{ "Event": { "analysis": "2", "date": "2021-04-28", "extends_uuid": "", "info": "[Threat Intel] New Nebulae Backdoor Linked with the NAIKON Group", "protected": false, "publish_timestamp": "1780039935", "published": true, "threat_level_id": "1", "timestamp": "1780039935", "uuid": "fdfd2565-97d0-428a-9c6d-8a5c928ca6eb", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Bitdefender\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Naikon\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Nebulae\"", "relationship_type": "" }, { "colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cached Domain Credentials - T1003.005\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#cc5e96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Accounts - T1078.002\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Permissions Modification - T1222\"", "relationship_type": "" }, { "colour": "#44b2c2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1564.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Lateral Tool Transfer - T1570\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol Tunneling - T1572\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": "" }, { "colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Account Manager - T1003.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Aria-body\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740597181", "to_ids": false, "type": "link", "uuid": "cb7fc3f0-1adb-445a-a36e-646c00f0112a", "value": "https://www.bleepingcomputer.com/news/security/cyberspies-target-military-organizations-with-new-nebulae-backdoor/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740597191", "to_ids": false, "type": "link", "uuid": "9b534eda-5200-4d60-b929-95259a2b112f", "value": "https://www.bitdefender.com/en-us/blog/labs/new-nebulae-backdoor-linked-with-the-naikon-group" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740597199", "to_ids": false, "type": "link", "uuid": "c0c91698-4517-4b88-82e6-b0f4fa461b9c", "value": "https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790050", "to_ids": true, "type": "sha256", "uuid": "78dd95b2-0ad3-4bcd-9927-e0ec7d8ef468", "value": "2c4af3fa3918b715b3a0b3e5232196089b7ffcb2406ea01f5243ab5e04ecb2c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790051", "to_ids": true, "type": "sha256", "uuid": "a1b55be5-f999-48b0-96ec-fdd5c37acc4c", "value": "268426b01ac967c470b16ddcb3125fc7c234861c6e33e8b330400fbd3b403e4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790052", "to_ids": true, "type": "sha256", "uuid": "739879e4-a5e2-44bb-82bb-0821f8f1566e", "value": "3f8a9a7776a56bbb7dc4bffd5f1549ec64e9170c97a622e1b59199dd3c620e82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790053", "to_ids": true, "type": "sha256", "uuid": "b1c5f5ce-cc68-4eab-85aa-1a44907e85f4", "value": "608d2beebb5b6bfc23bcbfb2e12a73fd0b8ae707136a163d747115dc384d0875", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790055", "to_ids": true, "type": "sha256", "uuid": "10d8b2ba-1717-4da0-8644-42d0c7c96fde", "value": "71755f4cd827551d0cf3419d0afc548ffdc020d0b9359a71a1a2039d27d5a37d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "dll.exe (persistence intaller for dot1.dll) No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790056", "to_ids": true, "type": "sha256", "uuid": "02471dea-caff-494f-8358-44e935d20379", "value": "b7011dc545a20049efb67f0fbc37aff3cae226a38370dcb79513ba472ec712bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790056", "to_ids": true, "type": "sha256", "uuid": "7d473674-3312-40ea-a1b1-425ba1252b73", "value": "3b9629122f33d5f354026923fdd3e499f43b01054c3dc74224aa242a4dd397c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790058", "to_ids": true, "type": "sha256", "uuid": "93b4467c-4181-4f84-b24f-0736eb65459f", "value": "99d4467c2637962a698dfb20be4b1167876132746ff106004bb4249646b428a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "winlogin.exe (boost_proxy_client) No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790059", "to_ids": true, "type": "sha256", "uuid": "7ee871e9-7367-484d-be4f-ed00821ed366", "value": "abb48990eaabd5203c35bd26a0bb51e81e8eb2532d22d22fb2a6566bbda4c6a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "winlogin.exe (boost_proxy_client) No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790060", "to_ids": true, "type": "sha256", "uuid": "49b2a73d-9495-4c7a-be35-6f3c0e6f43a5", "value": "56085b27e7145bb2cfbf2d33fba30359d1429b507e3b9251cfdced50bba1f07f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "scupdate.exe(RcSocks) No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790061", "to_ids": true, "type": "sha256", "uuid": "f9f16eb0-b825-41d2-bee8-b393e1eb28e7", "value": "4d5ca91ced0f0bd8be137f6d7fae907ebca07c46ac0eda49428fc96d0674aad6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "winsrvc.exe(RcSocks) No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790062", "to_ids": true, "type": "sha256", "uuid": "52d72b0a-f1a1-42f9-ad2f-d60fb86c8731", "value": "dd01e3703e728d8afc58eaaad15bbd184b137dd7ad738c009acc50004a438624", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "wusa64.exe(LAdonGo) No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790063", "to_ids": true, "type": "sha256", "uuid": "78f78c11-65bf-4cef-89ad-084286474359", "value": "e27878becab770fbbebfd9f10d4eb6ee1a109a2f1987335762b654fadb1caf7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Aria-Body loader No sample in VT\r\nLast check:09/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746790065", "to_ids": true, "type": "sha256", "uuid": "1834a72a-c522-4b4f-a816-d56c1fc29a07", "value": "68c6b06225368def17b3189ee441c319c00dcac3bb574ea036a3aabeaa6c3bbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746979499", "to_ids": true, "type": "hostname", "uuid": "9ee8314e-e1cb-4728-8c08-42e146e0dbf5", "value": "rose.twifwkeyh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746979520", "to_ids": true, "type": "domain", "uuid": "8782115a-5575-4395-a00f-a8a495599cea", "value": "guinnbandesh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RainyDay C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1746979541", "to_ids": true, "type": "hostname", "uuid": "a0d06eea-9623-4967-b514-9e0958800442", "value": "php.tripadvisorsapp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RainyDay C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1746979563", "to_ids": true, "type": "hostname", "uuid": "0c62fa5b-a178-4001-b3b7-61910955aca0", "value": "news.dgwktifrn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RainyDay C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1746979584", "to_ids": true, "type": "hostname", "uuid": "9bb65a1c-d32d-420a-89ab-718a9bbceeac", "value": "mail.tripadvisorsapp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RainyDay C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1746979605", "to_ids": true, "type": "hostname", "uuid": "9a964635-0e78-4143-95df-f2a335c4b50c", "value": "java.tripadvisorsapp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RainyDay C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1746979626", "to_ids": true, "type": "hostname", "uuid": "ab6b593d-9a9a-4b03-94b8-e2d8cbf8c491", "value": "osde.twifwkeyh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RainyDay C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1746979647", "to_ids": true, "type": "hostname", "uuid": "5ebcb52f-1651-4acc-b392-216a18514309", "value": "aloha.fekeigawy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RainyDay C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1746979669", "to_ids": true, "type": "hostname", "uuid": "f01173b0-954a-4b39-94f6-511b8e5d8804", "value": "www.wahatmrjn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Nebulae C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1780039930", "to_ids": true, "type": "ip-dst", "uuid": "3762c9d8-46a2-4c95-960d-6d703ec938c7", "value": "124.156.241.24", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd7331", "local": false, "name": "asn:asn=\"132203\"", "relationship_type": "" }, { "colour": "#723dcd", "local": false, "name": "asn:as-owner=\"TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Nebulae C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1780039932", "to_ids": true, "type": "ip-dst", "uuid": "118e564c-5521-4c9a-b563-fb9ac75a95b7", "value": "150.109.184.127", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd7331", "local": false, "name": "asn:asn=\"132203\"", "relationship_type": "" }, { "colour": "#723dcd", "local": false, "name": "asn:as-owner=\"TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Nebulae C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1780039933", "to_ids": true, "type": "ip-dst", "uuid": "47b07ec3-078d-4b2e-9552-7698ffc38587", "value": "150.109.178.252", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd7331", "local": false, "name": "asn:asn=\"132203\"", "relationship_type": "" }, { "colour": "#723dcd", "local": false, "name": "asn:as-owner=\"TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Nebulae C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1780039935", "to_ids": true, "type": "ip-dst", "uuid": "e2d05f17-c0a4-4dd2-9339-dfeb941d968b", "value": "47.241.127.190", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#836891", "local": false, "name": "asn:asn=\"45102\"", "relationship_type": "" }, { "colour": "#692b04", "local": false, "name": "asn:as-owner=\"ALIBABA-CN-NET Alibaba US Technology Co., Ltd.