{ "Event": { "analysis": "2", "date": "2022-11-09", "extends_uuid": "", "info": "[Threat Intel] Hack the Real Box: APT41\u2019s New Subgroup Earth Longzhi", "protected": false, "publish_timestamp": "1780040027", "published": true, "threat_level_id": "1", "timestamp": "1780040027", "uuid": "e142a39b-090a-49fd-9a38-3e2437e429df", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Croxloader\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Longzhi\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"030 - Eastern Asia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DCSync - T1003.006\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Fronting - T1090.004\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Addresses - T1589.002\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Defense Evasion - T1211\"", "relationship_type": "" }, { "colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#280b0e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Proxy - T1090.002\"", "relationship_type": "" }, { "colour": "#c295b4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Print Processors - T1547.012\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740764712", "to_ids": false, "type": "link", "uuid": "5dfb7095-9561-4ac6-9654-e4b10c14af70", "value": "https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780040025", "to_ids": true, "type": "ip-dst", "uuid": "47b98153-c2dd-4714-b7b1-38ee1e5d68b1", "value": "47.108.173.88", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#5d39d0", "local": false, "name": "asn:asn=\"37963\"", "relationship_type": "" }, { "colour": "#76d941", "local": false, "name": "asn:as-owner=\"ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd.\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747020602", "to_ids": true, "type": "hostname", "uuid": "87505571-1ccf-427a-8a9f-f7631467e675", "value": "www.affice366.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747020626", "to_ids": true, "type": "hostname", "uuid": "bd4ce9f8-ca9e-44b8-b282-316a59cbc6dc", "value": "www.vietsovspeedtest.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747020647", "to_ids": true, "type": "hostname", "uuid": "4673caeb-8df7-4797-a8d2-b277750c45d6", "value": "c.ymvh8w5.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780040027", "to_ids": true, "type": "ip-dst", "uuid": "c3139856-de43-4097-884c-12fac826ca64", "value": "139.180.138.226", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020690", "uuid": "b9ed02d0-9127-4e2b-82c2-3d5707ce7697", "Attribute": [ { "category": "Payload delivery", "comment": "CroxLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020690", "to_ids": true, "type": "md5", "uuid": "ad394bff-1077-4f54-ab5f-0cf73f85612d", "value": "ae8675d2f910145f5ebc6044a71ad0f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CroxLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761094", "to_ids": true, "type": "sha1", "uuid": "34b5a296-d769-4034-aceb-b4367b605c65", "value": "84254f20f869de41f99b5f2e6697868259e9de4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CroxLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761094", "to_ids": true, "type": "sha256", "uuid": "0397e05f-c37d-48fd-bf9c-5c68ca7287e6", "value": "b6d2f4d9edd7b08c9841cca69c5cb6b312fa9ad1c19a447a26e915e1fd736e09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761094", "to_ids": true, "type": "ssdeep", "uuid": "ba5271fb-0409-46c8-8ffb-291f918dd248", "value": "6144:dCB7UEscPW4EOtOhIZ3HTdKx8FUwDcpnfUm/mVBtRhngl7/KZJ4YLhdQMJYc+S:dIcmWktuidKPflmVBtIRKZGYhdY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761094", "to_ids": false, "type": "size-in-bytes", "uuid": "43381c03-12d8-4398-9bd2-70c5ee4dfc9e", "value": "504320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761094", "to_ids": true, "type": "vhash", "uuid": "bb9d5582-79da-4eb8-b7f0-d31fbf44c6d2", "value": "055076657d151515155az423z1@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761094", "to_ids": true, "type": "filename", "uuid": "37c84767-fa8b-44fd-918c-64b0424ed867", "value": "agent.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761094", "to_ids": false, "type": "text", "uuid": "cb1226ee-0598-4020-8dde-d50c24463f4b", "value": "CroxLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/CroxLoader.RPU!MTB\nVT Total Detection:51/72\nFirst Submission:2022-03-10T03:23:36.000000+00:00\nLast Submission:2023-09-28T15:12:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020712", "uuid": "b7c42a5d-3c2e-4123-9558-ad73b44c668c", "Attribute": [ { "category": "Payload delivery", "comment": "AllInOne", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020712", "to_ids": true, "type": "md5", "uuid": "ff7dbe2c-632f-41ce-a3dc-4c074110fdfa", "value": "f9f17b1db4b3e5fbf65a26ef8eba9565", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AllInOne", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761115", "to_ids": true, "type": "sha1", "uuid": "1eaf53a9-1418-437b-a31d-a282998b67df", "value": "64e76afdf43a6883461ae7dc9685015469b32e86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AllInOne", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761115", "to_ids": true, "type": "sha256", "uuid": "f947c3ab-a01a-460f-b5bd-afcfb454cac4", "value": "8478718e0bad7fde34f623794e966f662aaf2d7a21d365b45db80b2a0349ed8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761115", "to_ids": true, "type": "ssdeep", "uuid": "fd6ba66c-a3eb-47f6-8725-50d2355df58b", "value": "768:DoecHXHXjbt6JMyv8tgB8dgHbXej/DfUONDdlW+ZunAwB6zFwZEq+uDGR7:QHHjbtw5EtJd2bMfUONDvW+ZunAHxwZ2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761115", "to_ids": false, "type": "size-in-bytes", "uuid": "0d7faee7-d9bd-4b23-83f0-9d9c46ad621e", "value": "41776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761115", "to_ids": true, "type": "vhash", "uuid": "f4e27134-692a-4d47-bb4b-5a91cba0f54b", "value": "044036655d5158z262e03jz94z1b7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761115", "to_ids": true, "type": "filename", "uuid": "03f034c0-fae4-438b-899c-72727cbba438", "value": "allinone.