{ "Event": { "analysis": "2", "date": "2019-09-09", "extends_uuid": "", "info": "[Threat Intel] Thrip: Ambitious Attacks Against High Level Targets Continue", "protected": false, "publish_timestamp": "1780039872", "published": true, "threat_level_id": "1", "timestamp": "1772901988", "uuid": "c7f29790-a81b-4831-a8fa-f4a771337d41", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Thrip\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Macau\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Catchamas\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Sagerunex\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740408486", "to_ids": false, "type": "link", "uuid": "4d678f3a-c5df-4d9a-a7f1-c4d39076b3d2", "value": "https://www.security.com/threat-intelligence/thrip-apt-south-east-asia" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814288", "uuid": "2217ef84-b3c8-4415-9de1-d5d99452486f", "Attribute": [ { "category": "Payload delivery", "comment": "Hannotog", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814288", "to_ids": true, "type": "md5", "uuid": "cf038d10-bce4-4100-9954-d0fa3460c402", "value": "6dcd5ba39cb2a3a3b66cc079acf563ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hannotog", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746571837", "to_ids": true, "type": "sha1", "uuid": "a78c1ebb-da2b-4026-837f-e3aa2b359e3b", "value": "bc4a76a6205ef3415e8b53f995db2e1ca89bafdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hannotog", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746571837", "to_ids": true, "type": "sha256", "uuid": "cb348a9b-8e78-4edf-91e0-69ec07c8a64c", "value": "9348eba0582b19c4580491a32457a1904c41c06dee27ed07c86d986d3c98d15c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746571836", "to_ids": true, "type": "ssdeep", "uuid": "5930e65e-fe0c-4a71-9bd5-29c8c175ade7", "value": "1536:4e0RKEsVevhe34n6gJShazyY0ICnbbSqAlEFLUdZ5l1cB4PsWjcd+i1o/E:4ejFevhe34DnCbb0eFLk0+D/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746571836", "to_ids": false, "type": "size-in-bytes", "uuid": "c5bf2512-a9b6-4ff3-9c65-0728b89c6999", "value": "135168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746571836", "to_ids": true, "type": "vhash", "uuid": "c708df32-7011-4fd6-9c95-4d9c38f5b67e", "value": "015056655d15556038z4chz1bz97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746571836", "to_ids": true, "type": "filename", "uuid": "5af7f2f3-4d45-4343-aa4e-71f154ec650a", "value": "shat.exe" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746571836", "to_ids": false, "type": "text", "uuid": "a7e776c1-08c0-40eb-9e3d-8deb31223e60", "value": "Hannotog\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Donkaykay.B!dha\nVT Total Detection:53/72\nFirst Submission:2019-03-07T02:53:10.000000+00:00\nLast Submission:2021-03-18T20:10:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814309", "uuid": "461f0103-2ae5-4d57-b7c7-a17d4a8a6a52", "Attribute": [ { "category": "Payload delivery", "comment": "Hannotog", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814309", "to_ids": true, "type": "md5", "uuid": "fd24ae43-a7a8-4200-ab9e-1386d9e0ba26", "value": "b07499a9e157bff01b592f373400fe1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hannotog", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746571858", "to_ids": true, "type": "sha1", "uuid": "20778b62-1fa7-4aa6-a0b9-f749bbaa45dc", "value": "3b8454151e03c24d4dd9e7d95ac812e8b5a481e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hannotog", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746571858", "to_ids": true, "type": "sha256", "uuid": "93d18233-1eef-49a9-be30-3731cb199e3a", "value": "bd92ce8ef31cd40894b68338d9b71d371936b432b5347d944fad7d9381459761", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746571858", "to_ids": true, "type": "ssdeep", "uuid": "04823212-e877-410c-bbe0-0e0b02952bd0", "value": "1536:S9IPXUNEpM6pqTG3wOiuGW3dzoeiowuxYBv1WGn9XLQf3zcsULsWjcdXfVkZJHA:ZMNTIwGdloswOYBv1p+f3HXyZe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746571858", "to_ids": false, "type": "size-in-bytes", "uuid": "2431bd59-ee90-4896-9ca0-13a6c35a767a", "value": "151552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746571858", "to_ids": true, "type": "vhash", "uuid": "24e6971d-ce9f-4d13-94f7-737c217f257f", "value": "015056655d15556038z56hz1bz87z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746571858", "to_ids": true, "type": "filename", "uuid": "6bc36f10-b512-4ba2-b8e7-f13aa15ed3f4", "value": "bd92ce8ef31cd40894b68338d9b71d371936b432b5347d944fad7d9381459761.exe" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746571858", "to_ids": false, "type": "text", "uuid": "4ae66ac9-5acf-43df-ae70-6da7fcf54e30", "value": "Hannotog\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:55/72\nFirst Submission:2018-08-09T08:38:28.000000+00:00\nLast Submission:2023-05-15T17:29:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814330", "uuid": "8b76d6a6-bfaa-404c-a305-5e9ee2d5b471", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814330", "to_ids": true, "type": "md5", "uuid": "3ae784c2-c8cc-4744-9d75-daef27152a18", "value": "d9ec3d956cbee17d1f6385b6d0a79574", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746571879", "to_ids": true, "type": "sha1", "uuid": "a554ccbb-0607-4d05-b46f-f8953d813279", "value": "b9508cf0ab0cc5d911b755d321dcb9828906850f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746571879", "to_ids": true, "type": "sha256", "uuid": "ba5727ac-d7b7-456a-897d-ab7383eae9bf", "value": "0d1ecd92570b8ca7b2ffd60271c5f601c08a822197413cf4ffd552a7e2426ff6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746571879", "to_ids": true, "type": "ssdeep", "uuid": "83f1acaa-9901-41af-bc31-d24406848da0", "value": "3072:r/ZmxEvnAvQSiD4+kiZP5XfAUk6wAEp9Elm85+jg+y:Vm+/tO14P5p/Ep9LVjVy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746571879", "to_ids": false, "type": "size-in-bytes", "uuid": "fb6d4ac3-652a-4ee2-98c5-595f4e5dec71", "value": "171520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746571879", "to_ids": true, "type": "vhash", "uuid": "a5003daf-8f8f-4945-9444-3afb8a47f04e", "value": "115056655d75556018z47nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746571879", "to_ids": true, "type": "filename", "uuid": "d2bb9531-e79c-49d4-9a86-d05595e5a8db", "value": "263060.