{ "Event": { "analysis": "2", "date": "2018-11-01", "extends_uuid": "", "info": "[Threat Intel] CTA Adversary Playbook: Goblin Panda", "protected": false, "publish_timestamp": "1780039859", "published": true, "threat_level_id": "1", "timestamp": "1772901984", "uuid": "de905993-7d1e-4bcc-b942-50f6be6f0027", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Fortinet\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"GOBLIN PANDA\"", "relationship_type": "" }, { "colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NewCore RAT\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740406931", "to_ids": false, "type": "link", "uuid": "cf9a73ad-9582-40db-b582-4b9520f48fc8", "value": "https://www.fortinet.com/blog/threat-research/cta-security-playbook--goblin-panda" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746571885", "to_ids": false, "type": "vulnerability", "uuid": "ce9e679f-a533-485a-812a-e379b17c2eb9", "value": "CVE-2012-0158" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746571885", "to_ids": false, "type": "vulnerability", "uuid": "b2279c0a-11e0-4c02-b9a7-0e8c5044f964", "value": "CVE-2017-11882" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813242", "uuid": "5da61e42-c440-4c91-b8e5-68fca60c86e0", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813242", "to_ids": true, "type": "md5", "uuid": "1341735a-ae87-42ca-8a8e-2b78670a1a47", "value": "10fa0058d6bdb26ae3e7880a9f6f1c87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542301", "to_ids": true, "type": "sha1", "uuid": "857b13d6-5ffb-4995-8409-f46941fb5621", "value": "29744afe889e3563b3c904ab59da954c12e8b352", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542301", "to_ids": true, "type": "sha256", "uuid": "e69367eb-e87f-4db6-9688-84fd857956ac", "value": "1d8ad2bf967aff93c713a729d5e9447700a236bde1af616bbe6f51e21bdad8c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542300", "to_ids": true, "type": "ssdeep", "uuid": "44b2d8b8-61da-4b83-a640-0aab33c9f915", "value": "1536:0mzrayLgKh8/HIYNcn0HUprPyzVmgCAnU:0wkKh8/HIYNc0wTyzV9CAU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542300", "to_ids": false, "type": "size-in-bytes", "uuid": "3e948d45-c67b-410c-ba5e-bb07d2f7a748", "value": "65536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542300", "to_ids": true, "type": "vhash", "uuid": "9ad7ddf8-31ec-4f3e-97af-31bdd8e0c890", "value": "164056555d05555az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542300", "to_ids": true, "type": "filename", "uuid": "e59fe7f5-0e12-4ad4-9582-d31498628a7b", "value": "gyoEMrZ3.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542300", "to_ids": false, "type": "text", "uuid": "879b4c11-fd13-4f18-b319-5ea8c53b8de9", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:62/68\nFirst Submission:2018-09-20T00:42:04.000000+00:00\nLast Submission:2018-09-20T00:42:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813266", "uuid": "c922b1cb-22ab-4702-af5c-a25c12869b1b", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813266", "to_ids": true, "type": "md5", "uuid": "b2871c3b-c712-40c0-a2ee-0f6b10de9dc1", "value": "8f3b0daeaa04150b76ca9a3ddca7889c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542322", "to_ids": true, "type": "sha1", "uuid": "d6952330-2860-4c3b-80d2-429dbc4fbc69", "value": "b1b78c1c09e1435e6fbc44c159759a8d3260e4d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542323", "to_ids": true, "type": "sha256", "uuid": "0a8955ba-3617-4347-a3a3-9d70047da116", "value": "3720c608b82dc52f2f6099bd0d6b30701c8689f5ae6e8249f7a04964b2970ec4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542322", "to_ids": true, "type": "ssdeep", "uuid": "e413a8b2-8e4a-4664-810c-3ca133640b3f", "value": "768:tojY9PK0amUkTe2uVf8VPZUpRwqK4RPRDUcojyH6ojY9PKOLoT:Ymva9iexVfevirojyHDmiOA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542322", "to_ids": false, "type": "size-in-bytes", "uuid": "68459185-8200-40b3-ae47-819b9810f2b1", "value": "49152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542322", "to_ids": true, "type": "vhash", "uuid": "101f7933-7e8d-4ea5-97e0-027959f3d123", "value": "144056555d05555az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542322", "to_ids": true, "type": "filename", "uuid": "c8186ccc-2832-4067-844f-2f1077551257", "value": "mIjtShXW.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542322", "to_ids": false, "type": "text", "uuid": "827955eb-c815-4c96-9961-5027224bb91c", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:63/68\nFirst Submission:2018-09-20T00:34:23.000000+00:00\nLast Submission:2018-09-20T00:34:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813288", "uuid": "abc9680e-81e3-432a-9fcd-298cf833bdca", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813288", "to_ids": true, "type": "md5", "uuid": "1cca09b8-0cc6-4541-af83-e04f2c14ddc7", "value": "f1b352680bda1c2c7e04f4ae94f56a46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542344", "to_ids": true, "type": "sha1", "uuid": "dca4f444-7bd9-40be-981c-5e8c33e29fbc", "value": "0d8143ac1dae4ee052307b28c5df64424ccb06d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542344", "to_ids": true, "type": "sha256", "uuid": "3e5ba6fd-5f47-4dfa-8c01-38026139aa0f", "value": "59462ce5c9fccf55efade4784d9ef995905260df1c649894c5500702f46ea4f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542343", "to_ids": true, "type": "ssdeep", "uuid": "f7185fff-a676-4a09-bc67-c7f17daa337c", "value": "768:BXnD6ritImlxotEtfrSL9wT+V4Zb5D6oeTRrcfQoJKpGr:BXD6u6mP3Rupwk4xZfATNpG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542343", "to_ids": false, "type": "size-in-bytes", "uuid": "9745446e-229e-477f-b533-e2d31e09a71b", "value": "73728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542343", "to_ids": true, "type": "vhash", "uuid": "0d8aa869-60cc-4d04-b140-c43c26b34197", "value": "174056651d15051165zc002d16fz3011zc1za1zb6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542343", "to_ids": true, "type": "filename", "uuid": "cae2a309-c59d-48ee-9cac-8e61de7add18", "value": "dTZ44wzO.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542343", "to_ids": false, "type": "text", "uuid": "3297c218-92ec-4066-a34b-c7029c8996e4", "value": "NewCoreRat\r\nType Description: Win32 DLL\nNoneMicrosoft: None\nVT Total Detection:41/67\nFirst Submission:2018-07-28T12:50:22.000000+00:00\nLast Submission:2018-07-28T12:50:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813309", "uuid": "566b41e3-5d2d-436d-8af9-dc0d5ca497d1", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813309", "to_ids": true, "type": "md5", "uuid": "7fa9f11c-7ae6-431f-bbdf-d7bb1e86b2b7", "value": "5fd6b30d0e9d0bf6c388f8c8cbf9823e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542366", "to_ids": true, "type": "sha1", "uuid": "a88ddac5-95cf-4f1f-b458-02d2025052d5", "value": "1da1712d28539f32046438cb0bf1d9b7ff87bef6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542366", "to_ids": true, "type": "sha256", "uuid": "05035532-a07f-4009-8920-d64313c64b3c", "value": "8930c8ca404ffbfe969c0d8efd6d2fce352e584a78bf11fb80ed3a0d35c06eeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542365", "to_ids": true, "type": "ssdeep", "uuid": "49431c90-c90f-4a1c-88f4-e11393257d82", "value": "768:OmA//2hQMYRSuJni8PR4wW9fT/npogyGzH8oZh3gUIZsHZH3nQl2Oz1dxWha5U:OF32hQfA2iJT/npo1nW34Z2gL1Gf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542365", "to_ids": false, "type": "size-in-bytes", "uuid": "8093cf4c-f158-4ff4-b961-8ad1aa573b08", "value": "53760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542365", "to_ids": true, "type": "vhash", "uuid": "b7ba9832-e726-4285-8538-e6d6189bcfbe", "value": "15407d7d1d7d0d7d6d0015z11z3015z17z1011z11z1az4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542365", "to_ids": true, "type": "filename", "uuid": "57f134a6-e1cc-4e06-8b1a-d49144ec439a", "value": "VirusShare_5fd6b30d0e9d0bf6c388f8c8cbf9823e" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 25/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542365", "to_ids": false, "type": "text", "uuid": "f5c076a4-929c-462c-a47b-b0af3f84b1f4", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/DSSDetection\nVT Total Detection:54/73\nFirst Submission:2008-02-16T18:15:42.000000+00:00\nLast Submission:2020-05-12T03:54:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813330", "uuid": "ae81becb-d302-446c-946d-b958c1d29956", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813330", "to_ids": true, "type": "md5", "uuid": "ae272e7b-682e-4b75-9a17-2f2b17b19102", "value": "38b37cd02c736bb7b9a3fa77bb4095ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542388", "to_ids": true, "type": "sha1", "uuid": "ffdc9ae4-1619-46a4-bd8c-f54bc8f01b1d", "value": "af5f6b2acecb154af29078e81d56d28a2f1a84ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542388", "to_ids": true, "type": "sha256", "uuid": "73af8510-291d-46f8-a2c0-da9f9ea43e98", "value": "8a14b3a3d9da0ea72e40c48ac6fd29bf1c3427917d8ceeb0b81ff7aa1924f68b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542387", "to_ids": true, "type": "ssdeep", "uuid": "d03dea2f-0ff6-493d-97b7-66ab401b9a59", "value": "1536:omPJdMmJyDl+tOZloWyHjmgXkWgTa+RWVimWiWhq6:oqJuIyDvZFyHj9XVgVM1W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542387", "to_ids": false, "type": "size-in-bytes", "uuid": "b55e3a84-9804-4d24-9b27-a8c821a2a175", "value": "74752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542387", "to_ids": true, "type": "vhash", "uuid": "711b93cc-b890-4bff-b06e-9496a14ae872", "value": "174056555d05755az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542387", "to_ids": true, "type": "filename", "uuid": "f116fc2b-ae5b-439e-848c-0a14eec1242d", "value": "8PDN8RPE.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542387", "to_ids": false, "type": "text", "uuid": "b249e8b7-8f09-4f9a-b1ca-21c4dc06674b", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:64/68\nFirst Submission:2018-09-20T00:20:10.000000+00:00\nLast Submission:2018-09-20T00:20:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813351", "uuid": "213b9698-cd5f-499a-b06b-b380d11e6e1c", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813351", "to_ids": true, "type": "md5", "uuid": "617b423b-017e-4579-b914-626272d0950c", "value": "2e99cdf7829a5714bd76d8c793039ec6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542409", "to_ids": true, "type": "sha1", "uuid": "75a2f74b-b991-4404-8d94-b7a5b5cb98b0", "value": "9b69524ebf4ee4f6106ab6508071b8287fcdee36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542409", "to_ids": true, "type": "sha256", "uuid": "c36af211-a2af-408f-86b6-0c415c5839a3", "value": "a8efd9835cdd2cff2cdca61039f4d62990d4109f794e25d84250a0738d5f25de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542409", "to_ids": true, "type": "ssdeep", "uuid": "02f71e22-658f-49ae-8d14-0d70e9ca8949", "value": "1536:ymZ6BS7LL15do9yHSm4KDsP6J8yXrB5eklHcB:y/Bon15WyHShpy7qkpcB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542409", "to_ids": false, "type": "size-in-bytes", "uuid": "6932abfa-6560-4605-a454-6b2222f17d4c", "value": "74240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542409", "to_ids": true, "type": "vhash", "uuid": "eadc5f07-101e-4500-973d-7981dc39e7ea", "value": "174056555d05755az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542409", "to_ids": true, "type": "filename", "uuid": "2a0985bd-879c-4df3-baa6-92e762269f36", "value": "2e99cdf7829a5714bd76d8c793039ec6.