{ "Event": { "analysis": "1", "date": "2026-03-26", "extends_uuid": "", "info": "[Threat Intel] Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities", "protected": false, "publish_timestamp": "1775900428", "published": true, "threat_level_id": "2", "timestamp": "1775900427", "uuid": "148c3a8d-3a3f-4ebd-a8bb-c8635ea3dcdb", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#0c8fe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Email Collection - T1114.001\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#e1210d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Mark-of-the-Web Bypass - T1553.005\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#e43954", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#91afc2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Component Object Model Hijacking - T1546.015\"", "relationship_type": "" }, { "colour": "#e2a873", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steganography - T1027.003\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#98f3da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": "" }, { "colour": "#0add7f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": "" }, { "colour": "#9f5dac", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": "" }, { "colour": "#04e23c", "local": false, "name": "misp-galaxy:target-information=\"Slovakia\"", "relationship_type": "" }, { "colour": "#c62adc", "local": false, "name": "misp-galaxy:target-information=\"Slovenia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GONEPOSTAL\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GRUNT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Maritime\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Political party\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Railway\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609224", "to_ids": false, "type": "link", "uuid": "38550e0c-37ba-4150-9b33-c0552ef11825", "value": "https://www.trendmicro.com/en_us/research/26/c/pawn-storm-targets-govt-infra.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609224", "to_ids": false, "type": "link", "uuid": "17bf47da-805b-4d0b-a4db-c42517156069", "value": "https://documents.trendmicro.com/assets/txt/Pawn%20Storm%20Deploys%20PRISMA%20IOCs-xQ48S7H.txt" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1774609224", "to_ids": false, "type": "text", "uuid": "5da64e4e-23b0-476d-ba36-2c02c536cb9e", "value": "The Russian-aligned cyber espionage group Pawn Storm has launched a new campaign using the PRISMEX malware suite to target Ukrainian defense and Western military aid infrastructure. The campaign exploits vulnerabilities CVE-2026-21509 and CVE-2026-21513, using advanced steganography, COM hijacking, and cloud service abuse for command and control. PRISMEX components include a dropper, steganography loader, and Covenant Grunt implant. The attacks focus on compromising the Ukrainian defense supply chain, including military allies, meteorological data providers, and transport hubs. The campaign demonstrates Pawn Storm's continued aggression and ability to rapidly weaponize vulnerabilities, posing a significant threat to government and critical infrastructure entities in Central and Eastern Europe." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1774609224", "to_ids": false, "type": "text", "uuid": "018e78cd-4a8c-4012-abd5-35e102cf1379", "value": "Name: Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities\nAuthor: AlienVault\nAdversary: Pawn Storm\nTags: [\"prismex\", \"prismexstager\", \"nato\", \"notdoor\", \"cve-2026-21509\", \"apt28\", \"critical infrastructure\", \"minidoor\", \"prismexloader\", \"cve-2026-21513\", \"ukraine\", \"supply chain\", \"prismexdrop\", \"steganography\"]\nTgtd countries: [\"Ukraine\", \"Poland\", \"Romania\", \"Slovakia\", \"Slovenia\"]\nMlwr families: [\"PRISMEX\", \"PrismexDrop\", \"PrismexLoader\", \"PrismexStager\", \"MiniDoor\", \"NotDoor\"]\nAttack_ids: [\"T1053.005\", \"T1114.001\", \"T1566.001\", \"T1055\", \"T1553.005\", \"T1102\", \"T1059.001\", \"T1562.001\", \"T1546.015\", \"T1027.003\", \"T1071.001\", \"T1059.005\", \"T1574.002\", \"T1204.001\", \"T1048.003\"]\nIndustries: [\"Government\", \"Defense\", \"Energy\", \"Transportation\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1775879017", "to_ids": false, "type": "threat-actor", "uuid": "99dcfbc0-ed9c-4987-af15-f497a8ed044d", "value": "Pawn Storm", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885678", "to_ids": true, "type": "domain", "uuid": "145aec18-2a24-4776-9017-b7971eaf2112", "value": "wellnesscaremed.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885699", "to_ids": true, "type": "hostname", "uuid": "ebb743cc-144c-47fd-94e2-429a9e66a81e", "value": "document.script.open", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885720", "to_ids": true, "type": "hostname", "uuid": "e18f3e1c-9e97-4943-b54b-1b2d41e43dc6", "value": "egest.filen.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885742", "to_ids": true, "type": "hostname", "uuid": "5a090d2c-d20d-42ae-ad3a-daaf954acf9e", "value": "gateway.filen-1.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885763", "to_ids": true, "type": "hostname", "uuid": "88c0fd8f-8d62-4a98-89dd-0c769e339af1", "value": "gateway.filen-6.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885784", "to_ids": true, "type": "hostname", "uuid": "66203c66-7312-448e-98df-cad31df1f793", "value": "gateway.filen.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885805", "to_ids": true, "type": "hostname", "uuid": "804e3914-aa5f-4edc-b390-f705cb196a73", "value": "gateway.filen.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885827", "to_ids": true, "type": "hostname", "uuid": "f894c6f3-6171-43a6-801f-82b1751fc980", "value": "ingest.filen.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884360", "to_ids": true, "type": "sha256", "uuid": "094d5fae-3743-41bf-b574-442dfa8a7558", "value": "15b99e8b30ce0b57fe030243aa795b74b0d7dcd773f28f677f629f132bce1ff8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884361", "to_ids": true, "type": "sha256", "uuid": "b4d9568a-c81c-41ae-9869-3788cd9c0959", "value": "1d27a5ca6703f6e757d30adc8d4d703c2e99316d1eaaaf5c68635c47e8e0396e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884361", "to_ids": true, "type": "sha256", "uuid": "ba785edb-7512-4282-afeb-79d497802a6a", "value": "3b411e9f282ba97feb56cb5a8bf3e9a1d1e9a5f8406e72213dfb140166a54012", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884363", "to_ids": true, "type": "sha256", "uuid": "10d221a6-3fd1-4a61-8679-a573ad0af155", "value": "7ccf7e8050c66eed69f35159042d8043032f8afe48ae1f51fce75ce2c51395f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884364", "to_ids": true, "type": "sha256", "uuid": "dc2177ed-5795-47af-8f98-fb36ea5d34b2", "value": "8438a4cd675c81cefd6a8d96b9e48b2730cc9086b4c531883f966a8818cccbef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