{ "Event": { "analysis": "2", "date": "2017-11-01", "extends_uuid": "", "info": "[Threat Intel] Silence \u2013 a new Trojan attacking financial organizations", "protected": false, "publish_timestamp": "1780092108", "published": true, "threat_level_id": "2", "timestamp": "1772901978", "uuid": "e1546f78-6f97-4999-9356-7771228e3d0b", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0fa7af", "local": false, "name": "misp-galaxy:target-information=\"Armenia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Silence\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740377034", "to_ids": false, "type": "link", "uuid": "38700996-8785-4587-8b8d-ddda98f65f12", "value": "https://securelist.com/the-silence/83009/" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746502848", "to_ids": true, "type": "md5", "uuid": "4141e636-9369-4016-be23-691248c4c232", "value": "d2c7589d9f9ec7a01c10e79362dd400c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746502849", "to_ids": true, "type": "md5", "uuid": "f9899fe4-0d20-4aa6-bd0c-11410e03c0cf", "value": "324d52a4175722a7850d8d44b559f98d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746502850", "to_ids": true, "type": "md5", "uuid": "41216e30-f423-493f-9dda-89143da02f46", "value": "6a246fa30bc8cd092de3806ae3d7fc49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746502872", "uuid": "1bbb813f-5de0-453e-a183-cef2f01318b8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746502872", "to_ids": true, "type": "md5", "uuid": "bda08800-bc4d-4f8e-8008-a80bf1703c4c", "value": "dde658eb388512ee9f4f31f0f027a7df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746502260", "to_ids": true, "type": "sha1", "uuid": "56745600-2eef-4a6f-818d-2c05b8fe7ebd", "value": "42782042bb64fa0b0daad35a6a4cf81ef313129f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746502260", "to_ids": true, "type": "sha256", "uuid": "1852184a-bcbf-4aa8-8333-086e778e4a2d", "value": "3c8b026ca685673f5be574a837c4ae7e608e75a57e3eb4ebcc48f058005a8270", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746502259", "to_ids": true, "type": "ssdeep", "uuid": "d4650ef5-32ca-4f66-8b13-081a155c9227", "value": "48:YUbgPs6am0VQRlEFlErlElic5srbhnqJ3w8lEHraCwuayJi+gwSP24T5wqeN+9FN:YvVU4pq629P1PTT5w3vjt8M7xR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746502259", "to_ids": false, "type": "size-in-bytes", "uuid": "21a13a4b-8f62-4c45-b7fb-1910ef3482bb", "value": "11465" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746502259", "to_ids": true, "type": "filename", "uuid": "c0665e0c-64be-4c1c-a11a-f70a8cfdf9d4", "value": "=?windows-1251?B?xO7j7uLu8CDt4Ozl8OXt6P8uY2ht?=" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746502259", "to_ids": false, "type": "text", "uuid": "ed6ed6bd-7ad5-46ef-833a-8b384096f507", "value": "Type Description: Compiled HTML Help\nMicrosoft: TrojanDownloader:HTML/Toburt.A\nVT Total Detection:38/61\nFirst Submission:2017-10-13T03:14:59.000000+00:00\nLast Submission:2022-08-11T23:10:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746502894", "uuid": "232d16d7-5c21-4fc9-9f1c-e538de70ec48", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746502894", "to_ids": true, "type": "md5", "uuid": "94ecdd53-71b2-4f62-bbbe-52bfdbd97f73", "value": "404d69c8b74d375522b9afe90072a1f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746502281", "to_ids": true, "type": "sha1", "uuid": "420fd9da-3bfd-4dc6-a4f1-18dca250eae1", "value": "197d8bc245ba8b67ebf9a108d6707011fe8158f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746502281", "to_ids": true, "type": "sha256", "uuid": "3a3cf7d5-cd26-447d-8e4b-ff60367cc8b9", "value": "f24b160e9e9d02b8e31524b8a0b30e7cdc66dd085e24e4c58240e4c4b6ec0ac2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746502281", "to_ids": true, "type": "ssdeep", "uuid": "6a31c344-ceba-4de9-97f5-99e63b9c21d6", "value": "1536:gdKKTyFH8qndRkXVXbLEcNPHCsWjcdZiCRwZwcF:kbuH8qnvQdPHtZiCRRi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746502281", "to_ids": false, "type": "size-in-bytes", "uuid": "c56f56df-ee1c-494b-a433-ce2712e9291f", "value": "67072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746502281", "to_ids": true, "type": "vhash", "uuid": "c084b9ee-56ae-423f-9685-bdb147a0b133", "value": "064046655d151161z60014007d7z17z62z4c1z7bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746502281", "to_ids": true, "type": "filename", "uuid": "a05e4ea4-08b4-4a4a-80f8-e5b582b1ae29", "value": ".bat" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 23/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746502281", "to_ids": false, "type": "text", "uuid": "90fb1b57-1382-4f7d-8d7b-cf0de47d1f1d", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Truebot.A\nVT