{ "Event": { "analysis": "1", "date": "2025-03-31", "extends_uuid": "", "info": "[Threat Intel] The Espionage Toolkit: A Closer Look at its Advanced Techniques", "protected": false, "publish_timestamp": "1780040332", "published": true, "threat_level_id": "2", "timestamp": "1780040331", "uuid": "d98383af-37bf-41b2-b15e-cbaffdc5ecdf", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": "" }, { "colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": "" }, { "colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Godzilla Loader\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Godzilla Webshell\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Retail\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": "" }, { "colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#f69963", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rename System Utilities - T1036.003\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Alux\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1743732119", "to_ids": false, "type": "link", "uuid": "fe1adc7e-b966-44ba-9303-e2692dc10a75", "value": "https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1743732119", "to_ids": false, "type": "text", "uuid": "8cfd1583-f62e-4cde-9175-8c8d1646f1d0", "value": "Earth Alux, a China-linked APT group, is actively conducting cyberespionage attacks against key sectors in the APAC and Latin American regions. The group exploits vulnerable services in exposed servers to gain initial access and deploys web shells like GODZILLA. Their primary backdoor, VARGEIT, is used alongside COBEACON for various stages of attack. Earth Alux employs advanced techniques such as DLL side-loading, anti-API hooking, and execution guardrails. They utilize tools like RAILLOAD and RAILSETTER for persistence and evasion. The group's capabilities include system information collection, file manipulation, command execution, and tool injection via mspaint processes. Earth Alux targets industries such as government, technology, logistics, and manufacturing, demonstrating a strategic focus on high-value information across different sectors." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1743732119", "to_ids": false, "type": "text", "uuid": "e2436347-c55d-46f9-887e-70f831c36a4f", "value": "Name: The Espionage Toolkit: A Closer Look at its Advanced Techniques\nAuthor: AlienVault\nAdversary: Earth Alux\nTags: [\"latin america\", \"cyberespionage\", \"dll side-loading\", \"godzilla\", \"vargeit\", \"apt\", \"railsetter\", \"masqloader\", \"rsbinject\", \"railload\", \"apac\", \"cobeacon\"]\nTgtd countries: [\"Brazil\", \"Malaysia\", \"Philippines\", \"Taiwan\", \"Thailand\"]\nMlwr families: [\"VARGEIT\", \"COBEACON\", \"GODZILLA\", \"MASQLOADER\", \"RSBINJECT\", \"RAILLOAD\", \"RAILSETTER\"]\nAttack_ids: [\"T1053.005\", \"T1119\", \"T1082\", \"T1190\", \"T1055\", \"T1070.006\", \"T1505.003\", \"T1016\", \"T1087\", \"T1020\", \"T1083\", \"T1057\", \"T1027\", \"T1059.003\", \"T1574.002\", \"T1105\"]\nIndustries: [\"Government\", \"Technology\", \"Logistics\", \"Manufacturing\", \"Telecommunications\", \"Retail\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1743732119", "to_ids": false, "type": "threat-actor", "uuid": "c189d87f-1add-494f-b516-7c9551c61bba", "value": "Earth Alux" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344336", "to_ids": true, "type": "sha256", "uuid": "ac7e53d6-9052-451f-9816-c2ee010134ac", "value": "00a41c8272d405ba85ae9d0e435e3030033e8a032f3d762367d0a57d41524f3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344357", "to_ids": true, "type": "sha256", "uuid": "43c3eef3-0a83-4fc9-b384-2920f3bf067c", "value": "0d3ec88b0bfa5530e45dec75dfbea7ae683bdea91105b5f90a787beaabd1ef27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344378", "to_ids": true, "type": "sha256", "uuid": "2d8c0689-4244-4c48-afaf-2c9dbd54d690", "value": "0f6fe5d0ee754d581d4a8d989e83272b121d0125bd3c77e57a6b14db23f425ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344400", "to_ids": true, "type": "sha256", "uuid": "1f525f03-4153-4895-8e22-49b49aefe231", "value": "13e0aef0ab6d218e68c5c5b6008872eb73104f161c902511aec3df5bce89136e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344421", "to_ids": true, "type": "sha256", "uuid": "42dae1b6-ad7f-478c-be70-aa9b3a7c358e", "value": "16509adf92b1ac3097452affd8dda640936c8a40272592b978db3698487df5fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344463", "to_ids": true, "type": "sha256", "uuid": "8166f572-a2cc-4f00-a52f-bcba7a41bf40", "value": "1c8c14251710fbdef994d9ccf1d3507cf0ef5cd6c7d3495af2adfe7f97cc0dc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344484", "to_ids": true, "type": "sha256", "uuid": "e9b6035f-755d-4355-a2fd-2939da0394d1", "value": "1c93ba375016bcb41b915b78eb4ab023ecf456e240823a1d6d2b5297b3523956", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344505", "to_ids": true, "type": "sha256", "uuid": "3d9a7729-6441-42ad-896f-c646c6cf3d45", "value": "245fdb5e35b6f51b26d4cf3999a40dde13987240f9bf565fe03a1f6adb9da9b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344548", "to_ids": true, "type": "sha256", "uuid": "4639f40a-fcb3-401b-b68b-56cfc5773869", "value": "28517bff286ade02b81da52f9fcddcb9764023ae7035bc593d081fdd2a8c85d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344568", "to_ids": true, "type": "sha256", "uuid": "4548ffd7-3072-4dac-afbb-5165f10f9145", "value": "2971a53769745c107a89eeb5f48e3b3e9680d371bf06b028c7769c961e6f9e55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344589", "to_ids": true, "type": "sha256", "uuid": "9e2102bd-7f6c-4ecd-927d-49fa0d543afa", "value": "3129bfad321be526f231c64aac10d7d8f416dc14cab11c1bbc57252c75823959", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344610", "to_ids": true, "type": "sha256", "uuid": "e9a1651a-88ee-4fa8-9846-696645f00689", "value": "3b7c29489c1feaafc587eac0ffcca79964259c9687d86a5cce5ea70261f7439b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344631", "to_ids": true, "type": "sha256", "uuid": "623c21bb-534b-4942-817d-7042e12a7787", "value": "3f0157cfb493df1cd051cc87364c7bdbe3719927335b76b7c567b369ab47b3be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344652", "to_ids": true, "type": "sha256", "uuid": "4fa2ee61-f2d3-402d-aca0-bf3ebea73746", "value": "41410a8aa4a4fcd811ef67ba023e263f4cd6667039b01547d23a3eb758d97b96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344673", "to_ids": true, "type": "sha256", "uuid": "8cc0d812-8bc7-4015-b3d0-8903e4a5baef", "value": "43e5c3d6182ab6d9d71b5892c5087b4ef4b3093126bcdf4ebcef0b15e04e0c03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344715", "to_ids": true, "type": "sha256", "uuid": "925231a6-bbf1-4123-abbb-9ae943d67db2", "value": "455510fe663775e09a2d0bbfdc4c8ec2e26665e10f9599b05dc59ea460f06ac8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344736", "to_ids": true, "type": "sha256", "uuid": "8e0df7fb-efb9-48e6-bd2d-c02124540b18", "value": "47ea0392ec123e3949b9ae2638b9078cd5efd4da942e38f149ccfb74d8e70123", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344757", "to_ids": true, "type": "sha256", "uuid": "d34cf540-2a7d-48d5-a0fc-54c1ec1da8b9", "value": "4be6f5e76ea02ae348b26fc32a0dabe009d05b701e53270cf40ca50fa76197b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344778", "to_ids": true, "type": "sha256", "uuid": "29f7b183-5b7a-4099-8ca7-0f7f489f3749", "value": "529e691a9d60b8ae0c64de82402e76c112df3bc27be5f2e94ee58252a67804a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344799", "to_ids": true, "type": "sha256", "uuid": "afccc4dd-ad13-4435-98f0-8cad5ebb5f25", "value": "52c8eacbcc8906036894a3a11cb