\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740597944", "to_ids": false, "type": "link", "uuid": "41ae1657-e34e-44eb-8713-5c48a2270275", "value": "https://databreaches.net/2021/04/30/cyberspies-target-military-organizations-with-new-nebulae-backdoor/" }, { "category": "Other", "comment": "traffic seems to be encrypted using RC4 algorithm and all samples we analyzed uses the same key", "deleted": false, "disable_correlation": false, "timestamp": "1746978935", "to_ids": false, "type": "text", "uuid": "b0f4b12d-1531-4d33-ac78-b01caf7b64a7", "value": "aefbA_(*vaER#$78B?>C" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746979775", "uuid": "6138542d-58d2-4a0e-9443-d12a44a902c3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746979775", "to_ids": true, "type": "md5", "uuid": "2fb71d73-4609-41dd-934f-ae40dea1ac58", "value": "97e49353a25c3f1d81a6139735697940", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746701", "to_ids": true, "type": "sha1", "uuid": "b3695fba-7804-42c0-ae99-121e981e7b1f", "value": "7be805f090e34d2a2df089224cc274b083835917", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746701", "to_ids": true, "type": "sha256", "uuid": "785e352a-ec19-44af-afcb-b8b4908a32f5", "value": "5cbfa1047527a44bf8cdf830077c11ab5d54f7663c8c0a91676cb1157005c14d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746700", "to_ids": true, "type": "ssdeep", "uuid": "5c9df816-4f82-43a4-a551-ef14c851efb4", "value": "3072:JzuZIRIcLTx/vI8ykIk825L/nM/W9Orhwm5sXSw:JAIR7/vI8ykIkfL/M/WPPCw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746700", "to_ids": false, "type": "size-in-bytes", "uuid": "4b91d97f-182a-45c3-8e0c-987043123dad", "value": "187504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746700", "to_ids": true, "type": "vhash", "uuid": "170db113-c631-4c34-b8bd-4d19b3f14fb5", "value": "015046655d156035za005bhz22z17fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746700", "to_ids": true, "type": "filename", "uuid": "ac2c2f29-0a72-4aa9-a82b-e84f16fc22d4", "value": "mobpopup.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746700", "to_ids": false, "type": "text", "uuid": "bc1d05f7-0649-4435-966e-0c7a92619dde", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2017-01-08T06:30:18.000000+00:00\nLast Submission:2025-03-21T03:23:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "3a3bde72-6a11-4f72-9560-ded0e5c464b7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "c1be0abe-a5ef-4697-94e6-8be268767228", "value": "0a63cef6ed6439dd3b3ed80e1daa0e30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746722", "to_ids": true, "type": "sha1", "uuid": "6332169c-458e-4f16-957e-795b186405ab", "value": "5b31761818da017c0f41323e28514e5a747e0833", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746722", "to_ids": true, "type": "sha256", "uuid": "1e239a91-d82c-4f59-bc29-2b04bc9f3d9c", "value": "e44969dd3573abbe0a3d0b7ea56856e9c5284be3ead6bc228fe5799410ed812e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746722", "to_ids": true, "type": "ssdeep", "uuid": "7c58836f-ba4f-4187-a855-04f8e09d57a9", "value": "1536:xNelOfTcCBqLU9YBtcbuaogZ4FbsW1Hcdbf8IE34:uOfTcJLU9YwuaogSF2bf8IE34" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746722", "to_ids": false, "type": "size-in-bytes", "uuid": "b504aa8c-df27-4fd2-9cd0-c98043daa94a", "value": "75264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746722", "to_ids": true, "type": "vhash", "uuid": "95a20673-151b-4987-8980-d3060a90145f", "value": "174046655d156az47!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746722", "to_ids": true, "type": "filename", "uuid": "388490f2-533c-4506-af72-5a775e216164", "value": "VirusShare_0a63cef6ed6439dd3b3ed80e1daa0e30_PEVALID" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746722", "to_ids": false, "type": "text", "uuid": "20f0c3b5-4aab-4abb-a5d7-459c1c4f24c6", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DllHijack!MSR\nVT Total Detection:55/72\nFirst Submission:2021-04-26T01:20:18.000000+00:00\nLast Submission:2023-06-15T00:05:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746979817", "uuid": "14fca15a-8620-4ff7-96e6-d54662d084c3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746979817", "to_ids": true, "type": "md5", "uuid": "4b62227f-6902-4544-9a2d-6a56eb9bb7b0", "value": "9f1d6b2d45f1173215439bcc4b00b6e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746765", "to_ids": true, "type": "sha1", "uuid": "71751c7c-131d-47d4-998b-209da0303acf", "value": "830ee9e6a1bb7588aa8526d94d2d9a2b491a49fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746765", "to_ids": true, "type": "sha256", "uuid": "c710f193-7b22-4854-83ba-854bd5d3e69e", "value": "9fc74d8830fa5d2cee8254fbcc02e9737cf417433efb3e5f026e4500afc94270", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746764", "to_ids": true, "type": "ssdeep", "uuid": "568ab0b1-969a-4d8c-a22e-5e683b38d0d5", "value": "192:syOAfT++QnMWY7W4LiM/aErlnkTN2+goXeklGbhRnATfNSzeK7:safq+jWY7W4uehe1HGtyzM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746764", "to_ids": false, "type": "size-in-bytes", "uuid": "8c480a7b-2c2c-4776-a2ae-650c57f36735", "value": "13368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746764", "to_ids": true, "type": "vhash", "uuid": "6ec3408e-e90d-461e-ba76-2c0a71c51738", "value": "0140365d151bz213=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746764", "to_ids": true, "type": "filename", "uuid": "53eef801-e178-4f84-a753-56eebfb93043", "value": "finder.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 27/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746764", "to_ids": false, "type": "text", "uuid": "5d8b5ccd-47b4-4e10-9ff1-1816c560a779", "value": "Type Description: Win32 EXE\nFile distributed by: ['Microsoft']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['FINDER.EXE']\nMicrosoft: None\nVT Total Detection:0/73\nFirst Submission:2009-05-14T02:25:05.000000+00:00\nLast Submission:2024-01-21T21:48:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "2b709ed8-8a00-4ba5-81db-fd8201c5cea0", "Attribute": [ { "category": "Payload delivery", "comment": "RainyDay memdump", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "70ad1a79-d16a-4146-9b3c-1b1d0b22dcca", "value": "46718ac832e64ae277e35f90da278eee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RainyDay memdump", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746786", "to_ids": true, "type": "sha1", "uuid": "88da9db4-e1e1-42c6-8151-207780d59deb", "value": "446d76be0d80b44a9a8171cdbe69001535707bd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RainyDay memdump", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746786", "to_ids": true, "type": "sha256", "uuid": "cb02b69f-798a-4d92-a04f-ad7105a26bec", "value": "c5b29d3205155d79ca3a9d5d4d8b363740f9d91f2d6563d37855357532e3eb10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746786", "to_ids": true, "type": "ssdeep", "uuid": "b7dedee7-666c-45f6-bfdd-354b6322dbb0", "value": "6144:Yc+vUiHBzr9K8dHQaqunCGuO+rSxNTB7p9FQ:Y5HBzJK8aaqunCGux4NTB+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746786", "to_ids": false, "type": "size-in-bytes", "uuid": "de7bc1ba-f8ee-4417-a57a-a879b25b5b19", "value": "233472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746786", "to_ids": true, "type": "vhash", "uuid": "64392bc3-6e18-4618-a15b-798108aefc3e", "value": "125040011z16\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746786", "to_ids": true, "type": "filename", "uuid": "2de5e3be-e80d-43b7-9c31-df3e9c9564a0", "value": "c5b29d3205155d79ca3a9d5d4d8b363740f9d91f2d6563d37855357532e3eb10.unknown" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746786", "to_ids": false, "type": "text", "uuid": "8d5524e8-a37b-4cd4-8eeb-15004ccf5be3", "value": "RainyDay memdump\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:30/70\nFirst Submission:2020-09-18T04:52:59.000000+00:00\nLast