bd24-2a41b76c7ad8", "value": "196608:TNHD0CQz5L3FO2/PsLNVR3irJ2qpycPRRO9Lt5Vm2vmPxhxdB:hObO23efSrJkUjQ5xvWHh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760058", "to_ids": false, "type": "size-in-bytes", "uuid": "113ee5f1-987f-4a8b-b874-7547c249b170", "value": "9711616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760058", "to_ids": true, "type": "vhash", "uuid": "c7e62d85-9e5e-445f-9842-21f11cac1997", "value": "09606f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760058", "to_ids": true, "type": "filename", "uuid": "10729f9e-4b2b-4e1a-82ce-2dab8a90b854", "value": "DE An NK, NN 2017 Cuc A.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760058", "to_ids": false, "type": "text", "uuid": "2d4b8f9a-f733-43b3-8f9c-af1c036c5c1a", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!rfn\nVT Total Detection:52/72\nFirst Submission:2017-07-30T10:32:58.000000+00:00\nLast Submission:2023-03-29T15:29:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010930", "uuid": "b04b5741-f041-48b7-af86-43829022e69f", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010930", "to_ids": true, "type": "md5", "uuid": "1194ef1f-814e-4bc3-b6c8-443ea3441b7f", "value": "062cd4e3ce872bbe4e41cfabfe94f837", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760082", "to_ids": true, "type": "sha1", "uuid": "e91b8a4f-eac8-4764-9b18-a8b8d0fa5b92", "value": "98e2afed718649a38d9daf10ac792415081191fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760082", "to_ids": true, "type": "sha256", "uuid": "cf9460ce-ef90-4240-bdb5-dfb632edb357", "value": "56eb56dea2091a5b9e91e52f872d2b2ee54362fafc7e0ba4896f5a762d7fc082", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760082", "to_ids": true, "type": "ssdeep", "uuid": "9aba528a-ad6b-45db-8324-f803ff66fee7", "value": "196608:hXBJAXNLDLjVi5Cc2APYoiicCGHotPbhgW05exgFWWur5vs1qQ9dHTY8P:hXmNn8bBjcnejSt5wZC1qAdHT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760082", "to_ids": false, "type": "size-in-bytes", "uuid": "497e187e-28cd-4f2e-8aba-53739a6cb705", "value": "11722752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760082", "to_ids": true, "type": "vhash", "uuid": "804e598e-09c9-4ace-8393-5e1ef4276fa7", "value": "01706f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760082", "to_ids": true, "type": "filename", "uuid": "fb2cbd80-7ded-45c2-94c1-e91b62e680ab", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760082", "to_ids": false, "type": "text", "uuid": "3dbd9f3f-8b52-4f2e-8679-e48013926a3c", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Gamarue!MSR\nVT Total Detection:60/72\nFirst Submission:2017-09-10T04:45:22.000000+00:00\nLast Submission:2023-02-13T02:58:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010951", "uuid": "c63f556b-144e-4334-80a6-e9bbc78511e1", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010951", "to_ids": true, "type": "md5", "uuid": "1c2d292b-72c0-4f10-a6bc-022d771db006", "value": "b5e620c4baa1a45a8c4cd66d6df955df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760110", "to_ids": true, "type": "sha1", "uuid": "3a994e62-4031-4ec0-bc30-4ad0301de2f5", "value": "bc32e66a6346907f4417dc4a81d569368594f4ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760111", "to_ids": true, "type": "sha256", "uuid": "c8a9452d-2c06-4dff-9935-89db04d967fc", "value": "50cbb6b4e356acc8ff72ed0e2b47b9dd267b27204d219a8e857234ef9fa0ff7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760110", "to_ids": true, "type": "ssdeep", "uuid": "e4662b18-41c9-4d1e-b597-7f4a0e164ad0", "value": "196608:bXBJAXNLDLjVi5Cc2APYoiicCGHotPbhgW05exgFWWur5vs1qQ9dHTY8P:bXmNn8bBjcnejSt5wZC1qAdHT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760110", "to_ids": false, "type": "size-in-bytes", "uuid": "5a48e5f3-9196-476c-96d8-361cf555de33", "value": "11722752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760110", "to_ids": true, "type": "vhash", "uuid": "b9b6ad2c-4eb9-4369-af8b-7ef03a666c31", "value": "01706f7d7d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760110", "to_ids": true, "type": "filename", "uuid": "7a775656-af76-4325-88d4-dc564546f93f", "value": "inetinfo.