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542409", "to_ids": false, "type": "text", "uuid": "9e0078fd-02cb-41f1-9d91-46c4469452a6", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:61/67\nFirst Submission:2018-09-20T00:33:59.000000+00:00\nLast Submission:2018-09-20T00:33:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813372", "uuid": "a703fa09-f9fe-44a2-9d9b-a838f788d4d3", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813372", "to_ids": true, "type": "md5", "uuid": "96dbc28f-b082-4a53-b83c-847f17b0e01a", "value": "2e73102f59a5f319414626e6ad7df6e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542432", "to_ids": true, "type": "sha1", "uuid": "1d107e90-11d5-489a-a053-6fa4669c7ae1", "value": "5c5f996c3bc3315ce72afff3b6d0ffea99ac08df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542432", "to_ids": true, "type": "sha256", "uuid": "faeafbca-b364-462c-9388-2408f55fcfac", "value": "af1d44b272cb2650f525879e772817f5bb4bf823c36a6e1f5c842f2fcc749930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542432", "to_ids": true, "type": "ssdeep", "uuid": "3d99230f-7bfe-4f2c-a14f-e9d32bf4c1cf", "value": "768:zojY9P368uUCS77GhGLhLpms1R6o9yHHojY9PEobN:GmP6BS7LL18do9yHSmHN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542432", "to_ids": false, "type": "size-in-bytes", "uuid": "03d3a712-abc9-4216-a61e-3b4e372a33fe", "value": "49152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542432", "to_ids": true, "type": "vhash", "uuid": "6a3cb531-20a8-4a5e-8a13-c3f6217f9bbd", "value": "144056555d05655az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542432", "to_ids": true, "type": "filename", "uuid": "cd16d97d-2626-440e-a62e-f049e8ef81ae", "value": "JcYChNng.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542432", "to_ids": false, "type": "text", "uuid": "1b35bc20-eb58-4932-b2e6-dcc2b0979b76", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:63/68\nFirst Submission:2018-09-20T00:33:03.000000+00:00\nLast Submission:2018-09-20T00:33:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813393", "uuid": "ae498942-5f40-4a5c-b365-a7772ad57f7b", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813393", "to_ids": true, "type": "md5", "uuid": "846050e3-c34c-44b5-9c09-c99ed6fb1719", "value": "0662e0e6e2db47c65ff600678007312a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542454", "to_ids": true, "type": "sha1", "uuid": "014badf1-f175-477d-9409-95ef44643a55", "value": "5b2cdd395da53ff66987621386d82e22c53086af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542454", "to_ids": true, "type": "sha256", "uuid": "c9b83cd6-c37f-4064-a276-0aa823540ca8", "value": "af5301411e507dc142e671fc9a42f2fe32959add3a81fce2742dbf90536eebbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542453", "to_ids": true, "type": "ssdeep", "uuid": "60d55710-a82d-4a9b-9262-82ccb90969e0", "value": "384:jf/tiH+N07/PL0bfk3HTiKA++gRwsk4ioMBlTCCQxnUBSgNScQ17EcGCDf:ji/QbfgG1+kcbxUQhf11" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542453", "to_ids": false, "type": "size-in-bytes", "uuid": "202d0c9c-4f2f-4ed1-9618-d3a3e5381294", "value": "26624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542453", "to_ids": true, "type": "vhash", "uuid": "9fe7cb6f-8180-46ca-b129-37f988caf6d1", "value": "12403e0f7d1015z11z501fz1011z11z11z16z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542453", "to_ids": true, "type": "filename", "uuid": "27fbb4ea-d213-418f-a1d3-c04b5bc5d29a", "value": "VirusShare_0662e0e6e2db47c65ff600678007312a" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 27/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542453", "to_ids": false, "type": "text", "uuid": "30f53545-0a1d-468a-bb92-b792b2410147", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Veden\nVT Total Detection:57/73\nFirst Submission:2011-07-03T14:17:03.000000+00:00\nLast Submission:2021-10-22T22:14:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813414", "uuid": "e94bb6e1-5e7d-4747-ba02-8e575c762902", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813414", "to_ids": true, "type": "md5", "uuid": "f18c7f93-3d87-4e95-bfd2-13c75d852a6f", "value": "6c9d7a0f84c1bc18725fa59990c7abd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542475", "to_ids": true, "type": "sha1", "uuid": "627cf4cd-15e8-4bfa-ab39-13da03715515", "value": "5af01254032a1f910511a0fc2ea50b99c5fd6999", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542476", "to_ids": true, "type": "sha256", "uuid": "8f348dd1-1d95-4c10-9c1b-6449ea40da28", "value": "cb5e090a867e76214897efcb55a7d8908a36e874229c508ad97c0ebc437d79d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542475", "to_ids": true, "type": "ssdeep", "uuid": "3d1d7134-4042-4b73-bcf5-49515604e8ee", "value": "768:tojY9PK0amUkTe2uVf8VPZUpRwqK4RPRDUcojyH6ojY9PcEuKOjpf:Ymva9iexVfevirojyHDmD4Ff" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542475", "to_ids": false, "type": "size-in-bytes", "uuid": "3f48f0c1-e4d0-4f3b-844b-02e947337d5a", "value": "49152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542475", "to_ids": true, "type": "vhash", "uuid": "2086120e-5605-413b-9297-6a1f0d6b27b1", "value": "144056555d05555az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542475", "to_ids": true, "type": "filename", "uuid": "7e6d9fa3-9eb9-43d1-b387-9a5b63105bfb", "value": "836DGPz9.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542475", "to_ids": false, "type": "text", "uuid": "525f1109-4909-421f-94c2-a4518ff8e391", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:62/67\nFirst Submission:2018-09-20T00:33:42.000000+00:00\nLast Submission:2018-09-20T00:33:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813436", "uuid": "5ad72ddb-d681-43d3-a846-dcf69c5bda74", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813436", "to_ids": true, "type": "md5", "uuid": "4ff938a5-72b2-4651-bcdd-66e99b9cf409", "value": "40223513419edaea286c431eba5d1449", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542497", "to_ids": true, "type": "sha1", "uuid": "d69de9f6-c4ba-47de-bfeb-5365e758a185", "value": "2e5772fa48b0609e90ee27f37185a350309aed1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542497", "to_ids": true, "type": "sha256", "uuid": "d225cf12-cb25-4ab1-bd67-237119bb6774", "value": "de42dcc2f9094efbd37d65821992865eab1ef9b66e83c76f3fc8c1a800b54350", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542497", "to_ids": true, "type": "ssdeep", "uuid": "52f9f11a-9404-4290-8ced-d0af20ff002d", "value": "768:hoj2b05UKtavXjaF9JCoImb0FJbEOSZCLqosyzLojY9PoU0P:01btaveTAoC+BZTosyz+mgUU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542497", "to_ids": false, "type": "size-in-bytes", "uuid": "b3268d39-2259-427e-8a3c-8b36ef61b6fa", "value": "49152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542497", "to_ids": true, "type": "vhash", "uuid": "a5674ae4-86a0-4714-9966-957964575c06", "value": "144056555d05555xz5jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542497", "to_ids": true, "type": "filename", "uuid": "c4055178-6e12-43e3-a39c-1d56563401e9", "value": "40223513419edaea286c431eba5d1449.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542497", "to_ids": false, "type": "text", "uuid": "de6f0b04-1b60-4f0f-a9e8-fa447bf23c51", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:67/72\nFirst Submission:2018-09-20T00:40:12.000000+00:00\nLast Submission:2018-09-20T00:40:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813457", "uuid": "f1f1b496-599b-4f77-8d88-55449b4ed143", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813457", "to_ids": true, "type": "md5", "uuid": "99c80ed1-1456-4e1c-a315-6803c42db477", "value": "ab4ed49e594e6e31ab31ca4e411525ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542519", "to_ids": true, "type": "sha1", "uuid": "7444a876-d170-4eb5-b86c-92e7c8b3fc55", "value": "ad092b4cab729ed438548fb29ff79cae11797a6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542519", "to_ids": true, "type": "sha256", "uuid": "24f621b9-112e-4f00-82e8-35ab7174f67c", "value": "f910c0b18b5af4359e7354475add9f622aa92f945739a1c3b3bfc3704a037561", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542518", "to_ids": true, "type": "ssdeep", "uuid": "cbbbcc90-4840-46a4-92a5-f8254ca2690d", "value": "768:T8mYzyN7c9SKiGsU8fKKVuJvSDlNyHg95fppe:GGN7c9SKiGN8fz9lNyHm5q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542518", "to_ids": false, "type": "size-in-bytes", "uuid": "0eff45ef-5d93-4cee-827a-361bc255e1b3", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542518", "to_ids": true, "type": "vhash", "uuid": "a15520d5-15fa-406f-9a56-11dbd7d79edb", "value": "034046655d155az4218fz1038z127z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542518", "to_ids": true, "type": "filename", "uuid": "359a4b62-e00b-4b8d-bc09-9c2e6126b2dd", "value": "hobdks.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 14/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542518", "to_ids": false, "type": "text", "uuid": "8813f0a7-e3ce-4eab-ba90-798b12ab0210", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol!pz\nVT Total Detection:69/72\nFirst Submission:2010-06-30T12:21:35.000000+00:00\nLast Submission:2024-09-07T05:22:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813478", "uuid": "4aaf0846-a869-4549-8110-c770fdd19551", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813478", "to_ids": true, "type": "md5", "uuid": "98f910e9-93da-48c0-aebb-04c0eb4b3678", "value": "8707578cc25e4047507ee293dea0d037", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542541", "to_ids": true, "type": "sha1", "uuid": "2b49f252-71ce-4a59-a999-99c09df42f6a", "value": "24fb992d02b3dbd78dd32504e39f8369aea5f664", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542541", "to_ids": true, "type": "sha256", "uuid": "840016e8-e049-4444-b37d-bde7213eaa03", "value": "fce7a763c05711bc0ba110ed23651c0f18aceddae5ada6e8042a2664a35d18ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542540", "to_ids": true, "type": "ssdeep", "uuid": "63402219-515b-4388-b669-3d632f557b16", "value": "768:tojY9PK0amUkTe2uVf8VPZUpRwqK4RPRDUcojyH6ojY9Pmams:Ymva9iexVfevirojyHDmj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542540", "to_ids": false, "type": "size-in-bytes", "uuid": "35f9f927-490c-4998-a6a6-654956e1f909", "value": "49152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542540", "to_ids": true, "type": "vhash", "uuid": "2e82c718-65cb-453d-a556-0ab1c7950d35", "value": "144056555d05555az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542540", "to_ids": true, "type": "filename", "uuid": "c1bbe3b4-cc75-4f60-b773-5633ac81bde8", "value": "8707578cc25e4047507ee293dea0d037.