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761115", "to_ids": false, "type": "text", "uuid": "9538845b-ecdb-49cc-b264-09694b1ad24d", "value": "AllInOne\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/CobaltStrike.MA!MTB\nVT Total Detection:51/72\nFirst Submission:2022-03-24T02:47:17.000000+00:00\nLast Submission:2023-09-28T15:12:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020733", "uuid": "451b5ec4-5e66-4fa6-b840-fd6addc34fed", "Attribute": [ { "category": "Payload delivery", "comment": "AVBurner + PrintSpoofer", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020733", "to_ids": true, "type": "md5", "uuid": "28e62ce9-ecf8-4bba-87e5-be5d459ec581", "value": "494cc48a9856cf5b46fb13bcd68c256f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AVBurner + PrintSpoofer", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761136", "to_ids": true, "type": "sha1", "uuid": "c05de238-fc36-4c90-b6c6-ad37f3709fbb", "value": "39727e755b2806fc2ed5204dae4572a14b2d43d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AVBurner + PrintSpoofer", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761137", "to_ids": true, "type": "sha256", "uuid": "2f1e981a-cedd-4de5-9294-20dbbd31eee7", "value": "4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761136", "to_ids": true, "type": "ssdeep", "uuid": "0099e798-d306-4d93-9445-dac28002940a", "value": "3072:paOH4GyXTaqC/csRfAQS+VMhKk/DJRvur18mXBX:/sjat0EA/h1t1uJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761136", "to_ids": false, "type": "size-in-bytes", "uuid": "8907c857-3a00-4d74-844d-97e7caddaedf", "value": "161792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761136", "to_ids": true, "type": "vhash", "uuid": "f93ff19c-ebfc-4fce-b7cd-ac73e1e35e53", "value": "015076655d1555151550b8z553z77za7z103dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761136", "to_ids": true, "type": "filename", "uuid": "4a664c44-3629-4f9c-a15a-ab6643e4098a", "value": "execute.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 16/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761136", "to_ids": false, "type": "text", "uuid": "40d43175-0508-4f32-a516-faa7cc2a1971", "value": "AVBurner + PrintSpoofer\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/AVBurner.RPX!MTB\nVT Total Detection:54/72\nFirst Submission:2022-07-28T10:10:07.000000+00:00\nLast Submission:2023-09-28T15:08:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020754", "uuid": "0d5dc6b7-b6d9-4f46-a3d5-2d713e9073a0", "Attribute": [ { "category": "Payload delivery", "comment": "ProcBurner", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020754", "to_ids": true, "type": "md5", "uuid": "de7c096e-4eca-4e28-b85c-53ab32352a52", "value": "ac96bb64a7b0afb48ebc6c67e8eef4cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ProcBurner", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761158", "to_ids": true, "type": "sha1", "uuid": "08993d17-5038-4fbb-bd5b-53240624a928", "value": "4e0cf09dc1661026f3c22e0810a384ed563f8461", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ProcBurner", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761158", "to_ids": true, "type": "sha256", "uuid": "fe03aa0a-5cb6-4bde-bc95-570f172ee6e7", "value": "c80289a1f293dceb71230cf0dbd0a45b9444519b1367a5ba04e990ea6acf6503", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761157", "to_ids": true, "type": "ssdeep", "uuid": "0f4dbede-bdc3-4c50-8490-abd6aaef4966", "value": "3072:oSqa3lqxs69RYDmaZuw297VMrKr/GDCYxklo6:x1uTsm+w9eDCf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761157", "to_ids": false, "type": "size-in-bytes", "uuid": "9255a15c-f242-455c-8a40-afb5d03e8470", "value": "129128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761157", "to_ids": true, "type": "vhash", "uuid": "5e97f9fb-f402-4941-8142-9073f4907e71", "value": "015076655d155515155az4a3z4dz11z103dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761157", "to_ids": true, "type": "filename", "uuid": "00dcbfe4-8260-42d0-9471-a96d2d3e08fc", "value": "ac96bb64a7b0afb48ebc6c67e8eef4cf.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761157", "to_ids": false, "type": "text", "uuid": "eb377d60-9d80-444e-bd30-20b939ed0af4", "value": "ProcBurner\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/WimSolomgoed.A!dha\nVT Total Detection:52/72\nFirst Submission:2022-02-14T22:15:54.000000+00:00\nLast Submission:2023-09-28T15:13:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020775", "uuid": "9b8b1c8c-2118-4c94-bea1-013d2df197a4", "Attribute": [ { "category": "Payload delivery", "comment": "ProcBurner", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020775", "to_ids": true, "type": "md5", "uuid": "f6926e26-5c25-4ca2-a443-d2c61ebf4326", "value": "9487ff25f1949a253483b94165d3aa64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ProcBurner", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761179", "to_ids": true, "type": "sha1", "uuid": "75926d96-f137-4e19-ada3-6e709c8fcfd7", "value": "9c2d9d65827cdb9fc44126de1b17af07df4c1edd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ProcBurner", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761179", "to_ids": true, "type": "sha256", "uuid": "c26536f3-0fd2-4598-b03f-55c84df3100e", "value": "30b64628aae642380147c7671ea8f864b13c2d2affaaea34c4c9512c8a779225", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761179", "to_ids": true, "type": "ssdeep", "uuid": "f8bd99e0-68ab-4472-bcf2-4263a79c112d", "value": "3072:sXDUzK4j6b2oUF213dnSYQ7H2+3acYRKdYqL9nk80nw+ghW+CKB:wGj6Iy3w/S+9YRKXksC+N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761179", "to_ids": false, "type": "size-in-bytes", "uuid": "cf42ca4d-c1c0-4033-859e-daf96a2d10fd", "value": "301449" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761179", "to_ids": true, "type": "vhash", "uuid": "99cae874-c3a6-47e8-90af-8580dd1d97e2", "value": "0351276d1555151c0d1d1az19241z4bz13z103dz" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761179", "to_ids": false, "type": "text", "uuid": "d934a72e-13ff-4910-b7d9-9b746e48b77a", "value": "ProcBurner\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/ProcBurner.RPW!MTB\nVT Total Detection:49/72\nFirst Submission:2022-08-06T03:53:10.000000+00:00\nLast Submission:2023-09-28T15:09:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020796", "uuid": "adb4b303-40e2-498d-8d2c-a74e893380e7", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020796", "to_ids": true, "type": "md5", "uuid": "b0aeebfe-d064-4138-9940-b4bc3f1ee8b7", "value": "f5daa93b81be67cfd79a403d5a8a7ed8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761200", "to_ids": true, "type": "sha1", "uuid": "cb0b9aec-dc0d-4345-82b2-64388b05049a", "value": "9a218d3e65b974ab1bc9fa364a5597df0beddb72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761200", "to_ids": true, "type": "sha256", "uuid": "206a2b2b-7400-4fd0-896b-c91514328dc1", "value": "03795a683bf3eb9ed7673522fe7eac45949a824da8043236cd504fd8106e3593", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761200", "to_ids": true, "type": "ssdeep", "uuid": "bcb28d53-4c7f-4495-a64e-d0838ea36556", "value": "196608:7D1K5W5Zj7xEcF/zMV5C/Gb9bcxcHFhpHn:75KU55xEErMVQ/sbcux" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761200", "to_ids": false, "type": "size-in-bytes", "uuid": "14d23495-c0dc-4898-acfd-fe8d1e03d7a4", "value": "6345728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761200", "to_ids": true, "type": "vhash", "uuid": "705b05db-7ae3-4c16-9df9-dddca8397f8a", "value": "0660975d15751c0d5d1d006011z12z241b1z47z17z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761200", "to_ids": true, "type": "filename", "uuid": "86cca18e-6bec-47f9-8cbb-7c701c2ed332", "value": "Penyampaian Soft Copy Rencana Induk Industri Pertahanan.