884365", "to_ids": true, "type": "sha256", "uuid": "e4996cb1-0738-47f1-b3b9-f222f3c527b5", "value": "84464879c2ced71ff6a30277252af70a20e18c563b8e45f4a92e004f41fe3e01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884366", "to_ids": true, "type": "sha256", "uuid": "5f05a438-6153-4138-aac6-6f3a523891c3", "value": "8858ee314c4db60a3f097ede38cbe64ce4e4b1e67041bad1e0580953011dfec1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884367", "to_ids": true, "type": "sha256", "uuid": "bdd8cd06-69c9-4328-b883-235989b13d11", "value": "968756e62052f9af80934b599994addbab29f8dc2615c47cda512bae48771019", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884368", "to_ids": true, "type": "sha256", "uuid": "bae754ba-e837-4c4a-a43a-4eb6eee62245", "value": "9dad95985eea3b299c387e663a6edfbbf057cc634f2ca99c410238480bcd4e17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884369", "to_ids": true, "type": "sha256", "uuid": "6c3f8898-cbdd-474b-ba1e-436307d0a57d", "value": "b7342b03d7642c894ebad639b9b53fd851d7958298f454283c18748051946585", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884369", "to_ids": true, "type": "sha256", "uuid": "392a87b6-c7f0-4264-9ea7-0c62c461b96e", "value": "c4389cc34b672c4f885547f413bf38575e6ee2b23a0ddfdd306a69c1775db6fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884370", "to_ids": true, "type": "sha256", "uuid": "2fa787f6-212a-4355-96cd-6c0967378010", "value": "d213b5079462e737eb940ac46c59e386eb6ca7f8decc95a594b3d8f3b6940010", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884371", "to_ids": true, "type": "sha256", "uuid": "05355710-e576-4f24-ba8b-78ab467ea398", "value": "d6b75d496e28692dd02c6336ac5c5a42ac88da7ad315d3e508963cf8d46926b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884371", "to_ids": true, "type": "sha256", "uuid": "b5d1c3c7-c99e-4249-986d-1a021d4edcb5", "value": "e792adf4dff54faca5b9f5b32c1a2df3a6a955e722f1be8df2451c03ed940e41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884372", "to_ids": true, "type": "sha256", "uuid": "0e36061a-0eb9-47e0-9b56-2957fadc9a5b", "value": "eb187ff574ab25dffa12dd05ff5f9716f4fc489e2de457c4a50aa0d3cb0f1479", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884373", "to_ids": true, "type": "sha256", "uuid": "c5605d88-b330-4bc7-82f7-df62e0edaffe", "value": "eec4122a1262579806888d8a6a215b333d5e4eec600b5caba91e187b7b468e22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885848", "to_ids": true, "type": "ip-dst", "uuid": "a4fc459a-47ff-4cb8-919b-50f92b44af7d", "value": "193.187.148.169", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885869", "to_ids": true, "type": "ip-dst", "uuid": "0ad02edc-279d-416f-9d68-62ebb4b5b329", "value": "23.227.202.14", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885890", "to_ids": true, "type": "ip-dst", "uuid": "bfd68d63-c1b5-4bcc-aed2-fedca0e9d6db", "value": "72.62.185.31", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885912", "to_ids": true, "type": "domain", "uuid": "0107e6c1-c934-4c5e-99a7-9585a18c3b5f", "value": "freefoodaid.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885933", "to_ids": true, "type": "domain", "uuid": "65a8fa44-3050-4755-a712-cc440b4ca6a0", "value": "longsauce.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885954", "to_ids": true, "type": "domain", "uuid": "0fbd82b9-8180-453f-b794-ac68d9335104", "value": "wellnessmedcare.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609225", "to_ids": true, "type": "email-src", "uuid": "e8e329cd-22f8-435a-a026-425a2e7a4424", "value": "a.matti444@proton.me" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609225", "to_ids": true, "type": "email-src", "uuid": "ceae7712-1904-4964-b2a8-8f8fc5d6453c", "value": "dubravka.jovanovic2024@proton.me" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609225", "to_ids": true, "type": "email-src", "uuid": "50c3c0d2-b3f5-44ec-ba9a-c28a8b2d6819", "value": "teoabarquero@tutamail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609225", "to_ids": true, "type": "email-src", "uuid": "c3cf5acb-52df-470c-bdb5-c49e1666971c", "value": "uffetroelsen@atomicmail.io" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885976", "to_ids": true, "type": "hostname", "uuid": "047e8bad-3a51-4a83-99ce-7d1a2e5aab36", "value": "910cf351-a05d-4f67-ab8e-6f62cfa8e26d.dnshook.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775885998", "to_ids": true, "type": "hostname", "uuid": "9b4541a0-e652-4bb4-b7f6-a3eae2a2e0e8", "value": "dbca10b5-63e0-42ec-ad10-de13be96dc42.dnshook.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886019", "to_ids": true, "type": "hostname", "uuid": "57517e2a-150f-4466-9c51-144312578c01", "value": "egest.filen-1.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886040", "to_ids": true, "type": "hostname", "uuid": "3eb5265a-32da-4148-8285-490803bcbd69", "value": "egest.filen-2.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886062", "to_ids": true, "type": "hostname", "uuid": "20e7fe9e-0b93-492d-9d60-0e1b6c49728d", "value": "egest.filen-3.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886083", "to_ids": true, "type": "hostname", "uuid": "3af2ae3e-02f9-41ef-8a73-7ba057d0104c", "value": "egest.filen-4.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886105", "to_ids": true, "type": "hostname", "uuid": "d1d96593-4ae6-4f1f-b516-6850a2cbdcf3", "value": "egest.filen-5.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886126", "to_ids": true, "type": "hostname", "uuid": "1c87ed0f-a8c3-4b4e-a6ec-bbb7a921dd4f", "value": "egest.filen-6.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886147", "to_ids": true, "type": "hostname", "uuid": "2eec629d-ec0c-4848-afb0-92af786558ed", "value": "egest.filen.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886168", "to_ids": true, "type": "hostname", "uuid": "899dee9b-33e6-4264-908c-9a22389ecb2b", "value": "gateway.filen-2.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886190", "to_ids": true, "type": "hostname", "uuid": "0c209599-cff6-4cd2-9333-853c05cc4538", "value": "gateway.filen-3.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886211", "to_ids": true, "type": "hostname", "uuid": "0945683e-95df-414d-922f-f1771217873c", "value": "gateway.filen-4.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886232", "to_ids": true, "type": "hostname", "uuid": "5df5796b-86e3-466d-884f-f0f9eba9a8a5", "value": "gateway.filen-5.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886253", "to_ids": true, "type": "hostname", "uuid": "347cffe4-0b72-4b0d-a788-f43868391b6b", "value": "ingest.filen-1.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886275", "to_ids": true, "type": "hostname", "uuid": "48bf1849-4680-4b1f-8aa3-4ac6645465d3", "value": "ingest.filen-2.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886296", "to_ids": true, "type": "hostname", "uuid": "2e97489f-de00-4453-bba1-6ac0bd5d4132", "value": "ingest.filen-3.