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542540", "to_ids": false, "type": "text", "uuid": "32f89277-d30e-4d5d-9059-4587ff489e46", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:64/68\nFirst Submission:2018-09-20T00:23:52.000000+00:00\nLast Submission:2018-09-20T00:23:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813499", "uuid": "b5c8b2b8-b280-424c-b1a2-e1803eaca48e", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813499", "to_ids": true, "type": "md5", "uuid": "fed374f2-2d5c-4f67-9b24-879066e76eb4", "value": "9e3dcc980bb4c1ce69048b6b5eeea823", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542563", "to_ids": true, "type": "sha1", "uuid": "3091c4c9-4f03-45a8-a365-c6444a002e9c", "value": "dd30e2b9b7015ef10ebdc4de550d11f6aa490e66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542563", "to_ids": true, "type": "sha256", "uuid": "815710e4-33df-46cd-b833-039d6329337b", "value": "e5a170755ab090e944d1d24faef67ae1f80bac847f2a501937c9f03b888615c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542562", "to_ids": true, "type": "ssdeep", "uuid": "b7fb4c54-3b64-48b2-9211-936b7c650de2", "value": "1536:46BS7LL18+o9yHSmMqOxybk4nrhLaTFeOiFcNj1Hwuw7KPB5hM8f:vBon18JyHSYTnrhLCoOiFcF+7K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542562", "to_ids": false, "type": "size-in-bytes", "uuid": "05b0bc2e-3495-436c-891e-dbde96a5ec6d", "value": "94720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542562", "to_ids": true, "type": "vhash", "uuid": "93998c31-77c9-4e06-96b6-21166431669e", "value": "0940566d5d5f7cbz3b1bhz15z3019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542562", "to_ids": true, "type": "filename", "uuid": "84039d41-8b09-42a5-8ffc-f7a40acb38e2", "value": "qBzPTNPg.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542562", "to_ids": false, "type": "text", "uuid": "0af1bac7-7c06-46b6-83c9-78200e1973fe", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.A\nVT Total Detection:65/68\nFirst Submission:2018-09-25T23:18:46.000000+00:00\nLast Submission:2018-09-25T23:18:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813520", "uuid": "c185e309-e34f-44b0-81c6-34f958415cbc", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813520", "to_ids": true, "type": "md5", "uuid": "6bef8e5e-709e-42e2-b10d-a33ec122731a", "value": "bd052811fffe5cc1e908a21a873fd43d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542584", "to_ids": true, "type": "sha1", "uuid": "75301ca8-28ba-4658-a96b-fd59bfdfab08", "value": "4659e7bab6363030ee9495c305102b9ae6a95b91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542584", "to_ids": true, "type": "sha256", "uuid": "fc45d5d4-f6ae-41b0-949d-2596e0adc7e3", "value": "a270058cef51b49905d7ceb3df7b8b5bb7b60ebfb5099d8b177dc19a2064145c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542584", "to_ids": true, "type": "ssdeep", "uuid": "17013703-6259-4918-a119-19a1a9f1c2ea", "value": "768:tojY9POrayNlgKh8/HIYNcn6ui+oHuVploPyzkojY9Po:YmmrayLgKh8/HIYNcn0HUpePyzVmg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542584", "to_ids": false, "type": "size-in-bytes", "uuid": "a4f05440-e8bf-4a7b-ab12-c4654a0ca537", "value": "47488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542584", "to_ids": true, "type": "vhash", "uuid": "50a61ee3-41e2-4e1e-90ff-7e219e20962e", "value": "144{z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542584", "to_ids": true, "type": "filename", "uuid": "afb8e481-a10c-4051-8ba7-98d197d9789c", "value": "bd052811fffe5cc1e908a21a873fd43d.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542584", "to_ids": false, "type": "text", "uuid": "a7f6e2ef-4b7e-4403-8561-bb537341ad75", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol.A\nVT Total Detection:45/74\nFirst Submission:2018-09-25T22:30:53.000000+00:00\nLast Submission:2018-09-25T22:30:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813541", "uuid": "e34aff76-199a-432b-81f1-21e15210ccef", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813541", "to_ids": true, "type": "md5", "uuid": "5ad62556-88bc-411e-a29e-7e1d67a8f308", "value": "d00775c66fa4835f1f427ff873b64cba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542606", "to_ids": true, "type": "sha1", "uuid": "003b66b2-dcb4-4007-b837-2f1f4d53952d", "value": "d11b4ca2ded3016083eddea596d7a9446b3b32f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542606", "to_ids": true, "type": "sha256", "uuid": "99494913-7876-41ff-99c6-b868565e591a", "value": "c9fb110ec68fd7fde1b72c5d92be5f6f03559d11a5d863e2179ebecc8fce2aee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542605", "to_ids": true, "type": "ssdeep", "uuid": "700991c8-0845-499c-8184-ff57d92d6e3e", "value": "1536:ta9iexVfevE+ojyHDmbdQuyVw2iyMAB6PDP8GMiXn:09/jf6E/yHDedQ9w5A8PM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542605", "to_ids": false, "type": "size-in-bytes", "uuid": "22386d85-3827-499e-a33b-4efe4748da43", "value": "65536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542605", "to_ids": true, "type": "vhash", "uuid": "a374fbc4-6909-47a7-b6e5-1cfb0d7a6b77", "value": "064046655d1f7az3b18hz35z3019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542605", "to_ids": true, "type": "filename", "uuid": "75dca16c-878c-43e5-b084-8574cbb4abdd", "value": "allAD23v.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542605", "to_ids": false, "type": "text", "uuid": "1e79cc54-a046-44ea-9c8d-8030f7171253", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.A\nVT Total Detection:61/69\nFirst Submission:2018-09-25T19:14:16.000000+00:00\nLast Submission:2018-09-25T19:14:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813562", "uuid": "424c26a8-58c1-40a5-a50a-62f7200c9678", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813562", "to_ids": true, "type": "md5", "uuid": "783c0ae1-fd57-4889-b7e3-7f073e2055fd", "value": "bdaa11e64d00b25c99c254f0c2f5787f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542627", "to_ids": true, "type": "sha1", "uuid": "f42902ee-6239-4c5e-be06-f72a92245e3a", "value": "e0a15ba2a8b5f7d272090099904c899070b5dec8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542628", "to_ids": true, "type": "sha256", "uuid": "a53d5330-94c7-4b6d-9201-583067b96241", "value": "5cef63d737153624211a6c408ef6b9ae008837f54f0ba44cbaefa57d8fde34f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542627", "to_ids": true, "type": "ssdeep", "uuid": "7c72faed-e21c-4bf1-8716-1672c69eae99", "value": "1536:smWa9iexVfevKgojyHDmydeNRHDXr/t5IBni:sG9/jf6K9yHDjmRHDXr3IBi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542627", "to_ids": false, "type": "size-in-bytes", "uuid": "4697a433-126e-4083-b15c-27025deed1a8", "value": "73728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542627", "to_ids": true, "type": "vhash", "uuid": "43ad9dd9-ff50-46d3-81ed-0d4f3e44f26e", "value": "174056555d05755az2chz2061z1ezb" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542627", "to_ids": false, "type": "text", "uuid": "8a4e377e-96d3-462e-b3c9-35e4d3800d28", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:59/68\nFirst Submission:2018-09-25T14:36:51.000000+00:00\nLast Submission:2018-09-25T14:36:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813585", "uuid": "123f8d65-bde6-461e-923e-d3e3d181bc52", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813585", "to_ids": true, "type": "md5", "uuid": "e6f0a218-9078-43d4-ac07-94c5552ba1d7", "value": "b9a1fa2edb4eeb270b7c7e18e963ba5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542649", "to_ids": true, "type": "sha1", "uuid": "1a7ad9c0-bb63-49f6-8ec5-bc7ab0bfcf3c", "value": "1b9c1044d792ebec1bcd91e0a3075fa39330b00d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542649", "to_ids": true, "type": "sha256", "uuid": "4c9d5724-869c-4fb1-96b7-8906c97e690b", "value": "c8f19e0f7bbb63919df67f93d3c334e9564bf3aea910951d9ba644ae30783439", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542648", "to_ids": true, "type": "ssdeep", "uuid": "a524906d-c25a-4c50-9789-fda0d0af3d7c", "value": "768:XojY9PhEamUkTe2uVf8VPZUpRwqK8RPRDUcojyH6ojY9PkEg:Cm2a9iexVfevarojyHDmvg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542648", "to_ids": false, "type": "size-in-bytes", "uuid": "511e1a18-8fe8-4436-9d2d-9e7c3a2b237f", "value": "49152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542648", "to_ids": true, "type": "vhash", "uuid": "f50c7a97-2500-4d3a-b9b0-1bbf6242f54f", "value": "144056555d05555az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542648", "to_ids": true, "type": "filename", "uuid": "a2579465-4c2f-45b2-a69d-c7ec17852dae", "value": "dCQyvmP7.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542648", "to_ids": false, "type": "text", "uuid": "fe73bc42-aa7d-4d95-b5e3-d673437514d1", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:62/67\nFirst Submission:2018-09-25T14:04:08.000000+00:00\nLast Submission:2018-09-25T14:04:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813607", "uuid": "1bc12863-fcd9-4ff2-94ba-0d119c96a1a5", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813607", "to_ids": true, "type": "md5", "uuid": "4b6ea1e0-19c4-417c-85ff-d8a3fb22d5d6", "value": "f9a00b2264b08435553b6b94098504f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542670", "to_ids": true, "type": "sha1", "uuid": "62e369c3-c102-4ac8-9c37-ef9bb34827f9", "value": "b70c106991a7577f31efeace40fc1dded28389c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542671", "to_ids": true, "type": "sha256", "uuid": "3887a31b-faee-4e93-9e03-173b61a5b05c", "value": "79ede3b7133d9edef0c14a6c8914113f7cfe2e45f76d216efbf1fc731f46e561", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542670", "to_ids": true, "type": "ssdeep", "uuid": "c516ce8c-2b09-473b-a5be-df237504fefa", "value": "768:FAUREYUciRUGCje5XAoQAVMcF1FJ/O8KDbZSmn6yHEHZTlFM:CYUaGZ5XAoQEF1FVYZ/n6yHCTY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542670", "to_ids": false, "type": "size-in-bytes", "uuid": "95702672-9822-4a7a-b339-31db6ad64013", "value": "40448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542670", "to_ids": true, "type": "vhash", "uuid": "7462d775-44ae-4a5f-92ca-8e3e443e15c1", "value": "044046655d1550e8z371efz13za1z301127z" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542670", "to_ids": false, "type": "text", "uuid": "755d1174-434d-49db-8516-354036193158", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.A\nVT Total Detection:63/72\nFirst Submission:2014-04-20T00:49:51.000000+00:00\nLast Submission:2018-09-25T05:00:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813628", "uuid": "d201893a-d554-4b3f-87ff-f08ce674c271", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813628", "to_ids": true, "type": "md5", "uuid": "41e9a361-1518-4417-881c-65e07add7966", "value": "294d7e213525c0bcb70b07667d789d6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542692", "to_ids": true, "type": "sha1", "uuid": "fdbe5bf6-b4e3-45dd-ad72-8e215d1b8480", "value": "7bba0576c9ef1ceb0f5c5a1e58bf7926febffcc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542692", "to_ids": true, "type": "sha256", "uuid": "0ef99469-5835-4940-81f0-7d2114a69ef2", "value": "32946f137deb4d2abb7c71c021984e0d5364b6ee80560e09de133d8c11a5cf72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542691", "to_ids": true, "type": "ssdeep", "uuid": "d2f4d0e7-3f9f-4e77-a236-cea24cda2a04", "value": "768:lojY9PXAum/U12tZAW/BXcTjX/O8KDbZScn6yHEojY9Pot0:wmXiI2tZ7XqYZhn6yH1mgC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542691", "to_ids": false, "type": "size-in-bytes", "uuid": "86aaf5c7-5fed-4bf4-a790-0db350d901a7", "value": "49152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542691", "to_ids": true, "type": "vhash", "uuid": "496b7340-bf5c-4e08-ad22-0155ca560402", "value": "144056555d05555az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542691", "to_ids": true, "type": "filename", "uuid": "a60be12b-f07e-43ca-ac3a-16cc3aa7723e", "value": "P8MIltqL.