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 12/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761200", "to_ids": false, "type": "text", "uuid": "50c9092c-8e13-45b9-a645-852438aaa15b", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/BigpipeLoader.MA!MTB\nVT Total Detection:48/72\nFirst Submission:2021-11-05T05:56:28.000000+00:00\nLast Submission:2023-09-28T15:10:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020817", "uuid": "61679883-a8e9-445a-8b77-ad4b445221e1", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020817", "to_ids": true, "type": "md5", "uuid": "8097e251-02cb-4de6-bef3-af498fe6423b", "value": "9aad734bc59b22f393ae53220546f025", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761222", "to_ids": true, "type": "sha1", "uuid": "3a4811b8-ef9c-49f5-a105-d261bd781e84", "value": "36967195eca702a09b39108d9a9b91a8f4b5685f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761222", "to_ids": true, "type": "sha256", "uuid": "73012070-4338-4265-a8d3-01a648c12f06", "value": "3ba81d78f3b764dc6e369f24196c41b4cba0764414ad85d42dae5a5f79e871e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761222", "to_ids": true, "type": "ssdeep", "uuid": "0c491957-b5d1-4564-b45b-ef55a2b0c243", "value": "98304:qDLdL1cx6SgTFmbV39IRS9OZC3N6UHY6y6ndu:0L3cxiFmbtqQxjD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761222", "to_ids": false, "type": "size-in-bytes", "uuid": "9ea8dac9-a363-4459-a67e-86b4294f400d", "value": "4169216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761222", "to_ids": true, "type": "vhash", "uuid": "49446b53-910c-4082-88f5-35aa8d15d11b", "value": "0460b75d1575151c0d1d1bzb1b=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761222", "to_ids": true, "type": "filename", "uuid": "936ca19a-8535-41c4-b0c0-211c4b1fccb8", "value": "3ba81d78f3b764dc6e369f24196c41b4cba0764414ad85d42dae5a5f79e871e1_.json" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 02/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761222", "to_ids": false, "type": "text", "uuid": "56f0e868-b621-4caa-90b3-ee787515fb65", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Cobeacon.PAA!MTB\nVT Total Detection:52/73\nFirst Submission:2021-12-13T05:00:37.000000+00:00\nLast Submission:2023-09-28T15:07:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020838", "uuid": "3528928a-c23c-4933-b7ce-d946ecaaff51", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020838", "to_ids": true, "type": "md5", "uuid": "f15e2526-e7e1-4b85-abc7-b7567d2d2eb9", "value": "11f483182a6d4f1a0dd2682e58b4eaf0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761244", "to_ids": true, "type": "sha1", "uuid": "9df69433-d044-439b-8bdd-850c5265fb8d", "value": "57ebd92b2f0c2269a3aa1aea74498a44041ecc75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761244", "to_ids": true, "type": "sha256", "uuid": "d60c58dd-69fb-4dbc-a56e-9d190339de3d", "value": "41bcdc3fc4c878fb34ebebeff6ff7d158be166d3fc220f3b90f225ae3757f2e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761243", "to_ids": true, "type": "ssdeep", "uuid": "bf82add0-7210-4e01-9c1d-ca39c76edab8", "value": "6144:8M1HMUCuFyhyGUKnjZ0dxuhUMA3eIJuMPJCVy+tPXbLE8x/RSI2SS:8MaUCAwUMZ0PRJZMBPbLE8x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761243", "to_ids": false, "type": "size-in-bytes", "uuid": "1fa4a831-5a6b-474d-872f-04a09e67c5fa", "value": "579072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761243", "to_ids": true, "type": "vhash", "uuid": "94f38bd8-6453-4a5f-909e-de0529f385f4", "value": "0550b75d1575151c0d1d1bzb1b=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761243", "to_ids": true, "type": "filename", "uuid": "db840d68-ba18-458e-8c9b-83d36d660879", "value": "[\u570b\u7acb\u81fa\u7063\u6d77\u6d0b\u5927\u5b78\u7684\u745c\u73c8\u6559\u5e2b\u5f35\u6587\u82b8\u5be6\u540d\u63a7\u8a34\u6750\u6599]-\u6d77\u6d0b\u59d4\u54e1\u6703\u6d77\u5de1\u7f72-\u5433\u5b5f\u54f2\u4e2d\u6821.docx.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761243", "to_ids": false, "type": "text", "uuid": "7dbd3c06-6db9-4a91-b322-319351fe26d5", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Cobeacon.PAA!MTB\nVT Total Detection:51/72\nFirst Submission:2022-01-04T11:17:22.000000+00:00\nLast Submission:2023-09-28T15:09:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020859", "uuid": "8cf2ca28-d969-4bae-94cd-59111c8ab6b9", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020859", "to_ids": true, "type": "md5", "uuid": "413d835a-a13d-4fd8-bbd1-1ce461acfdb4", "value": "e31f405637c30ce01cc83c8fd60a6c34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761265", "to_ids": true, "type": "sha1", "uuid": "4968b26c-cf5d-4f0d-b911-b8a43318a86c", "value": "e1793411bdc08b906fc111aa1548e8137023285f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761265", "to_ids": true, "type": "sha256", "uuid": "51e9dc89-5510-4e53-98cf-c4a70babd24e", "value": "8e2aac4e7776f66da785171baeee473e41cb88c60e535b80980d55ac7f873c5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761265", "to_ids": true, "type": "ssdeep", "uuid": "82356454-6c8e-45b3-84a9-abf54e5679af", "value": "12288:O8PTDPdtnxmnrpCCUgKuNlvIb2ZSaDeMlKs:OOTzd/0pnUIN5IbiVK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761265", "to_ids": false, "type": "size-in-bytes", "uuid": "05cd2b61-f939-4ff4-9674-1a4e50f81f7c", "value": "436736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761265", "to_ids": true, "type": "vhash", "uuid": "74d805fc-6238-495c-a026-fa8497740f61", "value": "045076656d15551515506011z12z54z37z17z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761265", "to_ids": true, "type": "filename", "uuid": "07e7003c-6392-43b3-b33d-d967c97b3485", "value": "Word.