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760110", "to_ids": false, "type": "text", "uuid": "448730a8-598e-4ff6-b32b-e6944b3a2946", "value": "Dropper\r\nType Description: Win32 EXE\nMicrosoft: TrojanDropper:Win32/CryptInject!MSR\nVT Total Detection:60/73\nFirst Submission:2020-08-06T16:23:18.000000+00:00\nLast Submission:2020-08-06T16:23:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010972", "uuid": "e4d7c9c3-39eb-406e-b79c-db9d61a35a07", "Attribute": [ { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010972", "to_ids": true, "type": "md5", "uuid": "3552100a-ebaf-4a7c-b54a-887b5f9ca101", "value": "e2473ab80272a5876a57f5275d63c8f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760133", "to_ids": true, "type": "sha1", "uuid": "fab0267e-0298-43c5-8830-f262f6ea3d00", "value": "8d569ac92f1ca8437397765d351302c75c20525b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760133", "to_ids": true, "type": "sha256", "uuid": "f757b063-524a-4f59-9e7a-b565f70e8b17", "value": "0e0512f509f5be71a130e253226a3a2094f0949b96129e3048dd7406cc9ce474", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760133", "to_ids": true, "type": "ssdeep", "uuid": "cc9fba52-8214-418a-a43e-182b1e72a280", "value": "49152:Jlgx5OFDu+B3yvCjmFMNh2dlVRqu4I+lYEh:7+5OFDv3yQmFOhkV4I8dh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760133", "to_ids": false, "type": "size-in-bytes", "uuid": "e6a677cd-3914-491d-b11a-2cc9a46b718b", "value": "2164524" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760133", "to_ids": true, "type": "vhash", "uuid": "398dc6e7-de41-48d3-b202-2f2c8fdab713", "value": "4a8da80e080d6df185e0f2e9b5605816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760133", "to_ids": true, "type": "filename", "uuid": "582c1bc3-8276-456d-bb5c-55a9d7934d5b", "value": "~DF51839DAD2ED3C593.TMP" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760133", "to_ids": false, "type": "text", "uuid": "990a033b-0101-4ac0-ad65-a8fac387873a", "value": "Document exploit\r\nType Description: MS Word Document\nMicrosoft: Exploit:Win32/CVE-2012-0158!MSR\nVT Total Detection:33/61\nFirst Submission:2014-12-26T05:33:50.000000+00:00\nLast Submission:2023-03-19T14:53:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747010993", "uuid": "393011dd-684a-4604-8911-d6957566eb54", "Attribute": [ { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747010993", "to_ids": true, "type": "md5", "uuid": "5289f63e-61cd-4683-8797-f668b56dc057", "value": "d6666b060d7c43d75def5eaaed8190e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760154", "to_ids": true, "type": "sha1", "uuid": "bba137ba-a326-405b-91a4-719932b013d0", "value": "5c32a4e4c3d69a95e00a981a67f5ae36c7aae05e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760154", "to_ids": true, "type": "sha256", "uuid": "04d72c19-7608-48de-af10-fb8659de47ac", "value": "7231a857b66701bfe5376fb1399e609f6222fbe5bf208b87717dcf1dd1d82c0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760154", "to_ids": true, "type": "ssdeep", "uuid": "2bb24088-f4c2-4154-aa8c-e8592a06ddd1", "value": "3072:T4pq6txD0Ny0bp88aehsdc87SNUirOPLItUv5t3R:EfiFpaGl3iItUTh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760154", "to_ids": false, "type": "size-in-bytes", "uuid": "188b6f07-696c-4aeb-afda-8a23257f0bb4", "value": "152576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760154", "to_ids": true, "type": "vhash", "uuid": "5e8ad16a-2e8f-40d6-ac0c-bcef6438779d", "value": "f6bc6ccfa624e1d77bbf07797f9ee910" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760154", "to_ids": true, "type": "filename", "uuid": "ab870f09-e1ea-4ca7-9124-2b6cba5ad7c9", "value": "~DFA2AF394F2FCC6F7D.TMP" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760154", "to_ids": false, "type": "text", "uuid": "91c60b27-019d-4016-921d-af21b69410c7", "value": "Document