4181d454c3a4f685500a799263cdcf6c6d88e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344820", "to_ids": true, "type": "sha256", "uuid": "65510421-d23c-4d88-9cb9-9da32419bc24", "value": "5502735d81accb96c58300d1e21765b8b53a4749aad68e513b2558ed79f83cc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344862", "to_ids": true, "type": "sha256", "uuid": "1e900a71-f278-4b09-b80b-394554d0633e", "value": "55b4e3814a349c9de4c99237f62d42787a6fef64b809db9cf52cfe0602cac01e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344904", "to_ids": true, "type": "sha256", "uuid": "d77388cc-ea93-4109-91d6-efa64ac57a10", "value": "5aaca0994795ba7da0f10cd393ac32cc1e78c9afd4e9d09bbbe430f168c0eebe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344925", "to_ids": true, "type": "sha256", "uuid": "d9b0a91b-deda-4b02-85e6-c346c019b455", "value": "5d358bcd0acb999fdec332f0a2d1fe51952542f0836b9618ab18f253597d244c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344946", "to_ids": true, "type": "sha256", "uuid": "94e2922c-c441-4cd3-ba31-3421a9ca53a2", "value": "62d71b61af750ad3b763d98504a174a1949a359a4cb4f6ce2795b7b3240919eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744344988", "to_ids": true, "type": "sha256", "uuid": "249a5cab-700a-45c2-a4a1-3cc56a9e2400", "value": "681e9aab60b1c64dacbc7c8574d294333b9cd4494ec683b0c780866c3e1e7d40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345009", "to_ids": true, "type": "sha256", "uuid": "fb65c322-2a5d-4290-b0a4-5a70f3681b9c", "value": "762525805afe6a0891275ebc2ae1f067e9aad8f310afc0b1ad800cc980ed8b55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345051", "to_ids": true, "type": "sha256", "uuid": "417b5f0b-10e3-4cd3-b53d-afd58fe5ba22", "value": "7ad44f7e1f78ee83f20da498584ec7138c2514580ddfe62698be7587ae2678e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345072", "to_ids": true, "type": "sha256", "uuid": "d7ebfa9d-9df3-4ad3-bddb-e19b53824234", "value": "83968575244ab2e44a5b94423bb1cacd10bb293ddcbbddbc2fc117f9335b6e78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345093", "to_ids": true, "type": "sha256", "uuid": "d28f2142-8b72-43e9-b12d-5640d8d233bb", "value": "846be29c140850fd9524339acd67eac4b84bc59ed056544356d199226452ea88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345114", "to_ids": true, "type": "sha256", "uuid": "5d00e503-7656-46c6-b0ab-84d56c23a5a6", "value": "85f9bac9eefb5fbc1e51508ce12cda10a69d8bde82952891081b19d6833297ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345135", "to_ids": true, "type": "sha256", "uuid": "28f97a16-65dc-4237-83c7-f76f3fdf9d62", "value": "86e2d56761fb4dc16c7b0cd8da241c9899af851f5df751ffc67a2d68062e71f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345156", "to_ids": true, "type": "sha256", "uuid": "1477b7b0-5281-4ba7-bf45-76cbfd7753b0", "value": "86f5f088cf997766e52860b57506ba0923454a63bee39e4e3de2fb98c4fee240", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345220", "to_ids": true, "type": "sha256", "uuid": "0f4842a5-f419-456d-b44b-f8119b32335a", "value": "91034c01e800b116095eecdb073a5262852fc2c788f9fcd09259d6c09ce88ac6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345241", "to_ids": true, "type": "sha256", "uuid": "e8143264-63c7-4257-a7a9-21b5a05ffb97", "value": "9366ece5ff9082145184adb2e91053d5e0d68d4d9f9a9f054aad68b8e7368443", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345262", "to_ids": true, "type": "sha256", "uuid": "47fe54c1-947b-43ac-8ff5-02179a116473", "value": "9b5e6c2f287ea7931bb27f63111ef0035265bc27751f01bd6c7f3dd3395bbaf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345304", "to_ids": true, "type": "sha256", "uuid": "7eabd405-bc17-45cc-9114-27710a4800e6", "value": "9f94bb59bfc32958a15cd8e225f270802bd9e14929e5d0f4f488842710a361ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345346", "to_ids": true, "type": "sha256", "uuid": "d76827f5-29a1-464b-a3f1-c27670b1ed32", "value": "a14e226a50c12e637e8b280ad688e5637db752c72d0f8b2bac5f2d3d487e1c21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345367", "to_ids": true, "type": "sha256", "uuid": "64323881-7275-421b-9a23-06e54ad89e67", "value": "a79679d8f9551810504ff316465fb289d1ac64dc52bcaabd70267217d33d603c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345410", "to_ids": true, "type": "sha256", "uuid": "96501841-a789-4488-a0d1-9c2b14ca3646", "value": "a9804fa05845707f094fe91668a5c3792f2441d371816b46fbe636953fc5787d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345431", "to_ids": true, "type": "sha256", "uuid": "c0de429e-e38f-45b9-ab72-2fe632b0efc3", "value": "ab6145f1ea6c8a682bea289cef06c0f27fa076b8f88a89a2631167541fc835e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345452", "to_ids": true, "type": "sha256", "uuid": "e0fca742-260f-48d2-8aa1-029fe106eb3e", "value": "ac70d98af57d9e3da9ee485a4ab1badbb28e89d15c4ef2df521423881a147e43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345494", "to_ids": true, "type": "sha256", "uuid": "9085a430-68c4-4eb2-9e3f-9109ab68e6f3", "value": "b0a42d1c5a07bbe317a034e204c0eb64ae5d99e3dfbfbd9b3b098caea4b19f96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345515", "to_ids": true, "type": "sha256", "uuid": "1a5f32db-b153-47f3-9aff-6a07e51f10b1", "value": "b32dd5d549bcf4b674b4e7cf5481064b38ea614c666b158afedc7084b715c1fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345558", "to_ids": true, "type": "sha256", "uuid": "57e31a19-228a-444f-8cc9-c5a8153ca06a", "value": "b8e1a46146c09ef54b802a6989b485ef5982a86228a24ec0839ec5af7b42e648", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345579", "to_ids": true, "type": "sha256", "uuid": "cb8448da-ae49-42f2-b39b-9c8f157ba4c4", "value": "b92452a6c2cd13193a6df88278c31c85008acf448655c18389c84b353026d15e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345599", "to_ids": true, "type": "sha256", "uuid": "853416d0-6fd9-4a35-a76b-d685ebf2d7d8", "value": "b9fefe3946d0c9e000262a10b184090da45925f24b7dfc9d25abe63bc55ca7ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345621", "to_ids": true, "type": "sha256", "uuid": "f69430c8-abf8-406d-896e-bb140d354445", "value": "ba0105c8fa99b8f3a82c32d20e94031f22e277286b738db529e763955df248dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345641", "to_ids": true, "type": "sha256", "uuid": "610a0247-a1dd-4959-a476-6a7f0f8afb70", "value": "bd0dbf799e98137238ae38f134c7af82d7ff673c0a418044add0220211d98a27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345662", "to_ids": true, "type": "sha256", "uuid": "3d4548c6-cae0-49d1-b52c-bf38acfa011f", "value": "be01089ad2c2e7af32677ec0a7a9a541dee1cb149639d60fb7b7e9b641d2ccdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345726", "to_ids": true, "type": "sha256", "uuid": "e875ccc6-c523-4ab9-992b-d95e23e2b1d0", "value": "c6a28c9cac9c4b5ef57998bdc7a7f430fff7c9ac819fef278f8350751b6edaab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345790", "to_ids": true, "type": "sha256", "uuid": "85366b92-f9ea-47bf-bf26-1d301d7b9589", "value": "d34947e11879598b85d9baa703cb96a83d7c3ccb53868ab86ff9a2f37dc91459", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345811", "to_ids": true, "type": "sha256", "uuid": "dafff2ac-688d-4b05-a213-18ca3e94dc9b", "value": "d692c85da91bb5e5724f520ca392b68eee144a3719a7441c779c8ce73d3b25dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345875", "to_ids": true, "type": "sha256", "uuid": "e020a725-61f0-4ec0-b512-9b65785725a0", "value": "dfbb857e6383789545c719c99d878a678a0aeae2a6a1c8f44e87b7aa478fc354", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345917", "to_ids": true, "type": "sha256", "uuid": "64387b5f-dc8a-4baa-b40b-e5679ef93253", "value": "e299b865cdb0fdd9605e3c5e9d00fb473c77af4ed213775d594cc0fe91b8dd3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345939", "to_ids": true, "type": "sha256", "uuid": "cd7a0d67-54b8-4522-bda5-007d6f252680", "value": "e3465c996e149b218d95a4b109e6e3ff268e8d63aafa73d4855750b33c66a33c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744345981", "to_ids": true, "type": "sha256", "uuid": "a7a3c6dc-3c58-4c9d-a8e5-7f3e8d6b537c", "value": "ee8385313e03890c6862f70c94f2c5a3e9cd09764fcac4488fabc5ce9613228a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744346002", "to_ids": true, "type": "sha256", "uuid": "ca558d4c-8ee9-4007-a9ca-0f23aff8ee1d", "value": "f0cd90b42969706d1a78e75608aded6d5ac8610f36cab8f8be7160c5cbf485a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1744346065", "to_ids": true, "type": "sha256", "uuid": "22bcd769-d21a-4eb5-a2b6-adee17cb0a67", "value": "fd3637392404c3ed169a4999f6a05274715109f9fa028be9ad9ce7853d983d54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "COBEACON