{ "Event": { "analysis": "2", "date": "2022-09-23", "extends_uuid": "", "info": "[Threat Intel] Mass email campaign with a pinch of targeted spam", "protected": false, "publish_timestamp": "1780040014", "published": true, "threat_level_id": "2", "timestamp": "1772902015", "uuid": "c44d92e6-25fb-4c25-be68-e518d74aa44d", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#c70b8f", "local": false, "name": "misp-galaxy:target-information=\"Portugal\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Agent Tesla\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740762658", "to_ids": false, "type": "link", "uuid": "ea21bd83-bdfe-441f-809d-a3f122a7022d", "value": "https://securelist.com/agent-tesla-malicious-spam-campaign/107478/" }, { "category": "Network activity", "comment": "On port 587", "deleted": false, "disable_correlation": false, "timestamp": "1747020334", "to_ids": true, "type": "hostname", "uuid": "eeba8fd3-7788-4df9-adba-ea869a051225", "value": "mail.essentialapparatus.co.ke", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 587", "deleted": false, "disable_correlation": false, "timestamp": "1747020355", "to_ids": true, "type": "hostname", "uuid": "cdf6acec-9af6-422d-b45d-97bdd416038a", "value": "mail.keeprojects.in", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740762743", "to_ids": true, "type": "email-src", "uuid": "c057c4f2-e881-4f00-86d1-84bb4b41b483", "value": "info@essentialapparatus.co.ke" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740762743", "to_ids": true, "type": "email-src", "uuid": "c41fff77-eb31-4cab-b15c-f4181640b63d", "value": "quality@keeprojects.in" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981531", "uuid": "c8bbe11e-5ef5-44f3-a17b-2caa6b3e8b86", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981531", "to_ids": true, "type": "md5", "uuid": "6584486f-5a99-4e93-89f7-fd720478d885", "value": "ddc607bb993b94c543c63808bebf682a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760941", "to_ids": true, "type": "sha1", "uuid": "3feeb857-fe6f-462b-a356-5b798a7a1d81", "value": "8d920606fa7b72e6bb2687c54f1c637a6b903ae4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760941", "to_ids": true, "type": "sha256", "uuid": "d40b1b9b-89a4-4ec6-abb0-919e157947a7", "value": "0d701065b55da4f343d25e51f34858c228a8df0a8ce9c76274a92ce8d7fe35af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760940", "to_ids": true, "type": "ssdeep", "uuid": "5689adea-8b28-49ab-a63a-d4166bedcd6a", "value": "12288:7iCFLsHVhrH6CtFoB2alh0V9X4okWx2L7BEzzpAS4I:GsIvH68oXl6D2L7BiSS4I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760940", "to_ids": false, "type": "size-in-bytes", "uuid": "7ef99214-6e52-428c-a14b-c3cabb704994", "value": "484596" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760940", "to_ids": true, "type": "vhash", "uuid": "b83880b4-33c7-4c0d-b0ff-08d616c972c9", "value": "af10e3e17b8b87ad1a1affb71689ed7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760940", "to_ids": true, "type": "filename", "uuid": "42c6f455-93d9-468d-b3b5-30a7bd01be07", "value": "bneniycrbd.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 28/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760940", "to_ids": false, "type": "text", "uuid": "60264a8b-06ef-4b1d-b5a5-a83bee0581dd", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/AgentTesla!ml\nVT Total Detection:50/67\nFirst Submission:2022-04-29T18:06:46.000000+00:00\nLast Submission:2022-04-29T18:06:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981531", "uuid": "fbec55e6-39e1-4941-9492-231cf935b7ed", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981531", "to_ids": true, "type": "md5", "uuid": "80b60fc2-6eb2-43cd-95fa-4b448fff09bf", "value": "862adb87b0b894d450f8914a353e3e9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760962", "to_ids": true, "type": "sha1", "uuid": "8dc640af-25ee-4fcb-966b-e2c022281c8d", "value": "a29732358b4fd58a3a41e7f00b328d7f95857462", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760962", "to_ids": true, "type": "sha256", "uuid": "145e7470-2950-4a14-85e2-544bb92c1e94", "value": "d0303a6b69e18f924134871e3c7a0e6815729722f3d49d38476eb2cbf88c92aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760962", "to_ids": true, "type": "ssdeep", "uuid": "8784904e-7d0b-4e80-941f-f28dae39f643", "value": "12288:GiCFLsHVhrH6CtFoB2alh0V9X4okWx2L7BEzzpAS4Z:zsIvH68oXl6D2L7BiSS4Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760962", "to_ids": false, "type": "size-in-bytes", "uuid": "e08699aa-6b24-4a16-9afa-5c1f82954bcf", "value": "484600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760962", "to_ids": true, "type": "vhash", "uuid": "be4ab9df-2788-4708-8167-e2cf40730389", "value": "af10e3e17b8b87ad1a1affb71689ed7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760962", "to_ids": true, "type": "filename", "uuid": "2d7bcdbb-d5d0-4536-91ee-8d10858b3d74", "value": "joohunnahf.