{ "Event": { "analysis": "1", "date": "2024-05-22", "extends_uuid": "", "info": "[Threat Intel] Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea", "protected": false, "publish_timestamp": "1780041935", "published": true, "threat_level_id": "2", "timestamp": "1780041934", "uuid": "cb8ca269-00c8-4df9-903d-3aeb20d0573a", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Bitdefender\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Unfading Sea Haze\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Brunei\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ghost RAT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SilentGh0st\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1100\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770860087", "to_ids": false, "type": "link", "uuid": "6cfa251c-786a-43ce-af8e-20a27e5f3333", "value": "https://www.bitdefender.com/en-us/blog/businessinsights/deep-dive-into-unfading-sea-haze-a-new-threat-actor-in-the-south-china-sea" }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866243", "to_ids": true, "type": "md5", "uuid": "963ab796-3474-42fd-84f0-562f9f7b4e1a", "value": "cb95ad8fad82eac1c553cd2d7470100b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilentGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866244", "to_ids": true, "type": "md5", "uuid": "50c1cb81-c77d-43fc-a7e3-8391865631dc", "value": "19dbf2d82f6f95a73f1529636e775295", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TranslucentGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866245", "to_ids": true, "type": "md5", "uuid": "7f67f727-2502-45e4-986e-1534209a355a", "value": "e7433f8a0943a6025d43473990ec8068", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Network Scanner No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866246", "to_ids": true, "type": "md5", "uuid": "ab5a7b70-2dc4-458d-a972-b79b947434bd", "value": "ac7b8524098cbb423619706ff617b6a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilentGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866247", "to_ids": true, "type": "md5", "uuid": "6c434a05-21ea-4588-8337-6fff90a87412", "value": "95701a74b6b3de68fc375cd08ae8d2c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WPD USB monitor tool No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866248", "to_ids": true, "type": "md5", "uuid": "cf1cb238-c093-4420-966b-8062cde2f3b2", "value": "7e10d7dd09f5ee2010990701db042f11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866249", "to_ids": true, "type": "md5", "uuid": "f9f40e40-566c-4ac9-be4a-6d01b9120970", "value": "a5af41fda8ef570fda96c64a932d4247", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SharpJSHandler, OneDrive variant No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866251", "to_ids": true, "type": "md5", "uuid": "9f5d86f8-c8db-4cba-ba8a-8dbd37e6035c", "value": "5421e3cef32e534fa74a26df1c753700", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866252", "to_ids": true, "type": "md5", "uuid": "e241064b-b85e-44b4-aad0-ea1a3396d0e4", "value": "2c45c1c35c703bb923b558343f00ea34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866253", "to_ids": true, "type": "md5", "uuid": "51e5c4e0-8f0b-4cc5-a0e6-0831c0e61e37", "value": "69310040e872806cb2b00d3addb321a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SharpJSHandler No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866253", "to_ids": true, "type": "md5", "uuid": "f467864f-2377-49d4-9cd4-26df58d3e1a2", "value": "35623ba9f8fcbcf0fce96aa2465b0b66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866254", "to_ids": true, "type": "md5", "uuid": "b12232b9-ef51-423b-bdc1-d4138ca2dbb4", "value": "828faccaaf8e70be1c32ae5588d3df12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866255", "to_ids": true, "type": "md5", "uuid": "e0fb8930-cf5f-4ad8-8b0e-df064b8706e0", "value": "4ec62fdd3d02bc9b81a8c78910b8463a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SharpJSHandler DropBox variant No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866256", "to_ids": true, "type": "md5", "uuid": "816daa8e-e903-4f65-9d06-abb06b541b55", "value": "cff31de1b28f6b00d13d15c2be08a982", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866257", "to_ids": true, "type": "md5", "uuid": "57357313-17a5-4f86-b881-3cc6fe34df37", "value": "7ff8a134c1ee44c915339a74e4a2d3ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st .NET variant No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866258", "to_ids": true, "type": "md5", "uuid": "73147fe5-fa7f-4ef4-8b13-053700fd73d4", "value": "0dd4603f7c3a80a2408e458fe58b2e60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TranslucentGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866258", "to_ids": true, "type": "md5", "uuid": "9006f06f-6d9a-4f7e-8de6-69456a02df7b", "value": "11c7f264184ed52df4a3836a623845c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866259", "to_ids": true, "type": "md5", "uuid": "10813c58-bf67-4363-b022-e0c1f5bb4c8b", "value": "55a246ace9630b31c43964ebd551e5e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866260", "to_ids": true, "type": "md5", "uuid": "371496d6-83ca-4878-9f65-eb66697a1d25", "value": "8c31532f73671995d7f3b6d5814ba726", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TranslucentGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866261", "to_ids": true, "type": "md5", "uuid": "b959cf05-d24f-47d0-85ed-cc4457a0ae57", "value": "5268206fb6c96f614f67cd5d686f42af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866262", "to_ids": true, "type": "md5", "uuid": "53d68eb0-781c-400c-808b-8616d7fd230a", "value": "cf2f7331a04bb9cd47b58a5c80d4c242", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866263", "to_ids": true, "type": "md5", "uuid": "73aa043d-89e7-40b7-b6f9-e0fcf8b186a1", "value": "3d87f0bd243cff931bb463fce1d115e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866264", "to_ids": true, "type": "md5", "uuid": "3560dc34-11da-4dec-8ef1-ebe718eb4fed", "value": "98de3eeda1adefec31d3e3f00079dd2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866264", "to_ids": true, "type": "md5", "uuid": "b66ae360-c9fc-426e-8998-ff5c86223fc3", "value": "b04d9dba3bc922a33c1408d4fbf80678", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SerialPktdoor