C&C", "deleted": false, "disable_correlation": false, "timestamp": "1744351470", "to_ids": true, "type": "hostname", "uuid": "2f57e15b-b50e-4bef-a21f-8223f80de726", "value": "store.azure-clouds.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "COBEACON C&C", "deleted": false, "disable_correlation": false, "timestamp": "1744351492", "to_ids": true, "type": "hostname", "uuid": "75e318d5-44e1-4abb-8831-4d3798e1d048", "value": "www.upload-microsoft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "COBEACON C&C", "deleted": false, "disable_correlation": false, "timestamp": "1744351513", "to_ids": true, "type": "hostname", "uuid": "d1416a44-bb9a-4b36-b3e5-572094d7680b", "value": "google.otp.us.kg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Download IP", "deleted": false, "disable_correlation": false, "timestamp": "1780040331", "to_ids": true, "type": "ip-dst", "uuid": "89a1b38a-7329-4912-9dc2-6cc85a480e84", "value": "8.218.222.216", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#836891", "local": false, "name": "asn:asn=\"45102\"", "relationship_type": "" }, { "colour": "#692b04", "local": false, "name": "asn:as-owner=\"ALIBABA-CN-NET Alibaba US Technology Co., Ltd.\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770866293", "to_ids": false, "type": "comment", "uuid": "a8569c9a-8221-4163-b2a0-74c72854ba11", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2025/250331-Earth-Alux/14.png" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770866293", "to_ids": false, "type": "comment", "uuid": "b67c7f86-4234-41bc-8bea-3109317c8d74", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2025/250331-Earth-Alux/15.png" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "8bedb7ea-49f2-421c-bf30-a79aa7a530f0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "2b83553c-d370-4302-af1e-f6918a8afea0", "value": "6351e7f4c55484423154abe318a706ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744344273", "to_ids": true, "type": "sha1", "uuid": "8621ef7c-5c46-46db-aa29-0b2ee245c44b", "value": "78df72bc0d1077158527ae646a032be78ac64ec0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744344273", "to_ids": true, "type": "sha256", "uuid": "8a6f8ae2-f587-45bd-8335-eb3b77b4706d", "value": "5dcd5cb720a40692b7e49540a42f1d12e831aaab369d9fe31a66b0433b825264", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744344273", "to_ids": true, "type": "ssdeep", "uuid": "4816671f-d2b9-4d12-a34b-ae35016a7f12", "value": "12288:UagE77PHuGuKb0TbVSa2rtJ7BPU4Ui2Buy3fM7rFt58gKFZfbj0H0q2AUUy/CmCp:UKBc0jtK7oarN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744344273", "to_ids": false, "type": "size-in-bytes", "uuid": "1a943b92-6d69-4830-83da-fc81c8c8cd55", "value": "400384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744344273", "to_ids": true, "type": "vhash", "uuid": "fd2453f3-babd-4a58-bb2f-627ea728f558", "value": "145086655d15551515555093z12z6cbz15z11z4dz74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744344273", "to_ids": true, "type": "filename", "uuid": "6c0df082-3b63-4271-b6e1-b9cf43430481", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744344273", "to_ids": false, "type": "text", "uuid": "be7c6d04-20fc-414f-9a44-777eb141ebd9", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/CryptInject!MSR\nVT Total Detection:43/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "bfff157a-e540-4a94-9c07-ad40dbdc50a4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "781d768a-bb87-401d-bc77-89d38c1ae3be", "value": "635a18a9f153c8853b5f9dd2d27a0892", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744344294", "to_ids": true, "type": "sha1", "uuid": "1b4e0cb7-2b3d-49d9-8868-3724f6796984", "value": "a58c581603d996db1ee6fd219e8bff3d11739662", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744344294", "to_ids": true, "type": "sha256", "uuid": "6224b57d-b171-4ae9-985c-1224a7b222f4", "value": "5c829480c4563f736c8f6a4a2987fc4cd3fc330804db82cd98217d0110531b6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744344294", "to_ids": true, "type": "ssdeep", "uuid": "4851f186-9812-40ba-94ef-a2f035b988b6", "value": "6144:inO3NtpXQru27Rn7o6QU2MbXCESCjWd+4G+GGCUwbh:inglXQi27RnkE5XCVfdSM8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744344294", "to_ids": false, "type": "size-in-bytes", "uuid": "c951eeb0-f5ff-438b-9d73-20124c92ca2b", "value": "366592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744344294", "to_ids": true, "type": "vhash", "uuid": "4a300f06-9c0d-4d47-bcc9-ebc0d1e7bc41", "value": "035056655d15555az333z3@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744344294", "to_ids": true, "type": "filename", "uuid": "ab3dc4fd-7aa1-4b60-9294-441cc7626c29", "value": "5c829480c4563f736c8f6a4a2987fc4cd3fc330804db82cd98217d0110531b6e.bin.sample" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744344294", "to_ids": false, "type": "text", "uuid": "82531278-5749-446e-a529-4e1372238f56", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:48/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "08b233ac-6435-43a0-98c5-5e6820fac878", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "01a198fe-c6d8-457b-933f-ea79248359f3", "value": "b07d35c7c74df623829da5be1d76068a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744344422", "to_ids": true, "type": "sha1", "uuid": "b5562efe-8734-4076-abf7-d7d55aa485c4", "value": "f60f2dddb70f2415ff84160c28265f0d1b933822", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744344422", "to_ids": true, "type": "sha256", "uuid": "e7c84971-882c-4676-a59f-449672e8f80a", "value": "19bcca292814942f2fe8d142a679cc6a97fa6cbf77a0c98873146e918013bb5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744344422", "to_ids": true, "type": "ssdeep", "uuid": "181e7a3c-b827-421e-8893-2367672d07c5", "value": "3072:WtsfNdBPdVULIiNxSEMz/Meca+6XM98jzH3IWXMVw44ivGL:RdBP0/AEMzUfa++f3nyT+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744344422", "to_ids": false, "type": "size-in-bytes", "uuid": "335044fc-b590-41ac-b5d5-362d2ab66b52", "value": "218112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744344422", "to_ids": true, "type": "vhash", "uuid": "6c3dbdb6-f017-4fa8-a3ae-a8ad7736eacc", "value": "125076655d155515155038z56bz15z1jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744344422", "to_ids": true, "type": "filename", "uuid": "2a31952a-253e-4dcb-befd-cab9b9d027b1", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744344422", "to_ids": false, "type": "text", "uuid": "38d03e8b-28f6-47d7-bd27-cd0850ea2ac2", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/CryptInject!MSR\nVT Total