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 23/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746571879", "to_ids": false, "type": "text", "uuid": "782b0226-ba13-4d65-ba7a-5d0bd6b6c39b", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Esulat\nVT Total Detection:59/72\nFirst Submission:2015-08-24T02:51:22.000000+00:00\nLast Submission:2024-10-27T18:59:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814352", "uuid": "a809e2d7-4a54-4248-a4b6-cb7defd18703", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814352", "to_ids": true, "type": "md5", "uuid": "30f2edec-c274-4257-b3de-63bc26ac14c5", "value": "bb992ba5a4b4a882a169a5583d26cb2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746571900", "to_ids": true, "type": "sha1", "uuid": "e492c5e4-672e-4431-835e-cf73736f050b", "value": "b3de15f8fdb200da8a5ddb90f3206c12f9b7c76e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746571901", "to_ids": true, "type": "sha256", "uuid": "f1600568-5b62-4250-b388-2f501153dbf1", "value": "19378dab8b242d94148ad5c48d57d9e45fec5f53b6724155488dd80566a66623", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746571900", "to_ids": true, "type": "ssdeep", "uuid": "22adb8df-4c53-416c-ad1c-b524058a4a38", "value": "3072:CaaUXzuSpIl/D6+894eQNF0RRRl12PIfs33ou0LTs2oSg:JaUX7Fg0R512PI00XRoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746571900", "to_ids": false, "type": "size-in-bytes", "uuid": "1e246a4b-0d70-43b0-a4a5-50aa5e122967", "value": "171008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746571900", "to_ids": true, "type": "vhash", "uuid": "9caf8f3f-381c-4f40-b73b-c2434e748dd8", "value": "11506666555d75056018z46nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746571900", "to_ids": true, "type": "filename", "uuid": "351d727e-af9d-4a45-b6f5-96a3506690af", "value": "19378dab8b242d94148ad5c48d57d9e45fec5f53b6724155488dd80566a66623.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 23/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746571900", "to_ids": false, "type": "text", "uuid": "e773e91c-f11e-4ac4-b384-cfb8bfbc9abf", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.B!dha\nVT Total Detection:57/72\nFirst Submission:2016-08-08T00:25:54.000000+00:00\nLast Submission:2024-10-27T19:16:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814373", "uuid": "e8a63e74-598b-49aa-87a2-4a961c0d255a", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814373", "to_ids": true, "type": "md5", "uuid": "cf32fe77-7cf3-4abd-bbe6-314c9c2e02cf", "value": "e01396624aeaf79827f0a23e19f10190", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746571922", "to_ids": true, "type": "sha1", "uuid": "43233228-3473-492f-8b15-c880fd4692a0", "value": "3cfdfb9b96428d69d36ea28595e732361ead19b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746571923", "to_ids": true, "type": "sha256", "uuid": "6e7671d3-8dcb-4def-ba46-7001f1481510", "value": "1e164da9ddd19d0b654e8a60b416c80e82f9bfc0ab35dd262733f4364610c9f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746571922", "to_ids": true, "type": "ssdeep", "uuid": "08d2906c-1cd7-4b7c-bdb0-f423faeb6651", "value": "6144:m329ShADSXYzlaDOqiX5uLqnU8+qJLCS:HShADIOlaFipNU8+qJLC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746571922", "to_ids": false, "type": "size-in-bytes", "uuid": "c6315f8f-cb16-4cf7-8c6e-d703dfaf7ff4", "value": "230400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746571922", "to_ids": true, "type": "vhash", "uuid": "6f4fda28-fcd1-40db-899f-e40fa7e0927c", "value": "125056655d75556018z47?z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746571922", "to_ids": true, "type": "filename", "uuid": "c2371cc2-3346-48ac-9a6b-4850b9b0de41", "value": "1e164da9ddd19d0b654e8a60b416c80e82f9bfc0ab35dd262733f4364610c9f4.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 23/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746571922", "to_ids": false, "type": "text", "uuid": "226ea289-114a-4514-a9e8-9c5cb802bc96", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.B!dha\nVT Total Detection:57/72\nFirst Submission:2018-01-17T06:10:19.000000+00:00\nLast Submission:2024-10-27T19:12:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814394", "uuid": "f0ac6321-2ede-44e3-9ee7-31d4b7f35638", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814394", "to_ids": true, "type": "md5", "uuid": "6d16cbe1-4bfe-4dfa-982a-5874e88d6661", "value": "579b88cfd43c4628855920abc120bcde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746571944", "to_ids": true, "type": "sha1", "uuid": "7c232336-c5ce-445c-98b5-5a9582d5a3a6", "value": "34dc6654fbc91732e0ca098f31c0cb5b3e5215b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746571944", "to_ids": true, "type": "sha256", "uuid": "d239a433-787c-4eec-96ee-865a987e1225", "value": "27ccd12206d185bf3297df288febf7d47b93ccdc6ec0e5c389ae30da8cac4bf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746571943", "to_ids": true, "type": "ssdeep", "uuid": "73f350e6-7e13-4fad-b392-a80bffbb1d4a", "value": "6144:0RELETXaz01/GMBeMGa5MnMGs3tgi81sWm6pXr9fgyiqH:+ErAGMMnMhq5CNmXrhH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746571943", "to_ids": false, "type": "size-in-bytes", "uuid": "d49f6004-73cb-4e40-a245-f47e57f47ac3", "value": "307200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746571943", "to_ids": true, "type": "vhash", "uuid": "7410584c-988a-4678-9ea8-f3ae518eeba3", "value": "135056651d75555018z49nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746571943", "to_ids": true, "type": "filename", "uuid": "b269eaf1-d5da-484c-b3f1-591943611c30", "value": "27ccd12206d185bf3297df288febf7d47b93ccdc6ec0e5c389ae30da8cac4bf3.