loader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866266", "to_ids": true, "type": "md5", "uuid": "653b92b6-8cc1-4193-ab8e-167e0af13e40", "value": "35a307b73849a3d7a7cd603a0c4698f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866266", "to_ids": true, "type": "md5", "uuid": "7b1ceea9-6a8b-4482-b46c-c1dee7dd8395", "value": "3d879bc2fb28c5abbcd6e08b6e5dc762", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Xkeylog keylogger No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866267", "to_ids": true, "type": "md5", "uuid": "7757e77c-33b5-4ecc-accb-85a5c06af12b", "value": "7aba74bfbf5cb068fb52e8813c40f4cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866268", "to_ids": true, "type": "md5", "uuid": "362bfa8c-da75-40b8-bf0e-5462205d9198", "value": "510c36c9061778d166e23177a191df35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious C# script No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866269", "to_ids": true, "type": "md5", "uuid": "2d42dff0-c3f2-468f-956b-5d8be8b0761c", "value": "b6cd3d88a6d6886718b6113147a99901", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious C# script No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866270", "to_ids": true, "type": "md5", "uuid": "3832d064-4bd2-4ee5-a994-8110c03b2de3", "value": "1179f589791c2eaa1ae33f38e62753d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866271", "to_ids": true, "type": "md5", "uuid": "d445c0dd-b5f9-4a17-ab25-795f9268eff7", "value": "0b744f9d38e125cd4fe14289272ac0e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866272", "to_ids": true, "type": "md5", "uuid": "a367068e-c066-4d1a-bf42-3b824c23f6e7", "value": "960a964cab127c4f3c726612fdeaeb08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866273", "to_ids": true, "type": "md5", "uuid": "01ce4965-a8a5-4e62-a55f-8225f0ef5b9f", "value": "1d2185c956a75a8628e310a38dea4001", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866274", "to_ids": true, "type": "md5", "uuid": "115a2243-7e13-47ea-a079-19b577069a3e", "value": "7169179cc18e6aa6c2c36e4bee59f63d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866275", "to_ids": true, "type": "md5", "uuid": "3c759862-859e-4e29-9b03-c090122391b0", "value": "cf398f9780de020919daad9ca4a27455", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Xkeylog keylogger No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866277", "to_ids": true, "type": "md5", "uuid": "c88e178b-c812-434e-99c9-39d3768f2aad", "value": "96a43d13fd11464e9898af98cc5bb24b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866277", "to_ids": true, "type": "md5", "uuid": "2c12317e-c63a-4598-aa95-f623d3448ce0", "value": "14a88779c7e03ecfc19dd18221e25105", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hid.dll loader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866278", "to_ids": true, "type": "md5", "uuid": "7ed30153-3c05-4dc2-a910-127c1ea8065c", "value": "2bf96bd44942ca8beed04623a1e19e24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hid.dll loader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866279", "to_ids": true, "type": "md5", "uuid": "f3a50e32-7398-4958-9099-02a8be822582", "value": "fabdf1094b49673bc0f015cbb986bad5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866280", "to_ids": true, "type": "md5", "uuid": "ce8c6330-ec28-4d2a-9860-3cdfe3c6dc71", "value": "00bcbeb6ffdadc50a931212eff424e19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Xkeylog keylogger No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866282", "to_ids": true, "type": "md5", "uuid": "c57a4730-dd6a-4b0d-bc8f-1e101e8d6958", "value": "e5fc13c39dd81e6de11d1c211f4413ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hid Dropper No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866283", "to_ids": true, "type": "md5", "uuid": "a804cb84-23ed-45c6-84c2-d5cb049e1173", "value": "9425f9f7cc393c492deb267c12d031c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866284", "to_ids": true, "type": "md5", "uuid": "a8f6e66d-fe87-45ed-afb8-dad4d4166a77", "value": "551bda0f19bf2705f5f7bd52dcbc021f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866285", "to_ids": true, "type": "md5", "uuid": "bb309688-3873-40a3-a64d-c81a103d0dc4", "value": "654163ab9002bd06f68a9f41123b1cd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866286", "to_ids": true, "type": "md5", "uuid": "35225b6f-e1ac-4c14-97cb-63fe9c1ccafe", "value": "fda22f52f0d3a81f095a00810a3dd70a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866286", "to_ids": true, "type": "md5", "uuid": "d9522679-3b82-4e1e-80be-c53a10d9cf48", "value": "cf5f2e3e1ce82e75a2d0885af5efa1ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866288", "to_ids": true, "type": "md5", "uuid": "8203c137-f5d6-4f7a-a065-e522c3faf649", "value": "3631001b60bdf712e6294d40ec777d87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866289", "to_ids": true, "type": "md5", "uuid": "6fc0050c-0923-48a5-9bb1-808231086454", "value": "4e470ea6d7d7da6dd4147c8e948df7c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866290", "to_ids": true, "type": "md5", "uuid": "7afbc739-6ce3-414c-9eaf-51b1fa476600", "value": "73daf06fed93d542af04d59a4545fab0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866291", "to_ids": true, "type": "md5", "uuid": "e8a818de-d3ca-4501-a330-9f7b7af19471", "value": "100c461d79471c96eba20c8eae35c5ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866292", "to_ids": true, "type": "md5", "uuid": "47bfbaac-d8cc-4049-a53c-5cf26cfccf39", "value": "40466fd795360ac4270751d8c4500c39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866293", "to_ids": true, "type": "md5", "uuid": "dc53898b-9492-439e-a1e2-c473a38c9a08", "value": "cb9e6fa194b8fa2ef5b6b19e0bd6873e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Eventlog