Detection:42/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351618", "uuid": "0a5781e4-7580-4176-9717-44ed209f110f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351618", "to_ids": true, "type": "md5", "uuid": "63a2c8b9-6400-4b4e-af19-dd7527248b09", "value": "10a309d6789c7763ec207961ac088689", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744344506", "to_ids": true, "type": "sha1", "uuid": "56d82685-b273-43a7-b443-f21b0bae846f", "value": "6bf32fbd83df18ce96140a9e5539f50c2174daed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744344507", "to_ids": true, "type": "sha256", "uuid": "00218b4c-d07f-46c8-bb53-8303e5adbcfe", "value": "281fc3aff361f202a41f4aff84a5f61e5728fd8ea0c1219a8bca540a959a4ee2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744344506", "to_ids": true, "type": "ssdeep", "uuid": "39928878-d6d3-40bc-b889-e3233f18cca9", "value": "3072:B5EAvT7DdJ60ZjXBkbx6EWPptadbApZz5pNXE4DSSw3/NSTWHLsu2cY+v6Whc4ni:bqlctauLNpNXE4DSSw++su2YVnoJ9z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744344506", "to_ids": false, "type": "size-in-bytes", "uuid": "a0c04878-2abd-4291-b439-41568f39bb09", "value": "233984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744344506", "to_ids": true, "type": "vhash", "uuid": "b41dad26-7229-4294-a1bf-f07018a879fe", "value": "125076655d155515155093z12z57bz15z11z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744344506", "to_ids": true, "type": "filename", "uuid": "0d7a1f27-dcf9-4d45-b7e5-6d1e5988fa45", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744344506", "to_ids": false, "type": "text", "uuid": "97e5ab9d-5a2d-4f1a-a648-db1ee6347ef9", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:40/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351639", "uuid": "9b551e1d-8d77-47e8-a1ba-9609250a2a15", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351639", "to_ids": true, "type": "md5", "uuid": "785c0c9b-6042-45d1-8f5a-8d856c74611c", "value": "32a1e497b981dbbf78a6a6b6efe353a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744344674", "to_ids": true, "type": "sha1", "uuid": "909e18a3-dfcb-4e07-8807-af91b0b90319", "value": "803770f6c1790eb3e90201191da3aaffd8f527a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744344674", "to_ids": true, "type": "sha256", "uuid": "fc6e200f-9fdb-474b-811d-0460a11fc890", "value": "442446fbc012847a12448398b619837614498bb611968e64166f0e9040c311db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744344674", "to_ids": true, "type": "ssdeep", "uuid": "f6c4f010-6aa1-458b-84e7-ce6712fdcc2f", "value": "3072:fvK8KMkhx1IWhFsl1clkQq/oSxEPco0qy7xdm4x/b3+WiV94uT/qWfJbUGQmJq:fvNkhVAHEPcoPy1J9981JQhmI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744344674", "to_ids": false, "type": "size-in-bytes", "uuid": "ffd217e2-1f99-4d67-9965-1e945e19685d", "value": "230912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744344674", "to_ids": true, "type": "vhash", "uuid": "fd6a2e66-1a04-429b-8fb9-813c824ac842", "value": "125076655d155515155033z12z56bz15z1jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744344674", "to_ids": true, "type": "filename", "uuid": "ae060800-35b4-44b5-93c1-671e20553df8", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744344674", "to_ids": false, "type": "text", "uuid": "380846e9-e8ca-4523-a327-29ccba1057eb", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:41/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351661", "uuid": "c282c073-a36b-46ce-8b3b-3cc2621c3bbb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351661", "to_ids": true, "type": "md5", "uuid": "035d6b27-f69b-42be-aa0d-05770530e5b9", "value": "e2865d480ab49b6b7e25cf19310509c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744344821", "to_ids": true, "type": "sha1", "uuid": "ff96a145-52ed-403d-9e9e-31d8f17f2d8c", "value": "55abdf2ebcf7b99da5233e8a4066232dece60dfd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744344821", "to_ids": true, "type": "sha256", "uuid": "5dc50b91-51d4-41e3-bdeb-6dbb9a3b702e", "value": "5518b542afd9d456ee8dea4dec3e0e8a98a42982b33f8f629d3d8edeca0dbf4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744344820", "to_ids": true, "type": "ssdeep", "uuid": "dafec83b-8ee6-42c0-a50d-8f70c53cf737", "value": "12288:KsKgSGGMsvraIJwb+oc8l4MnodzvrNNVT17xLXxK1dE9X4SGrswz9lBbbpnj2KQH:Kskmx5fCFeUAalEZ97a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744344820", "to_ids": false, "type": "size-in-bytes", "uuid": "72798e91-c8ea-4988-b080-ceebafef036a", "value": "397824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744344820", "to_ids": true, "type": "vhash", "uuid": "e60ce7d9-9557-406c-9ead-a081ba6d43ea", "value": "135086655d15551515555093z12z6cbz15z11z4dz74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744344820", "to_ids": true, "type": "filename", "uuid": "a793f55f-ff1b-4db8-9f22-5b2c15e721c4", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744344820", "to_ids": false, "type": "text", "uuid": "6741a87e-0e49-4acd-90af-34f7781e33a2", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:38/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351682", "uuid": "71843010-fc40-423b-ba9f-63a34f34a150", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351682", "to_ids": true, "type": "md5", "uuid": "bec56f83-5818-4ab8-a73c-06ab518f7345", "value": "6937c923ca4946748694179f1e39433b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744344863", "to_ids": true, "type": "sha1", "uuid": "fae78bcb-4620-4a64-b061-2fd6101f0c65", "value": "6b8d5664184712920bbe4bd2630d57ea3dc9e9d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744344863", "to_ids": true, "type": "sha256", "uuid": "253288d5-6dee-4066-a6cc-3a9870fb51f4", "value": "5872da9dfd5ed3c0b9e0a05466a56c6ac6966012b5b3e14ac43a1225ba5e6bb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744344863", "to_ids": true, "type": "ssdeep", "uuid": "e715095a-d719-4d13-8c32-8f80b3634db1", "value": "3072:1rIHPlh0H//u8STvSKrY4VI9lAzx6kH1wszoY46Qu/oHHFaU8S:1kHP3Y//JSTvSKr/zxDohQ56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744344863", "to_ids": false, "type": "size-in-bytes", "uuid": "fd905e61-f924-4a87-b072-0c8ced2eeec6", "value": "187904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744344863", "to_ids": true, "type": "vhash", "uuid": "b0a03497-7561-4ca1-9f41-c03cffda15a1", "value": "115086655d15551515555093z12z55hz13z1dz74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744344863", "to_ids": true, "type": "filename", "uuid": "67383933-f612-4a52-9e94-9c95f01dab5c", "value": "userenv.dll" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744344863", "to_ids": false, "type": "text", "uuid": "2f9f90fb-b353-4d55-a0e3-0c7c29dd033c", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:45/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351703", "uuid": "bcd7d876-3c90-48f8-b042-13addcfdac26", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351703", "to_ids": true, "type": "md5", "uuid": "2216205f-1be3-4903-8dc0-923dec498be4", "value": "b821f9d2364b4c457a097f11042212c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744344947", "to_ids": true, "type": "sha1", "uuid": "102fb450-7c24-4002-a1e6-112fa1b13f48", "value": "321f0eaf9dacddc8d0447ffec23d157432912356", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744344947", "to_ids": true, "type": "sha256", "uuid": "5eca962a-e97b-4784-bc3f-44a35f3e103c", "value": "67dddc4ce777df1baa19acb1c3535eb01a54f24516a85312bafe4cba11d74483", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744344947", "to_ids": true, "type": "ssdeep", "uuid": "1aeddbec-3a42-4714-8b81-3c626af5d483", "value": "3072:pXtx3Onjmzii17ja+k2C7yEi+l45xMv2sTIWWQv0pVJzEc7xr7gs2B+5GzUEC:pXX3sjQm+UmEi+izM+NXzRcs2AeA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744344947", "to_ids": false, "type": "size-in-bytes", "uuid": "a25c2adf-2670-4740-91b7-0e5e94a2bd8f", "value": "229888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744344947", "to_ids": true, "type": "vhash", "uuid": "71e75d6a-7bb6-4cd6-92bc-7e3000b4717c", "value": "125076655d155515155033z12z54bz1rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744344947", "to_ids": true, "type": "filename", "uuid": "3b64a526-07c5-41a8-bacf-f97a06c070ac", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744344947", "to_ids": false, "type": "text", "uuid": "daecf7c1-77d3-421e-8301-accfc071b33e", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:42/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "e1ca1eeb-9c7c-4d66-afca-99788a83a8f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "d185a544-0c0d-431a-a069-1800578cfa66", "value": "3fecff305be731c8e4a82ee427a244e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345010", "to_ids": true, "type": "sha1", "uuid": "ad50f1e6-f5de-412d-9cfe-07c9e8eaa985", "value": "e1d76afc9fb6acf10757de7fb6b76e26a54c89ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345010", "to_ids": true, "type": "sha256", "uuid": "19f5614a-924c-4342-9427-a9f117d8c903", "value": "7654e7f7076f07e76ae478c1df65f1711918ad4f36c45f520cc46cdcb1128cc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345010", "to_ids": true, "type": "ssdeep", "uuid": "31b4e63b-0780-47df-bdae-ef82565dbf18", "value": "3072:tVsKas8DaZP+izVCsUZjkuoav+z4pXCzoY46esDUsjz8n5FJJa:3aBuZ+izVCsZ8+zNoh3/nJE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345010", "to_ids": false, "type": "size-in-bytes", "uuid": "ea229987-6cf2-4814-a6d9-f51038ea3434", "value": "191488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345010", "to_ids": true, "type": "vhash", "uuid": "3344a12e-3bb1-468d-9015-5159d07d92a8", "value": "115086655d15551515555033z12z56hz13z1dz74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345010", "to_ids": true, "type": "filename", "uuid": "40c4bcd2-958a-44eb-b24c-bbefaa4795f0", "value": "7654e7f7076f07e76ae478c1df65f1711918ad4f36c45f520cc46cdcb1128cc2.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345010", "to_ids": false, "type": "text", "uuid": "dafb3de6-f798-4d89-aa6e-3ce2a74e55ef", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:49/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351778", "uuid": "0fd952e2-e04e-421e-bec1-9e4a85d52f27", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351778", "to_ids": true, "type": "md5", "uuid": "7943e239-d13e-4c99-b621-d9c1943311c5", "value": "27d878799cd23d43e93f44d4a2ce6792", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345157", "to_ids": true, "type": "sha1", "uuid": "5cdfedf0-20bf-4ea7-a3ac-a541cf47b3fe", "value": "fe0a1d50213e0187f7468200a7b3afb25579175a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345157", "to_ids": true, "type": "sha256", "uuid": "e763bece-70cd-408b-bc07-391eacfc0431", "value": "8b0023248bc037631b26694f34d7bc8163e2d5f5919fe61f3dbc1354f87d6792", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345157", "to_ids": true, "type": "ssdeep", "uuid": "370ed28c-4e1d-4c26-942a-3a05dcb5cba4", "value": "3072:T9gqc1ZpKcBWd5CTusrZrMJAnyeAmIPMTdn:y1W2Tj1eeAmgMT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345157", "to_ids": false, "type": "size-in-bytes", "uuid": "e44d298b-c708-4b7f-bc70-2dbdd8d659d7", "value": "133632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345157", "to_ids": true, "type": "vhash", "uuid": "0114bc2e-cb84-4bbf-8d9a-d6a805b75ae5", "value": "1150c76d1515551c051d1az32=z17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345157", "to_ids": true, "type": "filename", "uuid": "5520b6d5-6181-4623-afb8-de99a727eadf", "value": "msedge.dll" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345157", "to_ids": false, "type": "text", "uuid": "4d56277f-b011-4c23-b9a7-b4880ac65a3f", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/CobaltStrike.QG!MTB\nVT Total Detection:44/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351812", "uuid": "3e1ae524-e132-45d5-acde-79243adf634a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351812", "to_ids": true, "type": "md5", "uuid": "08aedb67-3871-4668-8a94-a10203e43792", "value": "61d72565e936eb04b734914e26223865", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345179", "to_ids": true, "type": "sha1", "uuid": "7be74e83-d96d-4ebc-ab3e-fe5046f57b12", "value": "2dfd63fa098d701ac36b068a967b2fd967fe9183", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345179", "to_ids": true, "type": "sha256", "uuid": "3dfcfb2d-61a8-4ec5-9e54-fcb5ad538fd1", "value": "8c89362d4bed8bd2f0fbffc450bca4e7666fc7a3e88ec56a5dd149593fd697ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345178", "to_ids": true, "type": "ssdeep", "uuid": "dc711bf7-94f6-45c1-a6ae-0d7cfb8a3bf4", "value": "3072:5E3qPxraxLlySXLO5yI2REjbztiEjksQMCMyfURVOFbJ9j9QHmGV5TU:TuxLlyS7XtREjbzEE4Y5wj9QGK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345178", "to_ids": false, "type": "size-in-bytes", "uuid": "77e37bf0-5fbb-4f0b-b280-6b8d648bbc8f", "value": "233984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345178", "to_ids": true, "type": "vhash", "uuid": "b0183608-3629-448c-a5af-af196baca458", "value": "125086655d15551515555093z12z56bz15z1hz74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345178", "to_ids": true, "type": "filename", "uuid": "3d598903-3f0f-47cd-9c02-c826e02f48b2", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345178", "to_ids": false, "type": "text", "uuid": "08a875e6-8621-4eb0-8e27-7d3d52bce295", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:45/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351854", "uuid": "e15b63d1-d1fa-4c54-8184-44ef5edcc652", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351854", "to_ids": true, "type": "md5", "uuid": "e5826fbe-566a-4d37-a5dc-58c879e44e54", "value": "6e1fd4b0bd83c99ddba761b9d9ba2891", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345263", "to_ids": true, "type": "sha1", "uuid": "0d9143b3-d8f6-4e10-814f-6a3f3ccb1c5c", "value": "d2fe52707d3656b9f42f0677ef019399cf05c14b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345263", "to_ids": true, "type": "sha256", "uuid": "602383f3-9ec6-4d61-a04f-9403d4276f66", "value": "9d9f40c6c2dc14118452f7f1b56346e60a8681fb83300e4292576e635b37f9c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345262", "to_ids": true, "type": "ssdeep", "uuid": "0b5c54f2-2d2c-49f0-9d53-6ac3a56cc89f", "value": "6144:9BdtJYPk8bAJK5ywwAhqgV55Yeu3D7ARuOLJK/BuYuhtXrrWFxSohuaYXM:l+wwNqgxs3iRdon" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345262", "to_ids": false, "type": "size-in-bytes", "uuid": "f8c8bd46-55a1-4729-931b-8bbdbe0993c4", "value": "384512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345262", "to_ids": true, "type": "vhash", "uuid": "aa4796cd-ba41-436e-a832-8de4b23f032a", "value": "135086655d1555151555514z12z73bz13z1011z75z45z74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345262", "to_ids": true, "type": "filename", "uuid": "254171ac-76de-42d7-b3d0-45ca1fa0d254", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345262", "to_ids": false, "type": "text", "uuid": "2f293bdd-6710-4c43-b37d-7ee6df4553cd", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:48/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351876", "uuid": "52ce8d2f-5e6d-48fe-9fff-9ff7518cbe7f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351876", "to_ids": true, "type": "md5", "uuid": "0b8e836d-9798-4dcc-b06f-19efc72a2615", "value": "ce3078820889e28