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 28/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760962", "to_ids": false, "type": "text", "uuid": "f0d812a9-2bd9-4ce8-a13c-01bf88b24241", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/AgentTesla!ml\nVT Total Detection:52/67\nFirst Submission:2022-04-29T17:22:34.000000+00:00\nLast Submission:2022-04-30T01:24:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981531", "uuid": "b39496aa-422e-4e01-b882-c910b9f0cac9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981531", "to_ids": true, "type": "md5", "uuid": "5dc1d59b-4ca0-4024-89ae-1325c3885b77", "value": "a1ae8b0d794af648908e0345204ea192", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746760983", "to_ids": true, "type": "sha1", "uuid": "4afe0910-f34a-4f26-9cb4-e83e0b432f39", "value": "c9ab62f198dfca3d7c993e11bb45096b262727c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746760983", "to_ids": true, "type": "sha256", "uuid": "833509db-ba40-4e18-a675-0c81e65a386a", "value": "c04503d4c4006fd134364506b8a004cd220980304bcbbe3b7fc26dbf9c8dd265", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746760983", "to_ids": true, "type": "ssdeep", "uuid": "01082aa0-cee2-4019-9044-3366842a5508", "value": "12288:YiCFLsHVhrH6CtFoB2alh0V9X4okWx2L7BEzzpAS4n:dsIvH68oXl6D2L7BiSS4n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746760983", "to_ids": false, "type": "size-in-bytes", "uuid": "840ce94c-5f6f-4413-a601-ab218b27533d", "value": "484618" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746760983", "to_ids": true, "type": "vhash", "uuid": "edc18088-8cef-4c55-80c6-5b382ae610cf", "value": "af10e3e17b8b87ad1a1affb71689ed7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746760983", "to_ids": true, "type": "filename", "uuid": "3d34778a-3c29-4d60-a88b-3c8f57a83f7f", "value": "iyiyjsmmrw.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 28/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746760983", "to_ids": false, "type": "text", "uuid": "c3194e9e-fa37-4b7c-87a0-a4ec43d34096", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/AgentTesla!ml\nVT Total Detection:51/67\nFirst Submission:2022-04-29T17:36:45.000000+00:00\nLast Submission:2022-04-29T17:36:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981531", "uuid": "1b67a8af-8eec-46be-a3bf-fbfd50a49e7e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981531", "to_ids": true, "type": "md5", "uuid": "fd3dfbed-4f4d-4135-b384-be8c99c0d653", "value": "9d0364e1f625edb286b0d5541bb15357", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761004", "to_ids": true, "type": "sha1", "uuid": "bef78836-3ef4-447e-9088-95298ae9ed2f", "value": "b5d75e7a381e3051839245fd8741533150c0afbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761005", "to_ids": true, "type": "sha256", "uuid": "b5b6ab38-9fe9-4d11-8b1b-18d71760ff77", "value": "1e16a6376135e64593198e07872a0c8d8dfef6e988f11b6ec25c7c56845f6e88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761004", "to_ids": true, "type": "ssdeep", "uuid": "30fba770-6a47-4125-9be8-6ea44002a191", "value": "12288:eiCFLsHVhrH6CtFoB2alh0V9X4okWx2L7BEzzpAS45:LsIvH68oXl6D2L7BiSS45" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761004", "to_ids": false, "type": "size-in-bytes", "uuid": "78f672ed-cf5b-4c6e-baca-50f8ea13da00", "value": "484614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761004", "to_ids": true, "type": "vhash", "uuid": "2f649600-8064-4011-869b-42b37d8cbd05", "value": "af10e3e17b8b87ad1a1affb71689ed7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761004", "to_ids": true, "type": "filename", "uuid": "35bcbfea-6dc2-4ce2-86f1-07731f636453", "value": "oxtlizqhyr.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 28/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761004", "to_ids": false, "type": "text", "uuid": "56543f71-2015-4e35-ab97-828fcb8644de", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/AgentTesla!ml\nVT Total Detection:49/67\nFirst Submission:2022-04-29T19:52:46.000000+00:00\nLast Submission:2022-04-29T19:52:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981531", "uuid": "1a4f7844-0865-4d4b-b7ec-ab7d0779fc1b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981531", "to_ids": true, "type": "md5", "uuid": "4a030934-caca-4117-b837-3dd8c65113d3", "value": "eee70de3ac0dc902b99ed33408e646c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761026", "to_ids": true, "type": "sha1", "uuid": "400fa959-e402-4ee7-89c1-dab68038c9b3", "value": "a9d2ad7adfdefb26596c017b09eec1a8c958cf38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761026", "to_ids": true, "type": "sha256", "uuid": "421b501e-4d77-459a-89f2-a5cc726eddd4", "value": "fe3422ebda5628f82d457015becbc93ce3594c6df3b0eee29c62b3226b100ec1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761025", "to_ids": true, "type": "ssdeep", "uuid": "fc9ee72d-a2ad-4715-bca4-14e6b4d3af71", "value": "12288:bxgjV0PYUBqHK51jATvPPqXWqbq6kFP2Kt1UGV0PAyn5iZQkFjvpG2h:bUOyvPb16gP2KP1Li5OzxG2h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761025", "to_ids": false, "type": "size-in-bytes", "uuid": "6ad6bd91-d081-4164-af0f-c017ffda4933", "value": "691536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761025", "to_ids": true, "type": "vhash", "uuid": "ba4b65cd-9241-4e0b-9441-026468caf6b9", "value": "105c0bec81e5bbc958674be46effadd1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761025", "to_ids": true, "type": "filename", "uuid": "ce9da93e-cb28-491a-a964-9bca0d59725b", "value": "fe3422ebda5628f82d457015becbc93ce3594c6df3b0eee29c62b3226b100ec1.