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761265", "to_ids": false, "type": "text", "uuid": "c86021ab-62a7-43b9-863e-06261433de9d", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BigpipeLoader.RPZ!MTB\nVT Total Detection:53/72\nFirst Submission:2021-09-10T03:02:05.000000+00:00\nLast Submission:2023-09-28T15:09:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020880", "uuid": "d8c53927-d84f-45c9-9509-a669d5ecfaf1", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020880", "to_ids": true, "type": "md5", "uuid": "50812922-ce04-448e-ab4e-f8aa803d8017", "value": "e48c30853028399ca47333a7009aac65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761286", "to_ids": true, "type": "sha1", "uuid": "af3ad5d4-0648-4428-b276-885d596b294f", "value": "d4296d2e6781ccab7c7fb45a493ba6783aa36b11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761287", "to_ids": true, "type": "sha256", "uuid": "bd2cd676-5349-415a-83e3-9b3ce354657e", "value": "a0bde01e83ccc42c0729b813108dd3da96a9bc175b3ad53807387bbf84d58112", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761286", "to_ids": true, "type": "ssdeep", "uuid": "1c35b19d-ec8c-4683-bbb5-de1306a77073", "value": "6144:anfKej8XSSXcJNB60HNbCf1GPxHqwywYIx83IuoI8YsmPa8iqPjQ8RFWbQ:aJ2iT60tbM+Hp8IxKIuIYxpQ8HWbQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761286", "to_ids": false, "type": "size-in-bytes", "uuid": "48340bb3-c102-4e87-a2ed-a40d1189e47a", "value": "358912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761286", "to_ids": true, "type": "vhash", "uuid": "84809a16-5732-4b4e-9278-2007a914cd3c", "value": "035056656d151561z11z12z4f3z37z17z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761286", "to_ids": true, "type": "filename", "uuid": "fef9bde8-08d4-4575-b104-85b3dbe0004b", "value": "Word.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761286", "to_ids": false, "type": "text", "uuid": "cbafcae4-a5c1-4ebb-a6d1-4ba98cc04699", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/BigpipeLoader.MB!MTB\nVT Total Detection:52/72\nFirst Submission:2021-11-10T05:47:49.000000+00:00\nLast Submission:2023-09-28T15:12:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020901", "uuid": "64f22a66-7284-40d2-a4e2-7a809d0e0add", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020901", "to_ids": true, "type": "md5", "uuid": "fffc982a-b6fc-4eab-9adc-7c77a467526c", "value": "03e48c514673b6a6fab2659b7754d779", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761308", "to_ids": true, "type": "sha1", "uuid": "ff75a0c9-15fa-404e-a600-73884c50c582", "value": "9a7a1db62588f0da12bdbbe8f7e6775b15409a05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761308", "to_ids": true, "type": "sha256", "uuid": "9bdfb74c-6f4a-44a2-8ff2-fbbbac8a6a73", "value": "bd959353bc6c05b085fc37589ea2ccd2c91aaf05ec7cf1a487f5de7fa0abc962", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761307", "to_ids": true, "type": "ssdeep", "uuid": "28be5c69-d721-491c-8090-db4d46510613", "value": "6144:sQYv9PCF0Pz6HeAGQjy3YfIh0dVix3fzmcnCzxzW7+6esAN:srsG7bUIOObmjzr6x6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761307", "to_ids": false, "type": "size-in-bytes", "uuid": "2ff22532-d7cc-4367-bf1d-fa1a505bcd4d", "value": "372736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761307", "to_ids": true, "type": "vhash", "uuid": "c2c39cfb-be3f-4c4f-81f4-33097ef238e8", "value": "0350a75d1565151c0d1d106011z12z1e1b1z47z17z3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761307", "to_ids": true, "type": "filename", "uuid": "730448bb-0d57-4643-acb0-303d479fd4d3", "value": "\u3010\u7d27\u6025\u3011\u4e2d\u7535\u798f\u5bcc\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8-\u79fb\u52a8\u9493\u9c7c\u90ae\u4ef6\u6e05\u9664.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 19/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761307", "to_ids": false, "type": "text", "uuid": "4e894b4a-f7f8-4f6f-ab60-9a6465610ffe", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BigpipeLoader.RPY!MTB\nVT Total Detection:48/72\nFirst Submission:2021-09-28T06:44:48.000000+00:00\nLast Submission:2023-09-28T15:13:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020923", "uuid": "102841d3-0c56-4665-be46-cbcbd462a11b", "Attribute": [ { "category": "Payload delivery", "comment": "OutLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020923", "to_ids": true, "type": "md5", "uuid": "2d2978d3-9eb6-44a7-bb7c-b41f3e12659f", "value": "a8eeda20c491a5994843cf77063a7fde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "OutLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761329", "to_ids": true, "type": "sha1", "uuid": "b0f21b5f-765b-4562-853b-97bcef15fa35", "value": "e20d7aee8d5a2daeb6c2069a466f06cafdcf195f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "OutLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761329", "to_ids": true, "type": "sha256", "uuid": "65246b05-583f-4edc-976f-84b8c1ee362c", "value": "25bfa492e295599fe30d9477ac72a4848c1ee2b71ff92ef7dcca90587c8d0945", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761329", "to_ids": true, "type": "ssdeep", "uuid": "f5e94b31-7696-4c59-9b26-c9cd74ffbbcb", "value": "3072:hGlRJhmOG4PjhwA+o0akf2P9WKbye1ysvZnkpz:SRJhmuhRkC9LbyessxnkB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761329", "to_ids": false, "type": "size-in-bytes", "uuid": "f86cd525-0967-4364-9837-9851476f497e", "value": "294400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761329", "to_ids": true, "type": "vhash", "uuid": "cd23641d-e94c-452b-a1c1-5e1eaeb147c8", "value": "025066657d151515606011z12z4a3z2bz13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761329", "to_ids": true, "type": "filename", "uuid": "d00fdea6-06ac-4df2-adc1-f8a81e33222a", "value": "KEPERLUAN SENARAI NAMA TERKINI PEGAWAI DAN ANGGOTA LLP BERSERTA WARIS PENGGAL KE-2 THN 21.