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542691", "to_ids": false, "type": "text", "uuid": "51d99c55-238d-461e-9f8d-16479e7a69ad", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:62/68\nFirst Submission:2018-09-24T23:56:47.000000+00:00\nLast Submission:2018-09-24T23:56:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813649", "uuid": "d5ab17de-4fe9-4a8b-9e57-319b0d449a84", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813649", "to_ids": true, "type": "md5", "uuid": "0f6c9ea3-cada-41fd-8756-d7c6dd290867", "value": "6a18a43b9c12ba82e7ef413d17bcc36b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542713", "to_ids": true, "type": "sha1", "uuid": "202b2a40-5aaf-452b-a1aa-12352f724aad", "value": "860aef617e63ebafc4d816b8e5fee3717bde38b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542714", "to_ids": true, "type": "sha256", "uuid": "9313992f-adb6-49f2-8fe1-47d6a69460cf", "value": "c299841e17b621db7a386c24f426a0a74912758b19ecfc368fabc8fb4742ab9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542713", "to_ids": true, "type": "ssdeep", "uuid": "0303876d-2ab5-420b-9512-c7f6bbbd0129", "value": "768:QojY9PRamUkTe2uVf8VPZUpRwqKmRPRDUVojyH6ojY9PqZCY+1KIF:pm5a9iexVfevI+ojyHDmiZJQKI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542713", "to_ids": false, "type": "size-in-bytes", "uuid": "76fe9a43-8b79-49c6-b81d-1aa7af695ec7", "value": "56832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542713", "to_ids": true, "type": "vhash", "uuid": "982b8366-15bf-4518-9f06-acc63ec7630e", "value": "154056555d05655az2chz2061z1ezb" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542713", "to_ids": false, "type": "text", "uuid": "44d110d2-e86c-42e6-b15e-a1f048c71554", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:63/68\nFirst Submission:2018-09-24T23:51:29.000000+00:00\nLast Submission:2018-09-24T23:51:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813671", "uuid": "0840237c-84cc-40fc-b0fe-548d20ee757b", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813671", "to_ids": true, "type": "md5", "uuid": "6a876d76-8c0c-46db-b723-acbb6a20b8b8", "value": "7a86f39d1a551bfb648856bc99fb10f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542735", "to_ids": true, "type": "sha1", "uuid": "fb01c4e9-55d9-4f56-9e76-feb2fd9869a1", "value": "579f3515b6fa264a65100482932f24833dad2dd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542735", "to_ids": true, "type": "sha256", "uuid": "505fcd76-0915-4cba-b817-52ec8c66482e", "value": "c1b9d0639d416232995d5eef2515c9d9be0f694e67b1136d7c5d37ca2af2dacd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542735", "to_ids": true, "type": "ssdeep", "uuid": "4e8528d3-6964-47f4-980b-e7134c7e9e72", "value": "1536:W27YDGlbwnzyfwsCVvpoTpjEOyHs27YDGl6HBIFEn1jwMeAx58Y0Aqb+kwujy:4GZwnzyfwsCV+VLyHGG8HBIFQ1jwDAx1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542735", "to_ids": false, "type": "size-in-bytes", "uuid": "77d4c9e2-d3cf-46f3-9a0a-d1afa5d24c77", "value": "88576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542735", "to_ids": true, "type": "vhash", "uuid": "c1e31c28-d467-4816-be6a-eb1fcd1344b3", "value": "184066651d1515651az2fhz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542735", "to_ids": true, "type": "filename", "uuid": "f320aa8a-0dbf-4a60-9b23-f20f9a70fc90", "value": "VirusShare_7a86f39d1a551bfb648856bc99fb10f9" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/02/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542735", "to_ids": false, "type": "text", "uuid": "5124ba0e-a21d-4ca5-a14f-0af9d49a45c9", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol.A\nVT Total Detection:66/70\nFirst Submission:2018-09-24T23:41:34.000000+00:00\nLast Submission:2023-02-10T14:23:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813692", "uuid": "a94e0977-5156-47c8-82a3-ecedbe8f40a1", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813692", "to_ids": true, "type": "md5", "uuid": "692ee0aa-cf43-48ab-8b04-a5de7ae67a91", "value": "88019fceae0b787d09ecdbd454a2b40e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542757", "to_ids": true, "type": "sha1", "uuid": "ca6adc80-6b42-4b2e-87d7-e480fe6a5191", "value": "0531d9368b501c877678be3a1cb9d1de0ed69f0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542758", "to_ids": true, "type": "sha256", "uuid": "5a9851a6-be64-4d46-a9f9-3b81e12bbfa8", "value": "471c075d5e3c9cb009fa6ef1f8ec9c0ecf61251b4dab6eea161abec6935272bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542757", "to_ids": true, "type": "ssdeep", "uuid": "eb336df9-392f-4c46-a7f8-8b5032e3a3a9", "value": "6144:8F0QyHnupVGnGhyX9aW3Rx3+1X0zYDMyeCQJ:8F6ssnG03fNzgFeC+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542757", "to_ids": false, "type": "size-in-bytes", "uuid": "31801db4-bf8c-4469-8993-d146427cec77", "value": "216034" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542757", "to_ids": true, "type": "vhash", "uuid": "e72a972f-088e-4fc5-8d05-de0712d5ed05", "value": "0250566d5d155e6az3b18hz35z3019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542757", "to_ids": true, "type": "filename", "uuid": "1f8c7a96-cd6e-4052-be83-f2481b7c793e", "value": "pLDEbKJ8.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542757", "to_ids": false, "type": "text", "uuid": "bbc505fc-b248-4aaa-a186-f3d712e7a102", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Parite.B\nVT Total Detection:61/69\nFirst Submission:2018-09-24T22:26:33.000000+00:00\nLast Submission:2018-09-24T22:26:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813713", "uuid": "0c480766-a9da-4391-9782-b390bf57f44e", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813713", "to_ids": true, "type": "md5", "uuid": "e13745d5-1c6c-4639-b807-70ce45afaef3", "value": "58458a529d4ff6848be58ba26349749d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542779", "to_ids": true, "type": "sha1", "uuid": "932cb8d4-e7df-4d7a-9696-9d8384625735", "value": "8c9d5ff7cbe3488886d1a0173bf64653b3b52470", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542779", "to_ids": true, "type": "sha256", "uuid": "ae0ba413-2899-4503-ab27-092bda6d86ba", "value": "5e488198c47befc49a08fec6f19c3c7d8e0e955589465d4e83ba87b46b3d80df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542779", "to_ids": true, "type": "ssdeep", "uuid": "77746406-c212-48d2-93cb-c7c12e5777f5", "value": "1536:X6BS7LL1Kdo9yHSmefBvYMrQNGS24+puLC1V:KBon1KWyHSnJvY/324+Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542779", "to_ids": false, "type": "size-in-bytes", "uuid": "2095c990-e667-4557-b060-7a50deefd0d9", "value": "66560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542779", "to_ids": true, "type": "vhash", "uuid": "18cce62e-13c0-488c-99e7-27f65ab9a4f6", "value": "064046655d5f7az3b1bhz15z3019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542779", "to_ids": true, "type": "filename", "uuid": "296d9ef1-e5c6-4412-8e32-22ca226a9f1d", "value": "HXiJVsAv.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542779", "to_ids": false, "type": "text", "uuid": "0c279fad-d6f7-418d-aad6-ca44f2f02c89", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.A\nVT Total Detection:63/69\nFirst Submission:2018-09-24T18:08:06.000000+00:00\nLast Submission:2018-09-24T18:08:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813734", "uuid": "d9ee4ba2-ed0f-4704-8af5-728ceeb80d32", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813734", "to_ids": true, "type": "md5", "uuid": "42142b1a-dde1-46fc-aaa2-712a1629550b", "value": "03093a21dd46c916c846d2244dbf2bcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542801", "to_ids": true, "type": "sha1", "uuid": "f8208031-87b3-4a50-89a0-ccdc1df26491", "value": "29312cab2c1559d95f2b049ed3b7f0134b2ecd06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542801", "to_ids": true, "type": "sha256", "uuid": "0c21b006-9f22-4c1f-9136-a8adccd575e9", "value": "22b0f774379c0e28211ffb53722d8cd5727da8e02aada3507be81d888864770f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542800", "to_ids": true, "type": "ssdeep", "uuid": "c408b877-be45-4504-aa9f-19575d02a97a", "value": "6144:CAF0QyHnupVGnGhyX9aW3Rx3+1X0zYDMyeCQ:CAF6ssnG03fNzgFeC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542800", "to_ids": false, "type": "size-in-bytes", "uuid": "ed48cb34-b00c-4fc4-ba17-0f3bfd49d980", "value": "223744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542800", "to_ids": true, "type": "vhash", "uuid": "0419411e-45a9-4106-b7ec-8ca732d2591d", "value": "125056555d05755az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542801", "to_ids": true, "type": "filename", "uuid": "19be64af-5316-4df6-9632-ab6a65c511b0", "value": "VirusShare_03093a21dd46c916c846d2244dbf2bcb" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 25/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542801", "to_ids": false, "type": "text", "uuid": "585d203f-7067-4f29-9af0-15a971a9649a", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:59/67\nFirst Submission:2018-09-24T15:19:07.000000+00:00\nLast Submission:2021-11-25T15:18:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813755", "uuid": "b1c66ad1-2815-4672-9a15-1417bf0db78c", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813755", "to_ids": true, "type": "md5", "uuid": "4c4dbea9-ac78-45f2-a604-347aa33b0e87", "value": "d1e675aff0d308fece6194a7b629a6bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542823", "to_ids": true, "type": "sha1", "uuid": "e7367351-b387-46d0-9f63-acb3a8094789", "value": "2e3397ec5c31b7822948ed693eecd4bd9cb1f6ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542823", "to_ids": true, "type": "sha256", "uuid": "56336a79-3512-4b2e-90a8-65830f0c015d", "value": "b88cd263828b9856c1cee7eeecdd6da22eb9c892cbbd38c5bdab284f2a007582", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542822", "to_ids": true, "type": "ssdeep", "uuid": "33e35a3e-6221-417c-bc58-8e326649fa34", "value": "768:N68uUCS77GhGLhLp9s1R6o9yHHojY9PH6cSbUqXpyMIk:N6BS7LL1Hdo9yHSm/6xwqZq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542822", "to_ids": false, "type": "size-in-bytes", "uuid": "1db39ca1-157c-430f-b03f-238c700fae23", "value": "50176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542822", "to_ids": true, "type": "vhash", "uuid": "70522b04-2ed1-45b5-817e-2286256dbec2", "value": "05404f655d5f7az3b1bhz15z3019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542822", "to_ids": true, "type": "filename", "uuid": "8fa2c6e0-3bd4-4005-a7b9-17df0bec9180", "value": "E69SzXJM.