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886317", "to_ids": true, "type": "hostname", "uuid": "e5ad704e-e510-4826-a545-de58c5f45a15", "value": "ingest.filen-4.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886338", "to_ids": true, "type": "hostname", "uuid": "9240243b-dbf0-41b9-950e-4f04a258e0ea", "value": "ingest.filen-5.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886359", "to_ids": true, "type": "hostname", "uuid": "f3473a8c-b7e7-406b-ac4c-c9c1b22d6499", "value": "ingest.filen-6.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886381", "to_ids": true, "type": "hostname", "uuid": "8fb8877e-8b5c-4c5d-a5a6-0cfe2948df71", "value": "ingest.filen.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884374", "to_ids": true, "type": "sha256", "uuid": "60512fc2-9db5-4049-beed-f24fd4d45204", "value": "8b0ab7f7f48bf847c3af570da7dd3e26eda9e4c4ab38c492b1b798294d7f53a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886402", "to_ids": true, "type": "domain", "uuid": "d4c4cff8-fd10-4277-afcd-0f3580e8aa17", "value": "filen.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886423", "to_ids": true, "type": "url", "uuid": "6cffbc6d-4fcf-4d85-bf98-d0aa47f07593", "value": "http://webhook.site/910cf351-a05d-4f67-ab8e-6f62cfa8e26d?$env:USERNAME", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886445", "to_ids": true, "type": "url", "uuid": "cb950455-7109-4752-9cbf-d4ff54d24620", "value": "https://3008.filemail.com/api/file/get?filekey=6ir3NT7t9kNXSp3-IGKKYKDgHqEgyNauI3V4UhsSHWFdjK8qOr8rzQJ63avm4g", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886466", "to_ids": true, "type": "url", "uuid": "123b9868-a924-4752-b6ec-845b005bee19", "value": "https://gateway.filen.io", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886487", "to_ids": true, "type": "url", "uuid": "bea0deec-b6ef-4afd-b36e-cef9acdc91cc", "value": "https://gateway.filen.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886508", "to_ids": true, "type": "url", "uuid": "92b76e63-b1d7-47c2-ae1a-fcdf1d4e64ac", "value": "https://gateway.filen-1.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886529", "to_ids": true, "type": "url", "uuid": "56d5a2b5-76d2-452f-abd5-562be3bf4813", "value": "https://gateway.filen-2.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886550", "to_ids": true, "type": "url", "uuid": "e150351a-afb8-47ad-b3f8-442bd15e4700", "value": "https://gateway.filen-3.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886571", "to_ids": true, "type": "url", "uuid": "d87b8939-5661-4fdc-adf4-5bd11feafd86", "value": "https://gateway.filen-4.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886592", "to_ids": true, "type": "url", "uuid": "c2630f4a-97a5-46be-97b7-c9ad95c02ba2", "value": "https://gateway.filen-5.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886613", "to_ids": true, "type": "url", "uuid": "35297e43-dc39-4a33-945e-f81caab7a6c7", "value": "https://gateway.filen-6.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886634", "to_ids": true, "type": "url", "uuid": "37766eb8-1f73-409c-b963-f2ec99890727", "value": "https://egest.filen.io", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886655", "to_ids": true, "type": "url", "uuid": "edabb679-e0f3-4e2e-a9c9-27d632c09c69", "value": "https://egest.filen.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886675", "to_ids": true, "type": "url", "uuid": "8aaeacd4-542d-4897-94d7-ea1c24a14852", "value": "https://egest.filen-1.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886696", "to_ids": true, "type": "url", "uuid": "d2ffdf1e-9961-4334-9ddb-8d54511b0171", "value": "https://egest.filen-2.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886717", "to_ids": true, "type": "url", "uuid": "707f5707-530d-48ac-ac61-ed7e359cf6ae", "value": "https://egest.filen-3.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886738", "to_ids": true, "type": "url", "uuid": "1e312ffa-0ad0-464f-a600-57208afb48f0", "value": "https://egest.filen-4.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886759", "to_ids": true, "type": "url", "uuid": "05f6f526-56f3-4278-afdf-32240c32ca39", "value": "https://egest.filen-5.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886780", "to_ids": true, "type": "url", "uuid": "b5813bd3-4946-47a3-8aa9-a1d0fc1bb8e3", "value": "https://egest.filen-6.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886801", "to_ids": true, "type": "url", "uuid": "086d2993-98a9-47d4-8d54-9bbd10680bd5", "value": "https://ingest.filen.io", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886822", "to_ids": true, "type": "url", "uuid": "0c908640-0ed9-4216-9e41-6c19f553404e", "value": "https://ingest.filen.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886843", "to_ids": true, "type": "url", "uuid": "f4db7055-3086-4539-af6c-550353c38326", "value": "https://ingest.filen-1.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886864", "to_ids": true, "type": "url", "uuid": "71569403-8727-4507-a770-467675bd6be2", "value": "https://ingest.filen-2.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886885", "to_ids": true, "type": "url", "uuid": "7bbac8a5-716a-48c5-a545-74f447933489", "value": "https://ingest.filen-3.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886906", "to_ids": true, "type": "url", "uuid": "596a253b-f23a-4dc3-8d03-1e05ad18802a", "value": "https://ingest.filen-4.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886927", "to_ids": true, "type": "url", "uuid": "39d9e815-32fe-428b-acd0-9e44aeee68e3", "value": "https://ingest.filen-5.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886948", "to_ids": true, "type": "url", "uuid": "de20a7ac-e451-472a-b927-673dfcf383d9", "value": "https://ingest.filen-6.net", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886969", "to_ids": true, "type": "url", "uuid": "cf24fc1b-4eb6-47ef-8d81-056ed41bb3c9", "value": "file://wellnessmedcare.org@ssl/cz/Downloads/document.LnK?init=1", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775886990", "to_ids": true, "type": "url", "uuid": "4ae5aebd-988d-4642-9392-1095f798ac03", "value": "file://wellnessmedcare.org/davwwwroot/cz/Downloads/document.LnK?init=1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775887011", "to_ids": true, "type": "url", "uuid": "1050e01f-b85f-47d8-a13c-246e3d50f1a5", "value": "file://wellnesscaremed.com@ssl/buch/Downloads/document.doc.LnK?init=1", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775887033", "to_ids": true, "type": "url", "uuid": "36987abd-8e1e-4fcf-afc7-159d76f45b7e", "value": "file://wellnesscaremed.com/buch/Downloads/document.doc.LnK?init=1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775887055", "to_ids": true, "type": "url", "uuid": "ddc93a0a-4f47-4a60-83b3-620220a3a32f", "value": "file://freefoodaid.com@80/documents/2_2.lNk?init=1", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775887076", "to_ids": true