exploit\r\nType Description: MS Word Document\nMicrosoft: None\nVT Total Detection:27/61\nFirst Submission:2021-05-08T00:43:34.000000+00:00\nLast Submission:2021-05-08T00:43:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011014", "uuid": "7503fe8b-c34a-4b34-b65a-c6a709a0770e", "Attribute": [ { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011014", "to_ids": true, "type": "md5", "uuid": "a839360d-4985-4475-9b36-be62e4ccf470", "value": "4bce26f3b500894b9ef297c63ddb82d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760175", "to_ids": true, "type": "sha1", "uuid": "534c7530-24fa-471b-a558-f5bd81c4473b", "value": "d807a2c01686132f5f1c359c30c9c5a7ab4d31c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Document exploit", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760175", "to_ids": true, "type": "sha256", "uuid": "f3a5922c-7216-4f6c-88d3-0caca705d926", "value": "60064bea1b65b3694b717d8ed9846ffac0fb761e176b5ea1980aef379661d5d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760175", "to_ids": true, "type": "ssdeep", "uuid": "f0d055b2-c73f-432f-84c1-a65dd46d075e", "value": "1536:QDLwVb1t8q8bQwRGaViGvvxxnhROrP1LaaoR8dvxbk3iunvf/wcg0:QDLwVD/fmHbxMrP1Xouj+ocg0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760175", "to_ids": false, "type": "size-in-bytes", "uuid": "861dbb9e-6a41-4452-b9da-737f322095f1", "value": "115998" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760175", "to_ids": true, "type": "vhash", "uuid": "b56e5a70-8fc1-4f58-81c3-6c20bdba7a03", "value": "8acffa977ecd64b28964feb5931d8471a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760175", "to_ids": true, "type": "filename", "uuid": "6ed011a3-6191-4408-a344-afa91879dd8b", "value": "60064bea1b65b3694b717d8ed9846ffac0fb761e176b5ea1980aef379661d5d3.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760175", "to_ids": false, "type": "text", "uuid": "d0e0b157-33e8-46a1-af06-78e61350a807", "value": "Document exploit\r\nType Description: Rich Text Format\nMicrosoft: Exploit:Win32/CVE-2010-3333.AF\nVT Total Detection:38/60\nFirst Submission:2014-06-14T13:07:13.000000+00:00\nLast Submission:2022-06-10T08:26:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011035", "uuid": "d990256c-53d9-42c8-8d08-4217f777217f", "Attribute": [ { "category": "Payload delivery", "comment": "Modified Heyoka", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011035", "to_ids": true, "type": "md5", "uuid": "dff81a4f-b676-4a27-aa78-a195afab0f60", "value": "336ada3a8078617a0359b7756eae0aa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Modified Heyoka", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760217", "to_ids": true, "type": "sha1", "uuid": "12789b27-41df-4c52-8538-f08ed49498aa", "value": "7e6870a527ffb5235ee2b4235cd8e74eb0f69d0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Modified Heyoka", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760217", "to_ids": true, "type": "sha256", "uuid": "20a2af24-0499-4032-9220-102a9ddab0e1", "value": "19f1709b37eabe75b2f5e1e73f25f04d22e2875cf51475cef9d4d73742493179", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760217", "to_ids": true, "type": "ssdeep", "uuid": "c22c68bd-4740-4c6b-af79-cbb47611c595", "value": "1536:XXZpU6sVos/XCQ+mV54PhISBTBKu7cyThlC7/W8GQlZb/p1IFAxibVh:BsVogSHmX+bjoZGQlZbsSGh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760217", "to_ids": false, "type": "size-in-bytes", "uuid": "2c52b0cd-3a42-44d3-8182-f13c3c6a954a", "value": "131072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760217", "to_ids": true, "type": "vhash", "uuid": "951cf278-232a-4f52-8fa3-7d32118bc50b", "value": "115046655d151028z6ez17z14z195z15" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760217", "to_ids": false, "type": "text", "uuid": "0e2ea31b-44d1-4ddf-9781-534b11f9b39c", "value": "Modified