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746571943", "to_ids": false, "type": "text", "uuid": "b9552cca-4abc-47dc-b9d2-0a6bd3495b7f", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Filisto.D!dha\nVT Total Detection:60/72\nFirst Submission:2019-04-30T20:41:20.000000+00:00\nLast Submission:2024-10-27T19:13:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814415", "uuid": "cc99b25f-a5af-493e-89e5-3fab44de7baa", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814415", "to_ids": true, "type": "md5", "uuid": "6b9c3ebc-115c-4611-9c56-f0b4aa2ec720", "value": "58a11a79f5a745c45d7b451373535950", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746571965", "to_ids": true, "type": "sha1", "uuid": "250df0b3-cc7d-4421-95e6-5418c77b9a11", "value": "4e34809e2064af2a58b0e712880af8d6d1abdcff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746571965", "to_ids": true, "type": "sha256", "uuid": "b9be22ba-0e4f-4ced-a8c1-a1a990d2edee", "value": "460e11159413b47399aac530433bb00132f54e3859da1f5305977275e37c6153", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746571965", "to_ids": true, "type": "ssdeep", "uuid": "d33bc265-4573-46de-9944-fb9b8afd3355", "value": "3072:YfjnE8XvvXyuDG+xazhyhMNIsXXGf5+jkA9Q:WjnE8gsSwhYIsnGf5+jkA9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746571965", "to_ids": false, "type": "size-in-bytes", "uuid": "abd47ec1-390d-47b8-8a50-e63d89673d84", "value": "170496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746571965", "to_ids": true, "type": "vhash", "uuid": "1f924aaf-0eba-473a-92d2-93ac3d259760", "value": "11506666555d75056018z43nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746571965", "to_ids": true, "type": "filename", "uuid": "9d335361-5069-4a89-a9a9-8e80044a7bac", "value": "460e11159413b47399aac530433bb00132f54e3859da1f5305977275e37c6153.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746571965", "to_ids": false, "type": "text", "uuid": "4a55a336-a4f0-4f5e-8c00-48bcf73c82cd", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Filisto.D!dha\nVT Total Detection:58/72\nFirst Submission:2017-10-17T02:19:19.000000+00:00\nLast Submission:2024-10-27T19:14:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814437", "uuid": "cc849e46-752f-4f5d-ac8d-38e579eb7d2f", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814437", "to_ids": true, "type": "md5", "uuid": "3a6f285c-1391-425d-8e4b-b1c66fa25d65", "value": "8a324544c203fb2284282b5b634c6651", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746571986", "to_ids": true, "type": "sha1", "uuid": "c3920e57-2df9-4bd8-a484-6de73483bfef", "value": "c1f6827fd235dca71484c13d482edefc21049de1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746571986", "to_ids": true, "type": "sha256", "uuid": "88479e74-8c75-4328-ab46-d105a817565e", "value": "5174d45c4e64c5e6abe6639a6a1d6f64bb48b4fb0efdad2b0ea708be7cb82fce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746571986", "to_ids": true, "type": "ssdeep", "uuid": "c3d7ce7e-1b52-423c-89da-5f9359f80a33", "value": "3072:CaaUXzuSpIl/D6+o97eQNF0RRRl12PIfs33ou0LTs2oSg:JaUX71X0R512PI00XRoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746571986", "to_ids": false, "type": "size-in-bytes", "uuid": "39988175-d3f2-4d64-9bab-74c795e05a77", "value": "171008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746571986", "to_ids": true, "type": "vhash", "uuid": "8e704ce3-d528-484c-8cd9-de997e43521a", "value": "11506666555d75056018z46nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746571986", "to_ids": true, "type": "filename", "uuid": "d3edd321-47bb-43c4-b4d9-86cd5ff6f974", "value": "5174d45c4e64c5e6abe6639a6a1d6f64bb48b4fb0efdad2b0ea708be7cb82fce.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746571986", "to_ids": false, "type": "text", "uuid": "4501649d-584e-41e4-b919-09eed8fed61b", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.B!dha\nVT Total Detection:58/72\nFirst Submission:2017-07-05T03:16:41.000000+00:00\nLast Submission:2024-10-27T19:15:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814458", "uuid": "bb39ab86-b823-4f31-9d17-b9b6b8846687", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814458", "to_ids": true, "type": "md5", "uuid": "19db8026-20a0-4e5e-827b-0301afd68e7c", "value": "4d2ee532a6d5abf2a9a8125f8d05d16b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572008", "to_ids": true, "type": "sha1", "uuid": "325b276c-aaf3-4dd5-9f60-105dd1e599f7", "value": "8c03fa1094bff6789276e425b2b3712fc7fc16eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572008", "to_ids": true, "type": "sha256", "uuid": "86ec2342-7af4-4006-b8df-fecbacce5917", "value": "523f28a364858bd7bb65de7c9e94bbdfbbdb9fe800421c990226662e293a05ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572007", "to_ids": true, "type": "ssdeep", "uuid": "7bf5c042-681c-4b1f-9feb-2134a50e55df", "value": "3072:b06cGJPBbcDUKuD0+SlerOVqzFlAxmdEjOJ8cZPtI3rRVvdTft1v4tjtIcbkM:46cGJpbgHvgOVYqOkKRtEV5dDQXbk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572007", "to_ids": false, "type": "size-in-bytes", "uuid": "871441b6-cf4e-426c-bc5e-ca4a6f14684e", "value": "227328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572007", "to_ids": true, "type": "vhash", "uuid": "e6ad1151-792b-403b-bd44-a801b9be565a", "value": "12505666555d756018z48nz1ez2" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 03/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572007", "to_ids": false, "type": "text", "uuid": "b7bffa1a-1367-4429-84dc-dcbe17fa0960", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Filisto!rfn\nVT Total Detection:59/72\nFirst Submission:2019-05-07T02:19:29.000000+00:00\nLast