Submission:2022-12-18T11:33:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "246b8d3a-923d-4084-a7e9-8818d15eee7c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "3d293bc0-8adc-4cbf-b9e6-a4ce1ee0762e", "value": "12a0cef605c5a1cabe328325da7f4b72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746808", "to_ids": true, "type": "sha1", "uuid": "18d92d5e-dda4-40f7-ab0f-a4343f3d5833", "value": "26375ca57aacba660ba2a016858a193ddb7468f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746808", "to_ids": true, "type": "sha256", "uuid": "7f3fd6d0-4622-4c40-a650-03b33112411d", "value": "32d12a1660c00b8636075aa15363f8b0917391a2ec416d2398cf819c71b09ef9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746807", "to_ids": true, "type": "ssdeep", "uuid": "685f8ad7-e30f-4bde-b104-29d0d1f82788", "value": "768:CprwlOBlLD9sVMs/ZttAv3FkZ0iFuwqPsQsp7s6wOZU9oihpI0lZnKwQxZCBWUCc:z7tAdoFqPsexnWCBdCQ1wsWdcdWcYDq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746807", "to_ids": false, "type": "size-in-bytes", "uuid": "97d1f101-73ba-4e1e-8655-a14cb38db74e", "value": "71168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746807", "to_ids": true, "type": "vhash", "uuid": "752a22d8-7a54-40d5-923d-fe0be7daa16c", "value": "174046655d156az46?z7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746807", "to_ids": true, "type": "filename", "uuid": "dc192b29-24c0-412f-999d-a0ad7d133d45", "value": "32d12a1660c00b8636075aa15363f8b0917391a2ec416d2398cf819c71b09ef9.json" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746807", "to_ids": false, "type": "text", "uuid": "97abff55-88a8-4fd4-ada0-baaa0be8ef50", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Tnega!MSR\nVT Total Detection:57/72\nFirst Submission:2021-04-27T06:19:49.000000+00:00\nLast Submission:2024-02-20T07:31:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "5cc80791-556c-42ec-b754-1ec8db69f2e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "4255405c-26a3-42b9-b7d7-dd482c4d2844", "value": "b77d42820fae65cb32b9431c2e7b70e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746829", "to_ids": true, "type": "sha1", "uuid": "a4b1cda5-cb37-48e4-93a0-ea200e1c2c7a", "value": "1cb7e9d38e6acaa2134d3a65f1f1bd7f9f66a353", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746829", "to_ids": true, "type": "sha256", "uuid": "1155e672-4efe-4309-aae5-dc311552ffda", "value": "4bb2c2e40d394ae50c4c6043ec94f7e9417a23759390f6518ffdf2f7a5d4fcc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746829", "to_ids": true, "type": "ssdeep", "uuid": "1e0274f3-b077-4365-b617-081b4111581a", "value": "1536:FtO6O/z0CBq+EtY0tc7uaonZ4FbsW1HcdbUsl34:tO/z0J+EtYhuaonSF2bUsl34" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746829", "to_ids": false, "type": "size-in-bytes", "uuid": "7c955834-07c1-43d3-a692-a89ace2d63f2", "value": "75264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746829", "to_ids": true, "type": "vhash", "uuid": "c4bc0e0b-77d1-48e2-bbf8-3521f42c11f6", "value": "174046655d156az47?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746829", "to_ids": true, "type": "filename", "uuid": "d721ba2f-48f1-4078-bd83-55ac3c9a30ff", "value": "4bb2c2e40d394ae50c4c6043ec94f7e9417a23759390f6518ffdf2f7a5d4fcc8.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746829", "to_ids": false, "type": "text", "uuid": "6ff9718a-d175-4c97-85d9-65dc6ac88e2a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ymacco.AA4B\nVT Total Detection:56/72\nFirst Submission:2020-09-01T05:28:18.000000+00:00\nLast Submission:2024-02-21T01:06:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "151d9e74-f499-4cab-b19c-26328a9c56ef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "49ada174-6ceb-475d-afd6-4e5f13586138", "value": "adc46432477545ce4826415ef19190a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746850", "to_ids": true, "type": "sha1", "uuid": "e429a8c0-0be7-4ef9-a5a6-45782711a38d", "value": "4d9d636e78224f90ef199dfce2a23974119fcc16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746850", "to_ids": true, "type": "sha256", "uuid": "f54848f0-86d3-497c-9195-05a30587687c", "value": "bd92139712bdb12a4ca1b10b45c07bd0dd5253e6d9821fb3059b7e489773e400", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746850", "to_ids": true, "type": "ssdeep", "uuid": "e3bf8d04-f098-402e-a64b-61d371b80545", "value": "768:5grpOE1rDWsVMsfZtaQvdFkZ06FrwqPjQ9pSwOmzoXRhSI+1ln5PQxZCBWUCQ1wI:aaQvkSqPjBqn8CBdCQ1wsWdcdWxDm1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746850", "to_ids": false, "type": "size-in-bytes", "uuid": "1109b853-86c6-4bc6-b5af-03231e5c65aa", "value": "71168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746850", "to_ids": true, "type": "vhash", "uuid": "91ecaf0d-2f1e-4824-a566-35efd536daa9", "value": "174046655d156az46?z7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746850", "to_ids": true, "type": "filename", "uuid": "c518f4f8-5288-45e4-8357-66195734b82b", "value": "outllib.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746850", "to_ids": false, "type": "text", "uuid": "e9e40c0e-d317-4d2c-ad70-0cb4dbf31102", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/AgentTesla!rfn\nVT Total Detection:56/72\nFirst Submission:2021-01-20T04:00:16.000000+00:00\nLast Submission:2024-02-21T03:42:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "57f23221-8925-449a-b9ed-4a4928f22211", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "d8b4f998-6043-4fb8-b604-b4a006c02d15", "value": "7a043d49f69f480e63384d85b28840f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746892", "to_ids": true, "type": "sha1", "uuid": "4c7aaeb5-5298-4add-8b9a-63a6feb26f58", "value": "084cc29f33c937b160fb0ad99117730cb83fc435", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746892", "to_ids": true, "type": "sha256", "uuid": "a42cfd44-f0ef-4778-9721-4b911f9bab09", "value": "3d0e91c7d8fde05d12e83519b66c4778a97f9fb5358e2de6c8105f221f26a3d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746892", "to_ids": true, "type": "ssdeep", "uuid": "5cacc846-ff6a-4bc7-bc57-c1d4d0f3f7ff", "value": "384:ZMq8J4PlHdLgnRjZIFk7xdRqmqbC4QOl9hwaJlzt+1nu6EDHJCjvR1/NNvyC15:Z18DFbdcmiJhpBmnTED4Tfvyi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746892", "to_ids": false, "type": "size-in-bytes", "uuid": "da14ad74-3937-4f96-a664-952ca43a4893", "value": "32768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746892", "to_ids": true, "type": "vhash", "uuid": "68379820-1382-457e-a43a-1591c9ef4252", "value": "134046655d155az3f!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746892", "to_ids": true, "type": "filename", "uuid": "ebbb8db4-4faf-4e75-8497-7f9e84c881e8", "value": "3d0e91c7d8fde05d12e83519b66c4778a97f9fb5358e2de6c8105f221f26a3d1.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 07/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746892", "to_ids": false, "type": "text", "uuid": "48bba89b-3432-493c-b251-37ad0c05e2b7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:55/73\nFirst Submission:2020-10-20T02:12:36.000000+00:00\nLast Submission:2023-06-15T05:26:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "cbb76405-0022-45fa-8fae-b488bedc4241", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "5f1d99aa-eb73-429b-b9a9-3ea3391923cb", "value": "5a4a8b1a86b665d8798de80133362f46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746913", "to_ids": true, "type": "sha1", "uuid": "adfe4cb4-bba6-427d-91cf-a9487fa94771", "value": "21a43984a9dbd15ef352e78e48110c2f22d7bcc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746913", "to_ids": true, "type": "sha256", "uuid": "56bf65b6-3b0f-45c8-b0f0-d9fe97054c0d", "value": "037e17b85dfd4671dc748701aa31b028438e44edee620070510438bcb56f022d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746913", "to_ids": true, "type": "ssdeep", "uuid": "4295f62d-539d-4cfd-83c0-01beb10f23c5", "value": "1536:MO38Mfw0SKs332NZHYyHFQHBsWxcdr2P8gTb7GCtg:FQD3SqcFqMr20gTVi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746913", "to_ids": false, "type": "size-in-bytes", "uuid": "33a2a57d-4c94-465a-a096-63cd24d3eff1", "value": "69120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746913", "to_ids": true, "type": "vhash", "uuid": "e0acd722-e6e1-438f-880a-932ccea6d90b", "value": "164046655d156018z44!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746913", "to_ids": true, "type": "filename", "uuid": "56a492c8-291b-46e8-9bd7-f54c027f699e", "value": "037e17b85dfd4671dc748701aa31b028438e44edee620070510438bcb56f022d_.json" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 28/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746913", "to_ids": false, "type": "text", "uuid": "00031216-5a51-480e-b24f-ecffbd254d37", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:55/72\nFirst Submission:2021-04-27T06:19:22.000000+00:00\nLast Submission:2024-02-20T04:08:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "a0efddcc-e144-470d-9dff-a26dcc734b05", "Attribute": [ { "category": "Payload delivery", "comment": "rdmin.rsc loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "acad8a50-63da-4deb-8ca7-635aa5fb914a", "value": "59974929887caa1cb5e4ff102fb2efd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "rdmin.rsc loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746956", "to_ids": true, "type": "sha1", "uuid": "fd2a01cd-86be-4124-93c0-77f4028c3d68", "value": "92395fbe868b2d39d1eaee7f4c86e49f1a3cfadd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "rdmin.rsc loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746956", "to_ids": true, "type": "sha256", "uuid": "08a79c26-6d23-4ed0-81be-43a315244946", "value": "ebead09ed1d471ff85ae7584c9f2043338d004ee782680085992e9203e29d249", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746955", "to_ids": true, "type": "ssdeep", "uuid": "71efb7f7-bd6d-4e0a-aaa6-ae13f5db352e", "value": "1536:jO38Mfw0SKs332NZHYyHFQHBsWxcdruP8gTb7GCtg:6QD3SqcFqMru0gTVi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746955", "to_ids": false, "type": "size-in-bytes", "uuid": "73281867-746c-491f-9a1d-1d47102a20c7", "value": "69120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746955", "to_ids": true, "type": "vhash", "uuid": "c8f056e2-fbf8-4fbb-b014-a7b58db32eba", "value": "164046655d156018z44!