, "type": "url", "uuid": "5de3c264-d54f-4fc2-99c6-a13ec239bc98", "value": "file://freefoodaid.com/davwwwroot/documents/2_2.lNk?init=1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775887097", "to_ids": true, "type": "url", "uuid": "cc6b579b-fcbf-4b88-9583-b7d9cbfc4de0", "value": "file://wellnesscaremed.com@ssl/venezia/Favorites/document.doc.LnK?init=1", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775887118", "to_ids": true, "type": "url", "uuid": "05786e1e-d4be-4df8-8a53-41246bfbc9a3", "value": "file://wellnesscaremed.com/venezia/Favorites/document.doc.LnK?init=1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775887139", "to_ids": true, "type": "url", "uuid": "d86e3e96-5f18-4e61-bda2-3f2ff509d5d7", "value": "file://wellnessmedcare.org@ssl/pol/Downloads/document.LnK?init=1", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775879184", "to_ids": false, "type": "vulnerability", "uuid": "8e9d512a-2160-4a82-924b-a9e29a473549", "value": "CVE-2026-21509" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775879184", "to_ids": false, "type": "vulnerability", "uuid": "8af46457-a4e1-49d7-bf25-99c55aca0665", "value": "CVE-2026-21513" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775887160", "to_ids": true, "type": "url", "uuid": "532be13f-2a50-40c9-bd58-4db76a1b7772", "value": "file://wellnessmedcare.org/davwwwroot/pol/Downloads/document.LnK?init=1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887181", "uuid": "e72ca9e3-8128-46bc-b3ae-0a471c0e36ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887181", "to_ids": true, "type": "md5", "uuid": "6425ef4b-68df-4d3f-a038-982ca64795b6", "value": "5bd25498c247083954eb47acbd199ee7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884291", "to_ids": true, "type": "sha1", "uuid": "a805d1a9-b4f5-41a0-bb25-f9a8538d3be8", "value": "9bfbd8e440c2b7bc43bcfa446cf3d7a19023de9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884291", "to_ids": true, "type": "sha256", "uuid": "f6344c9d-6cf4-4307-afc8-7b8bb4aca47d", "value": "aefd15e3c395edd16ede7685c6e97ca0350a702ee7c8585274b457166e86b1fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882078", "to_ids": true, "type": "ssdeep", "uuid": "f10171ed-b00e-4f39-b2e5-df2a6f899ec6", "value": "48:8HmQNBEEzdS166jUsMBYERzja0f6qZa4tmmXzpJF:8LEaM11R6YU+0LZa0RfF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882078", "to_ids": false, "type": "size-in-bytes", "uuid": "974e7e39-d1ff-4590-beb5-7b473ad9d755", "value": "1648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882078", "to_ids": true, "type": "vhash", "uuid": "c95698f8-9a07-43dc-8dae-102729677278", "value": "f218c2745856d6591c197b61d2dc1310" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882078", "to_ids": true, "type": "filename", "uuid": "449e8baf-6405-42c9-b96c-51a9596e03a4", "value": "Apt28file1Lnk.lnk" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882078", "to_ids": false, "type": "text", "uuid": "fedf70e2-ea3f-4830-8b10-1c9778e58eea", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:29/63\nFirst Submission:2026-01-30T10:10:48.000000+00:00\nLast Submission:2026-03-03T11:12:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887202", "uuid": "5195aae4-ed1d-432f-afb2-fb231816f99a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887202", "to_ids": true, "type": "md5", "uuid": "c77618d3-6033-4c59-8617-ba584a02e7a3", "value": "154ff6774294e0e6a46581c8452a77de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884292", "to_ids": true, "type": "sha1", "uuid": "57a84727-2775-4db3-a4f9-01d25628e70b", "value": "22da6a104149cad87d5ec5da4c3153bebf68c411", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884292", "to_ids": true, "type": "sha256", "uuid": "b879c577-3fd9-4bc0-b51b-a19f4422f0cc", "value": "2822c72a59b58c00fc088aa551cdeeb92ca10fd23e23745610ff207f53118db9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882099", "to_ids": true, "type": "ssdeep", "uuid": "c8961d6e-a3bd-45f1-8384-85fdda7c8c47", "value": "6144:u2FR293HffqMghDad0cbbhyR1apmcIwWvQ:u2W93qMdpkhcIwWY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882099", "to_ids": false, "type": "size-in-bytes", "uuid": "db25d864-ed59-48f7-89d5-e510cfd121f2", "value": "235081" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882099", "to_ids": true, "type": "filename", "uuid": "90325983-aeb2-4c6c-8670-b13bbf239653", "value": "2822c72a59b58c00fc088aa551cdeeb92ca10fd23e23745610ff207f53118db9.hta" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882099", "to_ids": false, "type": "text", "uuid": "4e184fa4-d7a4-4339-98e7-45c7816d05d2", "value": "Type Description: PNG\nMicrosoft: Trojan:O97M/Malgent!MSR\nVT Total Detection:17/61\nFirst Submission:2026-01-31T14:18:50.000000+00:00\nLast Submission:2026-01-31T14:18:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887224", "uuid": "33a00497-f5b8-4c17-9fd0-343f09557833", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887224", "to_ids": true, "type": "md5", "uuid": "7edfbdbc-8372-427c-8f78-b04c368ee2e2", "value": "15e9255a3e3401e5f6578d2ac45b7850", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884293", "to_ids": true, "type": "sha1", "uuid": "78b49c4b-6fcf-43a1-91ca-301d638bb851", "value": "3b80a13199564e3d8a9d26e14defabee136638f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884293", "to_ids": true, "type": "sha256", "uuid": "bfb02306-6eef-472d-af0d-48e884d259af", "value": "5a88a15a1d764e635462f78a0cd958b17e6d22c716740febc114a408eef66705", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882121", "to_ids": true, "type": "ssdeep", "uuid": "147266af-2e03-434b-9e54-80405c892584", "value": "384:uNU4lFaIlfQpXWfLF/fSHP8jmJkaLTPdul3/1N1lDV7LpRyL5b/jnZ9X/:ZleUkQbdul37R0Tf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882121", "to_ids": false, "type": "size-in-bytes", "uuid": "27638c73-29a7-4b5c-a2c2-9006d11f5d04", "value": "27648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882121", "to_ids": true, "type": "vhash", "uuid": "fca4db69-1c42-40a4-8b3f-9aaf92098ed7", "value": "124066655d1515151018z12xzd3z69" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882121", "to_ids": true, "type": "filename", "uuid": "bf7ab5bc-8f61-4c66-8ba2-6e0c92cb141b", "value": "SSPICLI.dll.bin" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882121", "to_ids": false, "type": "text", "uuid": "6b30d09e-2036-4b1e-a0eb-4dca18d13871", "value": "Type Description: Win32 DLL\nMicrosoft: Backdoor:Win32/NotDoor.A!dha\nVT Total Detection:47/72\nFirst Submission:2025-07-17T16:00:09.000000+00:00\nLast