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542822", "to_ids": false, "type": "text", "uuid": "5da9a669-f1ec-48b7-adbc-0645882e27e0", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Virut.K\nVT Total Detection:62/68\nFirst Submission:2018-09-24T08:19:43.000000+00:00\nLast Submission:2018-09-24T08:19:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813777", "uuid": "3cb0ee56-bdbc-40e9-bbd5-139d2cfccb8c", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813777", "to_ids": true, "type": "md5", "uuid": "fd43e59f-3d88-4732-bb31-a2bfdaca7d6b", "value": "ac9157fb554804636893154bf9b6c8e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542844", "to_ids": true, "type": "sha1", "uuid": "791c0eb8-e4e6-4433-a99c-4d6fc354a6fd", "value": "035bb28c8e41155c111418b3b5c8a072a5cdee99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542844", "to_ids": true, "type": "sha256", "uuid": "b969e2e1-1f81-468b-acfd-3e0f822cb593", "value": "8023c060d49479466b6595c72f07d89a6e598b8bde6805cdffcc52d1169d0304", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542844", "to_ids": true, "type": "ssdeep", "uuid": "90ef9c26-cb8a-4c2f-87c0-c1c09eb948e4", "value": "6144:yqiul4yzrsC/AOixpApL7xSRWO6QgIa1hFUitPGXpEn3t/8Kn:yqiqsKbiD8nsvC1nU0xln" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542844", "to_ids": false, "type": "size-in-bytes", "uuid": "e457b0b5-0cea-4baf-94a6-5618dab3cc38", "value": "267776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542844", "to_ids": true, "type": "vhash", "uuid": "92f8fa49-1fbd-4b24-b715-194070fa339f", "value": "0250ae555d1f7e7e7e7e7az2e19=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542844", "to_ids": true, "type": "filename", "uuid": "e3af2bd3-f805-4d43-ab61-673963dc6955", "value": "server.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542844", "to_ids": false, "type": "text", "uuid": "5013e86a-391a-4681-befb-2f6ba11e6398", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.A\nVT Total Detection:57/69\nFirst Submission:2016-03-06T07:25:48.000000+00:00\nLast Submission:2018-09-25T04:17:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813798", "uuid": "1d81b7dc-1b56-4006-8313-cc56118e2cd3", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813798", "to_ids": true, "type": "md5", "uuid": "9b969dbc-4441-48ac-92c7-f4fe0e291499", "value": "4ce12bbc292b9dd3a641b7e0483e8193", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542867", "to_ids": true, "type": "sha1", "uuid": "56be2ceb-9f09-419c-b843-2c248b23e33b", "value": "1ff73c62228ec7e9793cb5f89cf9408f54650995", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542867", "to_ids": true, "type": "sha256", "uuid": "482c7448-8c81-4780-884c-818c7518553f", "value": "e7def95e889704343557431aa30914faafeb5318bb2f0f6e7a00c6b319a5edd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542865", "to_ids": true, "type": "ssdeep", "uuid": "72a85915-0ebb-4977-b852-4c931eaf7c21", "value": "24576:rxq1utQNlblu2s5AbNfDIvGWYiRNmAXPUde1ZVoIAOWXa:au+lRu2sEIvtNNfUV+WXa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542865", "to_ids": false, "type": "size-in-bytes", "uuid": "28926979-c380-4db6-afb3-11533979be9a", "value": "1018784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542865", "to_ids": true, "type": "vhash", "uuid": "19af9cb4-af48-41dd-aa82-37a96c8a23b2", "value": "0160866616655d1555155\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542865", "to_ids": true, "type": "filename", "uuid": "e3acba1b-26c1-4f86-8037-94679a436f56", "value": "SecConfig.efi" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/02/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542865", "to_ids": false, "type": "text", "uuid": "eccd8054-8dbb-480b-82b5-675eca53c975", "value": "NewCoreRat\r\nType Description: Win32 EXE\nFile distributed by: ['Microsoft']\nData sources: ['Microsoft Corporation']\nVerdict filename: ['secconfig.efi']\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2018-09-24T04:42:50.000000+00:00\nLast Submission:2018-09-24T04:42:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813819", "uuid": "363c398a-5d82-44d3-aa4b-4ac068cbb0f4", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813819", "to_ids": true, "type": "md5", "uuid": "86c00212-b10a-47b0-8f87-9d183584eb7e", "value": "bc25bbf8a5bb344da9aef282fdab57cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542889", "to_ids": true, "type": "sha1", "uuid": "afc74f27-dbe7-4102-b370-b8bc2e360eca", "value": "5d46b757037b93eeb192d1c79a70ff9e54bb6b05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542889", "to_ids": true, "type": "sha256", "uuid": "3f2b2767-6710-4030-9f6f-7448bea18ba4", "value": "c9b96665e6962ccb47fb9963c3db6b0d9aebaedf717c42ac6ba321d7981dd69e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542888", "to_ids": true, "type": "ssdeep", "uuid": "0f9f27ee-65bb-447a-b044-8ded0472124e", "value": "6144:nkdwayzVcnHzJ4yYUT1NEjXWd75djPb2fazwhFwSbkl4RHeB7kX:nkduSzW+1NyW95JPMgSYiRiYX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542888", "to_ids": false, "type": "size-in-bytes", "uuid": "bdc415d0-98ae-47de-b556-16b5eaf6f57d", "value": "409600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542888", "to_ids": true, "type": "vhash", "uuid": "b0749908-d3a9-4ed5-886b-6714353f81f9", "value": "0450b6655d1f7e7e7e7e7az2f19=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542888", "to_ids": true, "type": "filename", "uuid": "3afe3f49-56bc-485c-b076-a3025a9d2427", "value": "server.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542888", "to_ids": false, "type": "text", "uuid": "1b5013a3-274d-4888-9878-a648f107ec99", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.B\nVT Total Detection:61/68\nFirst Submission:2018-09-23T17:45:43.000000+00:00\nLast Submission:2018-09-28T08:59:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813840", "uuid": "c7fb54ed-7781-4a15-a35b-e12894b4fd3e", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813840", "to_ids": true, "type": "md5", "uuid": "63d02a0f-55e1-4d56-a358-1a6c8b35e115", "value": "f443b38ba80c228bf0d7defc9d8c18c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542910", "to_ids": true, "type": "sha1", "uuid": "9e339e3d-6c06-416d-9168-2ff31e3b9d63", "value": "1a4fc2533c4e3e6f807ccb446bf9c797b8ab345c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542910", "to_ids": true, "type": "sha256", "uuid": "264c54a2-8dfd-4310-956a-b129059aef35", "value": "78ce3dcbe9b828b9be0c1a74757eb8f32052db171cde2f2e2fe897a8096f1140", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542910", "to_ids": true, "type": "ssdeep", "uuid": "57804e59-8177-4422-aadc-c3a04c576335", "value": "6144:lkdwayzVcnHzJ4yYUT1NEjXWd75djPb2fazwhFwSbkl4RHeB:lkduSzW+1NyW95JPMgSYiRi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542910", "to_ids": false, "type": "size-in-bytes", "uuid": "0952b4c6-1725-4823-bd4f-b07b316baafe", "value": "378368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542910", "to_ids": true, "type": "vhash", "uuid": "529a3c6c-9af9-4ccf-aa82-0ea5e7592fcb", "value": "0350a6655d1f7e7e7e7e7az2f19=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542910", "to_ids": true, "type": "filename", "uuid": "945a0491-ed7d-4aa8-8d65-7ea90b7363b4", "value": "server.EXE" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542910", "to_ids": false, "type": "text", "uuid": "35f4b827-9850-4351-8462-a64dce6c0ce4", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.B\nVT Total Detection:61/68\nFirst Submission:2018-09-23T12:44:08.000000+00:00\nLast Submission:2018-09-28T07:48:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813861", "uuid": "d86add67-6abc-4b29-af83-4986ca6e9891", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813861", "to_ids": true, "type": "md5", "uuid": "72214785-812f-4cef-a4aa-6cbcae6065b3", "value": "d999a22ff6b541817221bd74e1d55f9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542932", "to_ids": true, "type": "sha1", "uuid": "b173b014-dda4-4f7d-929c-6e8430480fab", "value": "574eeab91dff9dad795031fe0ffe83e815b7b9e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542932", "to_ids": true, "type": "sha256", "uuid": "168941cb-5a30-4202-93ba-f37eebb01193", "value": "8485d9ecfa94f3cd316057c97e13629973b7e110bdee288087f98338b67d8b48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542931", "to_ids": true, "type": "ssdeep", "uuid": "10cc119a-99c5-4a5f-bd67-38370ab6bd85", "value": "6144:GukdwayzVcnHzJ4yYUT1NEjXWd75djPb2fazwhFwSbkl4RHeB7kX:GukduSzW+1NyW95JPMgSYiRiYX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542931", "to_ids": false, "type": "size-in-bytes", "uuid": "b70a7562-d17a-470a-8259-9e9e3b1a0f41", "value": "417280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542931", "to_ids": true, "type": "vhash", "uuid": "a95f0982-bc69-43f2-a19c-a865ad6c4260", "value": "145056555d05755az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542931", "to_ids": true, "type": "filename", "uuid": "19853985-9a5a-4193-8dfb-e1210e9ecc29", "value": "SGEcri7y.