info extractor No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866294", "to_ids": true, "type": "md5", "uuid": "1cf0e11c-6419-4a16-a2bc-ca9a2b0a13c1", "value": "af215f4670ae190e699c27e5205aadee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866295", "to_ids": true, "type": "md5", "uuid": "b1504a01-3503-4295-ad96-00222083f269", "value": "39d43f21b3c2b9f94165f5257b229fb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866296", "to_ids": true, "type": "md5", "uuid": "c9bfa2cd-0446-4aa3-8a81-17f81e86d491", "value": "3dc8d8a70cc60a2376ce5c555d242cf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866297", "to_ids": true, "type": "md5", "uuid": "5a27265c-b19c-420f-af8d-5c70ade53031", "value": "6f01bed0b875069ec5b9650e6d8c416f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866298", "to_ids": true, "type": "md5", "uuid": "e60b1085-60b7-4fea-b140-194b6c7d18b0", "value": "5f8f9269bcd52ef630bc563b83059b77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866299", "to_ids": true, "type": "md5", "uuid": "5bcdd427-4c23-4d86-b409-0f9568103a7b", "value": "fa93aec0018c5e3d1d58b76af159bb82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866300", "to_ids": true, "type": "md5", "uuid": "1359446b-5fd3-428d-bcdb-9618be6be36f", "value": "846838327cda19b4415afd5b352c95df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866302", "to_ids": true, "type": "md5", "uuid": "3090f321-edcf-4fc2-a567-c0891a5509b9", "value": "17303b1a254abb9ed0795f7d9b51b462", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866302", "to_ids": true, "type": "md5", "uuid": "c6e0e505-126f-4041-82d2-2a3edd292937", "value": "3decde2a91f52255dd97eaafc2666947", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866303", "to_ids": true, "type": "md5", "uuid": "fcdb398c-28d6-49fe-b532-9414d95854fa", "value": "b98e54d01a094bb6b83eff06a8cf49d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866304", "to_ids": true, "type": "md5", "uuid": "9557ea1d-1ce5-4fca-9118-d66a1aeb8ad6", "value": "b1a886f8904d90ad28fce0dc0dc9df93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866306", "to_ids": true, "type": "md5", "uuid": "fa7b2c14-8358-4517-bfe1-160248400a91", "value": "5800fff782c36df785dad1d0a34ad418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SerialPktDoor loader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866307", "to_ids": true, "type": "md5", "uuid": "338a633e-5e2f-4831-8a12-4afdf939f358", "value": "6c49738668ca7c054f0708ecc3b626c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866308", "to_ids": true, "type": "md5", "uuid": "b5e5dcf0-48b9-4d34-b713-7f4ec1efe0c4", "value": "d9a452c1c06903fafa4dc4625b2c2d9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FluffyGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866309", "to_ids": true, "type": "md5", "uuid": "b9993179-2078-438b-9f36-64fdebb4ab56", "value": "91017ad856cff5f0cb304ea2a3ae81c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866310", "to_ids": true, "type": "md5", "uuid": "c0248421-2b36-4166-90ca-64f98cb0a47a", "value": "f54bed43b372997f3bafe5c67c799e73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866312", "to_ids": true, "type": "md5", "uuid": "7d91ec3e-d134-4b39-bd63-d71e23f34ecb", "value": "cd0b810751eb2a1470e44f7f6660d5f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Network scanner No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866313", "to_ids": true, "type": "md5", "uuid": "1ad02772-3b57-4930-af8c-e9e1dc034dce", "value": "80fb9865209f8d8d1017c8151c79ef74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866314", "to_ids": true, "type": "md5", "uuid": "06fb6afb-7415-480f-be16-6ad2583d9e18", "value": "c8c890cf8d61cab805e9ef0a4471579a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866315", "to_ids": true, "type": "md5", "uuid": "eb65c0f3-735b-403b-83fd-090ac6238277", "value": "0f4d06cedc93c7784580a3a7c4ad2fb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "InsidiousGh0st go variant No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866316", "to_ids": true, "type": "md5", "uuid": "61e77f05-fe74-49a8-8109-917a8ee6853c", "value": "c182b3e659a416fe59f3613c08a8cffb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SharpZulip No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866317", "to_ids": true, "type": "md5", "uuid": "2f2bf8f2-5720-442a-8f95-ed6e1b1cbf97", "value": "942086934f4dd65c3e0158c9b8d89933", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866318", "to_ids": true, "type": "md5", "uuid": "5e3878b7-8b92-46d4-9c9d-99288431f993", "value": "e3fb4c2d591a440cfe6419f5a9825e84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EtherealGh0st No sample in VT\r\nLast check:12/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1770866319", "to_ids": true, "type": "md5", "uuid": "ea68564c-1928-4a80-b8ca-45d445ae8ae7", "value": "4b68c803db1b4222292adba3b2a1a037", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770861203", "to_ids": false, "type": "comment", "uuid": "f5e90c91-834f-46bb-8fb7-2b95ceeffd13", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240522-Unfading-Sea-Haze/240522-Unfading-Sea-Haze.png" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770867985", "to_ids": true, "type": "hostname", "uuid": "018dc4de-9b5f-4ab6-8286-efd23cb28c6a", "value": "upupdate.ooguy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868007", "to_ids": true, "type": "hostname", "uuid": "4fd16be5-b24f-4388-8073-b7fbdcbb06e7", "value": "fc.adswt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868028", "to_ids": true, "type": "hostname", "uuid": "1bb2dde5-e2a4-4d0e-996f-ab1e52482bb0", "value": "mail.simpletra.