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761329", "to_ids": false, "type": "text", "uuid": "d67518e0-e444-4456-a5c9-0f2e0a4c8ecd", "value": "OutLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/OutLoader.MA!MTB\nVT Total Detection:50/72\nFirst Submission:2021-09-09T15:22:42.000000+00:00\nLast Submission:2023-09-28T15:09:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020944", "uuid": "95d9878a-fe07-4057-a55c-8a498cd12010", "Attribute": [ { "category": "Payload delivery", "comment": "OutLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020944", "to_ids": true, "type": "md5", "uuid": "e416432a-c183-4161-87d6-6fe3dab333ab", "value": "b236a41cd95ebeb78228251db5a5fe8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "OutLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761350", "to_ids": true, "type": "sha1", "uuid": "9905d20b-07f3-4c59-acaa-0ec790eca467", "value": "641922dee41b50744b8889cfcc90ee27a18310c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "OutLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761350", "to_ids": true, "type": "sha256", "uuid": "4afdb8dd-b52b-47ca-a81e-989a92e005c1", "value": "947fdef565d889d3d919d8d81014d718f2d22ef3ed0049c98960f7330f51f41f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761350", "to_ids": true, "type": "ssdeep", "uuid": "b3a79fbd-2f8d-4200-9796-7f1a993586ae", "value": "1536:6Uhxy/ry1GxFzbJfbZ8uCSKlGmFU6w3lYEJlWoz9GsWQdc9dl7byKCmdK2j:6Uhxy/x/1ft8uPKlZFU6w3l4S9dUtbyr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761350", "to_ids": false, "type": "size-in-bytes", "uuid": "ec9f3580-4bd3-43b8-9d1e-f32e80caaa04", "value": "93184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761350", "to_ids": true, "type": "vhash", "uuid": "d126e771-86af-45b6-baab-98712458a3b8", "value": "094076655d151515155028z56!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761350", "to_ids": true, "type": "filename", "uuid": "9c0fa4e5-5372-4502-a26a-d99133a751dc", "value": "test.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 04/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761350", "to_ids": false, "type": "text", "uuid": "8b92ee70-0cc0-44b4-8dcb-5f0f1d9c55b4", "value": "OutLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/SymaticLoader.RPV!MTB\nVT Total Detection:55/72\nFirst Submission:2020-06-04T01:55:06.000000+00:00\nLast Submission:2023-09-28T15:10:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020965", "uuid": "f8e80a51-16b2-46ff-af22-def6148ee4c3", "Attribute": [ { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020965", "to_ids": true, "type": "md5", "uuid": "3ffcf33c-85c4-45c7-a24d-4eeb95479917", "value": "075ba8e8b03e3147a8f3d71e9f8a53c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761371", "to_ids": true, "type": "sha1", "uuid": "f8e75244-a29d-40c4-bc25-0d222ad69c2d", "value": "97776ebac5794ae60b82d2a55f9aa255ea407b82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761372", "to_ids": true, "type": "sha256", "uuid": "012630ab-3ea9-4e94-a9a1-162c1257dbd2", "value": "969ac3517ae9c472e436c547a6721f426a675ad8dece53c3f8e79ba44aa884eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761371", "to_ids": true, "type": "ssdeep", "uuid": "9d3167ba-04ba-4f35-9c37-e5f450d2ff6d", "value": "6144:MGcwfQaNYZwxBM1eMYHKCHa3q2YfnEqRgu:MfwYaNYZwxBSVfqaa28EqKu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761371", "to_ids": false, "type": "size-in-bytes", "uuid": "44d3d147-df18-4785-a533-fd8afb179536", "value": "263680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761371", "to_ids": true, "type": "vhash", "uuid": "f7a9efff-623f-4ae3-a9e4-af20922c17b6", "value": "025066655d1515756028z25hz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761371", "to_ids": true, "type": "filename", "uuid": "d11d5032-a8ad-4620-9f90-1fcc6311147b", "value": "075ba8e8b03e3147a8f3d71e9f8a53c9.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 04/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761371", "to_ids": false, "type": "text", "uuid": "98213a70-5ee6-4a44-9665-24e288b69a44", "value": "SymaticLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/SymaticLoader.MC!MTB\nVT Total Detection:53/72\nFirst Submission:2020-09-10T12:37:01.000000+00:00\nLast Submission:2023-09-28T15:10:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747020986", "uuid": "471cad90-5354-43ec-9166-c12c49bf48e1", "Attribute": [ { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747020986", "to_ids": true, "type": "md5", "uuid": "27c6b331-83a9-4329-aa56-d432645df1e3", "value": "81e1d6ebbe3e4d7b1093cd845732ace8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761393", "to_ids": true, "type": "sha1", "uuid": "fc32b41a-8552-421f-a3bd-8565affd5273", "value": "fb48b4a3521d3fb86441f35cff536db68c3b1e8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761393", "to_ids": true, "type": "sha256", "uuid": "b78c07a4-fc43-4b26-b723-631ba9a11e42", "value": "3de17542ca2ffefc9572cd2707a664999f157a0fed02ac4abdae5f805f6a77ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761392", "to_ids": true, "type": "ssdeep", "uuid": "c43182bd-5f53-4931-9b1e-6a98b6d15d32", "value": "1536:mUhxy/ry1GxFzbJfbZ8uCSKlGmFU6w3l+JlWoz9GsWQdc9dlgbUCm964ulz:mUhxy/x/1ft8uPKlZFU6w3lbS9dUabUz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761392", "to_ids": false, "type": "size-in-bytes", "uuid": "62c6eeb8-1058-48cb-a52c-d5fa96983003", "value": "93184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761392", "to_ids": true, "type": "vhash", "uuid": "bff42b8c-cf46-41aa-8327-1a36659e0a9b", "value": "094076655d151515155028z56!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761392", "to_ids": true, "type": "filename", "uuid": "64a3291e-76fb-4925-acd5-5267f20cecb6", "value": "b.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761392", "to_ids": false, "type": "text", "uuid": "dad2659c-7a86-4e2e-9542-c942cba13bfc", "value": "SymaticLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/SymaticLoader.RPV!MTB\nVT Total Detection:55/72\nFirst Submission:2020-06-05T10:41:23.000000+00:00\nLast Submission:2023-09-28T15:08:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021007", "uuid": "059bc2a5-6c42-4804-aba5-ef1fef42a995", "Attribute": [ { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021007", "to_ids": true, "type": "md5", "uuid": "b578b715-e5f8-400a-bdbd-2aa6149ec3b0", "value": "404c182f7807d5afb403b1b376808d2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761414", "to_ids": true, "type": "sha1", "uuid": "8051ca26-d468-4f6d-bda1-09f7102ce1d0", "value": "08da41c13d4b541fee703044c543c6516581edcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761415", "to_ids": true, "type": "sha256", "uuid": "9b1a814c-b6cf-4a53-bff3-1f7823ee02f0", "value": "86598469671d83cd5525a89e2d1ae83f1f9529420c3325a746d84acffeb876ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761414", "to_ids": true, "type": "ssdeep", "uuid": "5c9ad4e7-acea-4fa3-ba25-2e3f544de406", "value": "1536:BFDEnJMZro0ngijbyCqQeTssaXGDxb1TO8vSu7Biyv03gXhpsWjyycdSknPylZ:HEJIro0ng4bxJsaXGDxb1T8u7Bis034Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761414", "to_ids": false, "type": "size-in-bytes", "uuid": "4cd3c337-c6c8-4c1f-99e8-d9eaffcbfa6f", "value": "81408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761414", "to_ids": true, "type": "vhash", "uuid": "b4062024-2346-4094-9351-6562bf6569ef", "value": "084056655d15156018z513z6hz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761414", "to_ids": true, "type": "filename", "uuid": "3ddd9096-6c32-455c-a84a-3953ddf695d6", "value": "system.security.