Submission:2025-05-02T09:36:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814479", "uuid": "13253218-88dc-4713-b4ee-3f10f679f376", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814479", "to_ids": true, "type": "md5", "uuid": "277d01e1-7271-4cc1-ad59-cf5d8e6f2346", "value": "f0fd91666ad932a98e913ec6bf35598b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572029", "to_ids": true, "type": "sha1", "uuid": "f6b39281-6862-4b66-bc87-ae2dcd2d8f92", "value": "4ffbff02bcc3455a5b0e6b3fb8a535ff12c2cab9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572029", "to_ids": true, "type": "sha256", "uuid": "e3ec0966-cb5e-460c-8434-f016dda3738f", "value": "76a309691661ed67808a9c438815e9a282495e2e8e0055f2fe40e42bcf002dab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572028", "to_ids": true, "type": "ssdeep", "uuid": "791f22b5-d2c8-4d3c-a8d1-1626ce482db1", "value": "6144:pkTeLeujugEaEAdNEL2wImprsDS89nme+6oiLDh:pji0RNEywImproLJme+6x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572028", "to_ids": false, "type": "size-in-bytes", "uuid": "131eec88-1eb1-49e9-ada3-30befc6464da", "value": "260608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572028", "to_ids": true, "type": "vhash", "uuid": "a998940c-cbab-4a53-ac39-39903ceaa0fa", "value": "12506666551d75155018z4cnz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572028", "to_ids": true, "type": "filename", "uuid": "f409bdcf-260a-43a1-9b70-66100cf4a33b", "value": "scsidsc.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572028", "to_ids": false, "type": "text", "uuid": "79de2eb9-b837-4bb3-974c-f46a5b54759a", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Filisto.D!dha\nVT Total Detection:54/72\nFirst Submission:2016-11-02T10:18:50.000000+00:00\nLast Submission:2024-10-27T19:13:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814500", "uuid": "3ede0c8d-5ecc-498b-8df6-60501031baed", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814500", "to_ids": true, "type": "md5", "uuid": "e09f670f-110d-43ad-8dbb-20c023f01553", "value": "59545d3dcf49e230f419583779b705e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572050", "to_ids": true, "type": "sha1", "uuid": "3f4ac436-7fd9-4d6b-a324-ce317a9f6d4b", "value": "277b0de43078b6a009e42194082cd3f0ecc4f816", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572050", "to_ids": true, "type": "sha256", "uuid": "fb9d1191-c9ef-4580-8185-88edcfb465ef", "value": "868f0a1d3764e1c8e03a58caf1d4b8de946671d59b9145e30102ab6540349968", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572050", "to_ids": true, "type": "ssdeep", "uuid": "99721bfc-17ef-48e6-b819-c03ad5231a65", "value": "3072:GsVSkMTbJcrZI5Y75J6m5kuKHMC4JHsK+vONi5v7:GddTFyEa5Jv5rKsFB6LT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572050", "to_ids": false, "type": "size-in-bytes", "uuid": "44fbab83-503e-43f0-b49a-e112dd34943d", "value": "119808" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572050", "to_ids": true, "type": "vhash", "uuid": "42bc21b3-a871-4c8f-92ba-e6702faf432a", "value": "115056651d15555018z49nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572050", "to_ids": true, "type": "filename", "uuid": "9c908c53-8d15-4cb1-aa09-c48efb52e78c", "value": "868f0a1d3764e1c8e03a58caf1d4b8de946671d59b9145e30102ab6540349968.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572050", "to_ids": false, "type": "text", "uuid": "6ff7c329-f2c7-4044-83b3-33c367bfd8d5", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/LotusBlossom!MSR\nVT Total Detection:54/72\nFirst Submission:2019-04-27T18:42:17.000000+00:00\nLast Submission:2024-10-27T19:15:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814523", "uuid": "89ecffea-85aa-4f3c-97ca-818f467c7710", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814523", "to_ids": true, "type": "md5", "uuid": "981fc48e-64cd-4a43-94b7-fc2f57f6d8b3", "value": "bc684adf6c514671f4751051faf6ff1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572071", "to_ids": true, "type": "sha1", "uuid": "c6dad6e0-6137-486c-821f-15c4fa14271f", "value": "f01237061ea376d56a91f29f4b274503d82485da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572071", "to_ids": true, "type": "sha256", "uuid": "3221cdb4-d344-4f9f-be79-adc2ca813e74", "value": "9530d2df7d340c74f061a1bff87bd2720ff11347b09f05cfb16e4dfd198f0168", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572071", "to_ids": true, "type": "ssdeep", "uuid": "b06ce077-466f-4796-adf5-7330dcf2b843", "value": "3072:MPi429dm4+P4iouDW+UyigNWEDD/kxaxGGnq8vpUSCTwZkNjo4cTzl7W:KZ29dmFPYWpNWOD8xa8gq8vpUSAwZ4iQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572071", "to_ids": false, "type": "size-in-bytes", "uuid": "d109afdb-9428-4d8b-9c28-d59e398c2f45", "value": "174592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572071", "to_ids": true, "type": "vhash", "uuid": "52e37557-a1f5-43bc-ba3e-e9e44c289966", "value": "11506666555d75056018z46nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572071", "to_ids": true, "type": "filename", "uuid": "506618b3-5463-45c9-bce8-00df0a771aec", "value": "appinfo.dll.rename" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572071", "to_ids": false, "type": "text", "uuid": "5127ba0d-ce3f-4497-9a00-eb3b37dcfa35", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.B!dha\nVT Total Detection:57/72\nFirst Submission:2016-02-15T03:39:19.000000+00:00\nLast