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868049", "to_ids": true, "type": "hostname", "uuid": "e53592c7-38e0-46aa-bb1c-5b0d34151ab0", "value": "mail.adswt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868071", "to_ids": true, "type": "hostname", "uuid": "3485366e-e2c1-4cf0-940b-d96b75a257d5", "value": "api.simpletra.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868092", "to_ids": true, "type": "hostname", "uuid": "3e2315c4-36d2-45a2-a1cf-f53daf5447e6", "value": "bit.kozow.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868115", "to_ids": true, "type": "hostname", "uuid": "d2d217e0-2998-46c5-944c-d9d849e5e7b1", "value": "mail.pcygphil.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868136", "to_ids": true, "type": "hostname", "uuid": "87545e54-c730-475a-a65c-4c7b999b624b", "value": "mail.bomloginset.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868158", "to_ids": true, "type": "hostname", "uuid": "49105bbd-a68d-427f-b3c3-e5e7c2051020", "value": "dns-log.d-n-s.org.uk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868180", "to_ids": true, "type": "hostname", "uuid": "a7fc7da8-e3bb-4ddf-a7c5-576d020880e4", "value": "linklab.blinklab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868201", "to_ids": true, "type": "hostname", "uuid": "11e933a2-b2ff-4d2a-83d5-031c799ba106", "value": "link.theworkguyoo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868223", "to_ids": true, "type": "hostname", "uuid": "bf8ba320-8688-4e49-9cbc-58bce7903c51", "value": "mail.theworkguyoo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868244", "to_ids": true, "type": "hostname", "uuid": "7d9c6704-0dd3-4932-a306-f667e2e65e9e", "value": "sopho.kozow.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868265", "to_ids": true, "type": "hostname", "uuid": "cf52db3c-09d6-44b6-bc90-0b6d4400e068", "value": "news.nevuer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868287", "to_ids": true, "type": "hostname", "uuid": "06553a29-eb57-484c-8655-dc88ee13a15f", "value": "payroll.mywire.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868308", "to_ids": true, "type": "hostname", "uuid": "ba9f425c-9f85-40a7-8467-70f2437afe59", "value": "employee.mywire.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868330", "to_ids": true, "type": "hostname", "uuid": "fc42e5f5-bb69-4515-a2a4-1eb333d828c3", "value": "airst.giize.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868352", "to_ids": true, "type": "hostname", "uuid": "89a30184-402c-4bd6-b9fd-3f5c2e64bcf7", "value": "cdn.g8z.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868374", "to_ids": true, "type": "hostname", "uuid": "f08b4279-8306-4c14-b1ff-91fb968bdc42", "value": "manags.twilightparadox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868395", "to_ids": true, "type": "hostname", "uuid": "e764ce53-2293-40a3-bc2a-8642bc92cec2", "value": "dns.g8z.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868416", "to_ids": true, "type": "hostname", "uuid": "9f86a269-f37b-4b68-89ce-081cbac0e52a", "value": "message.ooguy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868437", "to_ids": true, "type": "hostname", "uuid": "8447e8eb-3456-45e6-a7bd-3e08b2558067", "value": "spcg.lunaticfridge.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868459", "to_ids": true, "type": "hostname", "uuid": "6b067ebc-bf65-4693-8716-564431922550", "value": "helpdesk.fxnxs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868480", "to_ids": true, "type": "hostname", "uuid": "111db384-d5b9-4693-bbf3-1b4cc94b11cf", "value": "newy.hifiliving.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868501", "to_ids": true, "type": "hostname", "uuid": "5c07e13d-f9d9-4cc1-89ae-e2d3c801af09", "value": "images.emldn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868523", "to_ids": true, "type": "hostname", "uuid": "36ea8417-d4b3-4a3b-b377-b0324646cb98", "value": "word.emldn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868544", "to_ids": true, "type": "hostname", "uuid": "14fbe5c2-5165-4a2d-888c-c5bbc56fc70e", "value": "provider.giize.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868565", "to_ids": true, "type": "hostname", "uuid": "60fdaf9f-3875-4e6b-b65c-49c4574ae425", "value": "rest.redirectme.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868587", "to_ids": true, "type": "hostname", "uuid": "f78698d8-38db-4a7f-a159-9acb9670f9e7", "value": "api.bitdefenderupdate.