Heyoka\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Bladabind!MSR\nVT Total Detection:50/72\nFirst Submission:2016-01-01T22:24:35.000000+00:00\nLast Submission:2016-01-01T22:24:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011056", "uuid": "1fb5774d-d5a9-43cb-835d-d58f2ee082de", "Attribute": [ { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011056", "to_ids": true, "type": "md5", "uuid": "6804451d-f831-4a61-810a-e1685411fc32", "value": "3c3818fba7ab9a99aa646b14f9e13944", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760239", "to_ids": true, "type": "sha1", "uuid": "0f2c236e-b574-4144-b507-e7e17167e40d", "value": "2f0ea0a0a2ffe204ec78a0bdf1f5dee372ec4d42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760239", "to_ids": true, "type": "sha256", "uuid": "6cf8906e-9ed7-4f0a-bef3-ef2932d13a17", "value": "c27beaa1ba70e28019abc82cff6e3dbf9b84dc1c6c18c1b0ddee059b5451cb97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760238", "to_ids": true, "type": "ssdeep", "uuid": "494d3865-7eb6-4073-9cff-1578c2481d18", "value": "768:gEUvcUbrsv69mFMK4shFOBpkk47fEDkpinCHqkQOZ0KUXHpA1:BQcUb4pNvF6pkfqCH8bKWHQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760238", "to_ids": false, "type": "size-in-bytes", "uuid": "1a7e91cd-2917-4ab0-be64-1d2df634f23e", "value": "48128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760238", "to_ids": true, "type": "vhash", "uuid": "b8794d45-05c3-4930-9f84-6a2ad23c9e8c", "value": "144056655d15551038z4a=z3c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760238", "to_ids": true, "type": "filename", "uuid": "2f6ff1fe-a0a0-4eeb-a536-0fa60a08c62c", "value": "c27beaa1ba70e28019abc82cff6e3dbf9b84dc1c6c18c1b0ddee059b5451cb97.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760238", "to_ids": false, "type": "text", "uuid": "3ed44929-f6e5-4b41-88f9-d416c116fc16", "value": "DLL-test\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/PlugX!MSR\nVT Total Detection:51/72\nFirst Submission:2019-12-06T07:28:13.000000+00:00\nLast Submission:2023-05-15T17:45:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011077", "uuid": "4380f710-aeeb-4a8b-ba27-08d02f8c7c38", "Attribute": [ { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011077", "to_ids": true, "type": "md5", "uuid": "66c88b50-0e96-481c-8b8b-b7b533a4ddcd", "value": "73e76f3e7553db8a853e95018142c966", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760260", "to_ids": true, "type": "sha1", "uuid": "5eafd496-068e-4ef7-bee0-0546a0c72d69", "value": "041d9b089a9c8408c99073c9953ab59bd3447878", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760260", "to_ids": true, "type": "sha256", "uuid": "83eaff6b-2eee-49b2-91e0-d97b52cb2c80", "value": "35f3673c823719b3f87a4480322a1df7ea8229aa32bf943d92ee1dd1ff558002", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760259", "to_ids": true, "type": "ssdeep", "uuid": "3ac24b61-3900-4f9a-b7e4-37a81dd09900", "value": "3072:BO0Wv+gs/O1CBd8ghscsCObiVpPWSUXodmqig4e:nWWgs9BdzHO0mqj4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760259", "to_ids": false, "type": "size-in-bytes", "uuid": "f3fe20e8-c85e-419f-ba8b-f2c209bacf8d", "value": "169984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760259", "to_ids": true, "type": "vhash", "uuid": "fd674295-1e91-4382-8ffb-47c86ce9da33", "value": "11507e06551d1d15156058z63nz1ez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760259", "to_ids": true, "type": "filename", "uuid": "40943adc-2f26-4c60-94c9-392786e13be5", "value": "encrashrep.