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746955", "to_ids": true, "type": "filename", "uuid": "11ba9aee-f743-41fc-9f80-ed99d30d3470", "value": "pc2msupp.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 20/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746955", "to_ids": false, "type": "text", "uuid": "19bd0177-4895-41d2-8e61-c25ad030d831", "value": "rdmin.rsc loader\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:58/73\nFirst Submission:2021-04-27T06:19:17.000000+00:00\nLast Submission:2023-06-15T03:59:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746979985", "uuid": "be6b8cee-bf67-423d-9fa4-a26adc8223ce", "Attribute": [ { "category": "Payload delivery", "comment": "VirusScan On-Demand Scan Task Properties", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746979985", "to_ids": true, "type": "md5", "uuid": "5263237b-1a2e-4e13-a35c-739187c7bb31", "value": "b5bdaba69689e8be57ce78bb6845e4f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VirusScan On-Demand Scan Task Properties", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746746999", "to_ids": true, "type": "sha1", "uuid": "5ae23b77-bd70-41b2-8762-c293b30ab1e3", "value": "573c35ab1f243d6806dedbdd7e3265bc5cbd5b9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VirusScan On-Demand Scan Task Properties", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746746999", "to_ids": true, "type": "sha256", "uuid": "91e81326-7ed7-45d4-b780-15dc69a6301f", "value": "1e712adae2a543bf2fbf41691416b350c3a90561ab5f6590e520f833a9a587ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746746998", "to_ids": true, "type": "ssdeep", "uuid": "f79b8b7c-9fd7-43cd-9859-8624204f5834", "value": "768:lEONU9LwywsX/GPaihnn0cWB6F8KJC6RxJP+IV:lE5Lq4ahnn7zNRxzV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746746998", "to_ids": false, "type": "size-in-bytes", "uuid": "112b29c7-b201-41b5-85d8-6cffc7b63330", "value": "48488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746746998", "to_ids": true, "type": "vhash", "uuid": "1fb5df99-5672-4358-903d-02adeb0cb163", "value": "044056655d15151az39!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746746998", "to_ids": true, "type": "filename", "uuid": "42a93939-8300-4937-90a8-b30a0ba09033", "value": "ScnCfg32.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746746998", "to_ids": false, "type": "text", "uuid": "a84d68bc-3c27-4c5d-aea3-5d9885d0ffee", "value": "VirusScan On-Demand Scan Task Properties\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2014-03-14T16:56:58.000000+00:00\nLast Submission:2025-04-28T08:00:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980006", "uuid": "e7b8cd7f-cb40-487f-8b61-e0bae74baaec", "Attribute": [ { "category": "Payload delivery", "comment": "dot1.dll (Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980006", "to_ids": true, "type": "md5", "uuid": "c4dae488-ccc7-43a1-a5a7-bfd70894009e", "value": "efb196c8cb68cb518d85d41036c73fae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "dot1.dll (Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747041", "to_ids": true, "type": "sha1", "uuid": "5a882486-34f8-49d2-b059-66efbc75d4e7", "value": "fe04c2b6888b63d0d15144aaf2c00169a6a0a629", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "dot1.dll (Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747041", "to_ids": true, "type": "sha256", "uuid": "f7b83d88-1319-4966-8ade-841b49f1a2fd", "value": "54738bb403a25b005bf145d4ed2a3719b0c4869360eb82776171c1b6d5ec0952", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747041", "to_ids": true, "type": "ssdeep", "uuid": "a4da16e2-a750-4d22-b678-f06a3b49a541", "value": "3072:bO9QjXZ0xuXCwmzTzqzxkcZbUszz+6rLy4fXBUEbo:a9XuEUxkGzz+4feOo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747041", "to_ids": false, "type": "size-in-bytes", "uuid": "d8ba9eb3-e64a-4cc9-bfe6-04cf668ff0d6", "value": "199168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747041", "to_ids": true, "type": "vhash", "uuid": "6a9973a5-4087-4857-a5c4-882f9332f325", "value": "115056655d15551068z5dbz29z15zc6z1" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747041", "to_ids": false, "type": "text", "uuid": "a13a028c-4dff-4d5d-be21-e2f0b895fd90", "value": "dot1.dll (Nebulae)\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/CryptInject\nVT Total Detection:56/71\nFirst Submission:2021-06-20T22:29:09.000000+00:00\nLast Submission:2024-02-21T01:11:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "9ed19ecc-de43-42a4-bc4d-031cf8e3d700", "Attribute": [ { "category": "Payload delivery", "comment": "nta.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "2dbdde58-405c-4b81-9046-0054ab0de566", "value": "41a7f4b78d4f7f358542c4ef2a2d9dbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "nta.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747062", "to_ids": true, "type": "sha1", "uuid": "38d52e03-105d-4335-82b9-7caeef38e238", "value": "174256cf955ce751161dbf209eb3aa75e26a5176", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "nta.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747062", "to_ids": true, "type": "sha256", "uuid": "45d52cb8-d07c-47d0-b193-87248bcc92e7", "value": "0c438622b62bf03a33e3e25d3ff1afea740111c2d90a2b9659eddd7a5021cd5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747062", "to_ids": true, "type": "ssdeep", "uuid": "eb372039-c4fb-4004-b1d8-1fdd7cca9bdd", "value": "6144:7KRZVTvXlQAFZ1vLZAGObJHYNMbnohPGwv:76ZB+S1jynKMbnoX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747062", "to_ids": false, "type": "size-in-bytes", "uuid": "aa7e0ae1-f42e-4fb6-ba37-af1f51a79277", "value": "257536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747062", "to_ids": true, "type": "vhash", "uuid": "afe52dd3-0ed2-4069-b6e8-f351617b0238", "value": "125066655d1555155098z63bz29z15zc6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747062", "to_ids": true, "type": "filename", "uuid": "012fb5fa-2a9d-4591-b700-6a96291ea424", "value": "0c438622b62bf03a33e3e25d3ff1afea740111c2d90a2b9659eddd7a5021cd5d.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747062", "to_ids": false, "type": "text", "uuid": "768cc3a7-2176-4d64-b011-672034e7c3a9", "value": "nta.dll(Nebulae)\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.AA\nVT Total Detection:58/72\nFirst Submission:2020-05-14T05:38:31.000000+00:00\nLast Submission:2024-07-09T10:52:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "84e6f33f-4f98-4bac-879f-d370e4791968", "Attribute": [ { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "7eb1a20d-2ee3-4edd-8b3d-49117346666c", "value": "d672194165a7b978e19ecde87bb4b373", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747084", "to_ids": true, "type": "sha1", "uuid": "9f360f66-89b8-4f27-9ec9-8ff20e413453", "value": "ed9411c50536e8ec1fe7242679ce3af72893fa2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747084", "to_ids": true, "type": "sha256", "uuid": "697bb973-12ec-45f9-b116-a9a5ea2e05f9", "value": "2181fdf09d22e0b55db7e70914eec71ff98d55f0f4899a9f5ef9dba1f2ad9792", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747083", "to_ids": true, "type": "ssdeep", "uuid": "c31ade2d-9e6d-4f8a-9b62-d9e4a823c652", "value": "6144:xqKIErL30UYcDd5OR2QCkoqursAO4AOJljg:RrL30UYcXORPursE1jg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747083", "to_ids": false, "type": "size-in-bytes", "uuid": "4f25d787-d6c1-4f5d-9cbe-2b7cec1dc79b", "value": "205824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747083", "to_ids": true, "type": "vhash", "uuid": "c5704f52-f1ac-4edb-b68d-c8c5198c042e", "value": "125056655d15556048z5fbz29z15zc6z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747083", "to_ids": true, "type": "filename", "uuid": "4bc1684c-dff4-40a5-9eaf-4422f480f358", "value": "2181fdf09d22e0b55db7e70914eec71ff98d55f0f4899a9f5ef9dba1f2ad9792.