Submission:2024-10-27T19:16:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814544", "uuid": "4aa2f0ea-af38-457f-9a51-4a9f0264ec6a", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814544", "to_ids": true, "type": "md5", "uuid": "b2d85934-4a63-45c9-bc57-e0bf527f0734", "value": "e4d5e46b1b968ecbe8a9a00d3b36adb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572093", "to_ids": true, "type": "sha1", "uuid": "5946908b-87f7-4e66-9b5d-74fb2e35808f", "value": "e00c4b19db4fea51242dcd1898ab623a2195ea91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572093", "to_ids": true, "type": "sha256", "uuid": "ab077736-3c56-482d-954b-577169581930", "value": "9fd88a5d30fa36d8353cad6ea8b5f867429d39652bf85473de31c39466435775", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572093", "to_ids": true, "type": "ssdeep", "uuid": "efd59225-5e08-4316-b92a-05369f9a95e5", "value": "6144:Y729SNRbdMdEErs/wuQoPzGWBkQ+VnrPK9SnL:9SNRbdM2EAoGqWBkQunrC9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572093", "to_ids": false, "type": "size-in-bytes", "uuid": "9535ecd8-280d-4453-a51d-eea45ccf8592", "value": "230400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572093", "to_ids": true, "type": "vhash", "uuid": "cc13ce2e-8729-4096-b332-cc4ef6b8b88c", "value": "125056655d75556018z47?z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572093", "to_ids": true, "type": "filename", "uuid": "28e7f1d1-bdee-428b-9b1c-234527fda30d", "value": "1002-e00c4b19db4fea51242dcd1898ab623a2195ea91" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572093", "to_ids": false, "type": "text", "uuid": "966e6bca-c7bf-4b1d-8a4e-03f299413951", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.B!dha\nVT Total Detection:58/72\nFirst Submission:2017-12-21T12:28:53.000000+00:00\nLast Submission:2024-10-27T19:12:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814566", "uuid": "b6975c52-7cd6-482e-adf9-0c862dbe0db9", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814566", "to_ids": true, "type": "md5", "uuid": "c5c4195a-267c-45c5-a019-6bd833e5ed72", "value": "41cc3eb12a41e5b2e74034abed86bf22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572114", "to_ids": true, "type": "sha1", "uuid": "9c7f9b88-8304-4942-84fc-72f465eff809", "value": "5f67e9d2523558c0fef56af470995b24ae7a3090", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572115", "to_ids": true, "type": "sha256", "uuid": "041e411b-ff2e-413a-a758-1eb9896a7545", "value": "c0be532e9fb71e0462f9bfdc8754df320be960b9d510a0b3b6d6cf128c537658", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572114", "to_ids": true, "type": "ssdeep", "uuid": "7e7e0140-e671-4e5a-9c57-79eaaa4be4a6", "value": "3072:gu00SdzcXlHSiDq+Z3ltievwhYPOLLwkSpEDb9zwxJhk7X5YsYH/9ZVC3GNAH:v0ZdzoEc10UULLwNCDbcPkDwU3e6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572114", "to_ids": false, "type": "size-in-bytes", "uuid": "a48ff44c-4ba1-4f39-9628-9f03fa871f6b", "value": "229376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572114", "to_ids": true, "type": "vhash", "uuid": "a253ce22-ab11-4c19-89b6-0e7507ff6054", "value": "125046655d756018z47?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572114", "to_ids": true, "type": "filename", "uuid": "84f7b5d2-4fcc-463b-adea-aeade6cb7b26", "value": "c0be532e9fb71e0462f9bfdc8754df320be960b9d510a0b3b6d6cf128c537658.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572114", "to_ids": false, "type": "text", "uuid": "62b12733-b165-403c-9e17-2e53cb317a57", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.B!dha\nVT Total Detection:58/72\nFirst Submission:2017-07-25T10:39:40.000000+00:00\nLast Submission:2024-10-27T19:16:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814587", "uuid": "e841656a-7ad9-4d65-8ddd-64b561512df5", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814587", "to_ids": true, "type": "md5", "uuid": "c136595a-bd72-43a4-81ce-d36422293779", "value": "807a16ed2f3ecc7df4fd121b9a0cc870", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572136", "to_ids": true, "type": "sha1", "uuid": "c9df3e5a-3374-49dc-a248-cd725d8d5ec8", "value": "beb980f59c06c18a188f209ef20fc59c6c052c3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572136", "to_ids": true, "type": "sha256", "uuid": "c794ce36-4ac1-42f6-a26c-38d0cc584f57", "value": "d45ad71497f48d0d2ebff8ecdcafc9e609b550c0ed76d540d7660dc27785d376", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572135", "to_ids": true, "type": "ssdeep", "uuid": "6a1b30b3-a793-48c1-88ac-99ce9a7edd16", "value": "3072:b06cGJPBbcDUKuD0+llerOVqzFlAxmdEjOJ8cZPtI3rRVvdTft1v4tjtIcbkM:46cGJpbgHUgOVYqOkKRtEV5dDQXbk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572135", "to_ids": false, "type": "size-in-bytes", "uuid": "2307c65d-52f0-4613-9820-63a18a8b6d78", "value": "227328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572135", "to_ids": true, "type": "vhash", "uuid": "c14badf4-d089-42a7-be19-420d042d63a3", "value": "12505666555d756018z48nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572135", "to_ids": true, "type": "filename", "uuid": "a70caf38-a6a5-42e8-8965-88c095627f62", "value": "ntmssvcc.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572135", "to_ids": false, "type": "text", "uuid": "8a9bee41-4d04-4bef-afb5-32190f4eef0b", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.A!dha\nVT Total Detection:55/72\nFirst Submission:2016-11-09T02:00:24.000000+00:00\nLast Submission:2024-10-27T19:18:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814608", "uuid": "fbd394f3-ffb1-422c-865a-69b62e98f8df", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814608", "to_ids": true, "type": "md5", "uuid": "40fa6bb0-8157-4f7c-bd34-aa56248c77a3", "value": "2731785bf7f5f839accec4278fa722e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572157", "to_ids": true, "type": "sha1", "uuid": "2da18e66-90d3-4c40-b26a-82668a59f20d", "value": "eee4d39b4f846583bafc30e60eb881be172a7b9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572157", "to_ids": true, "type": "sha256", "uuid": "0990566d-ba10-4ef4-8d5d-6bf7794978a2", "value": "d54de8e0dc2b58b140f8677be3f0ea3c902dc3f3b112c7350aa95a9cbe24a8af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572156", "to_ids": true, "type": "ssdeep", "uuid": "a926122c-db9e-4ed5-9931-469978750085", "value": "3072:anba5bwQ2gYtghzuDu+L0NYrIvAQ+pFi4FwCak6Wdlllabd+OOZ9oRgP6k2G:ca5bw85vvaKCPHxabkoRgeG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572156", "to_ids": false, "type": "size-in-bytes", "uuid": "6a468490-b8a1-4775-a18d-a6ff35a44518", "value": "230912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572156", "to_ids": true, "type": "vhash", "uuid": "b5c739d5-f0ca-48ab-8c72-c472b104f012", "value": "125056655d75556018z47?z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572157", "to_ids": true, "type": "filename", "uuid": "1b7f9a58-d22c-40bb-97a5-1319e34ef27a", "value": "d54de8e0dc2b58b140f8677be3f0ea3c902dc3f3b112c7350aa95a9cbe24a8af.sample" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572157", "to_ids": false, "type": "text", "uuid": "553799f7-9bcb-4804-94d7-2134bb381f82", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.B!dha\nVT