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542931", "to_ids": false, "type": "text", "uuid": "d84bbbe6-0c0d-433e-bde5-1196287bda35", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:61/68\nFirst Submission:2018-09-23T12:51:01.000000+00:00\nLast Submission:2018-09-28T08:55:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813882", "uuid": "d42bd3ec-8d72-4983-ae3c-887b52839dce", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813882", "to_ids": true, "type": "md5", "uuid": "e757dc06-d029-4f9a-b8d5-4a6a901a3063", "value": "18d5de92036241d0d49b186840bdcc30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542953", "to_ids": true, "type": "sha1", "uuid": "078c2d26-3a9b-44c5-8940-82bb71851b1b", "value": "76390685ff0a18d9162a443b70482d601ab6fc5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542954", "to_ids": true, "type": "sha256", "uuid": "423643d3-ab78-49b4-9b98-3672f9f9a29d", "value": "dacb62e6a86a4ecd4f8f5e1685de018258b36372bad5d58bc9745725e2d04f8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542953", "to_ids": true, "type": "ssdeep", "uuid": "f49faf19-a3c7-42d9-abe4-f5370bfb939f", "value": "1536:omOJdMmJyDl+W4ZloWyHjmg0VFcZvyy2DlLa0J3Jp/z2O:ovJuIyDiZFyHj91g1DJa83Pz2O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542953", "to_ids": false, "type": "size-in-bytes", "uuid": "b5052190-f50e-4b15-a6a2-5fa8add94d9b", "value": "74752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542953", "to_ids": true, "type": "vhash", "uuid": "96bd0191-2cba-432c-8dc4-dd102b694c97", "value": "174056555d05755az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542953", "to_ids": true, "type": "filename", "uuid": "f8f42135-71e4-4323-9fd9-10fb23bb53fc", "value": "18d5de92036241d0d49b186840bdcc30.virobj" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542953", "to_ids": false, "type": "text", "uuid": "baebeff0-02b1-4ba8-8d91-111eb92ed222", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:64/68\nFirst Submission:2018-09-23T12:13:36.000000+00:00\nLast Submission:2018-10-17T09:14:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813903", "uuid": "5a6a3d27-afcf-49ff-a679-44841a0d20ac", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813903", "to_ids": true, "type": "md5", "uuid": "b48f32c2-d06a-4b9e-a315-5a035026a15d", "value": "1f9e6cfef0216755d6a9cec2fab0f5dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542975", "to_ids": true, "type": "sha1", "uuid": "c339d0b8-253a-42d1-82e0-7e536e36b7cc", "value": "ed474d57db5cfda8d322a3e69dc875bc31b598e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542975", "to_ids": true, "type": "sha256", "uuid": "3d4be51e-d99f-4e0a-8fef-5b98b502c79a", "value": "195ffc2123b3e601f36698584c032c6e429d4d20ea9bcc66ee7f8e4918c9106e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542974", "to_ids": true, "type": "ssdeep", "uuid": "9092318e-5abe-4452-846a-b4b24083af07", "value": "768:zojY9P368uUCS77GhGLhLpms1R6o9yHHojY9PFK8:GmP6BS7LL18do9yHSm9K8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542974", "to_ids": false, "type": "size-in-bytes", "uuid": "902dd044-6bf6-498c-8e60-f182c584f6b9", "value": "49152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542974", "to_ids": true, "type": "vhash", "uuid": "58cc3556-cc81-4e40-ac9b-ac0112cae850", "value": "144056555d05655az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542974", "to_ids": true, "type": "filename", "uuid": "880028ab-c557-404c-a595-fcae77b71a62", "value": "YjiJ6C9Z.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542974", "to_ids": false, "type": "text", "uuid": "814d6583-2072-4b87-a42b-c50cb988c54d", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:61/66\nFirst Submission:2018-09-23T06:38:52.000000+00:00\nLast Submission:2018-09-23T06:38:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813925", "uuid": "eb9c699b-c6b7-4082-ac63-ad2ea6616813", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813925", "to_ids": true, "type": "md5", "uuid": "b39f8b1b-a787-4e2f-9f69-16b2194f45b2", "value": "083fd97c06babdb441f34cbb489d5a50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746542996", "to_ids": true, "type": "sha1", "uuid": "b79e0bec-4305-4536-8597-e84ff2f1af1d", "value": "66956bb440c8ea1a849e6a807153465ce88bd0ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746542997", "to_ids": true, "type": "sha256", "uuid": "69cdeac7-3588-42af-a703-23a88c752c46", "value": "1185b1b983908f39d6885329e83f6349683716f9d056f56a22a86d8014cf0aac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746542996", "to_ids": true, "type": "ssdeep", "uuid": "6709b365-baaf-4906-a153-48e0cf7a56e5", "value": "1536:Bmu6BS7LL1fdo9yHSmy5xjVwekdowpWMs5K:BuBon1fWyHSFVV/kdgJ5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746542996", "to_ids": false, "type": "size-in-bytes", "uuid": "740e724d-441c-4f20-b721-baf046813ff4", "value": "122880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746542996", "to_ids": true, "type": "vhash", "uuid": "221818a5-148c-4c66-9046-c2b4de99889d", "value": "115056555d05555az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746542996", "to_ids": true, "type": "filename", "uuid": "6f3ffe9e-d57d-4836-8449-5250787e55e2", "value": "083fd97c06babdb441f34cbb489d5a50.virobj" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746542996", "to_ids": false, "type": "text", "uuid": "ce88447c-0cb3-4078-90dd-f724e2cbbec3", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:58/68\nFirst Submission:2018-09-23T05:20:20.000000+00:00\nLast Submission:2018-10-14T23:28:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813946", "uuid": "75bd497f-5c8d-4e01-89af-4d389b2d0c4c", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813946", "to_ids": true, "type": "md5", "uuid": "435d9142-cdc8-4af2-924b-b6ca931b326b", "value": "239edaf861ddeb43113d913d081c48a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543018", "to_ids": true, "type": "sha1", "uuid": "e563a4ca-5605-4485-add4-a744cd4b368c", "value": "cb99d1f280ca41c840b48bbe3ac424dddee19740", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543018", "to_ids": true, "type": "sha256", "uuid": "d1be04ee-a780-4a7a-a728-3a715be82a53", "value": "471a980082a9fd1dfc66d068a4658df3b8e9552edac55e14622bd59e3093fd8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543018", "to_ids": true, "type": "ssdeep", "uuid": "1db86e46-8d6a-45d3-8df5-407b2e501260", "value": "1536:jLq7WuHEqUjxlayH2mp4ijd9zZnyBy3f:feHEJuyH2k4sdrysP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543018", "to_ids": false, "type": "size-in-bytes", "uuid": "8adf09ba-dee3-4d97-b4e0-57aebb91defb", "value": "63488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543018", "to_ids": true, "type": "vhash", "uuid": "3dbf03f9-a055-4bb7-8220-868cd7134936", "value": "06405e655d5f7cbz4118fz1038z127z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543018", "to_ids": true, "type": "filename", "uuid": "17ad7a63-fad1-44bf-a057-48fc76355a73", "value": "ZxEBKtaS.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 10/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543018", "to_ids": false, "type": "text", "uuid": "25081d3a-6815-450d-ae3a-956a90142cb3", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Virut.EPO\nVT Total Detection:61/69\nFirst Submission:2018-09-23T03:47:26.000000+00:00\nLast Submission:2018-09-23T03:47:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813967", "uuid": "0daada35-5e94-4cf8-81fb-f1de1b07f67f", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813967", "to_ids": true, "type": "md5", "uuid": "050e610d-2652-4ef1-b92c-f6ef0cb8ec40", "value": "d78ac51f69c511199bbe79a683037672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543040", "to_ids": true, "type": "sha1", "uuid": "ed66e653-1ead-4754-8d3e-a79103cc234a", "value": "a660a60241688811fb37e1ecfe6d5c4276d3d5a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543040", "to_ids": true, "type": "sha256", "uuid": "f6c71f99-b694-4ae7-870b-4188696301e3", "value": "d28ce94db53318bf951adf3a60af74ca6924291274f5474ae7bd77cbbeef581a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543039", "to_ids": true, "type": "ssdeep", "uuid": "8e9d3026-1875-4893-9017-7decf2efbc55", "value": "6144:TCteVTB9m7/VnzYi7SWnb/DHnkbHrOyz9RLpfErFg3qvg3qv8hTbn368oHzfLXDP:ZVTrEVzuZlhTK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543039", "to_ids": false, "type": "size-in-bytes", "uuid": "af77eb33-2657-4e30-8435-ff6e0b276392", "value": "271560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543039", "to_ids": true, "type": "vhash", "uuid": "b17af3b0-0d47-478e-a924-3e1e3c133dda", "value": "0250465d0505|z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543039", "to_ids": true, "type": "filename", "uuid": "8133dd50-2bbe-42ba-a189-1399def8671a", "value": "_zerol_wsasme.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543039", "to_ids": false, "type": "text", "uuid": "7a91cdce-6156-4d21-8e6e-ca2e358f55c0", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:16/73\nFirst Submission:2018-09-23T03:27:48.000000+00:00\nLast Submission:2018-09-23T03:27:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746813988", "uuid": "509996d9-df38-4099-aeab-272cc45259d1", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746813988", "to_ids": true, "type": "md5", "uuid": "c1b105e3-205b-487b-8d25-92f01ebb9f9d", "value": "232a788c66bbf24c556ad30997d61ff8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543061", "to_ids": true, "type": "sha1", "uuid": "c6dfeed7-b7e4-4fc7-b3d1-d2bd28bb6f47", "value": "03cdc1a25b8a58062a2781cc1f89289a104062f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543062", "to_ids": true, "type": "sha256", "uuid": "7c79f053-17e0-4a7c-95cc-587a4d39d61e", "value": "2b73a808c9a9b12f807c2282e30858acdcb6251e040c97c37037e78af1e99b3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543061", "to_ids": true, "type": "ssdeep", "uuid": "27ba4262-c90a-4e80-940d-db8e7458eb1d", "value": "768:zojY9Pk68uUCS77GhGLhLpms1RAo9yHHojY9PV4olq7xgHV5UKAZCXeIcZ9iVv0A:Gms6BS7LL18ro9yHSmrq2D6seIcZQvD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543061", "to_ids": false, "type": "size-in-bytes", "uuid": "13d8a470-0eaa-40e5-9430-3881f6e48cfd", "value": "65536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543061", "to_ids": true, "type": "vhash", "uuid": "add34ee2-a97c-4d34-b212-35fd841e1ca8", "value": "164056555d05655az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543061", "to_ids": true, "type": "filename", "uuid": "bab02d29-10f5-445a-bf0b-4b766626c47d", "value": "cOhM6bR8.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543061", "to_ids": false, "type": "text", "uuid": "c6c1288d-0d60-4e45-8ec0-ce06153306f3", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:61/67\nFirst Submission:2018-09-22T20:53:04.000000+00:00\nLast Submission:2018-09-22T20:53:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814009", "uuid": "3fd6f08a-ca10-4679-b05a-9daacbe7424f", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814009", "to_ids": true, "type": "md5", "uuid": "c4257e89-f2e5-4e93-b36a-9671cf867b4b", "value": "d2961d64ecb9d22ef8b6d7280d818a29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543083", "to_ids": true, "type": "sha1", "uuid": "f9150be5-1bda-48e5-bb2e-a038d8d4a1f2", "value": "d65fa544ca170ff6d3da1a7f2063aa931b6316b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543083", "to_ids": true, "type": "sha256", "uuid": "198fa5cf-1238-4f79-b2a8-639a381418fc", "value": "bceaf0be831e0a633ec204c70800a6827e0a9871167e812a6331b09c70c81a12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543083", "to_ids": true, "type": "ssdeep", "uuid": "c752d437-b9a6-4b76-9094-102022ac8b26", "value": "6144:6cI4gRyHjenxYuTIM/vAgAha6mP80DBWJacniOvJskcrexbIoc:6cIyenxX8QogAhaU0DudmxrpB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543083", "to_ids": false, "type": "size-in-bytes", "uuid": "af5e3758-e5e1-47b4-887e-7553c9f6fcd8", "value": "295424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543083", "to_ids": true, "type": "vhash", "uuid": "fba3c2a1-cdfc-4e2e-963d-4d1d57117107", "value": "125056555d05755az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543083", "to_ids": true, "type": "filename", "uuid": "42f3224f-25b9-45bf-a43e-c2c2bc638bed", "value": "lpk.