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761414", "to_ids": false, "type": "text", "uuid": "1d992e7e-fd46-4c3f-9d0f-d94c62d7ed76", "value": "SymaticLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/SymaticLoader.MB!MTB\nVT Total Detection:53/72\nFirst Submission:2021-08-04T08:21:14.000000+00:00\nLast Submission:2023-09-28T15:12:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021028", "uuid": "d53eadb2-c1d2-4852-97b2-17b9cbeb385e", "Attribute": [ { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021028", "to_ids": true, "type": "md5", "uuid": "c265368f-979f-4121-b407-ddb8f925cf3e", "value": "e8920f386531f7c08d2674c641e7c1b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761436", "to_ids": true, "type": "sha1", "uuid": "916c4a4d-67b7-4473-b682-9fd8ba5919c1", "value": "7510c65c6b2ad49cf14b6f7329acaa5d77dd475a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761436", "to_ids": true, "type": "sha256", "uuid": "79cf5efa-6b32-433b-818b-2fbc7ef348f2", "value": "1903cd46184aa2b70c74e2bdd47b7bedd2ae7175295d6c1dab904204dedbabca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761436", "to_ids": true, "type": "ssdeep", "uuid": "4b0040cd-73d2-48c2-9dd3-228bbb23c009", "value": "1536:+va+bkSHUdtiPNFDJPr4frG9jyKBqKVWV/oEzB2hYJPDIsWxfFcda96PNV:m4GFDlczG9jvMww1zCoof0a96Pj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761436", "to_ids": false, "type": "size-in-bytes", "uuid": "842d726b-5be5-4001-85fd-f54e20e202b8", "value": "78848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761436", "to_ids": true, "type": "vhash", "uuid": "401685a7-dc7f-46ef-bca4-0d6aa677244e", "value": "074066655d1515156018z5anz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761436", "to_ids": true, "type": "filename", "uuid": "e05cbd57-7b6e-4763-b4cc-af783fa4afde", "value": "bfsvc.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 09/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761436", "to_ids": false, "type": "text", "uuid": "955463b1-c70c-471d-8996-0e481140903d", "value": "SymaticLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/SymaticLoader.MA!MTB\nVT Total Detection:59/72\nFirst Submission:2021-10-13T09:37:20.000000+00:00\nLast Submission:2023-09-28T15:10:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021049", "uuid": "ef3c7c5c-c61d-4591-a502-c87b12d68c9c", "Attribute": [ { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021049", "to_ids": true, "type": "md5", "uuid": "a7a6d985-b0d0-4f4b-b8e8-7ad28b68e659", "value": "09aada6270bd742a1ec628dc48d3b77f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761457", "to_ids": true, "type": "sha1", "uuid": "3a708d50-03f6-4730-b8ce-9e2c77447e3a", "value": "b172e364bb320545b12826eeb77ee7e3ab56a4e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761457", "to_ids": true, "type": "sha256", "uuid": "aabdd7f3-c330-4ed5-b364-82cfc00af046", "value": "5eb94c62e75a8a11b1220f3f716f90bee69010ce4ad61c463be6e66dcaf29379", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761457", "to_ids": true, "type": "ssdeep", "uuid": "243bc575-e6cc-437c-aa5d-45506913483d", "value": "1536:wFsjeofgA5oC8vk5C2TIkghGjw6ZoaTwOsWjdc9dl6bfMA4ILy:yweofgbCtE2EkwGjw4ZTweUQbkA4cy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761457", "to_ids": false, "type": "size-in-bytes", "uuid": "7fb2af18-9848-49e2-9c65-a967d101dd9b", "value": "92672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761457", "to_ids": true, "type": "vhash", "uuid": "e6c419b7-3c43-43fe-861f-3775afdd3b9b", "value": "094076655d151515155028z53!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761457", "to_ids": true, "type": "filename", "uuid": "6903f0ff-15b2-4e0a-a8b0-a8f157ccf3fe", "value": "test.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 02/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761457", "to_ids": false, "type": "text", "uuid": "b341c5c0-9db1-40ea-a57b-74a29731f97a", "value": "SymaticLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/SymaticLoader.RPV!MTB\nVT Total Detection:45/72\nFirst Submission:2020-06-05T02:57:25.000000+00:00\nLast Submission:2023-09-28T15:08:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021071", "uuid": "58bee564-67a3-4887-9a1a-0006744f370c", "Attribute": [ { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021071", "to_ids": true, "type": "md5", "uuid": "a7b13805-7ae6-40cc-8014-9f08adf50397", "value": "87571e0feb0033a63be4f602e5dd8b28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761478", "to_ids": true, "type": "sha1", "uuid": "3bb866ce-c697-4895-abdf-f31e5ca34976", "value": "c06f98627bc1c8301633dc5d8b42579153136da4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761478", "to_ids": true, "type": "sha256", "uuid": "c2573a0d-68a9-458b-a8e3-8b8dc07cc7bd", "value": "883064cdeeddd5ccbfa74dacc1d8a8b5a0d2c9794c59acef186dd7105594fdcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761478", "to_ids": true, "type": "ssdeep", "uuid": "24df750d-b80c-4fd0-9c01-2b38f086734e", "value": "1536:9959BQczexxjs+9JUWYScvUG59ViifqzsWid09dliJoCJ6:/59BQUaxY+nUvRvUG5NfjM0ou" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761478", "to_ids": false, "type": "size-in-bytes", "uuid": "fedb9be1-737d-4ba7-b8b7-674b18b2e32d", "value": "99840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761478", "to_ids": true, "type": "vhash", "uuid": "6a1f4b94-d60c-49c1-988d-a6e6e4abbd85", "value": "094076655d155515155028z4f!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761478", "to_ids": true, "type": "filename", "uuid": "d09dd976-54e7-4d23-8460-298643b53713", "value": "test123.