Total Detection:57/72\nFirst Submission:2019-04-25T07:47:22.000000+00:00\nLast Submission:2024-10-27T19:18:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814629", "uuid": "c585c066-0af7-4ef1-84bf-3547ebdf4a63", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814629", "to_ids": true, "type": "md5", "uuid": "e435d383-84e8-4e50-b440-9d051c329452", "value": "70d0c5434197529738b9e979247cb1e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572178", "to_ids": true, "type": "sha1", "uuid": "cedfd539-85fe-47e8-9f72-df55020f1ce3", "value": "c40db533ab41c2760b30de238beb723e49f5117b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572178", "to_ids": true, "type": "sha256", "uuid": "e27227de-cb97-41f8-a4ad-4a6e5f2ba0fd", "value": "d7c6aa114df9be3a1e01c196ca44e929821d6a6316f4754b0933189f98af4fc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572178", "to_ids": true, "type": "ssdeep", "uuid": "aa8313ae-06f9-4385-a8a8-459bbd437cd6", "value": "3072:CaaUXzuSpIl/D6+k9meQNF0RRRl12PIfs33ou0LTs2oSg:JaUX75G0R512PI00XRoS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572178", "to_ids": false, "type": "size-in-bytes", "uuid": "26cb25c1-0f08-443c-9955-2a35f2166007", "value": "171008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572178", "to_ids": true, "type": "vhash", "uuid": "8db8f9f4-2be3-4cce-a3f7-7bf1f0665615", "value": "11506666555d75056018z46nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572178", "to_ids": true, "type": "filename", "uuid": "b8da6c49-9267-463b-ae12-46e0d290fe95", "value": "d7c6aa114df9be3a1e01c196ca44e929821d6a6316f4754b0933189f98af4fc7.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572178", "to_ids": false, "type": "text", "uuid": "ab92dc94-375d-4e15-a768-db1a5178b462", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Filisto.B!dha\nVT Total Detection:58/72\nFirst Submission:2017-07-05T03:12:41.000000+00:00\nLast Submission:2024-10-27T19:17:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814651", "uuid": "0ed29083-e34c-44d8-9ce3-e4f1aa1653e4", "Attribute": [ { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814651", "to_ids": true, "type": "md5", "uuid": "5a217341-8317-48e6-b0da-8f63c93ce6ab", "value": "de6eb3d2439988be1c40714b2b825ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572199", "to_ids": true, "type": "sha1", "uuid": "491d97e0-500e-4444-b3ac-f413d8a2e2ce", "value": "c2c538ae3bf18c3235cdbc0a78b42866fe018324", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sagerunex", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572200", "to_ids": true, "type": "sha256", "uuid": "76afc65e-abb5-4dc8-ab23-90a2eacc5971", "value": "fe2046e479289b1013eb394f5b3d7a49a419cb98015add3ead0fa87614fe6e38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572199", "to_ids": true, "type": "ssdeep", "uuid": "feac2367-99bc-4626-abff-9f7e04c00db0", "value": "6144:bgyzTkTz8ehQ7VAJZfsxgQVS1OkMCVNgbpixqy9+5c+ydhOp:MyewOZUOdgbpFy4te+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572199", "to_ids": false, "type": "size-in-bytes", "uuid": "a5a592c9-1640-4f0f-926c-f0221845d9bf", "value": "305664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572199", "to_ids": true, "type": "vhash", "uuid": "31cc469b-fa49-49c3-a834-abd3a44c1b41", "value": "13506666551d75155018z47?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572199", "to_ids": true, "type": "filename", "uuid": "9ed3a819-64d3-47d2-8e11-c6bf270c1932", "value": "fe2046e479289b1013eb394f5b3d7a49a419cb98015add3ead0fa87614fe6e38.dll" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 02/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572199", "to_ids": false, "type": "text", "uuid": "e74f3096-0175-4f09-bafa-2b6e02b10273", "value": "Sagerunex\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Filisto!MTB\nVT Total Detection:62/72\nFirst Submission:2018-08-12T05:38:26.000000+00:00\nLast Submission:2024-10-27T19:23:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814672", "uuid": "0132555e-3e98-44b1-88b1-3af54b0912ab", "Attribute": [ { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814672", "to_ids": true, "type": "md5", "uuid": "ec51a095-21b3-4892-8d88-ea33011e8c1e", "value": "93416de80483dbb6633c9fd473960099", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572221", "to_ids": true, "type": "sha1", "uuid": "a47fe5fb-73f5-4451-9cdf-c6a502be2564", "value": "5e3b1c95a029d1a9adc8a6cbcc07f010ebf8801b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572221", "to_ids": true, "type": "sha256", "uuid": "498b6ea3-0f65-47ba-8cf6-f8f7ea3da002", "value": "3228a0d40222548ea3476b43b13a18ef09f06a4402e3280640ee297533b5a3a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572220", "to_ids": true, "type": "ssdeep", "uuid": "ff23b307-07c4-4a0f-accc-2d0151ac4a70", "value": "1536:HAjDcs/4DjSuaYv5JJ9hGZSKSYzkUgzL3P:YQDj5aWJJX8FSQkUgzL3P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572220", "to_ids": false, "type": "size-in-bytes", "uuid": "57c2d32c-ffda-416b-b2cd-8a69a6b423d4", "value": "146944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572220", "to_ids": true, "type": "vhash", "uuid": "51354a89-17ca-4ed6-9311-b89c527c9cfb", "value": "015056655d1515116za0065bz13z1020019fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572220", "to_ids": true, "type": "filename", "uuid": "372611d5-635d-49ef-9a28-4229d0069e76", "value": "3228a0d40222548ea3476b43b13a18ef09f06a4402e3280640ee297533b5a3a0.exe" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572220", "to_ids": false, "type": "text", "uuid": "9c987513-76b4-494d-8ca2-d6c0a63095c5", "value": "Catchamas\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Catchman!dha\nVT