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 27/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761025", "to_ids": false, "type": "text", "uuid": "d85df7f3-e4c5-4dc4-a9b1-9e0e14bdd3a0", "value": "Type Description: RAR\nMicrosoft: Trojan:MSIL/AgentTesla.PDS!MTB\nVT Total Detection:49/62\nFirst Submission:2022-05-31T11:30:45.000000+00:00\nLast Submission:2022-09-23T11:09:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981531", "uuid": "7d2c80c0-9196-422e-8838-e995b3448c4b", "Attribute": [ { "category": "Payload delivery", "comment": "Password: Info@2018", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981531", "to_ids": true, "type": "md5", "uuid": "73e56358-a429-487c-9a14-212c5069099f", "value": "64011a7871abb873c822b8b99082e8ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Password: Info@2018", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747019557", "to_ids": true, "type": "sha1", "uuid": "367b2e26-345b-4f03-9464-72e5c85ac674", "value": "3d463299cda11670351fb5b2c1e0c213bf7563ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Password: Info@2018", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747019571", "to_ids": true, "type": "sha256", "uuid": "5d545947-44d0-4830-a2f4-eadb08bbbcd3", "value": "a442b02412d266580b4e2bc5a4c4d548a16b5035c345e62f32f6094846e1557f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761046", "to_ids": true, "type": "ssdeep", "uuid": "02d69fdd-5025-4564-9518-19a03e95d231", "value": "12288:7BxGcU5f3AFiAV/NpeCYdUtwd0ITYlo0L8nbezhEBn4DauUkoPO9R4kb:mcU5f3A0CUnddR0lEbYi4DJRoPOX4k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761046", "to_ids": false, "type": "size-in-bytes", "uuid": "fb884135-b8af-4256-b429-c6f43ed5546d", "value": "763904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761046", "to_ids": true, "type": "vhash", "uuid": "af2f6157-de20-4d75-b514-6cc8802c99f5", "value": "27503675751290ab7522e150" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761046", "to_ids": true, "type": "filename", "uuid": "09e3fe51-850d-4f64-98ee-4c341bf26372", "value": "StreamWrap.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761046", "to_ids": false, "type": "text", "uuid": "019b6a52-c827-40fc-9562-219eecf5fbdd", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AgentTesla.EXL!MTB\nVT Total Detection:60/72\nFirst Submission:2022-05-31T11:33:23.000000+00:00\nLast Submission:2022-11-28T09:32:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981531", "uuid": "4cd73ee5-ce7e-4859-ba93-6e083f6c457d", "Attribute": [ { "category": "Payload delivery", "comment": "Password: quality#@!", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981531", "to_ids": true, "type": "md5", "uuid": "45f39d6c-2dac-417b-aba1-2a9822b50d64", "value": "b012cb8cfee0062632817d12d43f98b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Password: quality#@!", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747019588", "to_ids": true, "type": "sha1", "uuid": "52aadf9f-35dd-4205-834d-e5ebc09914e5", "value": "8a21aa3a787290e02247a78ab5b4bf01e58d8ad3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Password: quality#@!", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747019591", "to_ids": true, "type": "sha256", "uuid": "3d69a80d-1e44-49c7-9186-5c88963e6f29", "value": "5e6640ff6983ee67ee8157c4eb5cc1f3ed443389976b5760370631cbd70e8593", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761068", "to_ids": true, "type": "ssdeep", "uuid": "79bd4086-cd1b-40f1-afa8-3ed8169bbc62", "value": "12288:6Ih1SHbhZngCtFcB2slhqVfNQoMe7eL73EzVpnG7tlgMh:7gLng8c3lMHeL73O9GsM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761068", "to_ids": false, "type": "size-in-bytes", "uuid": "8cc71b0f-1bac-4779-b47d-1f97881b25cc", "value": "605696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761068", "to_ids": true, "type": "vhash", "uuid": "6a2f1b31-c00c-448e-9c97-bb39a239eba8", "value": "2650367515130082262462f2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761068", "to_ids": true, "type": "filename", "uuid": "9681c925-4fa8-40e6-9491-81420c9e54c3", "value": "WHDz4.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761068", "to_ids": false, "type": "text", "uuid": "65d6494c-f3f2-4e14-b373-7301d3e4a3e5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/AgentTesla.NTH!MTB\nVT Total Detection:61/72\nFirst Submission:2022-04-29T17:35:29.000000+00:00\nLast Submission:2022-04-29T17:35:29.000000+00:00" } ] } ] } }