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747083", "to_ids": false, "type": "text", "uuid": "0dd9b4b0-424c-4f34-8569-ecab3f31a246", "value": "vsodscpl.dll(Nebulae)\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Predator.EFG!MTB\nVT Total Detection:56/72\nFirst Submission:2021-04-27T06:19:52.000000+00:00\nLast Submission:2024-02-20T06:04:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "d98cd235-4751-40b7-9ac7-b751734bf758", "Attribute": [ { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "eb8a8211-f7e1-40ca-af37-68e751866ae2", "value": "1dc557a0f7b93b1b534724c10d065538", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747105", "to_ids": true, "type": "sha1", "uuid": "99cea391-2fb3-41b6-9098-22839712f93a", "value": "44a5394cd2544605d88173ee0681d3ad30b64ab8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747105", "to_ids": true, "type": "sha256", "uuid": "df391931-2f3c-4cc4-a7b5-a44f38ec2e20", "value": "ee9f11a530df4950981daea65dc029e05f76516d2ac9ce4541ccf89a44e26285", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747105", "to_ids": true, "type": "ssdeep", "uuid": "a0919cfa-ca39-4eb9-847e-904bb95769e3", "value": "3072:CftiZ9naC5RvS+E/OEhe72ADPWpGWXmfswYE626NnwpB61iMZnpAg0FuDMQV3QW8:oi7lJE1heSAnYvjyz2AOAMNv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747105", "to_ids": false, "type": "size-in-bytes", "uuid": "9083c9b1-4065-4214-90d6-77c704ad53a4", "value": "203776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747105", "to_ids": true, "type": "vhash", "uuid": "08b838df-bc33-465b-9f8f-9d032c8fc67b", "value": "125066655d151d156078z63bz29z15zc6z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747105", "to_ids": true, "type": "filename", "uuid": "abd5fcb1-416a-4122-b64c-fd7879e19e70", "value": "ee9f11a530df4950981daea65dc029e05f76516d2ac9ce4541ccf89a44e26285.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747105", "to_ids": false, "type": "text", "uuid": "3f42dd03-8889-41ab-b100-60c9f43a8ebf", "value": "vsodscpl.dll(Nebulae)\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Predator.EFG!MTB\nVT Total Detection:55/72\nFirst Submission:2021-04-27T06:20:07.000000+00:00\nLast Submission:2023-06-15T01:22:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "a15aded3-9875-4774-8266-7f2f47d8a3c7", "Attribute": [ { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "f811d557-2381-4305-8ead-0eb556399454", "value": "79daad3062d4b428cbdf2df4bc4a793c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747126", "to_ids": true, "type": "sha1", "uuid": "a688610c-2103-43e0-9259-a8fd65b09627", "value": "7510efd6d9bf26dca27e751d47d3ee1fc27eb5ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "vsodscpl.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747126", "to_ids": true, "type": "sha256", "uuid": "b8ba01f7-07d2-4d5f-a9f1-bb12d45dcda7", "value": "c5c39979728f635b324dfcb7e32cbd6c4cc877ff4f9bd39113c7a2722f49d399", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747126", "to_ids": true, "type": "ssdeep", "uuid": "36cffc06-2250-4844-8706-2007b962c2de", "value": "3072:nN7IWJlgN78g6bktAC4U4S7X+sU9iVgTTlJ:nNCNApPU4O7KBJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747126", "to_ids": false, "type": "size-in-bytes", "uuid": "a7bafb93-13f4-4cb1-9069-54baa1ad96fa", "value": "199168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747126", "to_ids": true, "type": "vhash", "uuid": "0c708241-459a-46dd-b4dd-c8640caaa824", "value": "115056655d15551048z5dbz29z15zc6z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747126", "to_ids": true, "type": "filename", "uuid": "93bba780-ffbe-455d-9e5f-d5adb43d74d7", "value": "c5c39979728f635b324dfcb7e32cbd6c4cc877ff4f9bd39113c7a2722f49d399.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 05/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747126", "to_ids": false, "type": "text", "uuid": "17a333e3-1c0d-49a4-8b59-5dc927d84e39", "value": "vsodscpl.dll(Nebulae)\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Predator.EFG!MTB\nVT Total Detection:55/73\nFirst Submission:2019-08-10T00:35:50.000000+00:00\nLast Submission:2023-06-15T05:25:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "352d3ee3-f842-4d95-86ba-443d692c59bb", "Attribute": [ { "category": "Payload delivery", "comment": "nta.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "9173ee1a-b052-445e-87fe-1d40edcfe876", "value": "0ad47c87a9e6041033946c525816dd58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "nta.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747148", "to_ids": true, "type": "sha1", "uuid": "b51e7d01-3f48-4e0f-b2f4-b2dcef6d4801", "value": "5bedd06875e5b406509a8664f4430c303a865307", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "nta.dll(Nebulae)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747148", "to_ids": true, "type": "sha256", "uuid": "4ca30497-85e1-4517-8b00-7460fc0736b4", "value": "592c36bc4117f150f8fce1b54d064eb14bd3236b3f729ba12750aed3bb6006b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747147", "to_ids": true, "type": "ssdeep", "uuid": "04cd9ae2-33bb-432a-89d4-a98bd904a62f", "value": "3072:qUCcgnZya5kLFoEA0cVI8e2DjkLgQ9d+lzZuva2U8q7/rIEjPb+kHSqaGoY46PAj:ygAIJ2cLvXSzZAxUPrjPJoh4AfFSw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747147", "to_ids": false, "type": "size-in-bytes", "uuid": "992903c0-e912-4c25-8a1a-83f04ec45263", "value": "250880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747147", "to_ids": true, "type": "vhash", "uuid": "c203bf5c-c20c-439b-befb-72c9d5355e34", "value": "125066655d1555155068z63bz29z15zc6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747147", "to_ids": true, "type": "filename", "uuid": "ed835986-3a53-4204-a4b4-65af53627f80", "value": "592c36bc4117f150f8fce1b54d064eb14bd3236b3f729ba12750aed3bb6006b4.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747147", "to_ids": false, "type": "text", "uuid": "4ba17e3c-5804-402f-ba96-7105b9744024", "value": "nta.dll(Nebulae)\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:53/73\nFirst Submission:2020-11-04T07:42:49.000000+00:00\nLast Submission:2024-02-21T01:14:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "8afd391b-d5e1-4a3b-817c-2d814dcd19ad", "Attribute": [ { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "cd05dda3-6609-4b10-b26d-23e455f8d11a", "value": "3c5fbf2133c710020b29f0371747bdd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747169", "to_ids": true, "type": "sha1", "uuid": "e9494966-4e92-470b-a220-03bcfc2539c5", "value": "adba0e82b234a660e896a385d2ee9fe0b09b93ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747169", "to_ids": true, "type": "sha256", "uuid": "ef005e0c-2b75-4347-ab25-0e7c18ce41e4", "value": "bad4fba4b2863ddbf85aaabf1c77f60ea972dd2ea39d7b7963b862b0b4aacbb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747168", "to_ids": true, "type": "ssdeep", "uuid": "208004a9-a83d-4f67-9223-f269f03d8227", "value": "3072:8Ald3zkGeokRHCHl/vKzBE2Zq+GDzz+FriyffY1YB1PqU:RldzkRfBENtDzzeffPPqU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747168", "to_ids": false, "type": "size-in-bytes", "uuid": "4e50239b-1462-4fa3-8090-963b73b5554c", "value": "199168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747168", "to_ids": true, "type": "vhash", "uuid": "228b6cc1-5c4c-46cc-b2d6-2f982b418e74", "value": "115056655d15551068z5dbz29z15zc6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747168", "to_ids": true, "type": "filename", "uuid": "76dd1a4c-1f35-4e7f-9afc-2ec1a111b349", "value": "bad4fba4b2863ddbf85aaabf1c77f60ea972dd2ea39d7b7963b862b0b4aacbb5.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 19/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747168", "to_ids": false, "type": "text", "uuid": "14b61f4e-adc0-4e1c-aa43-bf838e4f1926", "value": "Nebulae\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.CBA\nVT Total Detection:56/73\nFirst Submission:2018-12-17T21:01:30.000000+00:00\nLast Submission:2024-02-21T03:39:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981418", "uuid": "154184fb-53a6-4f09-977e-cf658fa898d4", "Attribute": [ { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981418", "to_ids": true, "type": "md5", "uuid": "abcd00bd-fdda-48f1-ac85-f1af6a048a8a", "value": "1d73c276056df6d88b7958e513942e56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747190", "to_ids": true, "type": "sha1", "uuid": "bd637165-2ea6-4f37-b23d-fcf40851e656", "value": "3d331a46c308e0a22eda99521a0156c29125013e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747190", "to_ids": true, "type": "sha256", "uuid": "8c7b42bf-2483-4580-bd42-dce3db6237b1", "value": "dc64e5497bbb2e128a821a382e1bd02a7057982913f2da673c4897c64ff5090c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747189", "to_ids": true, "type": "ssdeep", "uuid": "3fd5c9aa-6b6f-4fd8-b576-eb0a4eadd248", "value": "3072:9C51Yb3ceJ1tZB+/1hgpth+HxkalzocpB:9C5kJZW1hgzhslEA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747189", "to_ids": false, "type": "size-in-bytes", "uuid": "6017b20e-d18c-4605-963f-bd8ac51cabe8", "value": "198144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747189", "to_ids": true, "type": "vhash", "uuid": "7732ccb7-a272-4686-8893-3e444a94290b", "value": "015056655d15551048z5cbz29z15zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747189", "to_ids": true, "type": "filename", "uuid": "7e7420e6-6443-442c-89ca-bc0245967925", "value": "dc64e5497bbb2e128a821a382e1bd02a7057982913f2da673c4897c64ff5090c.