{ "Event": { "analysis": "1", "date": "2026-05-14", "extends_uuid": "", "info": "[Threat Intel] Disclosing new PebbleDash-based tools", "protected": false, "publish_timestamp": "1779547430", "published": true, "threat_level_id": "2", "timestamp": "1779547430", "uuid": "0d8d2f88-341b-4ee7-ae73-5113a3f9d3db", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#c295b4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Kimsuky\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Appleseed\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PEBBLEDASH\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778814009", "to_ids": false, "type": "link", "uuid": "56fadcb9-bbad-4992-8b1a-ab3221845c22", "value": "https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778814009", "to_ids": false, "type": "text", "uuid": "bf2f2cc4-4bbc-49b4-be6a-3b6d237a97d8", "value": "Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c..." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778814009", "to_ids": false, "type": "text", "uuid": "9f5e40e3-8fb2-49dc-ae31-f1ba34729a35", "value": "Name: Disclosing new PebbleDash-based tools\nAuthor: AlienVault\nAdversary: Kimsuky\nTags: [\"xrat\", \"vscode tunneling\", \"appleseed\", \"httptroy\", \"kimsuky\", \"spear-phishing\", \"south korea\", \"babyshark\", \"tutrat\", \"coolclient\", \"httpmalice\", \"zichatbot\", \"memload\", \"httpspy\", \"dwagent\", \"valleyrat\", \"happydoor\", \"pebbledash\", \"randomquery\", \"xenorat\", \"troll stealer\", \"hellodoor\"]\nTgtd countries: []\nMlwr families: [\"HelloDoor\", \"httpMalice\", \"MemLoad\", \"httpTroy\", \"AppleSeed - S0622\", \"HappyDoor\", \"BabyShark - S0414\", \"RandomQuery\", \"xRAT\", \"XenoRAT\", \"TutRAT\", \"httpSpy\", \"Troll Stealer\", \"ValleyRAT\", \"CoolClient\", \"ZiChatBot\"]\nAttack_ids: [\"T1053.005\", \"T1113\", \"T1132.001\", \"T1056.001\", \"T1204.002\", \"T1573.001\", \"T1543.003\", \"T1566.001\", \"T1005\", \"T1140\", \"T1219\", \"T1055\", \"T1112\", \"T1041\", \"T1059.001\", \"T1547.001\", \"T1027\", \"T1059.003\", \"T1071.001\", \"T1090.001\"]\nIndustries: [\"Defense\", \"Government\", \"Healthcare\", \"Energy\", \"Manufacturing\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778814009", "to_ids": false, "type": "threat-actor", "uuid": "67d4872e-78d8-40a2-9ebd-82ed37bb3201", "value": "Kimsuky" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003120", "to_ids": true, "type": "hostname", "uuid": "87800878-673c-408f-8d2f-15113e69384b", "value": "female-disorder-beta-metropolitan.trycloudflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003141", "to_ids": true, "type": "url", "uuid": "026ceef9-9dc2-4960-be1b-fcee8a4673c7", "value": "http://female-disorder-beta-metropolitan.trycloudflare.com/index.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003162", "to_ids": true, "type": "hostname", "uuid": "722a8f81-8267-4829-84ab-baebcc2a8f3f", "value": "attach.docucloud.o-r.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003183", "to_ids": true, "type": "hostname", "uuid": "c345e8fc-b8d4-4f63-bfa6-b6e0e5a33040", "value": "load.auraria.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003204", "to_ids": true, "type": "hostname", "uuid": "1281656d-d257-45cb-90b3-6f48d6251e41", "value": "load.ssangyongcne.o-r.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003226", "to_ids": true, "type": "url", "uuid": "672beff3-0c7e-48e8-8424-56f23664673e", "value": "https://www.yespp.co.kr/common/include/code/out.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003247", "to_ids": true, "type": "hostname", "uuid": "fe5958c8-1bae-4063-b52a-3867ade2beb9", "value": "load.erasecloud.n-e.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003269", "to_ids": true, "type": "hostname", "uuid": "9c9416e7-fcb4-44c1-9210-095d7531f2c7", "value": "cms.spaceyou.o-r.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003290", "to_ids": true, "type": "hostname", "uuid": "2e04941d-82b9-40de-9ea0-c99ca5f73b86", "value": "opedromos1.r-e.