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041916", "to_ids": true, "type": "ip-dst", "uuid": "b7ad3ff1-2fd5-48dc-94ed-80012c2146b3", "value": "167.71.199.105", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041917", "to_ids": true, "type": "ip-dst", "uuid": "f7c10be3-9e4d-426a-96f9-d659c3d0a2b2", "value": "188.166.224.242", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041919", "to_ids": true, "type": "ip-dst", "uuid": "efa01704-3bf5-4de3-9b26-0fd1ad197532", "value": "159.223.78.147", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041920", "to_ids": true, "type": "ip-dst", "uuid": "14ca7c4d-5b1c-417e-8936-62deea339913", "value": "128.199.166.143", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041922", "to_ids": true, "type": "ip-dst", "uuid": "24b083ff-1370-4fd4-b8b7-d76c98676aa1", "value": "164.92.146.227", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041923", "to_ids": true, "type": "ip-dst", "uuid": "cc4d9029-ef02-44c9-8f95-ec0b68c96cdf", "value": "192.153.57.24", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#5beb6d", "local": false, "name": "asn:asn=\"399629\"", "relationship_type": "" }, { "colour": "#6967e5", "local": false, "name": "asn:as-owner=\"BLNWX\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041925", "to_ids": true, "type": "ip-dst", "uuid": "a72c2e3f-c8e3-4ea5-8974-ef0bb9254833", "value": "209.97.167.177", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041927", "to_ids": true, "type": "ip-dst", "uuid": "1fdfb43d-3773-4a0f-9d4e-ec23d8bc3445", "value": "112.113.112.5", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#9ef9a4", "local": false, "name": "asn:asn=\"4134\"", "relationship_type": "" }, { "colour": "#2f9c31", "local": false, "name": "asn:as-owner=\"CHINANET-BACKBONE No.31,Jin-rong Street\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041928", "to_ids": true, "type": "ip-dst", "uuid": "ff1582ab-e250-4620-b41d-03b983a74a04", "value": "193.149.129.128", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#5beb6d", "local": false, "name": "asn:asn=\"399629\"", "relationship_type": "" }, { "colour": "#6967e5", "local": false, "name": "asn:as-owner=\"BLNWX\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041930", "to_ids": true, "type": "ip-dst", "uuid": "521c6e72-51f5-447f-b634-bf216a830b9c", "value": "128.199.66.11", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041931", "to_ids": true, "type": "ip-dst", "uuid": "f627cbfa-d3ac-4e09-a341-7a3039641119", "value": "45.61.137.109", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#5beb6d", "local": false, "name": "asn:asn=\"399629\"", "relationship_type": "" }, { "colour": "#6967e5", "local": false, "name": "asn:as-owner=\"BLNWX\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041933", "to_ids": true, "type": "ip-dst", "uuid": "d6e3be00-bb19-4833-a226-7930ce05540b", "value": "139.59.107.49", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041934", "to_ids": true, "type": "ip-dst", "uuid": "e5f268a8-c0ca-42cf-98cd-e203887c21c3", "value": "152.42.198.152", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868887", "to_ids": true, "type": "domain", "uuid": "19484f65-dc93-44bd-b28a-f75c1d8c4409", "value": "bitdefenderupdate.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770868908", "to_ids": true, "type": "hostname", "uuid": "89bce4f4-530c-4d63-9069-e419c62d5e56", "value": "auth.bitdefenderupdate.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770867641", "uuid": "c956d35c-641c-4ffc-a51b-84630e8a79f1", "Attribute": [ { "category": "Payload delivery", "comment": "DustyExfilTool", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770867641", "to_ids": true, "type": "md5", "uuid": "6157c13d-5a1f-4c7b-a8f4-6af2ec9230d8", "value": "1ce17f0e2a000a889b3f81e80b95f19f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DustyExfilTool", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866232", "to_ids": true, "type": "sha1", "uuid": "7265efaa-5266-40ff-b6bb-aa44f3784fb3", "value": "d421830cc2c1a04dd89c94bee0714ef805fa6c4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DustyExfilTool", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866232", "to_ids": true, "type": "sha256", "uuid": "8e4eadfa-5cc4-439f-b53b-e55d7494638b", "value": "6b5b8b12af21700a212d5ece27f065f8f9ed38b2969ad5dfaa790bc76754de6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770860914", "to_ids": true, "type": "ssdeep", "uuid": "88c292ca-f7b9-49a6-a858-24b308b79bd8", "value": "12288:TXJufOhKpZzhQGe+xMVa2/9+Jk/ZlleiI2ZheBVxg0V8dh10PmjILg03pJVHDY3E:T5sOhsYI2Sjxgr0esMApJVjY3Hk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770860914", "to_ids": false, "type": "size-in-bytes", "uuid": "f58037d8-739c-4861-a504-db21f373633c", "value": "799232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770860914", "to_ids": true, "type": "vhash", "uuid": "1175304d-4490-4810-9864-255690f444dc", "value": "075056655d55555038z58jz11z45ze7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770860914", "to_ids": true, "type": "filename", "uuid": "f5cece18-b3f1-4612-ad00-22ca0c4a8aa1", "value": "slc.exe" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 29/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770860914", "to_ids": false, "type": "text", "uuid": "b051b6c4-fac6-42cf-881f-e3ac9b44808b", "value": "DustyExfilTool\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:48/72\nFirst Submission:2018-03-19T06:44:05.000000+00:00\nLast Submission:2024-08-07T03:23:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770867662", "uuid": "9fb7346c-4cbf-43a9-8046-5e10d6ee1445", "Attribute": [ { "category": "Payload delivery", "comment": "DustyExfilTool", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770867662", "to_ids": true, "type": "md5", "uuid": "db346a5a-186c-4982-a63d-41c0c8f2eca3", "value": "6a0933d08d8d27165f72c53df8f1bf04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DustyExfilTool", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866233", "to_ids": true, "type": "sha1", "uuid": "fa77607e-8e85-4ae0-a526-419d0d1a6fb6", "value": "a23704a9a673dc1de624dc80e441d18ebb0c5fb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DustyExfilTool", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866233", "to_ids": true, "type": "sha256", "uuid": "f67f7f49-6948-42fe-b002-d176efc4485b", "value": "1116efd48ca01623bf385cd612f4da1eb9eeba0329e41d0e068bcd6557a46f8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770860957", "to_ids": true, "type": "ssdeep", "uuid": "3663331a-6625-4387-a4c8-e960e70fa164", "value": "12288:uHQPry0e5R+otNHCDXZlrt0X6EJG/Y5rKD7f52nx44nCnVpGun/Ju0t3ppDaN5c9:woryx7eD7Mnx4xG8Ju0RptancAWD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770860957", "to_ids": false, "type": "size-in-bytes", "uuid": "0df81b63-ff68-4a4f-a21e-af5a5c586b3e", "value": "800256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770860957", "to_ids": true, "type": "vhash", "uuid": "02ed3999-e75d-4ea7-aed8-1f2157a0f406", "value": "085056655d55555038z58jz11z45zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770860957", "to_ids": true, "type": "filename", "uuid": "59ec15d1-f40b-4930-9220-019565b2c0ee", "value": "tf.lck" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 