Submission:2025-09-04T09:19:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887245", "uuid": "51f887b7-bd88-4191-b4ec-af60b2a12a7e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887245", "to_ids": true, "type": "md5", "uuid": "c6f9f3c5-55fd-42c6-894b-cd59aab9b9c0", "value": "2f7b4dca1c79e525aef8da537294a6c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884294", "to_ids": true, "type": "sha1", "uuid": "1273e960-17c0-4848-8997-3e2dcb219391", "value": "c4799d17a4343bd353e0edb0a4de248b99295d4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884294", "to_ids": true, "type": "sha256", "uuid": "4a71b94d-a5ba-4b21-bb82-3e89d49c763c", "value": "1ed863a32372160b3a25549aad25d48d5352d9b4f58d4339408c4eea69807f50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882143", "to_ids": true, "type": "ssdeep", "uuid": "fa6aa4d1-305e-46f7-9dcc-311f8a97fe7e", "value": "768:MgKfYjJoFvEdOcsJBAdVHPkDus/39GVHWGVHNRBHVHs+YGVHs74GVHsSihGVHsO+:MqjpybEtdqbBxYXxkT6lsbP2HcGD9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882143", "to_ids": false, "type": "size-in-bytes", "uuid": "8b0ef51d-de92-4917-9f8d-52fde21c1ba7", "value": "140625" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882143", "to_ids": true, "type": "vhash", "uuid": "fedd2fb8-afc1-40d9-aaaf-c5da18ddfef2", "value": "86228e4051a54186d8baad655f36a3c95" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882143", "to_ids": true, "type": "filename", "uuid": "948490a5-a3ae-4b56-9748-0fbac90b83a0", "value": "1ed863a32372160b3a25549aad25d48d5352d9b4f58d4339408c4eea69807f50.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882143", "to_ids": false, "type": "text", "uuid": "03b7349c-9368-47eb-a89f-672e0ad0b1fc", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Tudimons.A!dha\nVT Total Detection:38/61\nFirst Submission:2026-01-30T09:59:49.000000+00:00\nLast Submission:2026-03-16T11:49:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887266", "uuid": "32a3e6ee-10d5-4307-af97-faea524be403", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887266", "to_ids": true, "type": "md5", "uuid": "b0d1921c-1ad9-4b20-81d7-17565c357358", "value": "4423b8f3456e54eb48dfbde0b4c7984b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884295", "to_ids": true, "type": "sha1", "uuid": "3fc78db5-2bc0-4126-9179-6ae12caa73af", "value": "e55cacbbff9ad573cbaddf8a59bac187bf8c78f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884295", "to_ids": true, "type": "sha256", "uuid": "c683e1c4-13b2-4995-a77e-a0708bf7b333", "value": "52b6fb40e7efb09c2bebe8550178e7e30009600bdedd1acae085d753761b7598", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882165", "to_ids": true, "type": "ssdeep", "uuid": "01e8a364-535e-40c9-a1ee-433fedca8855", "value": "6144:nnpW9LsEaqQZ7GfWqFDR3/KHinC64ZivohPNTd:pW94b7GfWqJR3/KCn4ivord" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882165", "to_ids": false, "type": "size-in-bytes", "uuid": "0c34cc44-aba6-40f6-a7d8-07215e593ae1", "value": "221696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882165", "to_ids": true, "type": "vhash", "uuid": "0f0b5878-55c9-4240-bf87-88d4c1d672f2", "value": "125056655d15555az56?z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882165", "to_ids": true, "type": "filename", "uuid": "64e1f225-8d52-461e-aa43-89eabb99d3b4", "value": "52b6fb40e7efb09c2bebe8550178e7e30009600bdedd1acae085d753761b7598.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882165", "to_ids": false, "type": "text", "uuid": "7f6f4a87-dcf4-433c-ada8-6fafc07e5357", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/ShellInject.DD!MTB\nVT Total Detection:43/72\nFirst Submission:2026-01-30T09:45:53.000000+00:00\nLast Submission:2026-02-02T16:18:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887288", "uuid": "13e267ed-5850-4c1a-b2fd-18fe5970da90", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887288", "to_ids": true, "type": "md5", "uuid": "73e928b4-770b-46c9-8ce4-c1fa1b5eaa5f", "value": "4727582023cd8071a6f388ea3ba2feaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884297", "to_ids": true, "type": "sha1", "uuid": "841010fb-2105-4274-8bfd-7d2378460371", "value": "d788d85335e20bb1f173d4d0494629d36083dddc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884297", "to_ids": true, "type": "sha256", "uuid": "9741f32f-daad-4fd9-8966-1c11c0c4fe21", "value": "5a17cfaea0cc3a82242fdd11b53140c0b56256d769b07c33757d61e0a0a6ec02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882187", "to_ids": true, "type": "ssdeep", "uuid": "616091c6-7af2-4d79-b820-8ac4ea59a2fc", "value": "3072:wJQS7k2A5dTsUyFyiex7BHUVH0g8lMzvNHCOWMihPOfXIjYuT6uI:KQGfKdlyEBv68+NHCeihmfX+7I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882187", "to_ids": false, "type": "size-in-bytes", "uuid": "b2b8535d-55b2-48e1-9e1d-aa44979c5fce", "value": "4666729" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882187", "to_ids": true, "type": "vhash", "uuid": "55cb1ff4-6e02-4732-b4fe-71c4b7b51a16", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882187", "to_ids": true, "type": "filename", "uuid": "11c2ea4c-8faa-4542-86fa-3d3ac56d5d31", "value": "0022.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882187", "to_ids": false, "type": "text", "uuid": "7210b09b-3063-4cd1-a3da-eda1ea3bb803", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Tudimons.A!dha\nVT Total Detection:36/61\nFirst Submission:2026-01-30T08:40:21.000000+00:00\nLast Submission:2026-03-15T10:07:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887310", "uuid": "984c5ca9-6553-4752-8171-6d919524d96f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887310", "to_ids": true, "type": "md5", "uuid": "3fabb342-8244-4da5-8844-05a28a88807c", "value": "58f517bdc9ba8de1b69829b0dcf86113", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884298", "to_ids": true, "type": "sha1", "uuid": "eb3b6d2b-42da-4a8f-8f1a-2e67ef68a102", "value": "34f77c7e57f4f1798835b09c398765cc40414461", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884298", "to_ids": true, "type": "sha256", "uuid": "2022ed40-6733-4e46-99f5-5d7077d2f833", "value": "be859b4f4576ec09b69a2ef2d119939f7eb31de121aa01d38e1f0b2290f5a15e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882208", "to_ids": true, "type": "ssdeep", "uuid": "d27dcd31-9211-425c-8976-c194e30bd1e0", "value": "768:Wg/3t5HxipS2aFdxwx/nz/Yd1jn8l/NLSJ0oWWssq3u7QBxYX1ICs4kTFwvl5ibk:WC5TbEtkqbBxYXxkT6lsbP2HcGD9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882208", "to_ids": false, "type": "size-in-bytes", "uuid": "8c2aa761-f636-431e-aec3-400c276f1161", "value": "134311" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882208", "to_ids": true, "type": "vhash", "uuid": "f7cc86ff-1b31-4294-a9ec-88d2f129a55e", "value": "86228e4051a54186d8baad655f36a3c95" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882208", "to_ids": true, "type": "filename", "uuid": "e13f13eb-5ac3-4969-adc0-cf3bd1d49a45", "value": "be859b4f4576ec09b69a2ef2d119939f7eb31de121aa01d38e1f0b2290f5a15e.