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547412", "to_ids": true, "type": "md5", "uuid": "fb44f87b-6851-4396-8db1-19c4c027cb6e", "value": "65fc9f06de5603e2c1af9b4f288bb22c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547413", "to_ids": true, "type": "md5", "uuid": "c1dd0a72-1176-49b4-b7aa-7c01a58cb755", "value": "678fb1a87af525c33ba2492552d5c0e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547415", "to_ids": true, "type": "md5", "uuid": "cd7166c5-1bf9-4fd7-842d-b74f4acf8718", "value": "7e0825019d0de0c1c4a1673f94043ddb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547417", "to_ids": true, "type": "md5", "uuid": "67c5e002-b570-43d0-99dc-0fac8d5f8a0c", "value": "94faed9af49c98a89c8acc55e97276c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547419", "to_ids": true, "type": "md5", "uuid": "96d42c1a-cb43-4118-a2bc-b7ec28386cb4", "value": "9ca5f93a732f404bbb2cee848f5bbda0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547421", "to_ids": true, "type": "md5", "uuid": "f14305ca-4a2a-4385-bee8-105fef56040f", "value": "c19aeaedbbfc4e029f7e9bdface495b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547422", "to_ids": true, "type": "md5", "uuid": "6215d46e-255f-4d6f-923f-65c6d53668b7", "value": "f73ba062116ea9f37d072aa41c7f5108", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547424", "to_ids": true, "type": "sha1", "uuid": "3808061d-9716-41af-9256-761d9772bd74", "value": "1e3c50d64110be466c0b4a45222e81d2c9352888", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547426", "to_ids": true, "type": "sha1", "uuid": "ba725600-f5ba-4c04-8718-6fd71f4e960c", "value": "a2940bc167b8400b61db7cd3c08c7e5e3d02a821", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547428", "to_ids": true, "type": "sha1", "uuid": "a7c1bca3-31a9-44d9-a2c6-1d38cdde473e", "value": "bf9252a2fb45be6893dd8870c0bf37e2e1766d61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547429", "to_ids": true, "type": "sha256", "uuid": "7ac66ba1-fa55-434e-bf5a-b5aedec22052", "value": "8779580d97d5a1d9c612cee745a7097483fc1643e38d7c1574670f56bc7abb48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003311", "to_ids": true, "type": "url", "uuid": "f2c656ac-4f25-4c7f-8381-bd2ff987d069", "value": "http://newjo-imd.com/common/include/library/default.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003332", "to_ids": true, "type": "url", "uuid": "71fe02b8-a5fd-4e63-abc3-26d49a38ba79", "value": "https://file.bigcloud.n-e.kr/index.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003353", "to_ids": true, "type": "url", "uuid": "4c67842f-3e76-457d-b461-2c481cd28c21", "value": "https://www.pyrotech.co.kr/common/include/tech/default.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003375", "to_ids": true, "type": "domain", "uuid": "f476ce12-8edf-490c-bd9b-813002145b5a", "value": "newjo-imd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003396", "to_ids": true, "type": "hostname", "uuid": "096699cf-032d-4d12-8985-69fdec76f5c0", "value": "erp.spaceme.p-e.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003417", "to_ids": true, "type": "hostname", "uuid": "c69f962f-850c-4a29-b811-f87cf12b1db6", "value": "file.bigcloud.n-e.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003438", "to_ids": true, "type": "hostname", "uuid": "f3781a61-c276-476e-8e5e-e7f969fc3dd4", "value": "load.supershop.o-r.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003459", "to_ids": true, "type": "hostname", "uuid": "88fc6061-1eb1-4e76-9c18-2456001823d8", "value": "load.yju.o-r.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003481", "to_ids": true, "type": "hostname", "uuid": "9d158f5a-e1aa-4411-9c8e-543ffce93a97", "value": "morames.r-e.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003502", "to_ids": true, "type": "hostname", "uuid": "36c689ad-fd63-4dce-8a96-600876ed7a71", "value": "node484265.dwservice.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003523", "to_ids": true, "type": "hostname", "uuid": "2a9c2efd-562a-49d0-b927-2f8b5a03573a", "value": "node828765.dwservice.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779003544", "to_ids": true, "type": "hostname", "uuid": "5f36567f-45bc-48ae-8bb0-55bc0f06f60b", "value": "node896147.dwservice.