15/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770860957", "to_ids": false, "type": "text", "uuid": "435df4df-9af2-4edb-8f12-8339b8fa9d10", "value": "DustyExfilTool\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:52/72\nFirst Submission:2020-02-17T08:34:20.000000+00:00\nLast Submission:2020-02-17T08:34:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770867684", "uuid": "aa188377-1c21-4ead-9b6b-ecb73bf3d399", "Attribute": [ { "category": "Payload delivery", "comment": "Loader that uses xyz123xyz\u00a0for AES decryption", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770867684", "to_ids": true, "type": "md5", "uuid": "85c9ee71-1e80-488c-aa23-d5379502f820", "value": "1dbcd8d2f5718fa7654f8b5f34b88d43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader that uses xyz123xyz\u00a0for AES decryption", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866234", "to_ids": true, "type": "sha1", "uuid": "cf991c05-9a12-465a-87c3-1a41a872614e", "value": "fb308d20f5321b1217de2d92fc84dc0536a1437a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader that uses xyz123xyz\u00a0for AES decryption", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866234", "to_ids": true, "type": "sha256", "uuid": "b9995ebc-6ba4-4c5b-ba78-b0ddd7353a01", "value": "530101bcf9aa5de8aa28d383d1b7c84cd9f7b7e4a3a9cffd12a2912c9ac01adf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770860978", "to_ids": true, "type": "ssdeep", "uuid": "d4105cde-61ec-4dff-abc2-b896555bcf4b", "value": "3072:avu9BwUom9YH5rTxhcOFMn/zW/lZf4bMZZ0txAa58FNsAFSybwblJmE1:B9Bw5mCSOFMa/lpHZZ0t5JgSy07T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770860978", "to_ids": false, "type": "size-in-bytes", "uuid": "dd5228ee-9d3f-44b9-8459-d2abf669e13b", "value": "169472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770860978", "to_ids": true, "type": "vhash", "uuid": "d2536f71-159b-4408-a70f-1a08ad62433d", "value": "015056655d75551az49!z" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 17/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770860978", "to_ids": false, "type": "text", "uuid": "55d30899-7863-47e3-8b83-a1ad41ce46b0", "value": "Loader that uses xyz123xyz\u00a0for AES decryption\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:51/72\nFirst Submission:2024-05-28T21:37:50.000000+00:00\nLast Submission:2024-08-09T07:05:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770867797", "uuid": "7e1d8b28-e6c6-4f81-97b0-7c928fa7b9a8", "Attribute": [ { "category": "Payload delivery", "comment": "SilentGh0st", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770867797", "to_ids": true, "type": "md5", "uuid": "d0b14809-9b87-4efb-95da-bace91f068c6", "value": "2e4055e16c1a9274caa182223977eda1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilentGh0st", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866235", "to_ids": true, "type": "sha1", "uuid": "4adb101a-1b84-4d8c-8d90-26f390271012", "value": "ed389a02b46cb203a2308aac5722176766936234", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilentGh0st", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866235", "to_ids": true, "type": "sha256", "uuid": "6002a609-ce3c-4efd-9e7c-a3a8950d6d8f", "value": "93abcc4062a14ba3d3309fc5e8a910e81a4e3ce1bbbf5e6f7857779b6e76f43a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770861042", "to_ids": true, "type": "ssdeep", "uuid": "5aeb0218-8f73-4fea-a004-37813f735acb", "value": "24576:4swJ2BtaQsJ1Te1ex1rKOnA2vpNV08je:4z2BYQu0EJlJvpN28je" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770861042", "to_ids": false, "type": "size-in-bytes", "uuid": "5cac049a-3148-4c8a-b11c-8221396ae9cb", "value": "961024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770861042", "to_ids": true, "type": "vhash", "uuid": "8a2089c4-c686-476f-82ed-1030932722af", "value": "195056656d55555az98?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770861042", "to_ids": true, "type": "filename", "uuid": "37abf4ff-28f4-45fe-b515-171b383c4f79", "value": "mscorsvc.dll" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 14/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770861042", "to_ids": false, "type": "text", "uuid": "6c1b7a46-e9dc-44de-a3ce-693099e36ac2", "value": "SilentGh0st\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Multiverze\nVT Total Detection:57/72\nFirst Submission:2018-10-17T15:24:54.000000+00:00\nLast Submission:2018-10-17T15:24:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770867819", "uuid": "6996a596-388e-411a-b761-02090598de54", "Attribute": [ { "category": "Payload