Total Detection:55/72\nFirst Submission:2019-03-24T00:01:24.000000+00:00\nLast Submission:2024-10-27T19:27:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814693", "uuid": "afd12270-402f-4511-be87-db1b66b9661b", "Attribute": [ { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814693", "to_ids": true, "type": "md5", "uuid": "5e6c6ec0-56ac-4062-80a4-b11cd14b6e9c", "value": "4ad36e16bc438ddda1cbdbf452d79fe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572242", "to_ids": true, "type": "sha1", "uuid": "c2bc91c3-5c63-463c-bbca-7d5ef9126f3b", "value": "6f03e10bfd0951860d574b8131aebcd2964b88ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572242", "to_ids": true, "type": "sha256", "uuid": "57dd1228-8ac2-4b30-8119-a6481b3e6897", "value": "6b236d3fc54d36e6dc2a26299f6ded597058fed7c9099f1a37716c5e4b162abc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572241", "to_ids": true, "type": "ssdeep", "uuid": "742366ac-252c-4dda-bcd0-b090af227a76", "value": "1536:2lfrY84TfqenLCFc3FcW74tBnxkJbk1oxZ52s2p5sMXy:kf7UquZREPMbky752Vp5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572241", "to_ids": false, "type": "size-in-bytes", "uuid": "5a8df7a8-2f92-41a1-a3a3-bbcc605f7168", "value": "145920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572241", "to_ids": true, "type": "vhash", "uuid": "b70ddac3-cf17-4367-ab5e-eea67d849711", "value": "015056655d1515116za0062bz13z1020019ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572241", "to_ids": true, "type": "filename", "uuid": "fe824133-dc5c-4b61-8c72-fcc6d1d04d5e", "value": "6b236d3fc54d36e6dc2a26299f6ded597058fed7c9099f1a37716c5e4b162abc.exe" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 14/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572241", "to_ids": false, "type": "text", "uuid": "c523c96e-eedc-4008-a9ae-996d77cd7b15", "value": "Catchamas\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Catchman\nVT Total Detection:61/72\nFirst Submission:2017-12-13T05:45:56.000000+00:00\nLast Submission:2024-10-27T19:27:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814714", "uuid": "c04c9be7-005d-4da6-9617-aaf2a30bb5c2", "Attribute": [ { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814714", "to_ids": true, "type": "md5", "uuid": "e029cbd8-f662-488e-9a91-3ccda338c0c0", "value": "a16b76461d676965535b91aabef85cfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572263", "to_ids": true, "type": "sha1", "uuid": "af523f2e-789f-4223-8224-b703339bda4f", "value": "03cc55f0bce16c778f4006fa2290046e03ec1f4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572263", "to_ids": true, "type": "sha256", "uuid": "2d44c63c-369b-4620-982b-8a51ed84166b", "value": "d9131bf2e2e2a80c319ed6ffbe5c726fe30eac50902705096d2610de52a774e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572263", "to_ids": true, "type": "ssdeep", "uuid": "df369a20-c30e-438a-bd40-d9a211710191", "value": "1536:0B6icHZ5bLb3BSCHqdqy101Zq0U+543pb1cp:73jL/1y83543pbKp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572263", "to_ids": false, "type": "size-in-bytes", "uuid": "3a1321e3-e72c-4ee5-8bd7-41f2f3fec840", "value": "143872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572263", "to_ids": true, "type": "vhash", "uuid": "acbcdbfa-b959-40ac-81b8-b4b7a162632d", "value": "015056655d1515116za0063bz13z1020019fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572263", "to_ids": true, "type": "filename", "uuid": "90e57ab2-370d-413c-850f-dec574f0d003", "value": "a16b76461d676965535b91aabef85cfc.virus" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572263", "to_ids": false, "type": "text", "uuid": "9cd44d70-a0d2-4cd4-ab63-d0ed43847745", "value": "Catchamas\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Catchman!dha\nVT Total Detection:59/72\nFirst Submission:2017-09-15T10:51:21.000000+00:00\nLast Submission:2024-10-27T19:28:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814736", "uuid": "2f26dab9-9e15-48ba-adf7-2d808740839e", "Attribute": [ { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814736", "to_ids": true, "type": "md5", "uuid": "8c68d77b-0a2c-4974-8a45-a1fc59cbde20", "value": "09a40750c3333acb6b94062bdeb9380a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572284", "to_ids": true, "type": "sha1", "uuid": "d2320f76-bde7-4c3d-b8b2-b4e2de86562a", "value": "068ce5d5617a30975a7fec92a3a6c0fb64d8eb1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572284", "to_ids": true, "type": "sha256", "uuid": "1d21a84f-9300-4178-a645-351e796d3723", "value": "f14c9c859e12cf70099af098668f849b2ca0e99de6cc62b8569c230f35e36aa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572284", "to_ids": true, "type": "ssdeep", "uuid": "2dc2fdb2-7c62-4f36-b61c-48a639d89956", "value": "1536:JlfrY84TfqenLCFc3FcW74tBnxkJbk1oxZ5Zs2p5sMXy:Lf7UquZREPMbky75ZVp5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572284", "to_ids": false, "type": "size-in-bytes", "uuid": "b322c5fa-cec9-421d-8af8-968d05cafe36", "value": "145920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572284", "to_ids": true, "type": "vhash", "uuid": "84b174c3-66e8-4ac2-97c4-7dc8b73ae472", "value": "015056655d1515116za0062bz13z1020019ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572284", "to_ids": true, "type": "filename", "uuid": "aa9fe830-cdb2-4cc9-b87a-aaecfc1d8e97", "value": "malware.bin" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572284", "to_ids": false, "type": "text", "uuid": "90cbcc12-437c-4bc6-9274-0be1d8aab262", "value": "Catchamas\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Catchman\nVT