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547382", "uuid": "56ce24fd-5cdf-47af-8199-0cc66537dbc5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547381", "to_ids": true, "type": "md5", "uuid": "820aec18-6759-4177-9158-66a85f6b6009", "value": "5c373c2116ab4a615e622f577e22e9be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547382", "to_ids": true, "type": "sha1", "uuid": "a6b29e94-a9cc-4597-95af-12849e2a5238", "value": "ea940cc09b54b9ec060e65d9ccc3a00c3cb00921", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547382", "to_ids": true, "type": "sha256", "uuid": "b554c55c-fa3b-442a-831e-c8b1f22b3a7c", "value": "0845f218a588f7619169787c4db69ce9de0c84143b100400b6476d7289a1c493", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999301", "to_ids": true, "type": "ssdeep", "uuid": "8fa51c7c-1213-40eb-9380-f235951b79a4", "value": "6144:Y5KVAtFaFoGI0fJtnnDeCXhc0pASzJBjo:Y5Ky7aGGVznD7XFLJBjo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999301", "to_ids": false, "type": "size-in-bytes", "uuid": "96dc06a4-a836-4c05-9244-c1d48a6db945", "value": "311296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999301", "to_ids": true, "type": "vhash", "uuid": "c248673e-2f7a-40d5-9b45-238967be1dd7", "value": "135066651d17756510b8z5a?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999301", "to_ids": true, "type": "filename", "uuid": "345c99c5-7338-43c6-98f6-4207b801da94", "value": "version.dll" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999301", "to_ids": false, "type": "text", "uuid": "3f09be00-91ef-4e03-bcd2-bc9033f19bec", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!rfn\nVT Total Detection:55/71\nFirst Submission:2021-09-30T02:19:18.000000+00:00\nLast Submission:2021-09-30T02:19:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547384", "uuid": "a12be197-a9cb-400e-b91c-629d919f57a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547383", "to_ids": true, "type": "md5", "uuid": "c2049cb9-eb43-474a-943f-5123619693f1", "value": "d1ec20144c83bba921243e72c517da5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547384", "to_ids": true, "type": "sha1", "uuid": "9b56d246-1723-4f9d-aeab-b6b41413b324", "value": "3d2ade9aa6a765e12349ae48cdcf78eebc7ea8ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547384", "to_ids": true, "type": "sha256", "uuid": "5c918ef1-9518-4597-a591-d4da01abbd8a", "value": "4ac02dc231f2546ce64335729145db672b5ab01d8943df8a550cc77fc436df14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999323", "to_ids": true, "type": "ssdeep", "uuid": "cdfb6534-5ce5-4060-99f6-2e694e824a66", "value": "98304:QUybuHtRSTbIHXGX4xCO87G4R/tPu8nux20jDkazP2XiAk0uSf9XBYxZ:3ydTb62XC87X/lVnyCXhkEf9RYx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999323", "to_ids": false, "type": "size-in-bytes", "uuid": "37d2f8e2-6caa-4003-b3d7-c0ea9698e105", "value": "6035968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999323", "to_ids": true, "type": "vhash", "uuid": "243389f5-1e1a-4fad-a4e6-b2ccf8f87ce0", "value": "166096050d05050707751019z17z1017z11z13z18z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999323", "to_ids": true, "type": "filename", "uuid": "586bbcbb-41ea-4d77-81c7-cf71bfea043d", "value": "D5DF.tmp" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999323", "to_ids": false, "type": "text", "uuid": "43e1f1bc-51bc-4dd3-89e3-cad2c2fc7099", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:48/71\nFirst Submission:2025-05-16T00:43:44.000000+00:00\nLast