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 05/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760259", "to_ids": false, "type": "text", "uuid": "4b700ab3-4a03-4992-9490-77c678f7c4c3", "value": "DLL-test\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/PlugX!MSR\nVT Total Detection:54/72\nFirst Submission:2019-08-29T05:31:07.000000+00:00\nLast Submission:2021-11-24T22:31:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011098", "uuid": "8386c338-1779-4df3-8c23-489183afdba1", "Attribute": [ { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011098", "to_ids": true, "type": "md5", "uuid": "53ffc910-0a6d-4acb-97a7-c64274611a44", "value": "c7b29b3f31b1efb9c0db8b6ea54dc814", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760281", "to_ids": true, "type": "sha1", "uuid": "4f340c46-a69c-418e-a74a-778b5a2941a2", "value": "1edada1bb87b35458d7e059b5ca78c70cd64fd3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760281", "to_ids": true, "type": "sha256", "uuid": "d616016d-278f-45c3-b51f-21377c022d0d", "value": "bef152609a86ef77cbf1061dad74c3d78cf1aab982677c98a3fb21450efbac0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760281", "to_ids": true, "type": "ssdeep", "uuid": "3681c0ff-1204-454d-9a6a-00d291605714", "value": "3072:jUeMs6mOBqlH9src5BwPKbgVZDGn7WUFY8PCc:jU9msqlH9JsyDPl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760281", "to_ids": false, "type": "size-in-bytes", "uuid": "50c13f5f-8d77-4cec-b485-d13951858edd", "value": "162304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760281", "to_ids": true, "type": "vhash", "uuid": "4e8da4e6-886e-436a-8049-bae77946cf54", "value": "11507e06551d1d55155058z5enz2ez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760281", "to_ids": true, "type": "filename", "uuid": "fdbb9068-1885-4b17-b671-45020599e6f0", "value": "bef152609a86ef77cbf1061dad74c3d78cf1aab982677c98a3fb21450efbac0f.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760281", "to_ids": false, "type": "text", "uuid": "d39d7a5c-82e9-4ddf-83e8-b3f6640ab333", "value": "DLL-test\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/PlugX!MSR\nVT Total Detection:51/73\nFirst Submission:2019-05-24T08:36:26.000000+00:00\nLast Submission:2022-06-10T08:25:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011120", "uuid": "30731ae8-1053-47e7-b0dc-ef7623aca6b7", "Attribute": [ { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011120", "to_ids": true, "type": "md5", "uuid": "6448126a-3334-4916-b1e9-99c91ffb8528", "value": "00541e9bb0d9c8030fa387d01c1ab992", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760302", "to_ids": true, "type": "sha1", "uuid": "af416561-4217-473f-b521-5f1c93a60913", "value": "4033c313497c898001a9f06a35318bb8ed621dfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760303", "to_ids": true, "type": "sha256", "uuid": "3dc344da-ae46-4193-ba61-b047591cdaef", "value": "a590150ca0d3e4cb47796de53aad937f3e118b54cf85b48d0597c0e22acb2142", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760302", "to_ids": true, "type": "ssdeep", "uuid": "07bb4676-e5c0-4247-ae29-293e1547197c", "value": "3072:BO0Wv+gs/O1CBd8gjscsCObiVpPWSUXodmqig4e:nWWgs9BdhHO0mqj4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760302", "to_ids": false, "type": "size-in-bytes", "uuid": "8a888a7e-28a2-4d5e-9bfe-02096c3dc231", "value": "169984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760302", "to_ids": true, "type": "vhash", "uuid": "6452cd38-47d7-4c2d-90d2-3161ac868809", "value": "11507e06551d1d15156058z63nz1ez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760302", "to_ids": true, "type": "filename", "uuid": "c331443d-876a-47ce-8c42-c8bde08b4601", "value": "encrashrep.