delivery", "comment": "Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770867819", "to_ids": true, "type": "md5", "uuid": "0f7708ad-d4ae-47e7-9d7b-46febbfa3b81", "value": "1e55bda0b7eb0aea78577a21f51e8f5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866237", "to_ids": true, "type": "sha1", "uuid": "b5dd1fd5-2d00-4d84-a6f0-d3d3ac49de96", "value": "d353bb3f4ce1e25e6f641013ee1db442140fc130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866237", "to_ids": true, "type": "sha256", "uuid": "6eda4224-012e-42fa-b4d3-abd2afa97441", "value": "9fc446be8d03a135f901ba77cce1f39bb609d8e9ee3101399fa7e9e73299d379", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770861106", "to_ids": true, "type": "ssdeep", "uuid": "39585316-108d-4f28-941f-2defe2956b04", "value": "12288:wIPcBkavzbpfTuevAA+CQloXqWhXlaG90XygkMw:wIkBBIAPZXXv9Fmw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770861106", "to_ids": false, "type": "size-in-bytes", "uuid": "76fd7469-4b36-4f03-91bd-4f5b41993c09", "value": "622080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770861106", "to_ids": true, "type": "vhash", "uuid": "2586e26a-42f7-4efd-9c74-bb632544fe51", "value": "165066655d5555551az469zbsz5" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 15/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770861106", "to_ids": false, "type": "text", "uuid": "6a4d3ba4-3640-41ce-a080-a40be1b920e1", "value": "Ps2dllLoader\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:53/72\nFirst Submission:2020-09-20T01:25:25.000000+00:00\nLast Submission:2020-09-26T01:17:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770867841", "uuid": "c6ca2341-34ad-4d01-8655-24169ded253b", "Attribute": [ { "category": "Payload delivery", "comment": "Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770867841", "to_ids": true, "type": "md5", "uuid": "411d814b-eb9f-4d5a-8809-bdfabf821c9c", "value": "b3dc2dcb0f2a5661aed1f4e6d9e88bc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866238", "to_ids": true, "type": "sha1", "uuid": "f9ddaa93-419b-42de-96a3-fca30ccd6275", "value": "7c1a3c5c016209a502fe5157b7c525c6b079d79b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866238", "to_ids": true, "type": "sha256", "uuid": "3ed7eea9-b128-49b1-a2d0-adfae48b4234", "value": "7587ca6b8163e3e5b05e4a9fc79ec19deee9c971e6f76adadc4d970c99cad4f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770861149", "to_ids": true, "type": "ssdeep", "uuid": "dc9cf9dc-c597-4ef3-a946-4b1b26f86f42", "value": "3072:rsoSXIVT4bycumdKsyzy5we10v38Y0Qzg5vFVPP2O:wIVT4F9dKssQBS8Y0QzEvFF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770861149", "to_ids": false, "type": "size-in-bytes", "uuid": "f0c3bff8-0ca1-4dc1-88f8-d1ee71840164", "value": "622080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770861149", "to_ids": true, "type": "vhash", "uuid": "96cfe05b-1565-465a-94db-08442da082a5", "value": "165066655d1555551az469zbsz5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770861149", "to_ids": true, "type": "filename", "uuid": "8b064baa-70ea-4131-be03-637577075c89", "value": "task.dll" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 14/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770861149", "to_ids": false, "type": "text", "uuid": "81602106-fc98-4433-b9e9-5a3c9ae97015", "value": "Ps2dllLoader\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:54/72\nFirst Submission:2021-07-21T02:56:09.000000+00:00\nLast Submission:2021-07-21T02:56:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770868929", "uuid": "9eb77363-e271-465b-8021-05e3a9cea1ab", "Attribute": [ { "category": "Payload delivery", "comment": ".Net loader used by Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770868929", "to_ids": true, "type": "md5", "uuid": "679b5304-4e1f-4692-bb3c-7aa69ccbd5af", "value": "4d99127e4b1d27a56f7c4b198739176b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": ".Net loader used by Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866239", "to_ids": true, "type": "sha1", "uuid": "90d21717-a65c-4e45-ad42-336c56075ab1", "value": "a69b19e65c1f21bfd47607b379b3f0dca3aa4dd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": ".Net loader used by Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866239", "to_ids": true, "type": "sha256", "uuid": "a5a16e04-c5fc-44d4-8bca-bf12db00b6dd", "value": "8e28d8a0e29301cdc524d70490cb0d8496387ac11bd87a59347e57b1d92c78ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770861171", "to_ids": true, "type": "ssdeep", "uuid": "0886c37b-fe47-48d2-b7c3-313c06a3b9ba", "value": "96:eHS9oM1Av4qhGK8BhGjsvmF3T91/svZq9C+loJ8iIBT8bkamuOZV2:roSU4q8PvS3zt9To8DT8ISOS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770861171", "to_ids": false, "type": "size-in-bytes", "uuid": "b0f1a109-e39d-4b22-bf61-6921c34f890c", "value": "7168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770861171", "to_ids": true, "type": "vhash", "uuid": "a7672a96-f010-4b7a-8a69-44aafff3ca74", "value": "37303655151a1z710020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770861171", "to_ids": true, "type": "filename", "uuid": "860151ca-72e5-4f24-aa24-9cc1324a7cbe", "value": "loader.dll" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 03/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770861171", "to_ids": false, "type": "text", "uuid": "31e6a823-593a-492d-a28f-f85f52ba6b51", "value": ".Net loader used by Ps2dllLoader\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:47/74\nFirst Submission:2024-05-30T13:25:21.000000+00:00\nLast Submission:2024-05-30T13:25:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770868951", "uuid": "907b455e-33fd-4d3f-9188-6bea873f5766", "Attribute": [ { "category": "Payload delivery", "comment": ".Net loader used by Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770868951", "to_ids": true, "type": "md5", "uuid": "ec0cc030-615b-484f-8ed7-1c8b515b21a3", "value": "5bd1eb1166da401c470af2b9e204b2d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": ".Net loader used by Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866240", "to_ids": true, "type": "sha1", "uuid": "52144a84-0c55-426c-86b8-85b663817709", "value": "d8d34be28170b455e0b7c156c19d5c0751e0010e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": ".Net