Submission:2025-05-16T00:43:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547387", "uuid": "08be4fa6-1625-4798-9f37-8aa532123968", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547386", "to_ids": true, "type": "md5", "uuid": "23a496bb-1bdb-4189-8c57-723acedcda46", "value": "58ac2f65e335922be3f60e57099dc8a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547386", "to_ids": true, "type": "sha1", "uuid": "0edf0dab-11f8-4931-9806-76703f37af14", "value": "415cd98b9353b098382bb1d38dd57a10b9db208e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547387", "to_ids": true, "type": "sha256", "uuid": "e7a70d3e-9316-4443-8404-430cf4c088bd", "value": "2d597c3a726970927b302bf015cec4e37cdc974959cb846dbcb23cdb46386a6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999345", "to_ids": true, "type": "ssdeep", "uuid": "583814e4-fdb4-4752-be8d-d6c88889ef0b", "value": "3072:lTHKaabqGf95AjPWX8i+Pk6+JymGdV0qxo8m0sGuMzVwgY3qsywpYUzKlhzSpmrk:lTa5aWX8i8kFomG30qHsYzVYV4rY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999345", "to_ids": false, "type": "size-in-bytes", "uuid": "a29898df-c60d-4cac-9c4e-4afa0dc3ee63", "value": "251904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999345", "to_ids": true, "type": "vhash", "uuid": "8a2d6f47-c5a9-49b7-a335-b8a73008e89e", "value": "125076655d155515155048z5b3z31z304fz2az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999345", "to_ids": true, "type": "filename", "uuid": "767cccdb-f557-47ba-8bd5-67ac763e85e3", "value": "ltmzcvh.vdvw" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999345", "to_ids": false, "type": "text", "uuid": "4d534881-9ce2-46ad-8726-4e656002a62c", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:47/71\nFirst Submission:2026-01-14T02:18:18.000000+00:00\nLast Submission:2026-01-14T02:18:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547389", "uuid": "6f9ddcc0-43e9-45a1-a191-70d19e2668a8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547389", "to_ids": true, "type": "md5", "uuid": "7b4cdf24-7d7a-42aa-816f-182fae5cbbc3", "value": "9fe43e08c8f446554340f972dac8a68c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547389", "to_ids": true, "type": "sha1", "uuid": "1bae9621-5baf-4d83-b508-16f06b508e16", "value": "30b4a111ca13426054fd46834a9c6583cf344197", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547389", "to_ids": true, "type": "sha256", "uuid": "cae3f996-2f89-4b1b-b769-037f7aa7ae0b", "value": "8b10ac9520a1ef24cf2269ec9ee4554b14d3617051f7650a948a03f534bec0d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999367", "to_ids": true, "type": "ssdeep", "uuid": "9ecc2553-ba03-4d31-a177-5402dcf00f6e", "value": "24576:o/YAQwH7+/YAQwH7YO/YAQwH7x/YAQwH7T/YAQwH7H/YAQwH7q/YAQwH70/YAQwV:VwH7TwH7YDwH7MwH7ewH7qwH7XwH7pwV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999367", "to_ids": false, "type": "size-in-bytes", "uuid": "c18c820f-6bfd-41a5-904a-f41806d1b636", "value": "1043153" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999367", "to_ids": true, "type": "filename", "uuid": "72bd6278-fe21-4ad3-b690-1e23d24243a5", "value": "2026\ub144 \uc0c1\ubc18\uae30 \uad6d\ub0b4\ub300\ud559\uc6d0 \uc11d\uc0ac\uc57c\uac04\uacfc\uc815 \uc704\ud0c1\uad50\uc721\uc0dd \uc120\ubc1c\uad00\ub828 \uc11c\ub958 (1).hwpx.jse" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999367", "to_ids": false, "type": "text", "uuid": "a4979418-968f-4b02-b3c8-762fc8d68616", "value": "Type Description: Text\nMicrosoft: Trojan:JS/Malgent!MSR\nVT Total Detection:30/61\nFirst Submission:2025-12-14T09:53:12.000000+00:00\nLast Submission:2026-02-10T09:03:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547392", "uuid": "db53af69-a903-4981-8bb4-fba655da2d68", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547391", "to_ids": true, "type": "md5", "uuid": "4c613424-69a8-4eaa-abef-313c81e12fa9", "value": "8983ffa6da23e0b99ccc58c17b9788c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547391", "to_ids": true, "type": "sha1", "uuid": "88fdd74a-9dfb-44f5-8e9d-0f39cf0a3295", "value": "01cb397c7f056516be83bef2719925d281a10858", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547392", "to_ids": true, "type": "sha256", "uuid": "e9d300f6-f67e-4de1-9cb5-b57dcdc72c7a", "value": "d0912a47413338a1a79eef767aa33135f1e3ac66dfb6f6d1c8dbec72c892b985", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999389", "to_ids": true, "type": "ssdeep", "uuid": "bac88b41-c056-4e18-a4fb-105ba6b686bd", "value": "98304:ai6rqugxbetxibU56PIYbbeeA0DDumKcT/bPG82i5qDC6KwMpZT+Bm3yQyQyb11p:aLrqhKtkHbh/bPl2i5qDC6KwMpZT+Bm5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999389", "to_ids": false, "type": "size-in-bytes", "uuid": "f3e8d8ee-cef7-4eb6-9a97-95f413444053", "value": "4429824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999389", "to_ids": true, "type": "vhash", "uuid": "de4008e9-9f38-4df7-82b8-164ace70110d", "value": "046076655d755515555az55!