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882208", "to_ids": false, "type": "text", "uuid": "110d9f3e-928a-4336-9448-f446d3aaeaf4", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Tudimons.A!dha\nVT Total Detection:34/61\nFirst Submission:2026-02-02T07:40:20.000000+00:00\nLast Submission:2026-03-15T09:57:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887331", "uuid": "f91df947-549a-4673-b9aa-2e8de8c1abac", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887331", "to_ids": true, "type": "md5", "uuid": "9aed2be7-7236-4653-8500-8d679188cebc", "value": "630550e7ae6636c5f1dab5241597c91d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884299", "to_ids": true, "type": "sha1", "uuid": "4de2a8d7-24ed-4601-a9cf-a7096effbc70", "value": "03c9f7794bcc691c9c0ba996003199da279f48fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884299", "to_ids": true, "type": "sha256", "uuid": "5a2d0b18-4447-4a6b-b0d1-def9dcc6981c", "value": "3cb09154a839a5de6e8ef4a04a933b7362afb56cdc4e91368b237e9bcb1cd7b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882230", "to_ids": true, "type": "ssdeep", "uuid": "4d5e1070-d565-4f0b-b584-a271064ea623", "value": "384:8X3x64qb7FdozVgS8165XcHOUPNW6Cni6rGsexJqjn8nhCqYhAjDxqnYERJ0RDMh:8X3opn65xUdCzjn8lBERJ0RDWs+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882230", "to_ids": false, "type": "size-in-bytes", "uuid": "3c807978-5ef3-4b9b-bbf7-552553295f5b", "value": "68027" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882230", "to_ids": true, "type": "vhash", "uuid": "3d9a24b0-e75e-4d49-b48c-78a0b7a1d51a", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882230", "to_ids": true, "type": "filename", "uuid": "9d5b12c7-7e97-47b8-9690-f0894866f3ff", "value": "__3cb09154a839a5de6e8ef4a04a933b7362afb56cdc4e91368b237e9bcb1cd7b9.rtf.bin" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882230", "to_ids": false, "type": "text", "uuid": "b3090463-9125-4d46-b41c-0caf6df66aff", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:34/61\nFirst Submission:2026-02-04T09:23:41.000000+00:00\nLast Submission:2026-03-02T10:24:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887352", "uuid": "f34ab15c-9ec8-4b66-96a6-4528e11f4fae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887352", "to_ids": true, "type": "md5", "uuid": "251949fc-e7f6-425b-ad26-eb04b8a56388", "value": "6408276cdfd12a1d5d3ed7256bfba639", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884301", "to_ids": true, "type": "sha1", "uuid": "4a338fcd-975b-4095-be33-09804910bb06", "value": "f2f66f4c96f93f17b588736455e9b279c44b6049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884301", "to_ids": true, "type": "sha256", "uuid": "c61b7ec9-d5c9-4fe4-a914-1daa08e3b75d", "value": "baad1153e58c86aa1dc9346cdd06be53b5dd2a6cf76202536d6721c934008f8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882252", "to_ids": true, "type": "ssdeep", "uuid": "71b92379-fb8c-489f-aa86-476de59f495a", "value": "12288:u7Zf9+raVxJhiap1nWSjFJotFdbdYcJiEkjIApD7I:utf9caVx9p1nlCrb63jjhDE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882252", "to_ids": false, "type": "size-in-bytes", "uuid": "b51dbff2-c447-4879-b633-f14cee05ff41", "value": "1429894" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882252", "to_ids": true, "type": "vhash", "uuid": "ac99a5a7-b8cf-427b-bb76-b058c883063e", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882252", "to_ids": true, "type": "filename", "uuid": "e9fa4440-3444-4e58-bce3-8ba15ba6a859", "value": "baad1153e58c86aa1dc9346cdd06be53b5dd2a6cf76202536d6721c934008f8e.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882252", "to_ids": false, "type": "text", "uuid": "b48aa8f2-cd8d-4fff-8e3d-8268d6fdcb3d", "value": "Type Description: Rich Text Format\nMicrosoft: Trojan:Win32/Znyonm!rfn\nVT Total Detection:31/61\nFirst Submission:2026-02-17T16:13:58.000000+00:00\nLast Submission:2026-03-08T14:59:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887373", "uuid": "6e296683-86fa-4ce3-9197-f3cb63ce3b49", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887373", "to_ids": true, "type": "md5", "uuid": "24f49ea7-d7df-47b4-a65e-77c884a753f3", "value": "6f528ad405bffa4a8c2f61b1fa2172fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884302", "to_ids": true, "type": "sha1", "uuid": "13f33521-18cf-4dec-9533-121a7d2526bc", "value": "7c78c531b059ec7fd83320d2d3ae01e21b1c40e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884302", "to_ids": true, "type": "sha256", "uuid": "f4ba95e6-8d7a-43e3-a57a-5ed2ade4cd22", "value": "40c2e559992a7f595c593b419930a3f216516c3042ad86fb985348d53b6e01b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882273", "to_ids": true, "type": "ssdeep", "uuid": "91ee6d55-71dc-4cd8-b227-b2d128a8ca7f", "value": "1536:HJf6xdZaQkvtcrdUbrW4P4xsC6AYtYQfof:HJf6zqvtcrdU3odMY+y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882273", "to_ids": false, "type": "size-in-bytes", "uuid": "bac2cffc-4626-48c1-9ad0-172d8530f261", "value": "64512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882273", "to_ids": true, "type": "vhash", "uuid": "e0ac0b2b-6319-48cb-bc48-faf994d79920", "value": "2640366515116081816600574" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882273", "to_ids": true, "type": "filename", "uuid": "61a23d81-8944-4728-887e-48a422eb92a7", "value": "Publish.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882273", "to_ids": false, "type": "text", "uuid": "563cd6f5-e241-40fe-9869-b27d170ec6a5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/ShellInject.DE!MTB\nVT Total Detection:43/72\nFirst Submission:2026-01-30T09:45:41.000000+00:00\nLast Submission:2026-02-02T16:18:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887395", "uuid": "a6bbc7b9-2cc6-42b7-8b4e-7897ed3af504", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887395", "to_ids": true, "type": "md5", "uuid": "21eb5248-348d-4232-ae59-0783cef87133", "value": "744bbe8d7c3d0421fa0deb582481f5ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884303", "to_ids": true, "type": "sha1", "uuid": "0e59bac6-42aa-40c8-8ef7-5285a85f91bd", "value": "7bc3bafa39f61969a577f54bff28c0d1eff75d5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884303", "to_ids": true, "type": "sha256", "uuid": "1ea39963-32b3-4bc1-8c4c-f82cf7a84c4a", "value": "8c1dc9732884c6078b23953b78314a8d0d8b8d9fe42e5f97a7cd09b8ace943a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882295", "to_ids": true, "type": "ssdeep", "uuid": "1a6f188c-9ab3-4fd7-bd77-75f2bd9198d5", "value": "12288:zwuXRdTqhwbV3EZx4Bj67lMIsw5AaFDEs85VkHDHjmCwCz:0MRwwbqislXnjRYVkeCwC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882295", "to_ids": false, "type": "size-in-bytes", "uuid": "6d5a2bdb-ea87-4dd4-81fd-9346ad9a8aec", "value": "574464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882295", "to_ids": true, "type": "vhash", "uuid": "1d8802ac-c5b4-452c-9376-a6ec61de0b33", "value": "155056655d75555038z53?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882295", "to_ids": true, "type": "filename", "uuid": "94a31069-fe60-4c0e-b869-721235dcbcb5", "value": "8c1dc9732884c6078b23953b78314a8d0d8b8d9fe42e5f97a7cd09b8ace943a9.