e497b43c6f6103689", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345305", "to_ids": true, "type": "sha1", "uuid": "4a045366-d2d8-4f92-8525-698aa881171a", "value": "2bff571d14d79b388a110a87f5e13899ef86818e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345305", "to_ids": true, "type": "sha256", "uuid": "aeee59cb-db88-483e-8545-7723d64049d6", "value": "a042157e7460f6c28c984a1c1f3803521a556c67e26411854e497685ef436325", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345305", "to_ids": true, "type": "ssdeep", "uuid": "30f363ab-3d47-44f6-89ca-202779619f13", "value": "6144:ogQjbvJZTXY4LGheceD56AhLLL8wU/WEnijUa5Sy1gxiUeohjPFS9xeq+OQ4Be:evJxvL+ilAwU/t4eeou+R4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345305", "to_ids": false, "type": "size-in-bytes", "uuid": "77b17149-da48-407d-a52d-4d8f8578c69b", "value": "356864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345305", "to_ids": true, "type": "vhash", "uuid": "6757f009-47fe-4e54-912a-713db961e6d4", "value": "135086655d155515155550d3z12z6abz13z1011z55z35z74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345305", "to_ids": true, "type": "filename", "uuid": "72e780ee-4a0a-4635-b048-78027f770285", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345305", "to_ids": false, "type": "text", "uuid": "75bd5a19-7151-4dd9-b114-93d08977818b", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:40/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351898", "uuid": "c33bea70-f645-4f60-80fe-431a3ecbb7cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351898", "to_ids": true, "type": "md5", "uuid": "b29b3773-dc63-4e7b-a170-f05c5d2cb39b", "value": "63032105c83f2b904aba1926a05c7353", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345369", "to_ids": true, "type": "sha1", "uuid": "ab1c7736-1558-4476-9bb9-00d8a6c8ebe8", "value": "f7827159fa54b1d79eaf48cfbbe1daab306ad9e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345369", "to_ids": true, "type": "sha256", "uuid": "54fb96c1-a68d-44f1-8b32-eabd8f8b452a", "value": "a845cb84ea11f0fa7a982407705e892f58d7cb407eadc5329416464cccdd6a23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345368", "to_ids": true, "type": "ssdeep", "uuid": "328d7fd8-ffaa-446c-a0b9-d008844591bc", "value": "12288:cKDJVHNeWIF/8L1g+wr0OUyI8CkGC48G8VYKXNhLRavGLOsNeA1AWC2FomYCbn9q:rIsshFEcv3R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345368", "to_ids": false, "type": "size-in-bytes", "uuid": "f73025c3-e4e5-4878-a886-0f48aed51cd2", "value": "396288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345368", "to_ids": true, "type": "vhash", "uuid": "32490440-801d-444f-a857-9fd27d826b41", "value": "135086655d15551515555093z12z6cbz15z11z4dz74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345368", "to_ids": true, "type": "filename", "uuid": "255b5285-9ba2-4b97-83f9-a46884e891e4", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345368", "to_ids": false, "type": "text", "uuid": "1285f555-6f6a-4cb0-9651-e7328e8b720f", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:41/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744351920", "uuid": "91e5d34c-fdba-45b0-9627-ff3b4970f7e5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744351920", "to_ids": true, "type": "md5", "uuid": "bf568045-4ef1-4fdc-ac8e-25a1371e78a6", "value": "d65a43c6c6ae3281ea8ff301743d7251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345453", "to_ids": true, "type": "sha1", "uuid": "d594ffc8-5c60-4b9d-a2d5-275e718035f8", "value": "328a8933493f4c4c4445a7db2b2e0c1de6d49243", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345454", "to_ids": true, "type": "sha256", "uuid": "5072bbc6-1973-4f4e-b9ae-e832d9c3bb50", "value": "afd83d598843f93f7cad02bbe8467da2f257b5344600090034bb795844f05bdc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345453", "to_ids": true, "type": "ssdeep", "uuid": "5e006692-f4e2-4ee6-9b63-41b0913ce4f5", "value": "3072:KQyyOl/z8a6udBVJEDj2gFcGxZJeZh7fSJz5VonSQPzMxPj13zZGKAW:Hyym1LnEDj2g6GfUxYkB4j13NjAW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345453", "to_ids": false, "type": "size-in-bytes", "uuid": "5d0e9d81-60bd-43ae-b8f4-5b855d748cec", "value": "233472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345453", "to_ids": true, "type": "vhash", "uuid": "44cb49c5-85e3-4b4d-9b9d-2f588767a395", "value": "125076655d155515155093z12z54bz1rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345453", "to_ids": true, "type": "filename", "uuid": "82af6a9d-5d71-4f7b-a2b9-feac470e1ff0", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345453", "to_ids": false, "type": "text", "uuid": "df064850-d8bd-453c-994b-f23b96168d17", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:44/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "74ad4a44-eaa5-4108-8d29-c7a097748997", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "a6e64a54-48e9-4fc2-b84d-fe22c02f6794", "value": "d0394b2f7ae865397f3ce73d8b60db23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345517", "to_ids": true, "type": "sha1", "uuid": "c61b1d78-75a5-4626-ab14-cdd5a37047ca", "value": "bd12b5d0d75bfb96b32adc00ea96e0fd13953a57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345517", "to_ids": true, "type": "sha256", "uuid": "3da3e71b-ec0c-4e73-bb96-22a6d887d85c", "value": "b8accaa144c035c670fb3c2bf580d2fb64ab562c89835f7e30b044a8711cb5e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345516", "to_ids": true, "type": "ssdeep", "uuid": "710c228f-dfa4-43b5-a389-0a817295a8b1", "value": "12288:DXt2iMSyGMFQQHFsOzSi+E8QyuWt4suSV8PX/Ymxa3K6OZHjK+d5jPRyxdz+jhTS:mNnVfK+NFcRJzXjf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345516", "to_ids": false, "type": "size-in-bytes", "uuid": "4a878287-86ae-4a0e-a13e-0a2437366ff5", "value": "408576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345516", "to_ids": true, "type": "vhash", "uuid": "4371aedf-8d12-49f7-94e9-824d9f25f6ee", "value": "145076655d155515555053z12z6c7z2045z2011z4ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345516", "to_ids": true, "type": "filename", "uuid": "ba32d6bf-afe1-469e-aaa2-ef7426fdb379", "value": "INSTALL.X64_DLL" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345516", "to_ids": false, "type": "text", "uuid": "cb61066d-5fce-4e02-8328-665bf9aba77c", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:41/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "bbbfaaec-bfff-445c-83c7-479d0f6c14cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "eabffaa5-af6d-440d-8f98-39b9f733fd93", "value": "7e18911b416a928fe64574468c5dee98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345664", "to_ids": true, "type": "sha1", "uuid": "e11d0afe-2d99-4c10-9c34-c038a90fa768", "value": "823479881a1948c5c5e02ab029aa3d874bf0c53a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345664", "to_ids": true, "type": "sha256", "uuid": "0ab81582-3513-4b14-8f3e-0895e65e9690", "value": "c0d1deb30fd3507455dae99aabf1cc23638b2bcf1908099e08081ee2691a24b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345663", "to_ids": true, "type": "ssdeep", "uuid": "1f0080aa-5628-4feb-badb-2610aed89278", "value": "6144:Wb8ybPxTD8LhnGL50WtZ6bthNaMr+dchGceGDByiafof+9oiXohyDc0:WHbPpWGTSpLG+gol" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345663", "to_ids": false, "type": "size-in-bytes", "uuid": "7f2aa480-fb1a-4f21-b598-4b60c9bf9c72", "value": "391680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345663", "to_ids": true, "type": "vhash", "uuid": "31e1d4e1-b110-4082-8d93-39f7362e55f5", "value": "135086655d155515155550d3z12z7bbz13z1011za5z25z74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345663", "to_ids": true, "type": "filename", "uuid": "3120d347-be5d-47c9-87e6-e67c7c0de4ec", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345663", "to_ids": false, "type": "text", "uuid": "df05341b-a3a0-4c06-9d02-a495103eb117", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/CryptInject!MSR\nVT