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543083", "to_ids": false, "type": "text", "uuid": "8dcaa0dc-8f56-4b30-816a-610f0eee4945", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:60/68\nFirst Submission:2018-09-20T18:24:17.000000+00:00\nLast Submission:2018-09-22T13:57:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814031", "uuid": "a2812290-c6bd-4410-b138-1a7206c116b6", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814031", "to_ids": true, "type": "md5", "uuid": "685ed65e-7799-495d-a949-feb33a0bc885", "value": "a87bd421844b838d487c1d94f7d06bc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543105", "to_ids": true, "type": "sha1", "uuid": "34cd70a2-74b1-4691-82a3-ad9a924e8b56", "value": "509c0622ccd37331d4beb5992c40da5eedaf77da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543105", "to_ids": true, "type": "sha256", "uuid": "bb9c9dd2-9d09-470e-972a-d9bec52b44e7", "value": "db4085acc3de63994186425d11c354879527ddd448a9f2cf5f830855d2c8257b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543104", "to_ids": true, "type": "ssdeep", "uuid": "5f6bc257-1fd2-468c-a5ef-81a2260a9860", "value": "768:lojY9PXAum/U12tZAW/BXcdjxre3/nM8KDbZScn6yHEojY9Po:wmXiI2tZ7XAA+Zhn6yH1mg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543104", "to_ids": false, "type": "size-in-bytes", "uuid": "055f8556-4b6c-4b2f-9243-668cf28dd0eb", "value": "48128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543104", "to_ids": true, "type": "vhash", "uuid": "cd9d8c8a-ba8d-4558-a7d9-4f2ff629498d", "value": "144056555d05655az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543104", "to_ids": true, "type": "filename", "uuid": "a4543644-4b50-473a-8680-330e9dbe5503", "value": "NnyFBj1j.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543104", "to_ids": false, "type": "text", "uuid": "b12e291b-c426-4602-9fd2-673ac9e67adb", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:62/68\nFirst Submission:2018-09-22T12:49:30.000000+00:00\nLast Submission:2018-09-22T12:49:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814052", "uuid": "643a86db-20ec-4bb4-a513-a07c0c78ef47", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814052", "to_ids": true, "type": "md5", "uuid": "3503dd2c-e5d5-4d90-b8e5-1855f227362a", "value": "2645eac10876fbe03976af2f69273f0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543126", "to_ids": true, "type": "sha1", "uuid": "052e0c55-9da0-43ca-ad95-677f7c5a2103", "value": "ce5b9c1dea4361598e473b8f6631ab58ddf7825a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543127", "to_ids": true, "type": "sha256", "uuid": "b2775189-2cf2-4e74-b62d-5e0ad81eb04d", "value": "df46fe83dab8fc1c4cfcff9b75d3ebf3b7390db6ebff09b74cb3c485300e8a78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543126", "to_ids": true, "type": "ssdeep", "uuid": "8d692299-6180-4f9b-81d1-3a7b3335a8d1", "value": "1536:36BS7LL15do9yHSm4KDsP6J8yXrB5eklHcB:qBon15WyHShpy7qkpcB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543126", "to_ids": false, "type": "size-in-bytes", "uuid": "2184b90f-1816-4e47-a6eb-7ecfb7f4bfae", "value": "66560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543126", "to_ids": true, "type": "vhash", "uuid": "8685f00f-deee-41ca-aec0-be7ed3ab5944", "value": "06404e655d5f7az3b1bhz15z3019z" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543126", "to_ids": false, "type": "text", "uuid": "882314cb-40eb-400e-b355-71efdb3fad0f", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Virut.EPO\nVT Total Detection:61/69\nFirst Submission:2018-09-22T11:12:31.000000+00:00\nLast Submission:2018-09-22T11:12:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814075", "uuid": "2661cea0-ee5f-4398-a099-7b0fffc0758d", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814075", "to_ids": true, "type": "md5", "uuid": "d670ee1f-39a8-4f2f-b523-72e130dbeef6", "value": "a67c747837b14de1dbf6534aaf940731", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543148", "to_ids": true, "type": "sha1", "uuid": "7fb4fb15-8b1c-40d5-b3d5-984fd0635211", "value": "9b5087173e46ac23c0f96ec5a99148dd9e7a928c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543148", "to_ids": true, "type": "sha256", "uuid": "96a06ee1-5e8a-46b4-aee1-783f51f3053b", "value": "79b57b487ea7e5dc6276a9028584a7fcc015a547c1ec221f10314ecec8a384fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543147", "to_ids": true, "type": "ssdeep", "uuid": "1f987ce9-cb1e-47cd-b85d-055b9d2bf58b", "value": "768:JJdMmJyj0Ml+oi/XSpSZbVfD0KoWyH+ojY9Po5:JJdMmJyDl+tVZpoWyH/mg5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543147", "to_ids": false, "type": "size-in-bytes", "uuid": "370b2c97-5ba0-4e54-bc59-87d9f1f05754", "value": "39424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543147", "to_ids": true, "type": "filename", "uuid": "03c8a7eb-38f8-4705-90de-cd1163191411", "value": "GVL9Nz45.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543147", "to_ids": false, "type": "text", "uuid": "66f50146-c086-41db-bf21-6ac079b1023d", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol!rfn\nVT Total Detection:60/69\nFirst Submission:2018-09-22T11:08:55.000000+00:00\nLast Submission:2018-09-22T11:08:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814096", "uuid": "4ac074c1-fa76-4df8-8b45-7c8ade7705fa", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814096", "to_ids": true, "type": "md5", "uuid": "8938791d-3ed5-4906-9cd1-20d983e24147", "value": "f04afc1c31dacc002933a1f929d7b303", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543170", "to_ids": true, "type": "sha1", "uuid": "6ac66f73-5aa0-4a69-bd15-f66f68c729b9", "value": "a4b82f543d50b8c4dd68b14ff96202c2aef97262", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543171", "to_ids": true, "type": "sha256", "uuid": "b2c7058c-3e86-4ade-8931-8242e3c3af2f", "value": "1cb80eed2cd06aa0a419f808e05efc29e5c63c3c6134b2f4d8b36fd2aeb49887", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543169", "to_ids": true, "type": "ssdeep", "uuid": "b4a6eb72-09dd-48bb-bdfb-119a8f433c5c", "value": "12288:KrgWKCIt66neQ5IA9jMNJKUk9t1u0oJgB39+Pk+Y4mb:K1KCMANJFcK0oW39+Pu4m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543169", "to_ids": false, "type": "size-in-bytes", "uuid": "300b9981-550a-49bf-b361-ceb5658c0e9e", "value": "529408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543169", "to_ids": true, "type": "vhash", "uuid": "5c6a86f1-a4ff-4333-a032-0c16ab560629", "value": "055076655d551d151565ze2z847za08033z30b1z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543169", "to_ids": true, "type": "filename", "uuid": "b6f1806f-ea90-4b95-aa44-9fb0af2dc186", "value": "QcConsol.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543169", "to_ids": false, "type": "text", "uuid": "5d1fa3ac-3103-4304-ac7d-873f8fba829f", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:4/68\nFirst Submission:2018-09-22T09:42:45.000000+00:00\nLast Submission:2018-09-22T09:42:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814117", "uuid": "a268a784-6586-4b7a-a183-c36854a1f27c", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814117", "to_ids": true, "type": "md5", "uuid": "cb3e685b-aa45-45e9-8e97-290a674b5730", "value": "5408ef844e2aeba3092d379420797078", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543192", "to_ids": true, "type": "sha1", "uuid": "a812fd47-50a2-48b6-9c4d-a87ce59619c2", "value": "324130a5cea2acac3f27483721f3b361dc880dd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543192", "to_ids": true, "type": "sha256", "uuid": "deba4640-77b4-4c43-86c2-dc336d01107f", "value": "14daa0e0db8759568e5d49986d12ae8a1289efd308bdd41634448be543dd7c76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543191", "to_ids": true, "type": "ssdeep", "uuid": "47df2ad3-3ded-48fd-b87f-032fd06ed892", "value": "768:XojY9P4bjtxwjjK7GYOpuiNCp2+UGj0W3eE1Y2aElzODioyziojY9Po+:CmytxwjjK7lp27GjV3P1YIl3oyzrmg+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543191", "to_ids": false, "type": "size-in-bytes", "uuid": "08242415-9beb-4f21-b8b0-14b3a7adbf0b", "value": "47616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543191", "to_ids": true, "type": "vhash", "uuid": "e067680e-a618-45ad-9050-1d7b04bc4325", "value": "144056555d05557az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543191", "to_ids": true, "type": "filename", "uuid": "9ffd6d8a-6855-49c1-b6b0-14e9c6e271de", "value": "xZAwDIxO.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543191", "to_ids": false, "type": "text", "uuid": "af216b83-d47c-4346-b129-3c6266028b23", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:65/70\nFirst Submission:2018-09-22T01:25:36.000000+00:00\nLast Submission:2018-09-29T10:06:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814138", "uuid": "783bd657-b139-43f0-b753-a0126d2d0825", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814138", "to_ids": true, "type": "md5", "uuid": "91d34a83-e5c8-44c4-bace-d7604cc40589", "value": "01a8633082a9024c865b145969b3bfe3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543214", "to_ids": true, "type": "sha1", "uuid": "58df13d1-3c1a-4720-8c0c-72b90a043a79", "value": "ea9fcf1bb831973723c78cce496f48ec8947b3fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543214", "to_ids": true, "type": "sha256", "uuid": "5312703d-d1b0-4002-97df-66dbf851ac3a", "value": "6b7dbf0a03b0e41a327bd7de2e26645a220465d7be68e8c3c70b8a1da534adcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543213", "to_ids": true, "type": "ssdeep", "uuid": "b95b064c-713c-4f41-b702-8ce12369058d", "value": "1536:omfa9iexVfevirojyHDmiGe0Bhn6WtXT2NzDZmrj3mUg7pPUw4+p:oN9/jf6iuyHDee0Bhn6uK2rSBZk+p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543213", "to_ids": false, "type": "size-in-bytes", "uuid": "b697d55f-7ea5-4e3e-8508-3515ac2b9d2d", "value": "82944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543213", "to_ids": true, "type": "vhash", "uuid": "7482ff7d-e21c-4d5c-ad69-6c59b6824d61", "value": "184056555d05755az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543213", "to_ids": true, "type": "filename", "uuid": "381185e0-5289-4795-a9bb-239bf65a416b", "value": "VirusShare_01a8633082a9024c865b145969b3bfe3" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 