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999389", "to_ids": true, "type": "filename", "uuid": "144c02d9-fe05-435f-b643-232b5e987b59", "value": "zqdtx.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999389", "to_ids": false, "type": "text", "uuid": "8ef652fb-e2eb-4a89-b1c9-a3fd404eb811", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:51/71\nFirst Submission:2026-02-23T06:41:06.000000+00:00\nLast Submission:2026-02-23T19:18:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547394", "uuid": "ad2a7746-af03-41bb-b023-4597df434d5f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547394", "to_ids": true, "type": "md5", "uuid": "62c985b4-50ee-4786-a971-360190994df0", "value": "08160acf08fccecde7b34090db18b321", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547394", "to_ids": true, "type": "sha1", "uuid": "ca8815bd-39ee-4202-b82a-51ff5df63519", "value": "df226a702fee389e2186daa405069a3975a44ae7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547394", "to_ids": true, "type": "sha256", "uuid": "ebc95f81-8e28-4d93-af5b-536fd26a88d4", "value": "23420100260cc80055fbf02f4464212278c0e71a4387537771f3fb50f2f891e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999411", "to_ids": true, "type": "ssdeep", "uuid": "e15cf3d5-d773-430b-b6da-86f4155ed682", "value": "196608:o79KQkgfgW7klAH90GBuvuzns+qf1XMZ/Zoz:o79Vkgonzwum7cEZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999411", "to_ids": false, "type": "size-in-bytes", "uuid": "ec88952f-eeb4-4f67-9e2a-768f5d8ea0a8", "value": "8531968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999411", "to_ids": true, "type": "vhash", "uuid": "8ef5f8a6-4ba6-4b67-a7bd-ef42064af23f", "value": "1860a6050d0505060d177098z63nz1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999411", "to_ids": true, "type": "filename", "uuid": "f20cded5-f009-4af6-b7ae-489ed21fd892", "value": "zgsix.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999411", "to_ids": false, "type": "text", "uuid": "5065d229-2fbc-4a74-99c3-d1c08e502b8f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:53/71\nFirst Submission:2025-12-15T04:20:36.000000+00:00\nLast Submission:2025-12-15T04:20:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547397", "uuid": "986c3318-c26e-4b57-b2b0-f51527afdff4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547396", "to_ids": true, "type": "md5", "uuid": "e4368911-2c5c-45b5-9ef5-d1ee06af9234", "value": "52f1ff082e981cbdfd1f045c6021c63f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547397", "to_ids": true, "type": "sha1", "uuid": "9316c80f-7a99-4485-a690-02a3ec8e2d07", "value": "be85ab350916ab4d95048ebc50e748d75d959b6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547397", "to_ids": true, "type": "sha256", "uuid": "d1cee99e-2797-4dc7-865e-0c6daf2c3cd8", "value": "59eb093c10f11f612b8dadab258285aa2020219a0b86d65a5c890c214434809e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999432", "to_ids": true, "type": "ssdeep", "uuid": "405f2247-4bd5-4e0b-975f-85e4f08dae8e", "value": "49152:fAuW+sJS1VL0N830DKNrwH7Y0AuW+sJS1VL0N830DKN3RWtSZt56ex3V1HyX3FXW:6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999432", "to_ids": false, "type": "size-in-bytes", "uuid": "7d91f50b-386a-4f52-9faa-25df43753b34", "value": "19481809" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999432", "to_ids": true, "type": "filename", "uuid": "e31c8eb4-3f1e-4a7b-a973-2e89710781ac", "value": "2026\ub144 \uc0c1\ubc18\uae30 \uad6d\ub0b4\ub300\ud559\uc6d0 \uc11d\uc0ac\uc57c\uac04\uacfc\uc815 \uc704\ud0c1\uad50\uc721\uc0dd \uc120\ubc1c\uad00\ub828 \uc11c\ub958.hwpx.jse" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999432", "to_ids": false, "type": "text", "uuid": "9398991a-99a8-4b9d-9664-2e70ae84cba0", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:12/61\nFirst Submission:2025-12-14T08:11:46.000000+00:00\nLast