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761478", "to_ids": false, "type": "text", "uuid": "8b1c8bf5-8007-479b-ad60-4db187240f68", "value": "SymaticLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/SymaticLoader.RPV!MTB\nVT Total Detection:55/72\nFirst Submission:2020-10-25T05:34:33.000000+00:00\nLast Submission:2023-09-28T15:11:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021092", "uuid": "cf77d479-8e5b-420f-9ba2-c60df691a2ca", "Attribute": [ { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021092", "to_ids": true, "type": "md5", "uuid": "1b820020-d94e-4c5f-87c5-1c1d1e23f653", "value": "f473cba03a78c1bfd54f2dbf97c0173f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761500", "to_ids": true, "type": "sha1", "uuid": "a2407daa-4559-461c-9bad-f97a7f510ec5", "value": "b623cf7a2e05db74e199f0b4b4bf180a41118cf8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SymaticLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761500", "to_ids": true, "type": "sha256", "uuid": "fde30e53-538a-4a55-85a7-c93ccbfb9d51", "value": "8d3216c2fdbec7fc7a9af4e2d142e021d37037a187739d5aab2fa0351e8f4ec7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761499", "to_ids": true, "type": "ssdeep", "uuid": "ef74cabb-0c00-44d0-99f5-77343b648561", "value": "1536:0va+bkSHUdtiPNFDJPr4frG9jyKBqKVWV/oEzB2hYJPDIsWxfFcdar6PNV:U4GFDlczG9jvMww1zCoof0ar6Pj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761499", "to_ids": false, "type": "size-in-bytes", "uuid": "d8bf94b9-812c-4b1c-82e1-67637ccc0235", "value": "78848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761499", "to_ids": true, "type": "vhash", "uuid": "de075a0e-fa4d-4a20-a8b9-656cf2f3ab00", "value": "074066655d1515156018z5anz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761499", "to_ids": true, "type": "filename", "uuid": "e0f3482a-d477-4c53-b0a2-05311988be60", "value": "f473cba03a78c1bfd54f2dbf97c0173f.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761499", "to_ids": false, "type": "text", "uuid": "805a5052-dcf8-46f6-a7a3-1983be9c590d", "value": "SymaticLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/SymaticLoader.MA!MTB\nVT Total Detection:56/72\nFirst Submission:2022-03-25T16:57:56.000000+00:00\nLast Submission:2023-09-28T15:08:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021113", "uuid": "8f4c3a3b-ee2e-43e0-9536-a98fa66f2680", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021113", "to_ids": true, "type": "md5", "uuid": "904aef34-a010-468e-b82f-c73430e201a4", "value": "78befc83258b58cf1bdc7a3e18b58e9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761521", "to_ids": true, "type": "sha1", "uuid": "4c1005bf-bee2-45ce-b1a6-c23652747c9d", "value": "f987eaf2529d85f6b57e6fedd846f7b4d103f09b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761521", "to_ids": true, "type": "sha256", "uuid": "9ff1e97e-310a-48b0-81d2-3b545a6e3842", "value": "31d71e04ca898cbdb45ffea1c4f45a953e0833964ad2d14c014616acb1666996", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761520", "to_ids": true, "type": "ssdeep", "uuid": "2d9360d5-0200-4d07-83b5-274c38fdcb0a", "value": "12288:LKElarhtYS5dKXUATV6M3FiqEEwe8MXfHA:LnktYS5gEG38KBHA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761520", "to_ids": false, "type": "size-in-bytes", "uuid": "8d7b79f9-e46a-4d2c-a658-59f6e1276692", "value": "449024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761520", "to_ids": true, "type": "vhash", "uuid": "28a07199-749b-45c9-a992-2d7b3ccd0823", "value": "045076656d1555151551z11z12z513z37z17z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761520", "to_ids": true, "type": "filename", "uuid": "237bed0f-f08a-4d0e-bffa-858581fa5abc", "value": "Word.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 12/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761520", "to_ids": false, "type": "text", "uuid": "d148bae8-446d-4351-a118-41ad9b586c52", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BigpipeLoader.RPZ!MTB\nVT Total Detection:49/72\nFirst Submission:2021-12-20T10:21:29.000000+00:00\nLast Submission:2023-09-28T15:09:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021134", "uuid": "10bfa4a8-5c27-4e09-9187-dcf6bb0cdecb", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021134", "to_ids": true, "type": "md5", "uuid": "43dbba96-7ba8-42a6-b1ba-1cc56ce06a48", "value": "bde91a78424fd430ff76a35e0f13b261", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761542", "to_ids": true, "type": "sha1", "uuid": "3d3e6cde-2c1c-431c-b490-36c95524eb90", "value": "f30cd68daf082becf0eac8efaaeb4bfe14396144", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761543", "to_ids": true, "type": "sha256", "uuid": "d0d6a20a-f488-4680-a82e-60a8d3c8c1a0", "value": "4a438626ac962db91cde46ee2c04c850b46262599bc535b4a08209661d5fb44d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761542", "to_ids": true, "type": "ssdeep", "uuid": "8d2074fd-64ba-4686-be15-fe9ef58b44c9", "value": "12288:PqhYIofbUkXpagXo2+S+TRclgcPyxXAMr7GzC8tnfESG9W1SOkOWZm2SZYiZBKPX:PO50YkW2+NTRiqxwpzdZsSVsOmmR3Zk3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761542", "to_ids": false, "type": "size-in-bytes", "uuid": "7387bff5-959e-40d6-ab24-284f35a0cdd3", "value": "741888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761542", "to_ids": true, "type": "vhash", "uuid": "5cff6780-8ea7-4b87-b06e-baaeac104c08", "value": "075076657d1555151551z11z12z533z37z17z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761542", "to_ids": true, "type": "filename", "uuid": "b995ec40-e7d6-47b4-8c40-9463305c37aa", "value": "aaa.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 04/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761542", "to_ids": false, "type": "text", "uuid": "0ae95681-6dfc-4f26-91d7-ade461b5eac1", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BigpipeLoader.RPZ!MTB\nVT Total Detection:52/72\nFirst Submission:2021-09-27T05:56:16.000000+00:00\nLast Submission:2023-09-28T15:08:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021155", "uuid": "55bcebc4-4c03-4d12-8225-e2f2cac4c3c9", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021155", "to_ids": true, "type": "md5", "uuid": "87bbfdbd-55b4-4fff-b8e9-4e26a55fc54e", "value": "35afdce9f8dc7db6876c627a13661ba2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761564", "to_ids": true, "type": "sha1", "uuid": "83ea0ad2-eef3-4d9f-9021-cfa4da6b4524", "value": "47ef7c2894542a31961159dddac3a304f88285f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761564", "to_ids": true, "type": "sha256", "uuid": "e73cbe12-5814-4f3e-accb-0d2e34b6d6fb", "value": "4bc4d2ad9b608c8564eb5da5d764644cbb088c2f1cb61427d11f7b2ce4733add", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761563", "to_ids": true, "type": "ssdeep", "uuid": "ec1b88d4-79c8-4dda-b047-5e78a6e9c449", "value": "12288:VM5XXNJ5QKWwyIA9q3e8iF3lgxNh/8+8QQP7r9r/+ppppppppppppppppppppppJ:VIr5Q5wDUkSFVA/j8f1q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761563", "to_ids": false, "type": "size-in-bytes", "uuid": "86cf46ef-41ec-46b2-9d7a-eae46c076227", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761563", "to_ids": true, "type": "vhash", "uuid": "f892f3be-65e7-4eb0-b6e6-300bb99a1cd0", "value": "065076656d1555151551z11z12z513z37z17z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761563", "to_ids": true, "type": "filename", "uuid": "a925fbcf-e11e-4800-ac07-86b950200e94", "value": "Word.