Total Detection:61/72\nFirst Submission:2017-08-21T14:38:48.000000+00:00\nLast Submission:2024-10-27T19:29:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814757", "uuid": "191e9a2a-269d-4f7d-9276-66543c401872", "Attribute": [ { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814757", "to_ids": true, "type": "md5", "uuid": "4452de95-b56a-4b91-8d92-34bdccc57b11", "value": "f7f252ae6fe54eb826d35c5e5a8b4c12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572306", "to_ids": true, "type": "sha1", "uuid": "f75590a0-cfc2-4c1b-a6fb-795d76dfbd84", "value": "1a5a383d0006e59de6a3237b82ebc0d5c8f460bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572306", "to_ids": true, "type": "sha256", "uuid": "424e8a3e-7e62-4f19-b687-e9040315e20f", "value": "0fb583b98cb73bd1bda1d60398fc6587a9541fff43d4db6dd172b853dcac1b17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572305", "to_ids": true, "type": "ssdeep", "uuid": "b61f16c3-6b5c-452b-8ea3-540025c0a81d", "value": "1536:0B6icHZ5bLb3BSCHqdqy101Zq0U+543pb1cp:73jL/1y83543pbKp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572305", "to_ids": false, "type": "size-in-bytes", "uuid": "dd4036e0-0fa8-49b6-8cf5-a6a4a0a39db0", "value": "143872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572305", "to_ids": true, "type": "vhash", "uuid": "586158fa-8781-47af-8ff3-590d11c59c79", "value": "015056655d1515116za0063bz13z1020019fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572305", "to_ids": true, "type": "filename", "uuid": "4fc6b4a9-0abd-442d-8cae-479b31c80a66", "value": "f7f252ae6fe54eb826d35c5e5a8b4c12-pe" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572305", "to_ids": false, "type": "text", "uuid": "4d658357-6869-4fd6-90ae-0c2f5ef212d4", "value": "Catchamas\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Catchman!dha\nVT Total Detection:61/72\nFirst Submission:2018-09-17T18:13:55.000000+00:00\nLast Submission:2023-01-08T20:00:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814778", "uuid": "4cfc9631-d307-44bc-873c-f7799ccd0c8f", "Attribute": [ { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814778", "to_ids": true, "type": "md5", "uuid": "5483be20-77ae-483f-b6e8-c392e6bffb92", "value": "3232ff20fb600768cadfe040792bbe5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572327", "to_ids": true, "type": "sha1", "uuid": "7be93c1b-dd2a-4e5d-b11c-3050c7acff90", "value": "466728f8d8fb7a9cca1b313012038ea4cbb1b64f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572327", "to_ids": true, "type": "sha256", "uuid": "8c71afb2-e593-4a3c-820a-d26419b9250f", "value": "6b01d376b355c56ede966ccf5cca6c8d5616962e67bbf0ddbf7ad395d117fdee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572327", "to_ids": true, "type": "ssdeep", "uuid": "3f6db7d0-3a2f-4ab5-b81c-3127a55041c9", "value": "1536:aaklUtK7joTo/b3+iC+q4Nrt4+54WpzvDx:jRMUo/SartB54Wpz7x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572327", "to_ids": false, "type": "size-in-bytes", "uuid": "3ce50119-b362-4491-825b-68d1d4873ea3", "value": "143872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572327", "to_ids": true, "type": "vhash", "uuid": "d38aa4ca-9989-4c58-a102-c3053cf2d7ab", "value": "015056655d1515116za0063bz13z1020019fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572327", "to_ids": true, "type": "filename", "uuid": "c888b964-9ce2-40da-b4c8-fb5cf0864275", "value": "6b01d376b355c56ede966ccf5cca6c8d5616962e67bbf0ddbf7ad395d117fdee.exe" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 01/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572327", "to_ids": false, "type": "text", "uuid": "153c644a-e1a4-4ec2-aa54-e70bb57c17d2", "value": "Catchamas\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Catchman!dha\nVT Total Detection:55/72\nFirst Submission:2018-07-11T02:14:33.000000+00:00\nLast Submission:2024-10-27T19:26:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814799", "uuid": "2aeba179-da59-4477-a711-12d0667d0b3d", "Attribute": [ { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814799", "to_ids": true, "type": "md5", "uuid": "9fe5cf5b-fae8-4610-b3ac-3bb898c85dc5", "value": "e544a4d616b60147d9774b48c2b65ef2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746572348", "to_ids": true, "type": "sha1", "uuid": "be90f717-eb75-444d-a0d7-2c10a09599b6", "value": "883311c486bf5919c5d64bc362f793027a0ca699", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Catchamas", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746572348", "to_ids": true, "type": "sha256", "uuid": "9955f2f9-db9c-491c-813c-aba9414b6b39", "value": "db921a575fa7fd4b0c1b405a54f77d10c73eb1cb1384a27d584d7323e72938b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746572348", "to_ids": true, "type": "ssdeep", "uuid": "fc830b3e-7cbf-41d1-af4e-0e64786bd81c", "value": "1536:oEqUl6Myh5/cztn+Pb3OiCOq4t7iB+54bp/:cGyhN++Piq7iw54bp/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746572348", "to_ids": false, "type": "size-in-bytes", "uuid": "3a6ba877-270a-461a-bb7a-f6740d6375de", "value": "143872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746572348", "to_ids": true, "type": "vhash", "uuid": "cc4d151d-e943-4ee9-b962-2e44defabd09", "value": "015056655d1515116za0063bz13z1020019fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746572348", "to_ids": true, "type": "filename", "uuid": "8f8f5021-e465-4499-9b0d-53bce423c777", "value": "test.exe" }, { "category": "Other", "comment": "Checked: 07/05/2025\nLast-scan\t: 05/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746572348", "to_ids": false, "type": "text", "uuid": "b7c00fcc-bf59-48dd-9edb-84ee4ec974e0", "value": "Catchamas\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Catchman!dha\nVT Total Detection:45/72\nFirst Submission:2018-01-15T11:59:38.000000+00:00\nLast Submission:2024-10-27T19:28:55.000000+00:00" } ] } ] } }