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882295", "to_ids": false, "type": "text", "uuid": "c025e16f-a5b2-42e8-92f8-a7c53c2a235a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/ShellInject.DC!MTB\nVT Total Detection:55/72\nFirst Submission:2026-01-30T09:30:00.000000+00:00\nLast Submission:2026-02-02T16:18:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887416", "uuid": "8dc90327-10fd-4794-9205-049cbe8e4e27", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887416", "to_ids": true, "type": "md5", "uuid": "70004472-a052-4e72-969c-cef173fda369", "value": "7c396677848776f9824ebe408bbba943", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884304", "to_ids": true, "type": "sha1", "uuid": "aafee087-48c5-42e6-a731-8be085edfe51", "value": "d577c4a264fee27084ddf717441eb89f714972a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884305", "to_ids": true, "type": "sha256", "uuid": "22a24810-0f76-4315-aaae-07d71ba9d29e", "value": "c91183175ce77360006f964841eb4048cf37cb82103f2573e262927be4c7607f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882317", "to_ids": true, "type": "ssdeep", "uuid": "69b336cc-a20b-4bb9-8e9e-93b27c95adea", "value": "6144:7UugegRKmQKfSFYysPHwyciGYdRa5GUoEF2NbtqST7I:I/RzwF+PZdRa5QEKN7I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882317", "to_ids": false, "type": "size-in-bytes", "uuid": "a03ab558-8595-4ad5-af1b-a860237770e0", "value": "2683823" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882317", "to_ids": true, "type": "vhash", "uuid": "58d171de-815c-480e-ae6a-c2df271560b5", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882317", "to_ids": true, "type": "filename", "uuid": "53c8f13f-17d7-4ae1-a0aa-eae8490ec53a", "value": "c91183175ce77360006f964841eb4048cf37cb82103f2573e262927be4c7607f.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882317", "to_ids": false, "type": "text", "uuid": "06d75186-175f-4929-9eef-2efe6086632e", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Tudimons.A!dha\nVT Total Detection:37/61\nFirst Submission:2026-01-30T12:26:08.000000+00:00\nLast Submission:2026-04-08T04:40:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887438", "uuid": "c6243a6c-d4f1-4034-aa91-f532987029f5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887438", "to_ids": true, "type": "md5", "uuid": "a00753da-c713-44d9-abd6-81638e1f17cb", "value": "81159738f7ffb50d5bc3c75e5e0ac546", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884306", "to_ids": true, "type": "sha1", "uuid": "5f45c639-dff4-4f70-9556-8a7e19b0dd47", "value": "1bf3bf9e27fcc89ae7d38dafe5d71d7d9dfd4286", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884306", "to_ids": true, "type": "sha256", "uuid": "a817a2b9-bc24-4ee5-bb6f-7218e488bf13", "value": "ce2c475461d57f222a6aa22f49420f804a43c2eb29abf8553457a7d30f7cb024", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882338", "to_ids": true, "type": "ssdeep", "uuid": "9fa6f779-ee19-45cd-ae3b-62880d09d158", "value": "12288:UPwh3oljNr5tFoXQCe8vmQqYzvfnPewHEpyhla+s9R5WZ:UPwxoFNrqXQCeEvJrfPeA6yhlaRR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882338", "to_ids": false, "type": "size-in-bytes", "uuid": "a3537855-18f6-40fa-a258-a10754e30ba3", "value": "800256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882338", "to_ids": true, "type": "vhash", "uuid": "7410b1dd-01ec-4c7a-bc2b-5bb2c4c61c7a", "value": "d86d58ecc13f9c724f3e5f6a015cc404" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882338", "to_ids": true, "type": "filename", "uuid": "4b6fd83f-ec83-4298-814c-a1965d675fb5", "value": "ce2c475461d57f222a6aa22f49420f804a43c2eb29abf8553457a7d30f7cb024.xls" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882338", "to_ids": false, "type": "text", "uuid": "20bc0e4a-c134-4a67-a025-fde9925aca0e", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.B!dha\nVT Total Detection:32/65\nFirst Submission:2025-08-07T14:35:14.000000+00:00\nLast Submission:2025-09-24T06:15:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887459", "uuid": "fc1ea6c7-42e4-4bc9-89dd-b7bef3fda55a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887459", "to_ids": true, "type": "md5", "uuid": "5eafcdc5-e4a3-4964-a4f6-76d002cf1d04", "value": "828ff72e8d3dffcc232e6ae2ff100f45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884307", "to_ids": true, "type": "sha1", "uuid": "308c7b0e-fe9f-4619-9086-e9e35e854f1c", "value": "01a3230a0b7987e2ac597e33eaec256a40448484", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884307", "to_ids": true, "type": "sha256", "uuid": "ab5659a5-b090-4d9b-aa99-1b724ee58bf1", "value": "f0d443055143cbd6bce8ef96b52d430e2db321b37b8b93a2a9d0354651702790", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882360", "to_ids": true, "type": "ssdeep", "uuid": "de4c3a32-2f17-40f1-afab-ffa574e4a056", "value": "768:qAUgKfstEXYqwSp1pzpXpopFpvpapZpMwn7KprwswOgwdwdwQk9TLeAHRNLSJ0s:qAUKtEIqFTF5SbN8bC0eZfmSCy9fZvts" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882360", "to_ids": false, "type": "size-in-bytes", "uuid": "5c1b9d23-7b66-4895-bc9b-210c816ab86e", "value": "103624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882360", "to_ids": true, "type": "vhash", "uuid": "64ddde80-4248-4280-9426-349cdf662765", "value": "86b4921211c2de38852c44cd9c95acc4d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882360", "to_ids": true, "type": "filename", "uuid": "bdb6ec4f-197e-43e6-89fc-a18c6de567c3", "value": "0016.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882360", "to_ids": false, "type": "text", "uuid": "eb3dfe88-848d-427b-95cd-db38c1d7dbaa", "value": "Type Description: Rich Text Format\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:33/61\nFirst Submission:2026-01-28T10:44:14.000000+00:00\nLast Submission:2026-03-15T09:54:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887480", "uuid": "d1a7e7c3-7b3e-439f-bf23-89547be311ac", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887480", "to_ids": true, "type": "md5", "uuid": "e496f985-3b26-41fd-afb3-683e1328339a", "value": "859c4b85ed85e6cc4eadb1a037a61e16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884308", "to_ids": true, "type": "sha1", "uuid": "a94ac05a-7d3c-40cb-ad8a-b0a821ffaff2", "value": "da1c3e92f69e6ca0e4f4823525905cb6969a44ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884308", "to_ids": true, "type": "sha256", "uuid": "da0ff8a3-4638-442d-a2f3-09c9feff4a79", "value": "0bb0d54033767f081cae775e3cf9ede7ae6bea75f35fbfb748ccba9325e28e5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882382", "to_ids": true, "type": "ssdeep", "uuid": "eac02d7e-9578-465f-9cc0-e4286b7aa1f2", "value": "12288:vguXRdTfDW5Ip5yNIClDNtQhH8OTI0BgkK8fK/3H7vmZ5DACz:4Mx6AFCxNm1XTdBQ6ZBb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882382", "to_ids": false, "type": "size-in-bytes", "uuid": "11a55845-8fff-428b-9b76-72074e3d821b", "value": "574464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882382", "to_ids": true, "type": "vhash", "uuid": "954f37ae-0feb-436c-8866-8d9f8e2c2ab9", "value": "155056655d75555038z53?