Submission:2026-02-06T15:38:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547399", "uuid": "b84508cf-294b-43a2-8ed4-3424ecafb3e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547399", "to_ids": true, "type": "md5", "uuid": "a85860a5-7566-452f-82a1-e6b55f4f8a4d", "value": "8e15c4d4f71bdd9dbc48cd2cabc87806", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547399", "to_ids": true, "type": "sha1", "uuid": "003b5e12-cf9f-4d54-bb14-26a27f5ba268", "value": "13e2753bbebf5180b6fba4b234d9a08c953c0e01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547399", "to_ids": true, "type": "sha256", "uuid": "2b96e30b-b7e2-4266-ad84-96cbcc577480", "value": "38537c172dec2b985bd7e81d8a8aae7d760896cc2baf7ab25fff7ba9c4c36d3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999517", "to_ids": true, "type": "ssdeep", "uuid": "7a8abf03-dff9-4c9b-ad9f-f8390a65bb4c", "value": "49152:wutc7uWGl5bweAB9yXNP+MFhSbl4vRfIvrespuHPQJLLsG98K1xhkJp189pSljwf:w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999517", "to_ids": false, "type": "size-in-bytes", "uuid": "cfc8c9c0-456c-4e02-9fb8-29998a679bc3", "value": "58599609" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999517", "to_ids": true, "type": "filename", "uuid": "a204871d-409d-43f7-aff9-189f008226a2", "value": "38537c172dec2b985bd7e81d8a8aae7d760896cc2baf7ab25fff7ba9c4c36d3e.jse" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999517", "to_ids": false, "type": "text", "uuid": "4cb1b22b-0286-4d53-8ebb-67acf9ab2018", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:8/61\nFirst Submission:2026-01-28T12:20:12.000000+00:00\nLast Submission:2026-01-28T12:20:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547402", "uuid": "c1d05c59-dfc8-4c9e-8898-ef5876468450", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547401", "to_ids": true, "type": "md5", "uuid": "2fb9d50c-2621-4388-8ad7-c9e9a9d8e23a", "value": "995a0a49ae4b244928b3f67e2bfd7a6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547402", "to_ids": true, "type": "sha1", "uuid": "4499b7e9-6b07-4a09-bbe4-67ce507c5408", "value": "426089f3348abd9ae4d8a4844e9c44cd783d1d77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547402", "to_ids": true, "type": "sha256", "uuid": "17d650c2-4ee1-4f5b-882d-2c1c4e79f5cd", "value": "db284cc9b6536ab6f956a45ce9e5905716c7547f5e8dc572dc07aa125d27819e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999561", "to_ids": true, "type": "ssdeep", "uuid": "b8848b98-4341-4a29-acfb-578e1a4cb09c", "value": "49152:6eZfKj6FO6P0W3VP+vhpeIPqIJ+ZT9FYQFknT2RIJ3sgN/zxtA1AigeZfKj6FO6C:8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999561", "to_ids": false, "type": "size-in-bytes", "uuid": "75c8447f-1ffa-495b-ab72-82be3a98e956", "value": "25456180" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999561", "to_ids": false, "type": "text", "uuid": "990326cb-e562-4e06-bcf5-65cfe3bfa637", "value": "Type Description: JavaScript\nMicrosoft: None\nVT Total Detection:9/61\nFirst Submission:2025-08-28T08:26:22.000000+00:00\nLast Submission:2025-08-28T08:26:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547405", "uuid": "f11fa659-7e32-4419-a6a5-d8809fdb2dd1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547404", "to_ids": true, "type": "md5", "uuid": "eafcb7df-3797-4abf-8ed1-0ea9bb9cb0c7", "value": "a7f0a18ac87e982d6f32f7a715e12532", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547404", "to_ids": true, "type": "sha1", "uuid": "cf596670-2409-4f7f-a498-b3c2154e7b70", "value": "b145b873625c1333e61c1254cfcb65ef918739ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547405", "to_ids": true, "type": "sha256", "uuid": "643d12cd-69af-41e2-82b4-6fe0511177f8", "value": "410a58e4799e7af4408ab5ba917d93c5f5a4477e11b6fca6f6c4c4e0679f761b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999604", "to_ids": true, "type": "ssdeep", "uuid": "60fffcfd-4e24-4605-9934-a0522b101ac7", "value": "6144:FKySbkfEOP3qJfQTISi2IVmImKUvsVMlzohvh2zHMzTy1:AoE4qJoTIBbVVOldoKHf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999604", "to_ids": false, "type": "size-in-bytes", "uuid": "d95f9582-6ee2-498d-8ffa-1e15c185b302", "value": "485888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999604", "to_ids": true, "type": "vhash", "uuid": "1a754212-5730-4049-b67e-1a912b608540", "value": "14507e6e5e1e5e5e6e50b8z5b?z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999604", "to_ids": true, "type": "filename", "uuid": "4c8fb33a-ec7f-4cf3-a3cd-13c7cc0e6e68", "value": "4osyrcxt.