loader used by Ps2dllLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866240", "to_ids": true, "type": "sha256", "uuid": "c8f83955-0a4c-49c9-88fc-9e2472113fe5", "value": "6c316ceb94c9b39961c54a64b6ba5564e1f11684a0cbbce46d5f6deee7fc4d3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770861192", "to_ids": true, "type": "ssdeep", "uuid": "2014cb5e-c992-4d43-8bce-c9b48b53128e", "value": "96:sp6VhseImLVVXL0N4+R18iVXo9C+lobP8iSBi8bklmuEYa07I:RSeIIVA4+729Ts8Ji8ItLa/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770861192", "to_ids": false, "type": "size-in-bytes", "uuid": "6d9fd073-1458-433a-9a5c-986af76ff632", "value": "7168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770861192", "to_ids": true, "type": "vhash", "uuid": "2ed3bc69-6e46-4f31-9fe3-6ee115c214a4", "value": "37303655151b1z710020" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770861192", "to_ids": true, "type": "filename", "uuid": "822664a5-c0a2-42e4-80ae-c6b45779156b", "value": "loader40.dll" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 31/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770861192", "to_ids": false, "type": "text", "uuid": "1618dbe6-6007-4169-b201-6bf617566425", "value": ".Net loader used by Ps2dllLoader\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:46/74\nFirst Submission:2024-05-30T13:25:23.000000+00:00\nLast Submission:2024-05-30T13:25:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770868979", "uuid": "231275b5-9ac2-4c7f-9603-8a78b5e31312", "Attribute": [ { "category": "Payload delivery", "comment": "Stubbedoor", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770868979", "to_ids": true, "type": "md5", "uuid": "90146bec-70ec-4a68-a0f7-50134397be80", "value": "70773eb54234c486c46048ade57db45b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stubbedoor", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866241", "to_ids": true, "type": "sha1", "uuid": "24123e5e-cd46-44a3-b130-0654169f9ec3", "value": "010a3416dcf6d84fd01fecedf2258ceeefd41235", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stubbedoor", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866242", "to_ids": true, "type": "sha256", "uuid": "bfbb352e-93a1-4eea-a986-ff4210d86294", "value": "ffe4cb8190b6c16a536199abcf448d1e2b28e733c0dbad4746d0021d1c0b593a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770861235", "to_ids": true, "type": "ssdeep", "uuid": "e1fa31a0-04da-436e-a432-ab4877102102", "value": "768:wUnpicEFivhb79Pwyh0kv3bfPHLUWINDbhUkVODkt8zd8eCuM5uRZ:bicEFgbDh5/jPHwpDbhUKt8dVCuMkRZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770861235", "to_ids": false, "type": "size-in-bytes", "uuid": "695d5b55-0db2-45a4-b19f-45ed4833c1ac", "value": "52736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770861235", "to_ids": true, "type": "vhash", "uuid": "b1408269-c363-4657-bc17-5f82d5f12ee3", "value": "25403655151120111670060" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770861235", "to_ids": true, "type": "filename", "uuid": "78c3262c-bb69-4f71-8448-c42a5c4b98ec", "value": "stub.exe" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 01/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770861235", "to_ids": false, "type": "text", "uuid": "839a2efb-c3de-487e-8287-c1f4163075ff", "value": "Stubbedoor\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:45/72\nFirst Submission:2024-06-07T00:27:13.000000+00:00\nLast Submission:2024-06-07T01:57:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1770869000", "uuid": "efe10836-5735-44c7-ae11-f46f3cf36c15", "Attribute": [ { "category": "Payload delivery", "comment": "Enriched via the csvimport module", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770869000", "to_ids": true, "type": "md5", "uuid": "e7366593-2188-48e8-aeef-b852cda35070", "value": "124bdaaa70da4daeacbc0513b6c0558e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Enriched via the csvimport module", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770866242", "to_ids": true, "type": "sha1", "uuid": "de0fef63-42db-4dae-b4e7-17b7b9208993", "value": "4df94ae575587d83bc4cd977761d3530370da191", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Enriched via the csvimport module", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770866242", "to_ids": true, "type": "sha256", "uuid": "2f826b39-3df5-4ea8-868f-d97b7952cd39", "value": "87a547e50c9f8c08b49410131cf96213910a238ae2dd81815902fd5b5002fe52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770862633", "to_ids": true, "type": "ssdeep", "uuid": "435662c0-5248-46d2-a946-e2c8d63c0f1e", "value": "1536:q6OAouXG1SQ4YzgaHkdvNdEB4/7vjnmWKoxsBXXsWEd09dlZRGhdk:qHAou21SQ4YEaHK1d4w7vjnmWpsB0M/p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770862633", "to_ids": false, "type": "size-in-bytes", "uuid": "9ba77775-3050-4047-9185-9c1298f9cd71", "value": "97792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770862633", "to_ids": true, "type": "vhash", "uuid": "b3aa12ea-b3a2-47f6-bc3e-516d6da9bb17", "value": "094066655d1515155az41!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770862633", "to_ids": true, "type": "filename", "uuid": "c6cde79b-5597-4151-958f-24d7054174a7", "value": "msdoc.exe" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 14/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770862633", "to_ids": false, "type": "text", "uuid": "e4610441-43b0-434f-b7c6-db5bd11439c6", "value": "Enriched via the csvimport module\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:51/72\nFirst Submission:2024-03-05T09:42:14.000000+00:00\nLast Submission:2024-08-07T10:57:03.000000+00:00" } ] } ] } }