26/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543213", "to_ids": false, "type": "text", "uuid": "8e91fbf0-1b0b-4726-b0f9-95854e118c05", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:62/67\nFirst Submission:2014-08-07T09:50:02.000000+00:00\nLast Submission:2021-11-25T12:15:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814159", "uuid": "776e5bc3-96db-4d22-9abc-8b2a9e33bcb6", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814159", "to_ids": true, "type": "md5", "uuid": "c99046aa-9a27-4ac2-b782-e073e637f7cb", "value": "197cb8eaf3797318f49a01a53b6b6372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543236", "to_ids": true, "type": "sha1", "uuid": "1e2eac7b-372f-42ba-93d1-8b87ed608c7a", "value": "4df146cade86459246f75c9c1b07a573d840719e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543236", "to_ids": true, "type": "sha256", "uuid": "27e28a8a-7a93-4c2b-9239-7a2473d021c3", "value": "9fa5cc69aaa023a54ee7497b0f04b8d90960b276427d870b1782fb524d20c535", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543235", "to_ids": true, "type": "ssdeep", "uuid": "3224ad37-c1e5-4283-80bf-6be293679671", "value": "1536:Gmca9iexVfevwrojyHDmX32QzneQC+kYgoZ:GY9/jf6wuyHDubeQCno" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543235", "to_ids": false, "type": "size-in-bytes", "uuid": "42bba7ae-4291-4bff-bb87-b5e67f5b36f4", "value": "77312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543235", "to_ids": true, "type": "vhash", "uuid": "53a95f4d-e4e0-49bc-9626-351fa636b342", "value": "174056555d05655az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543235", "to_ids": true, "type": "filename", "uuid": "c11dc6da-ce74-4e45-8417-749b04159580", "value": "R7Q4YRf8.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543235", "to_ids": false, "type": "text", "uuid": "d17c747b-ec03-4e0f-b45d-984b61920340", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:54/67\nFirst Submission:2018-09-21T13:05:51.000000+00:00\nLast Submission:2018-09-21T13:05:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814180", "uuid": "93e1830c-e11c-4d62-b328-22a49bb74860", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814180", "to_ids": true, "type": "md5", "uuid": "39d8e460-0c87-4c22-987b-1e04d0425818", "value": "fc150c86b40d094ffa1d74346c519b7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543258", "to_ids": true, "type": "sha1", "uuid": "ae657598-435f-47ae-a698-d3a57eb92170", "value": "2de9473d86323faafb66d3d5c0add897e29f11e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543258", "to_ids": true, "type": "sha256", "uuid": "9c367684-937c-42a7-828d-1e36175ec530", "value": "ca0e90a60c21bff48c02a17f73023c8813f5ddf0c9231878c6ade4c8e6ad8a1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543257", "to_ids": true, "type": "ssdeep", "uuid": "e760044e-28ea-4cbd-bd9f-4ae3b223021f", "value": "3072:9eHE8uyH29x3s+addwt1haMLLCIlFujPchPjPjPjPjPjPjTxYWLfl2mEwca83Had:9ek8uyH29xs+MerXTTAUh777777TxlLn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543257", "to_ids": false, "type": "size-in-bytes", "uuid": "57b0453a-c52d-4e91-b19c-0769131ccd39", "value": "181760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543257", "to_ids": true, "type": "vhash", "uuid": "e4d46b6e-fddd-4bc4-9cc4-d477a0add8a3", "value": "01506e655d5f7e7cbz4118fz1038z127z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543257", "to_ids": true, "type": "filename", "uuid": "2e116fcb-5487-463f-ac53-982813a390ac", "value": "fc150c86b40d094ffa1d74346c519b7a.virus" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543257", "to_ids": false, "type": "text", "uuid": "2a15c4fe-7299-4781-87ff-b9dbb5c137b6", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Virut.BO\nVT Total Detection:63/69\nFirst Submission:2018-09-21T12:21:36.000000+00:00\nLast Submission:2019-12-08T03:30:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814201", "uuid": "e2645c5a-8888-4c10-87c6-efcaa34898ce", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814201", "to_ids": true, "type": "md5", "uuid": "581462f3-8c57-4e90-a15c-75ff4f9df0e5", "value": "bdf46dd26d747ce97b8a45410a9cdc85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543280", "to_ids": true, "type": "sha1", "uuid": "8e5cf3b9-5141-47a4-923f-6f87a79f617a", "value": "2df026b30298fbfd282e11b7dc728f31b941d506", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543280", "to_ids": true, "type": "sha256", "uuid": "c81a8564-a7d6-4a15-ac58-a243c811b3b1", "value": "a65e0ef3d70bd891f0d077972fb86652bbb4132b276504cdd1b75882523bcf30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543279", "to_ids": true, "type": "ssdeep", "uuid": "66128513-8a38-4a20-9c20-d8da0d87d78b", "value": "6144:tJek8uyH29xs+MerXTTAUh777777TxlLflPEdaamwGC8huqfN:tgk59xcMTTAUh777777TvpEdvGC+u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543279", "to_ids": false, "type": "size-in-bytes", "uuid": "53ab50a5-f75d-47c3-ad33-1f39b853198d", "value": "256000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543279", "to_ids": true, "type": "vhash", "uuid": "289b0c0a-7928-477e-9ec2-875369a1b5d6", "value": "125056555d05655az2chz2061z1ezb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543279", "to_ids": true, "type": "filename", "uuid": "c04e604e-5d1c-4669-895e-b0b43119270f", "value": "4z26PMm3.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543279", "to_ids": false, "type": "text", "uuid": "b6336f0f-c924-48fa-a513-f3f0fe9a7480", "value": "NewCoreRat\r\nType Description: Win32 DLL\nMicrosoft: DDoS:Win32/Nitol\nVT Total Detection:58/68\nFirst Submission:2018-09-21T08:23:01.000000+00:00\nLast Submission:2018-09-21T11:23:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814222", "uuid": "ef22995c-6cbd-487f-adb2-14b01cb40759", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814222", "to_ids": true, "type": "md5", "uuid": "ef6074bb-a1fd-4fb8-98d7-430120935751", "value": "ec9d4ea6d94186185edc08bb588355c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543302", "to_ids": true, "type": "sha1", "uuid": "ddb1cc16-e1d5-4001-b434-5ae9ab00c912", "value": "4172aa38b682942c3d61fdaee8f115be8c7f25de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543302", "to_ids": true, "type": "sha256", "uuid": "219e4023-db27-46c1-a0f2-5e4750b5140b", "value": "e5a31524fc95da517342bd1accc783e088fed42db33cb9caf7b60a39918ebdc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543301", "to_ids": true, "type": "ssdeep", "uuid": "e39c7393-df21-4151-a6cd-ab67f4fdb083", "value": "6144:lek8uyH29xs+MerXTTAUh777777TxlLflPEdaamwGC8huqfN:Ek59xcMTTAUh777777TvpEdvGC+u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543301", "to_ids": false, "type": "size-in-bytes", "uuid": "1cac25cf-705e-4ee4-8dac-91f0639658a3", "value": "213504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543301", "to_ids": true, "type": "vhash", "uuid": "922486dc-c83b-48bf-a499-ed0cfc48b681", "value": "02507e655d5f7e7e7cbz4118fz1038z127z" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543301", "to_ids": false, "type": "text", "uuid": "cf7ed544-291f-4f0e-9111-cb2e084849ee", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol!pz\nVT Total Detection:72/74\nFirst Submission:2018-09-21T11:10:34.000000+00:00\nLast Submission:2018-09-21T11:10:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814244", "uuid": "4bb47c56-8d17-44cd-922e-9753322576c2", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814244", "to_ids": true, "type": "md5", "uuid": "8968bb81-261f-4fe9-83ac-6d0a887d279b", "value": "04f540671bfad403eb18569575a0add5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543323", "to_ids": true, "type": "sha1", "uuid": "770179fa-09f9-4f73-9466-fc0b341100d8", "value": "d138c4addf3497582d558593bb6c16dbf82af8e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543324", "to_ids": true, "type": "sha256", "uuid": "7c4c32b3-3f51-44be-81fb-9575fcc5d081", "value": "281f3ce73e434f7616ce1600e0d6cab335ecdff2778dac0f916cc0e65224a753", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543323", "to_ids": true, "type": "ssdeep", "uuid": "0cb1ccde-519d-4ccf-8fed-ced732570bce", "value": "768:O68uUCS77GhGLhuaNu0HJm6wiuHKZfGQz4m+c3p7PUU:O6BS7LLpNuORPA3Sp7T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543323", "to_ids": false, "type": "size-in-bytes", "uuid": "57da417a-758e-4da1-9265-febd7617d15d", "value": "38912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543323", "to_ids": true, "type": "vhash", "uuid": "f7d332eb-a76b-46c7-954f-503a8c7d40dc", "value": "034046655d555\"z" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543323", "to_ids": false, "type": "text", "uuid": "a6d60f1f-21d6-41a4-83c1-4406d262478f", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.B\nVT Total Detection:55/69\nFirst Submission:2018-09-21T02:18:52.000000+00:00\nLast Submission:2018-09-21T02:18:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746814265", "uuid": "bf0d07f7-eb9c-460f-8121-f55579b77eaa", "Attribute": [ { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746814265", "to_ids": true, "type": "md5", "uuid": "72882fe0-3760-4752-a42e-306c467beb21", "value": "11d364135c1012d8c584b18cb390757d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746543345", "to_ids": true, "type": "sha1", "uuid": "832d39c2-707f-4df1-a393-fd7397452d09", "value": "f580dd513405c2f14b24cdbe7d007398d4c4c4c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NewCoreRat", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746543346", "to_ids": true, "type": "sha256", "uuid": "61c9c777-4fd0-47fe-b11e-9b87c4bacdd6", "value": "b93b7ad0e27d95665b699c3f6cf49129cff410555defd2c56cd3ec8a112bf1c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746543345", "to_ids": true, "type": "ssdeep", "uuid": "bd8b9513-6dbc-4d67-a28b-9a55eb940edc", "value": "1536:+GN7c9SKiGN8f5plNyHm54XJi4HHdJnRdGa1guRo:DySFI8xZyHlH9tbuE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746543345", "to_ids": false, "type": "size-in-bytes", "uuid": "c56a25a8-fe87-4673-802c-147ed307f144", "value": "64512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746543345", "to_ids": true, "type": "vhash", "uuid": "a5fc99b1-40ac-44ef-ae7f-8d463def3d69", "value": "064046655d1f7az4218fz1038z127z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746543345", "to_ids": true, "type": "filename", "uuid": "49cc85a1-bc0d-4cd5-82ef-6c220c2ca0d2", "value": "yKzBp7QD.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746543345", "to_ids": false, "type": "text", "uuid": "5b3820cb-882a-4a50-bc10-e5ef36d74ebb", "value": "NewCoreRat\r\nType Description: Win32 EXE\nMicrosoft: DDoS:Win32/Nitol.A\nVT Total Detection:60/69\nFirst Submission:2018-09-19T22:14:40.000000+00:00\nLast Submission:2018-09-19T22:14:40.000000+00:00" } ] } ] } }