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999604", "to_ids": false, "type": "text", "uuid": "8d1244e9-9628-45ce-b581-a32ebb649bb2", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:43/71\nFirst Submission:2022-11-23T15:46:36.000000+00:00\nLast Submission:2022-11-23T15:46:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547407", "uuid": "609fd3d5-361d-49f8-bcb8-98c2868ae9c8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547406", "to_ids": true, "type": "md5", "uuid": "1f6eab98-7ef0-4121-a72a-58ba5413695c", "value": "c42ae004badddd3017adadbdd1421e00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547407", "to_ids": true, "type": "sha1", "uuid": "bb0748ca-3bd1-48d2-97c6-45c75643c3b0", "value": "51b208cac103dc28cdbee14b18021ccd85a6e063", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547407", "to_ids": true, "type": "sha256", "uuid": "47860ae1-308d-4bf0-aa3a-a4e0440ccfe0", "value": "62aac86f38f26700cf534c0a316d31882ffb74488bd1d87a3caeef604fc3a124", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999647", "to_ids": true, "type": "ssdeep", "uuid": "838a8f18-9d4e-49ff-8d0c-7079fc2a4eb8", "value": "98304:qM4pvQsvoI2YBx0ZV4e8YL12tXGxI+KjitG0Bp8/qPV:qMUvQsQqBxmae86Et2eH+tl8/8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999647", "to_ids": false, "type": "size-in-bytes", "uuid": "0def262f-a3ba-4a95-9394-0e4915b0bb36", "value": "4768256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999647", "to_ids": true, "type": "vhash", "uuid": "72fd9059-d233-41f7-b50c-81ad576fcc42", "value": "146076055d050707755013z13z13z13z1011z1013z15z16z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999647", "to_ids": true, "type": "filename", "uuid": "3b7f7cfb-17f1-4520-9947-53b13665923f", "value": "y30gqv23i.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999647", "to_ids": false, "type": "text", "uuid": "f65108d3-4903-41e4-aac2-71a42d8d0525", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:45/71\nFirst Submission:2025-08-28T08:37:08.000000+00:00\nLast Submission:2025-08-28T08:37:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547410", "uuid": "06aea810-89ea-40ee-862f-20844b457507", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547409", "to_ids": true, "type": "md5", "uuid": "89cb8eca-9e3d-4828-9eff-1e8d1f874278", "value": "f4465403f9693939fe9c439f0ab33610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547409", "to_ids": true, "type": "sha1", "uuid": "e4a0cc16-7a11-4175-ae12-bab27d4bac28", "value": "dcc95dba4433867edb00898e59ffe171d4cb07bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547410", "to_ids": true, "type": "sha256", "uuid": "6818644c-9971-48f3-afb8-81fed9121ca9", "value": "929dbf16ee3a1b088d09dac820058c02d639b45912b02b334384754d073a581f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999669", "to_ids": true, "type": "ssdeep", "uuid": "7655e153-9089-4068-9ea4-1a0f59707217", "value": "6144:aZEegG/DP1xTLTIJicJeYcqIbswj1YOj:apg8tx3TNcJEqQsDOj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999669", "to_ids": false, "type": "size-in-bytes", "uuid": "a9dd9849-aa2b-4b59-bfc1-0a62da8b3c83", "value": "242688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999669", "to_ids": true, "type": "vhash", "uuid": "fd9f1940-1433-4f3d-84a8-1c645cd27b08", "value": "125066655d1775655048z57?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999669", "to_ids": true, "type": "filename", "uuid": "5d3f146e-289e-4867-893d-29ae97682311", "value": "xy7z5tr.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999669", "to_ids": false, "type": "text", "uuid": "674d01e2-f1f0-4949-9222-aba96f78cddb", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:55/71\nFirst Submission:2024-05-19T09:19:02.000000+00:00\nLast Submission:2024-05-19T09:19:02.000000+00:00" } ] } ] } }