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760302", "to_ids": false, "type": "text", "uuid": "052b57e0-215a-45e3-8d06-769a7e948bbe", "value": "DLL-test\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:55/72\nFirst Submission:2020-03-21T01:48:36.000000+00:00\nLast Submission:2020-03-21T01:48:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011141", "uuid": "4eec77ae-2e20-495b-9f16-0d9f9ed14e8d", "Attribute": [ { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011141", "to_ids": true, "type": "md5", "uuid": "32c0b183-4244-4824-bd3d-30c3528dc180", "value": "6b7fd2273eb1a758f4219a73c42bc920", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760345", "to_ids": true, "type": "sha1", "uuid": "46ccc63d-a7fa-472c-904f-c9e997c42103", "value": "97d30b904e7b521a9b7a629fdd1e0ae8a5bf8238", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760345", "to_ids": true, "type": "sha256", "uuid": "ebbfff68-ddbf-4ba1-9dae-d24f2268b79f", "value": "82ed01174cccd2605fcb40f47aec32f0278d242a979047636c1289f64691d10f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760344", "to_ids": true, "type": "ssdeep", "uuid": "af9e121e-6e2b-43c1-8889-7884a23bfc32", "value": "768:/DHL6qY6CseaEpxYWZoUTRF9QJtCdzDYthpYLgn2YEDo7WSS1RBW6:/DHLRY6C5aEpBGqmIDYTGW/S/F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760344", "to_ids": false, "type": "size-in-bytes", "uuid": "85ee7da7-57ed-4e62-967d-0ca8d8bddadd", "value": "48640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760344", "to_ids": true, "type": "vhash", "uuid": "82440f38-b768-4db3-ae8a-ea4201be4df4", "value": "144056655d15551038z52nz1ez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760344", "to_ids": true, "type": "filename", "uuid": "40ed1cd2-3d11-4398-9108-809090775113", "value": "virussign.com_6b7fd2273eb1a758f4219a73c42bc920.vir" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 19/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760344", "to_ids": false, "type": "text", "uuid": "a37782c4-4e6f-4983-8d22-e0249664c440", "value": "DLL-test\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/CryptInject!MSR\nVT Total Detection:54/73\nFirst Submission:2020-09-30T01:19:06.000000+00:00\nLast Submission:2021-11-26T19:36:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011162", "uuid": "a8ccb268-600b-468a-b453-ac3a609ec467", "Attribute": [ { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011162", "to_ids": true, "type": "md5", "uuid": "009f90b6-4bfd-47f8-817c-c6afdcbb5ac8", "value": "ab035c297e5f28995cbdff416caacaa7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760366", "to_ids": true, "type": "sha1", "uuid": "93b902eb-d0bf-419a-b13e-56906a7cc9a2", "value": "53525da91e87326cea124955cbc075f8e8f3276b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760366", "to_ids": true, "type": "sha256", "uuid": "689633c1-edc4-4dee-b53e-929ce98fe62a", "value": "f61aa113b376c3434904fe2780a46878c3a6a15117e57373f4ec5cd4e9a419dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760365", "to_ids": true, "type": "ssdeep", "uuid": "98ece7ca-2d8d-4d40-a9db-766af5def160", "value": "3072:1TLBNGQ4+Dv7KcfOcO3V7gaKywdRJUnBAOqhM:bkQ4+T9O3VxKLSAOqi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760365", "to_ids": false, "type": "size-in-bytes", "uuid": "0edcf6f2-a9ef-4962-8889-d6af663e4328", "value": "165376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760365", "to_ids": true, "type": "vhash", "uuid": "6d9f07b8-c558-4f08-b3bc-b6e7510919ab", "value": "11507e06551d1d55155058z5enz1ez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760365", "to_ids": true, "type": "filename", "uuid": "dd6f5054-fb35-4be7-aa8f-eff8a1e12c6d", "value": "encrashrep.dll.sc" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760365", "to_ids": false, "type": "text", "uuid": "7928cfec-b353-42aa-b628-ac529d2a1d7d", "value": "DLL-test\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/CryptInject!MSR\nVT Total Detection:48/72\nFirst