Total Detection:48/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744352006", "uuid": "8c1adcad-1a57-4f2b-895a-62c3cc9ab682", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744352006", "to_ids": true, "type": "md5", "uuid": "b782a181-d5c4-4f9d-8e28-852feb32d913", "value": "ef2016bd438ad1026733ad00e047c385", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345685", "to_ids": true, "type": "sha1", "uuid": "32e8c9b1-62ef-49d6-8a82-524524faf63e", "value": "8e0b5c3dc69dc046df74cf825131686a7a0cf5e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345685", "to_ids": true, "type": "sha256", "uuid": "38422fab-1474-48e9-bea3-53ffb4a0eb59", "value": "c56c88ce8e45a9caa043f1f4831442f09bae6f1a083910f772afc1e27be3b606", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345684", "to_ids": true, "type": "ssdeep", "uuid": "4ea632a9-b1cc-4823-b5ec-dbaaf0c31179", "value": "6144:AK0593iY9PswEVHQ295MrHTauyLhN4rPsfN2NC0/SBKuNMz/0C0QlWbEg650O4hu:u1dswiR95MrHTau4qEgUUaKo5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345684", "to_ids": false, "type": "size-in-bytes", "uuid": "b5130692-8879-479c-96c3-4fa7375ba433", "value": "392704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345684", "to_ids": true, "type": "vhash", "uuid": "179c1765-fb9e-4d4d-a5c2-e6129c8509d4", "value": "135086655d1555151555514z12z79bz13z1011z95z45z74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345684", "to_ids": true, "type": "filename", "uuid": "5ebeaf41-541c-4feb-abdc-3009c4fa0887", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345684", "to_ids": false, "type": "text", "uuid": "4c573910-5c42-488b-bfd4-3a966ec981dd", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:47/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "0be333fb-d280-4c1e-aa40-bb3404661e04", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "1fb546f9-4f83-445c-91b0-d05f18b2c5c0", "value": "7a7bc7b5187d3b0f05986567027d29b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345727", "to_ids": true, "type": "sha1", "uuid": "415acc9d-beab-4cfb-a1a8-01b145a32849", "value": "a15e23fb27b91649f7e9346389eb189564ecfd2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345727", "to_ids": true, "type": "sha256", "uuid": "59886371-6bb6-4449-86df-73684b824e83", "value": "cd385806117ebe1504af4669671b4c0a252faec873e1402aaebeb413fdd58556", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345727", "to_ids": true, "type": "ssdeep", "uuid": "ccf7a8cf-2d7f-4e82-9e4f-80bc975a8fe7", "value": "3072:AAnlahRQyZ+3HrhUebx6EHSGsdtVsFM5OwYc71V9HFxXF1DwGO:1yZ+btQEHSGQtqupvxT8T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345727", "to_ids": false, "type": "size-in-bytes", "uuid": "6e712e5a-5f8b-4a17-815f-fd997a98f372", "value": "217600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345727", "to_ids": true, "type": "vhash", "uuid": "71ed1ac3-f29c-412c-8e3d-7c09bd1f835e", "value": "125076655d155515155038z54bz1rz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345727", "to_ids": true, "type": "filename", "uuid": "31afa481-ee1a-447b-82af-090c00c28b8d", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345727", "to_ids": false, "type": "text", "uuid": "291cf999-eb02-442b-918b-1b45e562907b", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:44/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744352069", "uuid": "edabe866-181b-4793-b5bd-745d1be702c0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744352069", "to_ids": true, "type": "md5", "uuid": "48070100-479b-4966-867f-5e737c015987", "value": "9e3f14717e8dcf9745c3083d1ac3952d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345749", "to_ids": true, "type": "sha1", "uuid": "eeb5f531-f6af-4cc2-9410-6423eeb46a2f", "value": "fc7556580c40e0c5b71563e6c679b449ed5ce15a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345749", "to_ids": true, "type": "sha256", "uuid": "9cc3be96-5837-40eb-a99f-714249119503", "value": "d31eb16688d1b36652e87d43ad5755d139eedd74b500ddcee97a5545d8d1fe7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345748", "to_ids": true, "type": "ssdeep", "uuid": "b77b00dc-6e4b-46b0-909c-253d9e389ecc", "value": "3072:t3Mgg2XnWGgM0Zj4rfQU8LqmQdkJE78UXpNYEzVB2NICgx1zBCnX3B9CUn+v6WhF:RjsUA9iQ6pNYEzVB22FEX3KDVnoxJz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345748", "to_ids": false, "type": "size-in-bytes", "uuid": "d4e16482-efbb-4edd-b5df-490e86137b9e", "value": "233984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345748", "to_ids": true, "type": "vhash", "uuid": "08f4f76c-d83d-482e-939f-2cd612d7be22", "value": "125076655d155515155093z12z57bz15z11z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345748", "to_ids": true, "type": "filename", "uuid": "5fd995b0-ab0d-4a2f-9417-e90e1a87a7ea", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345748", "to_ids": false, "type": "text", "uuid": "b1fff412-6e8b-4bff-8a05-75f28b6c8835", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:41/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744352097", "uuid": "ba5123bc-a048-4dfb-9786-cd0bad99a2b5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744352097", "to_ids": true, "type": "md5", "uuid": "591f7f37-07d1-47fa-9f66-aea1ee29d354", "value": "3f73109e24a3d8fbebb8be5b4eafc2c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345812", "to_ids": true, "type": "sha1", "uuid": "56e03282-4383-45e1-b9d7-168f66d11bc6", "value": "680982896e563b72a4db52544f1cceb642a17ca4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345812", "to_ids": true, "type": "sha256", "uuid": "bd3bf74b-d307-42fe-9a5b-3718604c0144", "value": "d83a837910305567acfd49d2d416fc4b113f080e31730c9b0abefa4b01192a40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345812", "to_ids": true, "type": "ssdeep", "uuid": "6443d3e5-c7a0-48b9-a037-f8362b23f0cd", "value": "12288:AHEX/fjX5uDkOoQcKBW8DGVNQ2adjgVwxzuqFW5o5uRI6cwykQZhCxqnXYmO2gCw:AVgmx3Vz43B+Jy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345812", "to_ids": false, "type": "size-in-bytes", "uuid": "321c45e7-234c-4042-bfe9-351e630a264c", "value": "398848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345812", "to_ids": true, "type": "vhash", "uuid": "28365265-0f89-4ab2-ac48-55b571ee8b42", "value": "135086655d15551515555093z12z6cbz15z11z4dz74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345812", "to_ids": true, "type": "filename", "uuid": "b778be1a-e761-41ea-8d69-d27ea1bdedb5", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345812", "to_ids": false, "type": "text", "uuid": "8b3a403f-68f2-48ff-99e0-4f13c7e67031", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:38/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "8fc6f5c6-9f49-4fba-90d1-0ecef22abb74", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "da56256c-6c84-40ca-a850-15687ca31fc2", "value": "1fc97fdc9d87a4c6352d5dd1a27b2bea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345834", "to_ids": true, "type": "sha1", "uuid": "058a73eb-9fea-4be4-95c7-4984448b73d6", "value": "715dfdfa700dbeb34abcfee6944304ecb175e9c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345834", "to_ids": true, "type": "sha256", "uuid": "e67bb6fa-b38e-42bd-99de-bcf33a2a4b73", "value": "ded42e37f05950374496824ce3f4d540a45e97be35ed6d7ddcfcf12a7b2cd46f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345833", "to_ids": true, "type": "ssdeep", "uuid": "8c941fee-3b85-4ba0-8c7c-5bc4084