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747189", "to_ids": false, "type": "text", "uuid": "47ef0fbd-94d1-4531-943f-394a701b400b", "value": "Nebulae\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Occamy.CDC\nVT Total Detection:58/73\nFirst Submission:2019-02-02T01:37:56.000000+00:00\nLast Submission:2023-06-15T01:21:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "30c44954-cb8d-4995-a83f-68a49c07d9d2", "Attribute": [ { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "105057a3-0956-4c34-898b-5261ed79afa9", "value": "b1a6fc744dc340e216c16811524cd510", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747211", "to_ids": true, "type": "sha1", "uuid": "ceb0c20f-63cc-4fb3-a0a8-df1a4eaf0ec4", "value": "b83e88d7db1e0e45db7de52c1331e6a58fd15a92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747211", "to_ids": true, "type": "sha256", "uuid": "21357664-de2e-4858-91c6-fd46f8c1a8ef", "value": "1df627dab5349caa21b7796747299cc00d5def8f1f9af2bfd93d61a74455151e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747211", "to_ids": true, "type": "ssdeep", "uuid": "4e8001a8-a11c-47ab-82b2-915c6bdc893f", "value": "3072:bO9QjXZ0xuXCwmzTzqzxkcZbUszz+6rL64fXBUEbo:a9XuEUxkGzzm4feOo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747211", "to_ids": false, "type": "size-in-bytes", "uuid": "ddc1f9fb-3a79-41f9-b7c1-a6b83d8db90c", "value": "199168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747211", "to_ids": true, "type": "vhash", "uuid": "fee89ab4-3468-4185-a9a8-19c0acba90fd", "value": "115056655d15551068z5dbz29z15zc6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747211", "to_ids": true, "type": "filename", "uuid": "f3b2f644-02e6-4e42-8c14-4b9a2cd8da0f", "value": "1df627dab5349caa21b7796747299cc00d5def8f1f9af2bfd93d61a74455151e.json" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747211", "to_ids": false, "type": "text", "uuid": "1b61dd85-4e10-4f36-8021-46e7aff44eb3", "value": "Nebulae\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:59/73\nFirst Submission:2019-04-25T12:26:36.000000+00:00\nLast Submission:2024-02-20T06:03:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "400c5063-0daa-45cc-ada4-a7f0833bd55c", "Attribute": [ { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "9cb82798-3f48-44b4-bd11-5f5d269e4194", "value": "bdc955175878e25b4d7ebaff906c89fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747232", "to_ids": true, "type": "sha1", "uuid": "d5614dd5-9de1-4c41-ac11-3c305e1abdb7", "value": "97d195a026ec4cf7f1b70ddb643455bb4290abc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nebulae", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747232", "to_ids": true, "type": "sha256", "uuid": "983af394-d161-4026-bda3-daad2d9aa345", "value": "6bce8eb669aa383397943579dd3432ea875227733b4430489fe985d326b5edb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747232", "to_ids": true, "type": "ssdeep", "uuid": "40236c9e-d119-42a2-b621-ed33c2584c42", "value": "3072:T9VolaJTx8mF5votN3VgoF++ODjGezBUpXfhyae5SwBtyGIBRCAg0FuDe+0Ngff:JGOPAtHgpDjGOUpvhyfj+yAOaFNgff" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747232", "to_ids": false, "type": "size-in-bytes", "uuid": "c645ca61-3c09-4b47-8493-53ecf929eb84", "value": "199168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747232", "to_ids": true, "type": "vhash", "uuid": "6810c760-1d3b-4f42-bfc9-62d4c49a7198", "value": "115066655d151d156048z63bz29z15zc6z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747232", "to_ids": true, "type": "filename", "uuid": "7609d833-3a3e-49f3-b2c4-c4796f6539e5", "value": "6bce8eb669aa383397943579dd3432ea875227733b4430489fe985d326b5edb5.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747232", "to_ids": false, "type": "text", "uuid": "46c6ece1-3466-4bde-9de1-1b0d689de34a", "value": "Nebulae\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Znyonm\nVT Total Detection:56/72\nFirst Submission:2020-11-16T05:39:48.000000+00:00\nLast Submission:2024-02-21T01:51:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980217", "uuid": "6d591519-a34a-4b10-bf1c-fe4bf5934a86", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980217", "to_ids": true, "type": "md5", "uuid": "6adc7d8f-068a-4477-89d4-c8ef03cd96e9", "value": "f70b295c6a5121b918682310ce0c2165", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747275", "to_ids": true, "type": "sha1", "uuid": "3c761dbe-9e1d-4cc5-8803-8cc2b461d898", "value": "367c0e93dc97478e2f0101e23cae084467932cb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747275", "to_ids": true, "type": "sha256", "uuid": "6094b35d-8b41-4c35-9fd0-aed4d8ef9a7b", "value": "4849af113960f473749acf71d11d56854589cf21d623e66c7408bebd5ad0608f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747274", "to_ids": true, "type": "ssdeep", "uuid": "e03e1171-e0f4-46bb-8498-e1dc5b7ff503", "value": "192:vz0Apg2P6vm/zjiQCDzekiuqqUMu8j+lOWeujMNfzg5LkEeCsi:vwWghvm/KQbuqr18j+lOW6NE5Lk5CT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747274", "to_ids": false, "type": "size-in-bytes", "uuid": "d4f0552b-91a9-49d9-b705-b6be4ea85704", "value": "14568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747274", "to_ids": true, "type": "vhash", "uuid": "2774e337-fa0b-4fb7-8171-f79bd2e20421", "value": "0140365d151058z15125z1dz2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747274", "to_ids": true, "type": "filename", "uuid": "9f500383-061a-4c95-867e-00175cf186db", "value": "SandboxieBITS.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747274", "to_ids": false, "type": "text", "uuid": "bb1fde86-947e-4a25-9731-981ec7b8dd17", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/73\nFirst Submission:2013-05-17T09:16:56.000000+00:00\nLast Submission:2025-03-13T07:52:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "d4f5028c-911f-4277-9feb-4c87cdf91785", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "6890f1fd-b120-4826-8489-13a2c96f7745", "value": "9070f7100fa2f41c2c0757b34e0a401c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747317", "to_ids": true, "type": "sha1", "uuid": "16d2a34f-8fdb-422e-9913-d4184a40deec", "value": "854e2592545dff3be6a08b703cad7f1921cb988d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747317", "to_ids": true, "type": "sha256", "uuid": "f0d36e62-1ec5-44fe-854a-8fac0b7d904c", "value": "89132f9bd84c25539ba3b8fc2080e037b3221d16730d4b5605f6b9d3906ad38c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747316", "to_ids": true, "type": "ssdeep", "uuid": "ff70bac3-2950-43ad-baf1-03e488c16f6f", "value": "6144:K9/FznKj1NxkgUKr5KlUDS6hoU/1xn7XKQPpE6+Zv5lAOjrChTfCKK:2FznKjdkJKr5I6hoU/1x7XK88Zv5lhrD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747316", "to_ids": false, "type": "size-in-bytes", "uuid": "8cf8f025-edd4-46eb-887d-043f7df2077d", "value": "389120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747316", "to_ids": true, "type": "vhash", "uuid": "3f132273-f08f-434d-8512-d63bfc1b26fd", "value": "035076655d1d1515556038z7ahz1011zc1zebz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747316", "to_ids": true, "type": "filename", "uuid": "16c0ed3d-fd77-4963-b4f3-b2363b78e3e8", "value": "89132f9bd84c25539ba3b8fc2080e037b3221d16730d4b5605f6b9d3906ad38c.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747316", "to_ids": false, "type": "text", "uuid": "76dc4209-73ec-41c6-8222-d4184ec30c70", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:46/73\nFirst Submission:2019-07-02T20:29:38.000000+00:00\nLast Submission:2024-02-21T02:19:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "58e3d9e3-557b-4185-ad58-9b8a5e241df0", "Attribute": [ { "category": "Payload delivery", "comment": "sfk.exe - swissfileknife", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "23b70b00-8382-4594-a071-ed5f44c5a256", "value": "dc3ce0d803e1117531540ee30172b486", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "sfk.exe - swissfileknife", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747338", "to_ids": true, "type": "sha1", "uuid": "0fb6293a-e636-4c81-8212-f878bf002362", "value": "eeaeceb22c84918272e2caa87fd0fd0a0c93853a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "sfk.exe - swissfileknife", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747338", "to_ids": true, "type": "sha256", "uuid": "5253f9c2-9af4-40bc-b893-ee58d91b604f", "value": "0eb2a690eecf3e04135ae05df44f672f69bc15ebbacc6141a288b96a4d751182", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747338", "to_ids": true, "type": "ssdeep", "uuid": "2e06d2de-854d-41ef-93e3-37fd9354a160", "value": "49152:tOJ4c0d0Mu7xLw4c0f0Yek3SgYRCrE0L24dreIRTocJZRt:qiCfBc0fbe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747338", "to_ids": false, "type": "size-in-bytes", "uuid": "80ed3a45-4d3f-44cd-b4be-2054185be31a", "value": "2166784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747338", "to_ids": true, "type": "vhash", "uuid": "5d612ce2-9207-4d27-9b17-56d925be0348", "value": "026036655d60d5z10083hz13ze4z1b7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747338", "to_ids": true, "type": "filename", "uuid": "98491851-f0fc-4eba-ad37-d3779f4e233c", "value": "sfk.