Submission:2019-03-06T21:52:41.000000+00:00\nLast Submission:2023-07-21T00:26:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011183", "uuid": "058a3a39-b5bb-43ae-bbf9-d95d46e44803", "Attribute": [ { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011183", "to_ids": true, "type": "md5", "uuid": "b123206c-6302-49c3-b8fa-e095912e89ef", "value": "7c6627aa8f262a0432cca058fdc6af81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760387", "to_ids": true, "type": "sha1", "uuid": "5cf4cce7-abe3-489e-b238-cac32c4a6a21", "value": "73ac8512035536ffa2531ee9580ef21085511dc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL-test", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760387", "to_ids": true, "type": "sha256", "uuid": "c1fd1d5f-52c0-43a8-98b6-a289fb9e5fd4", "value": "fb2968c3946a2d20ccfb3c947e18330ece1375877d7aabb781b669d483fb1fcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760387", "to_ids": true, "type": "ssdeep", "uuid": "48493600-072e-404e-9b3e-af68d3678fe8", "value": "1536:I19GDYoi0y6Bgx5pDW7kysF/aYFzfA/4s+ty3gcsWrcdrZZdnXJYuO:Q90YFDW7QF/BfLhrrdnZY5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760387", "to_ids": false, "type": "size-in-bytes", "uuid": "934bf0e7-8582-4395-b9eb-dc5d8d746ea9", "value": "89600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760387", "to_ids": true, "type": "vhash", "uuid": "315c1470-f515-4a52-9400-527c990be804", "value": "184056655d15556048z55nz1ez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760387", "to_ids": true, "type": "filename", "uuid": "071e6b6a-f2b6-41c4-ba5a-257f457b900d", "value": "encrashrep.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 20/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760387", "to_ids": false, "type": "text", "uuid": "a264c129-c2aa-4d92-9017-39c57a083b55", "value": "DLL-test\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:51/73\nFirst Submission:2019-02-18T11:35:55.000000+00:00\nLast Submission:2019-02-18T11:35:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747011204", "uuid": "b6d0f91d-ee5a-4edb-bd3d-ac64d99d8c98", "Attribute": [ { "category": "Payload delivery", "comment": "Installer", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747011204", "to_ids": true, "type": "md5", "uuid": "d03da751-6eb4-4243-85ae-f528d9f71e67", "value": "ddc9650a403f410273665c93af726acc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760408", "to_ids": true, "type": "sha1", "uuid": "dfac7252-959f-401d-a44d-145ed77edade", "value": "28b8843e3e2a385da312fd937752cd5b529f9483", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760408", "to_ids": true, "type": "sha256", "uuid": "04e5c8ac-3b1c-4cf1-87c4-dc101b0c4c4d", "value": "7f3a99a5d64783d8bbcff5c07bc9c3f73a716fe9caa929509149d9b9333716cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760408", "to_ids": true, "type": "ssdeep", "uuid": "040927c8-fbfd-4a14-9703-302790b87973", "value": "3072:F1FclEsVogSHmX+bjoZGQlZbsSGhqOocB:JqVTSVjoZaSgYcB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760408", "to_ids": false, "type": "size-in-bytes", "uuid": "7d123d99-5111-42e7-80c0-dd3b1c1eaa03", "value": "221184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760408", "to_ids": true, "type": "vhash", "uuid": "5b286a08-7ff3-4d55-abd5-32e687354599", "value": "025046651d156az3a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760408", "to_ids": true, "type": "filename", "uuid": "a257e7f3-0e84-438a-8003-f304b5bd1055", "value": "kis.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760408", "to_ids": false, "type": "text", "uuid": "cb8c916b-53e3-4bb7-9a5f-392b4017bb96", "value": "Installer\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Zegost!MSR\nVT Total Detection:59/73\nFirst Submission:2016-07-23T09:02:24.000000+00:00\nLast Submission:2023-01-22T11:27:59.000000+00:00" } ] } ] } }