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 26/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761563", "to_ids": false, "type": "text", "uuid": "4f4daefa-12dc-48e9-9187-31156b511fae", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BigpipeLoader.RPZ!MTB\nVT Total Detection:56/73\nFirst Submission:2021-12-06T09:59:33.000000+00:00\nLast Submission:2023-09-28T15:08:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021176", "uuid": "1b099546-d7c3-4878-9d02-0db7c873df5b", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021176", "to_ids": true, "type": "md5", "uuid": "83661c43-6faa-4369-b124-1a8f68a93f6e", "value": "529f2ee728e6eb068fe95ea993c09dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761585", "to_ids": true, "type": "sha1", "uuid": "e7f22ac9-88d0-4e2c-9925-8257e5c2a4c4", "value": "afb5d1cc76126e5a4d6e1891eb886b1445e720e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761585", "to_ids": true, "type": "sha256", "uuid": "ff88e548-6c28-4b26-a4bd-da2df396591c", "value": "76998c3cef50132d7eb091555b034b03a351bd8639c1c5dc05cf1ea6c19331d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761585", "to_ids": true, "type": "ssdeep", "uuid": "26c481c3-0bb0-4cdd-9e50-1e2fe0ac0581", "value": "12288:VM5XXNJ5QKWwyIA9q3e8iF3lgxNh/8+8QQP7r9r/+ppppppppppppppppppppppl:VIr5Q5wDUkSFVA/j8f1qr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761585", "to_ids": false, "type": "size-in-bytes", "uuid": "762cf2cd-e5d3-48c6-9477-97ed61490a7f", "value": "660000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761585", "to_ids": true, "type": "vhash", "uuid": "2b2af6e9-ba92-4185-8ee1-6b71664c676f", "value": "065076656d1555151551z11z12z513z37z17z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761585", "to_ids": true, "type": "filename", "uuid": "071bd465-2ddb-4e90-a0fc-a62a2b9148c2", "value": "Word.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 04/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761585", "to_ids": false, "type": "text", "uuid": "19737d35-0c69-47d3-950e-2e588335bf41", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BigpipeLoader.RPZ!MTB\nVT Total Detection:58/73\nFirst Submission:2021-12-06T12:21:42.000000+00:00\nLast Submission:2023-09-28T15:11:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021197", "uuid": "1f4251d7-484d-4ba7-aa0d-441e45a0a0bd", "Attribute": [ { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021197", "to_ids": true, "type": "md5", "uuid": "aafe313d-3f0d-4479-b23f-bc9ecfe7e3bc", "value": "9c161668cc77563a0415c6b0b92bd6ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761606", "to_ids": true, "type": "sha1", "uuid": "ab118fac-0acf-483b-bc96-784772854d18", "value": "829a37bac477c316750199819070b56a55749199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BigpipeLoader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761606", "to_ids": true, "type": "sha256", "uuid": "5ffbcb69-e59e-46b3-9888-dc071feabfb4", "value": "f8fa90be3e6295c275a4d23429e8738228b70693806ed9b2f482581487cb8e08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761606", "to_ids": true, "type": "ssdeep", "uuid": "4e281368-2d44-44dc-ac8b-460666e753d1", "value": "12288:WalHzyq8D3Pe3I3RsVFPIOXQfEKIdgQBR3P7r9r/+ppppppppppppppppppppppJ:WEazPe42VmfdIdgQBN1q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761606", "to_ids": false, "type": "size-in-bytes", "uuid": "503f9838-55b5-437e-a9f9-8cd11f1cf2d9", "value": "706560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761606", "to_ids": true, "type": "vhash", "uuid": "d06ed7de-8020-4819-82f2-6336b3c7e1cd", "value": "075086656d155515751551z11z12z553z37z17z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761606", "to_ids": true, "type": "filename", "uuid": "ded886f9-0657-45f4-bd58-f0a3b97f721a", "value": "Word.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761606", "to_ids": false, "type": "text", "uuid": "b7510bb2-49d0-47e0-aa87-fbe8d434a99f", "value": "BigpipeLoader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BigpipeLoader.RPZ!MTB\nVT Total Detection:56/72\nFirst Submission:2021-12-13T09:31:39.000000+00:00\nLast Submission:2023-09-28T15:13:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747021218", "uuid": "bc489d8b-f1d3-4780-bfb7-848301531263", "Attribute": [ { "category": "Payload delivery", "comment": "Multipiploader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747021218", "to_ids": true, "type": "md5", "uuid": "7c18d684-788d-46c3-96cb-b4b609638ad9", "value": "9fb933db1e3334c5e2c220c702294033", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Multipiploader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746761627", "to_ids": true, "type": "sha1", "uuid": "3a5124b6-d96e-4a2e-962b-e3574c8eedb0", "value": "e1a308add5f38e0c3b3050268d8e97c6731150ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Multipiploader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746761628", "to_ids": true, "type": "sha256", "uuid": "2cc7930c-a911-433e-971d-2c4ed0584774", "value": "90a1e3ff729b7b91ca82e7981d2c65bf6c4b8fb2204bf9394d2072d9caa70126", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746761627", "to_ids": true, "type": "ssdeep", "uuid": "fdf80865-10e5-4a5a-a170-a2013f0da678", "value": "12288:ogENWSgJQML4ponll/d7s0Pj9+wuXQA4h:og9SMQMHfj9uJ4h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746761627", "to_ids": false, "type": "size-in-bytes", "uuid": "f22d2495-6b87-4c34-ab6e-95bb91ce3ae9", "value": "637952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746761627", "to_ids": true, "type": "vhash", "uuid": "a86f5e8a-325e-4996-ba9d-8e2cd053f691", "value": "065076656d151515155063z12z4f3z2bz13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746761627", "to_ids": true, "type": "filename", "uuid": "112ffcfc-e247-4394-b54d-29c0a811cda2", "value": "\u6e20\u9053\u4ee3\u7406\u54a8\u8be2.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 24/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746761627", "to_ids": false, "type": "text", "uuid": "0750c1f0-c951-451f-8a45-91feb3cf83b8", "value": "Multipiploader\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BigpipeLoader.RPZ!MTB\nVT Total Detection:51/72\nFirst Submission:2021-08-10T01:40:00.000000+00:00\nLast Submission:2023-09-28T15:09:55.000000+00:00" } ] } ] } }