Total Detection:60/72\nFirst Submission:2017-10-13T05:50:52.000000+00:00\nLast Submission:2022-09-07T00:22:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746502916", "uuid": "4e6ddd0c-a984-48f9-a106-22908daa5414", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746502916", "to_ids": true, "type": "md5", "uuid": "bcc18e35-410a-483e-9cdd-0f34d6ea5b5e", "value": "15e1f3ce379c620df129b572e76e273f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746502303", "to_ids": true, "type": "sha1", "uuid": "e0b4b4ae-e563-4397-8ffb-dfd13a80628d", "value": "21b31f7ecd477291a42c3defcea989456801d450", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746502303", "to_ids": true, "type": "sha256", "uuid": "7413e581-291b-4b21-89da-68d9e88430a4", "value": "c23536e76b3c0630765fc954b459ed0a851f05dbe7e215c101c00ac7a0dd79b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746502302", "to_ids": true, "type": "ssdeep", "uuid": "902dcc6e-4cab-40f3-a88d-53af5c9aec3f", "value": "48:7I4tA6v9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9Np4KDv9N9p:79t+mYv/hTNW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746502302", "to_ids": false, "type": "size-in-bytes", "uuid": "d48475a1-7cfa-463c-b46b-3d671fe9ce96", "value": "5957" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746502302", "to_ids": true, "type": "vhash", "uuid": "76d3f887-35a8-4d99-89ef-7eb7d6c31114", "value": "5aa082c094fac9f08db68d1ff36b3811" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746502302", "to_ids": true, "type": "filename", "uuid": "c23431e9-0e74-404b-b2b2-d3ac0ddc6e9a", "value": "start.htm" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746502302", "to_ids": false, "type": "text", "uuid": "6eb42d9d-cf62-4d8a-a6f2-f1c37152e82c", "value": "Type Description: HTML\nMicrosoft: TrojanDownloader:HTML/Toburt.A\nVT Total Detection:31/61\nFirst Submission:2017-11-01T15:02:57.000000+00:00\nLast Submission:2018-10-04T21:24:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746502937", "uuid": "eb18e059-deb8-4908-aa18-9e371ee107e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746502937", "to_ids": true, "type": "md5", "uuid": "6a2c84b7-6221-49ef-a5a8-c2c465cdc5a8", "value": "1b17531e00cfc7851d9d1400b9db7323", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746502346", "to_ids": true, "type": "sha1", "uuid": "bf4d0700-52a9-40a5-9d46-c95fbdebfc8d", "value": "f284372f313ba12cb1ba5423c452f06fe06e7d7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746502346", "to_ids": true, "type": "sha256", "uuid": "8e9014bc-738b-4ddd-915a-9d4a2c74da89", "value": "9fcc8c9b4eecc2cd8df621c924bbff40a0178ddbd6a6b5ced73ada2ee81854bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746502346", "to_ids": true, "type": "ssdeep", "uuid": "89a5309e-831f-4b9b-a76f-5fb98ba6e1c2", "value": "3072:MDicVWYZ27zZHb1Kl1c8bVoC2+wfmS0m2+zf:MecVWq2JQl1c8byC2oo3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746502346", "to_ids": false, "type": "size-in-bytes", "uuid": "f1266a4e-b94f-4d4b-81a4-471dd4996155", "value": "179200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746502346", "to_ids": true, "type": "vhash", "uuid": "0234af65-025e-49e2-9fd2-aa3d81d9256d", "value": "015056655d15551038z54nz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746502346", "to_ids": true, "type": "filename", "uuid": "3b63f270-9c22-4521-b926-d8dc3acae4b1", "value": "9fcc8c9b4eecc2cd8df621c924bbff40a0178ddbd6a6b5ced73ada2ee81854bb_unpacked" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746502346", "to_ids": false, "type": "text", "uuid": "b5f982e9-7946-4f40-939d-8527cdf1569b", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Truebot.A\nVT Total Detection:59/73\nFirst Submission:2017-09-08T07:30:26.000000+00:00\nLast Submission:2021-11-09T07:43:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746502959", "uuid": "05f5f1de-44c5-4c67-8f42-e5f1de1e2062", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746502959", "to_ids": true, "type": "md5", "uuid": "57388f1b-7776-47ce-92b7-e560ad062eac", "value": "242b471bae5ef9b4de8019781e553b85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746502368", "to_ids": true, "type": "sha1", "uuid": "d3208816-8e9d-40a5-ae9b-de8fd4e96a1b", "value": "9db4bdcb8f1b6ae173796ceb94a83f029d551e61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746502368", "to_ids": true, "type": "sha256", "uuid": "608b6b1b-e271-4fc8-97a1-1c624df5cdf1", "value": "75b8f534b2f56f183465ba2b63cfc80b7d7d1d155697af141447ec7144c2ba27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746502368", "to_ids": true, "type": "ssdeep", "uuid": "ebc2ba14-2e3b-47aa-82a4-cb893ac949c9", "value": "1536:l6KObs8