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 24/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747338", "to_ids": false, "type": "text", "uuid": "288e76d8-2383-45e9-97a2-0e3bcd799646", "value": "sfk.exe - swissfileknife\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:4/73\nFirst Submission:2018-07-05T19:53:52.000000+00:00\nLast Submission:2023-06-15T10:01:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "070ca93d-96ae-4bc8-b303-bc1dfe1bc6cd", "Attribute": [ { "category": "Payload delivery", "comment": "p8.exe - QuarksPwDump", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "04cea21a-b65b-4dd9-8b45-e7361a70c0fc", "value": "91a7862304bba1ef4123d10b56b1a4c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "p8.exe - QuarksPwDump", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747360", "to_ids": true, "type": "sha1", "uuid": "a94c89ac-e4a8-4cee-ae6f-8963e9c9579a", "value": "847b33e00d725ce80af7d2a2c0c133448b24daf8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "p8.exe - QuarksPwDump", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747360", "to_ids": true, "type": "sha256", "uuid": "9fb2dd75-8b3b-4368-b9b1-cec546711195", "value": "3423c48fe1358e89e4e3b5160db9148c40bcd5a5085f049fc32f077681edfb25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747359", "to_ids": true, "type": "ssdeep", "uuid": "32fc1888-1e3d-4d8f-9c71-bfec940fe6bc", "value": "12288:HyGp/GHXuWMZtxhedgfcWF6RF0FDhbh5VKVKgGZ1lqF1GRq:Hy8/GUtxhedgcF0FDh95VKYTdqF1GQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747359", "to_ids": false, "type": "size-in-bytes", "uuid": "1fc3d176-73e2-47bd-94c6-fddedfa381d2", "value": "635392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747359", "to_ids": true, "type": "vhash", "uuid": "89fe3df3-1f62-4a0c-9f94-4645c68e2ea2", "value": "065056655d15155178z5c7z1dz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747359", "to_ids": true, "type": "filename", "uuid": "7312f1cd-14af-4ec0-bfb2-0ed41928eca3", "value": "3423c48fe1358e89e4e3b5160db9148c40bcd5a5085f049fc32f077681edfb25.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747359", "to_ids": false, "type": "text", "uuid": "8aee29f5-eb07-4235-9095-0ad77cfbb26a", "value": "p8.exe - QuarksPwDump\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:48/73\nFirst Submission:2014-10-29T01:44:40.000000+00:00\nLast Submission:2023-06-15T06:29:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "3b5519ce-04fb-4536-a949-ae3294f1508d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "4a8b7b29-ebb7-453d-8eff-439a8e2d4af5", "value": "a61d1724e03bc2d75cc52115b64e1bb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747381", "to_ids": true, "type": "sha1", "uuid": "ab5ff924-f0c2-4278-b056-167f02964431", "value": "0a9da914b2b2ed147f9ff1b286d9c2977cfe5937", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747381", "to_ids": true, "type": "sha256", "uuid": "13eb986a-d2b6-4a74-a073-92eb211422df", "value": "d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747380", "to_ids": true, "type": "ssdeep", "uuid": "27d3069c-2a5d-40b0-9711-3e367c6f4dd3", "value": "24576:3QZ1knLkB4qet7cAlI7/xXBMSgm0Eyt2y:3QekGPlUXd07t2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747380", "to_ids": false, "type": "size-in-bytes", "uuid": "295e9e2d-150d-4bcf-a401-84764ac24171", "value": "863232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747380", "to_ids": true, "type": "vhash", "uuid": "1b9ae29e-743a-4393-92b8-342831adc55a", "value": "085046655d15114z12z867z4015z1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747380", "to_ids": true, "type": "filename", "uuid": "df166bea-f586-4718-ae3c-376cff863aab", "value": "BrowserPasswordDump.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747380", "to_ids": false, "type": "text", "uuid": "a41c66da-6f55-4202-9edb-1a3520203f86", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Occamy.CD5\nVT Total Detection:60/72\nFirst Submission:2017-07-06T18:54:37.000000+00:00\nLast Submission:2024-10-03T05:07:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "ccb593b8-80aa-4af7-b8f4-51a66215d47c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "bd76582d-2667-4ada-9a42-7d89e51bdce1", "value": "44f96457adeb95afd3f5457082d44538", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747402", "to_ids": true, "type": "sha1", "uuid": "ffc059e6-9ffb-4441-a864-1e3c4149fbd5", "value": "691e81a8fa152f68fb8acefe8f59ea41dc995880", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747402", "to_ids": true, "type": "sha256", "uuid": "034f6750-f3ef-488f-bdfe-a167d0958e68", "value": "3247d21bc9bbbd8df670a82e24be754a2d58d2511ee64aff0a1e3756cd288236", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747402", "to_ids": true, "type": "ssdeep", "uuid": "5ce4cfd6-7d74-4b95-9019-ab70690def16", "value": "12288:nYdCH4JBS+PiGOWwoMDdI0CePif+lcIbaN06TDuI3Tq0BnuxVJJEELAa+MZf:n7gM+PiG1wo4vbif+iIbaVT73W74MZf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747402", "to_ids": false, "type": "size-in-bytes", "uuid": "219f1a2d-9203-4485-9b67-3afb1c1ac261", "value": "797184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747402", "to_ids": true, "type": "vhash", "uuid": "e6d6cf21-50f7-4635-8c72-de79b57069d0", "value": "075076655d151d155565z12z7d!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747402", "to_ids": true, "type": "filename", "uuid": "068033a6-d437-4bf5-83d6-e1ea7eb7cc7a", "value": "chrome-passwords.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747402", "to_ids": false, "type": "text", "uuid": "64ca8916-906b-4993-97ae-3d0723ed7844", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:MSIL/Gorf\nVT Total Detection:53/72\nFirst Submission:2017-03-31T05:21:57.000000+00:00\nLast Submission:2024-06-03T13:36:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "ade6b89b-c566-414c-95f3-7817a49a39bd", "Attribute": [ { "category": "Payload delivery", "comment": "NetBios scanner", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "978d6b27-7656-4dc0-a103-cc0f31d30983", "value": "f01a9a2d1e31332ed36c1a4d2839f412", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NetBios scanner", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747424", "to_ids": true, "type": "sha1", "uuid": "348e0a64-c2ec-47c5-bcf2-b521661fbecc", "value": "90da10004c8f6fafdaa2cf18922670a745564f45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NetBios scanner", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747424", "to_ids": true, "type": "sha256", "uuid": "daf4fe37-b572-43f0-a96f-cf04022f5df6", "value": "c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747423", "to_ids": true, "type": "ssdeep", "uuid": "a6f5fb17-45a2-4fb4-8d05-b69e915a81f3", "value": "384:xl+ZbDOfdyXM5ceI8cmoGfOyGPkof7DPzwVkgt+kFab6BCXS2brlszQ:T+4f9I8YCGPkm7GYkEb4CXSwX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747423", "to_ids": false, "type": "size-in-bytes", "uuid": "55d81b9e-f5e0-41a7-be39-247bd2b25fc9", "value": "36864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747423", "to_ids": true, "type": "vhash", "uuid": "be42974d-6262-47ba-a680-f91f711db156", "value": "034036551d1bz22e=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747423", "to_ids": true, "type": "filename", "uuid": "c2cf9e05-1621-4a70-9d7f-4cc7bf85e8bf", "value": "nbtscan.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747423", "to_ids": false, "type": "text", "uuid": "fc745924-f1c8-4efd-8c56-bcc0616b1747", "value": "NetBios scanner\r\nType Description: Win32 EXE\nMicrosoft: HackTool:Win32/Malgent!MSR\nVT Total Detection:38/72\nFirst Submission:2009-02-12T22:19:48.000000+00:00\nLast Submission:2025-05-02T03:25:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "31ad05eb-ff12-46bb-a116-0d2d38dc8bd1", "Attribute": [ { "category": "Payload delivery", "comment": "logs.exe(HecINI loader)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "0177d8fe-3e7a-4bcd-9de6-99a03be486c1", "value": "754a201f853985b0c1c5a96d4637966d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "logs.exe(HecINI loader)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747549", "to_ids": true, "type": "sha1", "uuid": "7e960fcd-e44c-4525-bc4a-0b9321985b67", "value": "12b6c8ab12dc04106e9ac74f790a1145bdb3d844", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "logs.exe(HecINI loader)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747549", "to_ids": true, "type": "sha256", "uuid": "9e5f2c91-6160-4aaa-a6fb-eb8663d928d2", "value": "8b831ee82975d43456ee861115272d3923e17f07a702eb057feeed8ce76ff4ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747549", "to_ids": true, "type": "ssdeep", "uuid": "6a3c2e80-d14c-475d-90ce-eee60c292baf", "value": "384:D+s8bm5AanTGpzPzVdA48sZsIPEKfQsOYL7iVFbj+CW:6s8bm5AACpzPzkZuzs5sOsmV9NW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747549", "to_ids": false, "type": "size-in-bytes", "uuid": "609680ac-5eb1-445f-b83a-1072c4a0d81f", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747549", "to_ids": true, "type": "vhash", "uuid": "df7d44b6-1d63-4c60-b382-bd70b8ac0325", "value": "0240a75d1515151c0d1d1078z1f26=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747549", "to_ids": true, "type": "filename", "uuid": "91712c3c-313c-4fe5-a754-3ee54b90d0a3", "value": "radAF574.tmp.