e973f", "value": "12288:GUEX77u07IfK1WH3ezlcrgXypx32kPUtQl+IxOKB5Q0GyY6CWEZhbM0xck/JzNk3:pv6LcJRhWnyTKPwh+14b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345833", "to_ids": false, "type": "size-in-bytes", "uuid": "d3b5e06c-0ac7-4265-a4a6-49bb78923444", "value": "568320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345833", "to_ids": true, "type": "vhash", "uuid": "6dc5323e-d9c1-4655-9342-370b10939b2b", "value": "155066655d1555155093z12z85jz11z3ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345833", "to_ids": true, "type": "filename", "uuid": "d8f0518d-ab48-47ef-824a-ef69289f41f7", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345833", "to_ids": false, "type": "text", "uuid": "69bb61eb-1b12-4da7-a835-e7fc9a22aa81", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:33/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "23d21699-86cf-4b0a-a97d-c6b09c78d660", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "83efae44-ecf1-46f2-888e-e26438795302", "value": "1cffc6f22f9837062f499570bcc393d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345876", "to_ids": true, "type": "sha1", "uuid": "58bdac08-7e51-4dc1-8f2f-a1a05e788059", "value": "9694f7a95431f8ab6765dcc1dcc950b8e33e9b37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345876", "to_ids": true, "type": "sha256", "uuid": "89f14a68-d2cb-4961-8147-53397c884e31", "value": "e03062caa13400df3d60efb1aa2b0f19dcf65fefc38d4bc9931c0918b5dc4865", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345876", "to_ids": true, "type": "ssdeep", "uuid": "af79c193-db37-4e3a-bc58-9cb6512797e5", "value": "3072:tVsKas8DaZP+izVCsUZjkuoav+z4pXCzoY46esDUsjzAn5FJJa:3aBuZ+izVCsZ8+zNoh3rnJE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345876", "to_ids": false, "type": "size-in-bytes", "uuid": "78c1d358-7b02-4835-9e02-f1c1111c6ec6", "value": "191488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345876", "to_ids": true, "type": "vhash", "uuid": "7b4fdfe7-8754-473c-9a14-3d5604a43a85", "value": "115086655d15551515555033z12z56hz13z1dz74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345876", "to_ids": true, "type": "filename", "uuid": "05866729-a9fa-4870-a33e-84fad958a342", "value": "userenv.dll.bin" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345876", "to_ids": false, "type": "text", "uuid": "bfb0b928-2baf-4f16-bb97-0bae0db10eee", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/CryptInject!MSR\nVT Total Detection:48/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981659", "uuid": "7cfaee94-afce-4cea-b1ad-222168a10119", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981659", "to_ids": true, "type": "md5", "uuid": "d9dd1c6c-838c-431c-b6f2-6217528fde6d", "value": "e849bf3328b1a0a7834d420cb5d79df7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744345940", "to_ids": true, "type": "sha1", "uuid": "c88aaa58-b9c3-4e5e-a69e-e5032dcf83fe", "value": "14447ceec0029361d2066adea6b8f85d0acf1500", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744345940", "to_ids": true, "type": "sha256", "uuid": "186f1a1a-7d44-4321-9618-c541a4e2270e", "value": "e6141757775ce9747b12f21cc7f8411e5ab4916649f38738f4e93b2ca7cc274a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744345939", "to_ids": true, "type": "ssdeep", "uuid": "753909ab-d6f2-40ce-95d3-43b6a6ab7b7c", "value": "3072:LLyROF9LrOG8tr9+yoIEj7uYiEjkyXQsCMs7URV10ThRL9GtsB:fyRs9WGKrDlEj7uzE4y55ahRZs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744345939", "to_ids": false, "type": "size-in-bytes", "uuid": "3430416d-c63c-455b-9028-78eb6d3a9f93", "value": "233472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744345939", "to_ids": true, "type": "vhash", "uuid": "f8beb419-f56e-4d99-998d-fe5f875ade55", "value": "125076655d155515155093z12z56bz15z1jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744345939", "to_ids": true, "type": "filename", "uuid": "f2dcc785-cb7b-4246-92bd-9eca3af32b9a", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744345939", "to_ids": false, "type": "text", "uuid": "9cb76fd6-f3c8-4be4-89aa-60ef6ae12167", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/CryptInject!MSR\nVT Total Detection:46/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744352199", "uuid": "e124e739-b515-40ab-91bc-8bf7fd793300", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744352199", "to_ids": true, "type": "md5", "uuid": "2af69675-2863-432c-89c5-d183ee2f1fd2", "value": "0214e37107c84a580288c5ffc5706d01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744346003", "to_ids": true, "type": "sha1", "uuid": "d3fcd189-cdf4-4b8c-a58d-bfff38ddbdc1", "value": "f775742c7141758863ef025a95f87a06f7655ed7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744346003", "to_ids": true, "type": "sha256", "uuid": "68532188-bee3-4168-9be5-64fb5ca38492", "value": "f92493bf2b46873feee38ea2dac69ff830637983d569b64ee87e75f7fe08de88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744346002", "to_ids": true, "type": "ssdeep", "uuid": "71e5c62d-e96a-4ccc-8e52-df398d4cb13a", "value": "3072:FHzlFJzFSqE+tTmUk0ISY/EjrOBkEDk8Q8CM2AURVZW88oI6Fd/50GK:dVEqE+tTnkGaEjrOSE44ZlH6F9u3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744346002", "to_ids": false, "type": "size-in-bytes", "uuid": "c53fbb67-7dff-41f6-91a2-1a91a3da47df", "value": "238080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744346002", "to_ids": true, "type": "vhash", "uuid": "aaf71eff-2a04-4ca8-917e-301e67cb6f89", "value": "125076655d155515155093z12z56bz15z1jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744346002", "to_ids": true, "type": "filename", "uuid": "60488509-c889-4df5-9623-4e88902e3576", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744346002", "to_ids": false, "type": "text", "uuid": "1d6a155f-a582-40cc-9860-5283f3d49186", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:44/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1744352232", "uuid": "19422fc5-017f-4338-b5f8-ccff3e871b79", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1744352232", "to_ids": true, "type": "md5", "uuid": "93c198ae-6ba8-4cfb-aace-48e3a7132241", "value": "f3f02c5adea6974c421080c19d0bf34f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1744346024", "to_ids": true, "type": "sha1", "uuid": "2ac1ace7-3705-424d-a934-fc62cd89e233", "value": "fe345417bb4ed2d60fd906f2c499503b81dcbded", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1744346024", "to_ids": true, "type": "sha256", "uuid": "daea9a86-29a7-4a7b-be99-6b7976d4fb93", "value": "fd1720b11ddd7ae226889deca9a6532df676a4991f0209c0a3d6d7be52276dcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1744346024", "to_ids": true, "type": "ssdeep", "uuid": "81efecd4-81a1-440e-93e4-ff7024c978b2", "value": "6144:HRsjjNZIMQdjynhhn9YmgmrnVz9rxj8jelN0hXSBsxKohRoO9YYq:i8L4Lyml7ZrPo/J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1744346024", "to_ids": false, "type": "size-in-bytes", "uuid": "966023de-dce3-4742-a5ef-9e3c2d67bd27", "value": "360960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1744346024", "to_ids": true, "type": "vhash", "uuid": "18fcff18-ab31-48e3-9c7c-3ae03343b6cb", "value": "135086655d155515155550d3z12z6dbz13z1011z55z35z74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1744346024", "to_ids": true, "type": "filename", "uuid": "24faf08a-c55b-46cf-a4bb-ea4a11a1728a", "value": "LoadFile.exe" }, { "category": "Other", "comment": "Checked: 11/04/2025\nLast-scan\t: 10/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1744346024", "to_ids": false, "type": "text", "uuid": "e63435d6-ebf0-4bba-b1a5-0c83e2ee8d90", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:41/72" } ] } ] } }