Brio52TJ5hKqFqt/k75clOozksWjcdRTfm67IJ9CXAKAkBZrKer78GWkI:xrkfy58CqTfLRDm6Fd3rKe38ay" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746502368", "to_ids": false, "type": "size-in-bytes", "uuid": "6c10f5d0-2f3f-4aa3-aaf8-c901e0a14745", "value": "203776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746502368", "to_ids": true, "type": "vhash", "uuid": "1c587a08-5393-443a-b4c3-5b02a1d27585", "value": "025056655d75551088z547z19z2jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746502368", "to_ids": true, "type": "filename", "uuid": "e7379251-ae17-4bf2-ae68-49e39ad0e566", "value": "75b8f534b2f56f183465ba2b63cfc80b7d7d1d155697af141447ec7144c2ba27_unpacked" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746502368", "to_ids": false, "type": "text", "uuid": "962c2f6f-6fc5-4513-8a25-213680d0914e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Truebot.A\nVT Total Detection:58/72\nFirst Submission:2016-10-24T11:16:28.000000+00:00\nLast Submission:2022-08-11T23:04:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746502981", "uuid": "254b0c00-93a0-4aa6-9747-028d24ba8d0a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746502981", "to_ids": true, "type": "md5", "uuid": "2460f12c-c275-4151-8647-e852285e903d", "value": "b43f65492f2f374c86998bd8ed39bfdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746502436", "to_ids": true, "type": "sha1", "uuid": "e77dca7e-59eb-42e0-9621-4cf627d86754", "value": "404d30fd9d9d97dc93d105cfbc0cdfd3d514fe24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746502436", "to_ids": true, "type": "sha256", "uuid": "8baeb0e9-ae78-483a-8c25-e44f2d353cc1", "value": "31395b919164e51c2ae5cfbcfc801e1b0465e0b7367189272b4375037ec82824", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746502436", "to_ids": true, "type": "ssdeep", "uuid": "fcb9272e-625f-4dcb-9402-3c1a864a072a", "value": "3072:7eZoHR2u0Zws0JPcA2m6nfHU+vZcRJ331P95+:iy++JN2m4sFn1V5+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746502436", "to_ids": false, "type": "size-in-bytes", "uuid": "7eed9c0e-7643-449c-9a63-6d958b78109f", "value": "201216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746502436", "to_ids": true, "type": "vhash", "uuid": "0911863d-ad60-4a34-b5ae-91e844ae09e2", "value": "025056655d15551038z54nz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746502436", "to_ids": true, "type": "filename", "uuid": "4f0b0304-ed2a-41a4-b6f2-a9558cede832", "value": "31395b919164e51c2ae5cfbcfc801e1b0465e0b7367189272b4375037ec82824_unpacked" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746502436", "to_ids": false, "type": "text", "uuid": "9750b237-bd7f-4262-aac5-07fdd974a892", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Truebot.A\nVT Total Detection:61/73\nFirst Submission:2017-07-05T12:46:44.000000+00:00\nLast Submission:2022-07-28T08:10:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746503002", "uuid": "bc46cf1e-4a0e-446a-9cd3-9ba1026cf9a0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746503002", "to_ids": true, "type": "md5", "uuid": "f5b9cf04-eede-413a-81f9-6450b41adde6", "value": "cfffc5a0e5bdc87ab11b75ec8a6715a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746502460", "to_ids": true, "type": "sha1", "uuid": "f138740f-07c4-4afb-9d28-c40a5f72e177", "value": "2f622723cfa93d1e55807383e838cb893d84fdf7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746502460", "to_ids": true, "type": "sha256", "uuid": "1969c746-c1ad-44a9-a629-a46d836a548e", "value": "1efd68cd651c6e7ee0b6849286b39627e8b8394bc3229e48a1a584695b5c7c59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746502459", "to_ids": true, "type": "ssdeep", "uuid": "56998200-967e-4e9e-8678-b167891a5c99", "value": "3072:meZoHR2u0Zws0JPcA2m6nfHA+vZcRJ3J1P95+:jy++JN2m44F51V5+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746502459", "to_ids": false, "type": "size-in-bytes", "uuid": "8eee66d0-d36f-4dbd-8f3a-69435f041c25", "value": "201216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746502459", "to_ids": true, "type": "vhash", "uuid": "70d25321-4f40-484c-bd71-35d66cf9ac20", "value": "025056655d15551038z54nz3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746502459", "to_ids": true, "type": "filename", "uuid": "0d606ef6-a19c-4182-b78d-1c2d273df6d7", "value": "1efd68cd651c6e7ee0b6849286b39627e8b8394bc3229e48a1a584695b5c7c59.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746502459", "to_ids": false, "type": "text", "uuid": "77368f02-52a4-466c-885a-2510232975e5", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Truebot.A\nVT Total Detection:59/73\nFirst Submission:2017-07-05T06:58:09.000000+00:00\nLast Submission:2024-05-17T15:34:24.000000+00:00" } ] } ] } }