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747549", "to_ids": false, "type": "text", "uuid": "2bfd8c0a-7771-48f9-924f-db666adb1bfa", "value": "logs.exe(HecINI loader)\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Tnega!MSR\nVT Total Detection:56/72\nFirst Submission:2020-03-23T04:22:20.000000+00:00\nLast Submission:2024-08-29T08:23:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981419", "uuid": "a4baa1c4-fced-44fa-ad01-5898813390de", "Attribute": [ { "category": "Payload delivery", "comment": "winsrv.exe(downloader)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981419", "to_ids": true, "type": "md5", "uuid": "468b7108-f05d-4ac1-ac30-3b04ab833679", "value": "d98e9e685460eb427b459e281845d62e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "winsrv.exe(downloader)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747571", "to_ids": true, "type": "sha1", "uuid": "f6df0253-2842-4174-b6fd-847f39338cd4", "value": "63cc6194dd908ff5817ba076d388f78fecd416c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "winsrv.exe(downloader)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747571", "to_ids": true, "type": "sha256", "uuid": "4ec10e7f-f05b-4912-8394-e1f776aeb5a4", "value": "dd18c757309e61a664aec7be70ca6a47f0f3c317dff96f19e73bd2cd3b2f4f12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747570", "to_ids": true, "type": "ssdeep", "uuid": "1024a563-ed9b-4333-b83a-3132aabe587d", "value": "1536:yQn7ZZazKgBLFzKGC3Qmh6nNLDXg2YUXXurUCgtSGDq8kQ+Zge:yQWzBheG+QO6nVcycgzqLQ+Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747570", "to_ids": false, "type": "size-in-bytes", "uuid": "66f72bed-7a47-4674-b4f2-00b36dafb002", "value": "86016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747570", "to_ids": true, "type": "vhash", "uuid": "0600cab3-9758-455b-b644-06372d155165", "value": "084056050d0e0f7bz2vz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747570", "to_ids": true, "type": "filename", "uuid": "6087380f-b133-4c0f-9925-a4a2086de393", "value": "dd18c757309e61a664aec7be70ca6a47f0f3c317dff96f19e73bd2cd3b2f4f12.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747570", "to_ids": false, "type": "text", "uuid": "2ca2e296-aaa9-4a2c-b5f0-d44b41cf36bc", "value": "winsrv.exe(downloader)\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ymacco.AADD\nVT Total Detection:61/72\nFirst Submission:2017-07-23T17:25:24.000000+00:00\nLast Submission:2023-09-22T12:58:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980408", "uuid": "142af850-70c3-427a-adfd-46e54d62bd3a", "Attribute": [ { "category": "Payload delivery", "comment": "Aria-Body loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980408", "to_ids": true, "type": "md5", "uuid": "c2e2cf84-4c8f-4d30-963f-a35f46fb8bea", "value": "119f5b486fd3a6f0e95b541874465836", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Aria-Body loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747613", "to_ids": true, "type": "sha1", "uuid": "f284e196-d0a2-4a0b-9b26-194f9b488d23", "value": "94ec4e7f123cf0b32bb08b490bc9b95e0016dd68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Aria-Body loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747613", "to_ids": true, "type": "sha256", "uuid": "f66243eb-05b6-4587-b931-28aab4c4ece5", "value": "a5a95306e33ee3f4cf658055f3afd08b1cdf1d56687a81a261b5a1a50cf96634", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747612", "to_ids": true, "type": "ssdeep", "uuid": "39c2cd9e-6de2-49f6-8bf8-4d8a941cfb70", "value": "3072:rt+7pWnKOpxqUeSkP+OGqIfN5x1cvNMoY:rt+1WnKQ4UYRsjcFA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747612", "to_ids": false, "type": "size-in-bytes", "uuid": "d10b28b6-9c56-4ac3-a81a-085e1c28bfd8", "value": "129024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747612", "to_ids": true, "type": "vhash", "uuid": "5297e655-063c-4ad5-91dd-e6cd0cfa6ea8", "value": "115056651d65151038z45jz11z3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747612", "to_ids": true, "type": "filename", "uuid": "e431d218-9459-443d-a09c-c7d2c94dcc06", "value": "aross.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747612", "to_ids": false, "type": "text", "uuid": "dc2b406b-299d-4175-adde-6b6bb9a4204e", "value": "Aria-Body loader\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:51/73\nFirst Submission:2021-05-13T18:19:57.000000+00:00\nLast Submission:2022-07-27T10:01:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980429", "uuid": "488ae237-4c6a-4442-8d6a-9ee12e343a06", "Attribute": [ { "category": "Payload delivery", "comment": "Aria-Body loader", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980429", "to_ids": true, "type": "md5", "uuid": "aa60c0dc-d344-430b-95cd-8991764564f5", "value": "367d119cd1aef0d1d2704b462682a731", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Aria-Body loader", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747634", "to_ids": true, "type": "sha1", "uuid": "c6d469ea-be1c-4bde-93b9-5e751caa1d33", "value": "8d8afd8301defb63efb9cedb348ac0f98200221b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Aria-Body loader", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747634", "to_ids": true, "type": "sha256", "uuid": "52e699ad-c39b-4db6-a942-f4859403c4df", "value": "c3ee61690c3d4ca257961b010ffd354720b47f96eb7a42ad2335615081dd40cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747633", "to_ids": true, "type": "ssdeep", "uuid": "c4146ce1-2b5d-419b-a0da-1ea97d3babbb", "value": "1536:oQRw0w+w5a+wzhMcK9T2htadhN2cq8UsWjcdunpe/Xjlj1eTN4SAuhunOuoM7:oh3kSkP+OGqIPekOuoY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747633", "to_ids": false, "type": "size-in-bytes", "uuid": "8f65eac6-f1e0-4ea9-b800-3f1abd099dcd", "value": "129024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747633", "to_ids": true, "type": "vhash", "uuid": "275af4be-c039-4db4-9bd3-d868a8e7f680", "value": "115056651d65151038z45jz11z3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747633", "to_ids": true, "type": "filename", "uuid": "61ec3aeb-ec1d-4742-85f1-581fe1a2ff0e", "value": "aross.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747633", "to_ids": false, "type": "text", "uuid": "5ad5fde7-3d4d-4529-8c0b-b74cade49d38", "value": "Aria-Body loader\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:49/73\nFirst Submission:2021-05-13T18:19:48.000000+00:00\nLast Submission:2021-05-13T18:19:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746980450", "uuid": "0a1aea00-76d7-4f2e-a5ca-83c96c6414b7", "Attribute": [ { "category": "Payload delivery", "comment": "ARO 2012 Tutorial - 8.0.12.0", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746980450", "to_ids": true, "type": "md5", "uuid": "d8de4c60-71d5-48ef-a669-49bdb00e1913", "value": "64ff0a8730472e36e62ce29a20f61529", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ARO 2012 Tutorial - 8.0.12.0", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746747655", "to_ids": true, "type": "sha1", "uuid": "94e6fe98-1541-49e2-bac9-e076b26b528d", "value": "6e8165999acf896e27db0da266a96189efd335e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ARO 2012 Tutorial - 8.0.12.0", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746747656", "to_ids": true, "type": "sha256", "uuid": "81cfee9e-4bd3-4933-a3d5-974cea29cf28", "value": "18a98c2d905a1da1d9d855e86866921e543f4bf8621faea05eb14d8e5b23b60c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746747655", "to_ids": true, "type": "ssdeep", "uuid": "b44f70f2-1324-4343-b700-5aba8271024b", "value": "1536:D/hbA6KVv6j79bI4tlWGUOoIJJevnqvCbl:9b/k4tlLUOoIJJ8qMl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746747655", "to_ids": false, "type": "size-in-bytes", "uuid": "a00a7481-547b-488f-aed2-234213658e06", "value": "71072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746747655", "to_ids": true, "type": "vhash", "uuid": "45359273-e109-491f-b278-edae12a7b9fb", "value": "074046655d151az43!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746747655", "to_ids": true, "type": "filename", "uuid": "5ed7134e-7dc4-43a5-911b-75cc68db31b9", "value": "AROTutorial.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 05/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746747655", "to_ids": false, "type": "text", "uuid": "eda13872-e437-4509-a05a-cf0f9b972ad9", "value": "ARO 2012 Tutorial - 8.0.12.0\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2012-07-12T03:06:33.000000+00:00\nLast Submission:2025-03-28T01:24:52.000000+00:00" } ] } ] } }