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882382", "to_ids": true, "type": "filename", "uuid": "45b8ff1e-4a8f-4c86-b8e2-b85d9a534b06", "value": "0bb0d54033767f081cae775e3cf9ede7ae6bea75f35fbfb748ccba9325e28e5e.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882382", "to_ids": false, "type": "text", "uuid": "bb9d159d-77dc-4d98-8f9f-4b5cf4e27374", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/ShellInject.DC!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-31T10:11:15.000000+00:00\nLast Submission:2026-03-16T02:46:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887502", "uuid": "1c0678de-6d03-4fa4-bdb6-825141252889", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887502", "to_ids": true, "type": "md5", "uuid": "3ded3d5e-ffcd-461f-bc15-feed6d4aa9e5", "value": "8b8903b0e7b7a1a7f501277624bc7e6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884309", "to_ids": true, "type": "sha1", "uuid": "d30b9f83-dae1-41e1-99f0-cf7efdb4b92e", "value": "858e841b91f16d3567b133b3c90d01e0499d5169", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884309", "to_ids": true, "type": "sha256", "uuid": "e8fc73a7-c8e1-4a7b-b631-0606d07e5d05", "value": "5f397327aeb20718e364bef61e8bad507772708a7d1bf55d8b845170c69f3de0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882403", "to_ids": true, "type": "ssdeep", "uuid": "fbdde275-a4fd-48c8-ac10-14f4521441b5", "value": "24:PKfzxds4Up/wVEZaxxUiUHEETlKCWlhvanHRvXDpRKbjfjY:IvYnOgEEAt3yxvTpRKXk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882403", "to_ids": false, "type": "size-in-bytes", "uuid": "f433d42e-eae5-4411-a6b9-ca0107364e25", "value": "5543" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882403", "to_ids": true, "type": "vhash", "uuid": "bdd4349b-32b5-4518-8c20-d849e5c28e67", "value": "88dbadce1e2c7aea744a29f8290057bf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882403", "to_ids": true, "type": "filename", "uuid": "2e7154b1-550c-465d-99a3-808d8d748914", "value": "5f397327aeb20718e364bef61e8bad507772708a7d1bf55d8b845170c69f3de0.rtf" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882403", "to_ids": false, "type": "text", "uuid": "21df97d5-def0-4775-8ea5-cbaa14d2f798", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Tudimons.A\nVT Total Detection:39/61\nFirst Submission:2026-02-02T20:25:58.000000+00:00\nLast Submission:2026-02-23T12:50:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887523", "uuid": "34f4b8d6-57e3-4f43-8ba4-708e3a2adc4c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887523", "to_ids": true, "type": "md5", "uuid": "52a60a07-6257-444d-9d3c-cff9c7fbe172", "value": "95e59536455a089ced64f5af2539a449", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884310", "to_ids": true, "type": "sha1", "uuid": "574a720b-802b-4bc9-b796-b2ca21d749fb", "value": "4592e6173a643699dc526778aa0a30330d16fe08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884310", "to_ids": true, "type": "sha256", "uuid": "e4ecc6d6-54d1-4edf-84e4-6a1a349302bd", "value": "b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882425", "to_ids": true, "type": "ssdeep", "uuid": "1891a5af-ab64-456c-899b-ea89acdf975a", "value": "6144:fm1rI2QHBJLHY1cMNkei0evKSgWH8940PYM30+FzW4CUCkXdwUo05bM7I:fC2L41cMHeK/l27I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882425", "to_ids": false, "type": "size-in-bytes", "uuid": "b7e8b1c1-6bc8-455b-8263-a875d49bda80", "value": "1831352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882425", "to_ids": true, "type": "vhash", "uuid": "b58cd64e-e88a-4f56-b17b-7ec90f5a199e", "value": "86228e4051a54186d8baad655f36a3c95" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882425", "to_ids": true, "type": "filename", "uuid": "5873c762-339f-436a-a3f2-c9cb16166464", "value": "b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882425", "to_ids": false, "type": "text", "uuid": "746a6822-b1fb-486d-9d80-3146c6b0c5a2", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Tudimons.A!dha\nVT Total Detection:36/62\nFirst Submission:2026-01-29T09:15:24.000000+00:00\nLast Submission:2026-03-16T11:46:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887544", "uuid": "4faa8040-965b-4ce8-b083-2b59c5be79ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887544", "to_ids": true, "type": "md5", "uuid": "23cc307f-76b5-4b9f-996d-9ed10e000474", "value": "9d1ad28ba8644e9a8b7e133960cdb512", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884311", "to_ids": true, "type": "sha1", "uuid": "c34e62ea-dc99-4ab4-bfdc-b714f26f08f3", "value": "65e8cadb4901556ff9da328d158bc02fa37faf27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884311", "to_ids": true, "type": "sha256", "uuid": "0884770c-13cf-477d-8602-361e7eb21453", "value": "d944abab1481457eacf9f1d08f835980c2146ec91513e2eb94714c6abaec5f34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882447", "to_ids": true, "type": "ssdeep", "uuid": "8eee3df5-11ce-4458-b673-7bb23f2034fc", "value": "6144:mh1LGaOXUIkzq1p3UD4Cl44tfdil5ekizT9qr/S:NCn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882447", "to_ids": false, "type": "size-in-bytes", "uuid": "4fff60b5-8035-4aef-a55a-9a3e180d7d7d", "value": "459896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882447", "to_ids": true, "type": "vhash", "uuid": "e7fc3514-a5dd-4bef-a195-e296a7d92702", "value": "8c30b729e4127707308fff6551f3babb1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882447", "to_ids": true, "type": "filename", "uuid": "ed0ba304-3d87-435c-b7a4-105efce33026", "value": "Registration_Form.rtf" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882447", "to_ids": false, "type": "text", "uuid": "20473982-f92e-470b-af38-ee5b5dd321e7", "value": "Type Description: Rich Text Format\nMicrosoft: None\nVT Total Detection:34/61\nFirst Submission:2025-12-26T05:42:48.000000+00:00\nLast Submission:2026-02-03T12:30:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887565", "uuid": "38332e7e-e6c1-4368-9e04-ba29f0c3f1a1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887565", "to_ids": true, "type": "md5", "uuid": "903bbd8d-73b4-4e90-8bfc-04930143ae8c", "value": "9fc1df92fd199688b1726933f9e349db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884312", "to_ids": true, "type": "sha1", "uuid": "5ce61a50-85b2-4304-b8ee-69c6cc23762c", "value": "a91d5a019e99aa5f420940ba2e2669d4bd9a881b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884312", "to_ids": true, "type": "sha256", "uuid": "2bb89ff3-4e43-41a7-9453-71533ae8d042", "value": "ea4679d1c05bef0c38b4d910a87f79070ca2e661779a255f523d57ef1921a1c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882468", "to_ids": true, "type": "ssdeep", "uuid": "5301e1fa-253a-475a-baee-4f5680e5469b", "value": "3072:B2wv0xQFXYlTte23jktXBOdBIC64ZlLGzCSjyyFevUkM9OvfKOa7BpJo7:B2A0mFo7eqg79y3GzjjJSatp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882468", "to_ids": false, "type": "size-in-bytes", "uuid": "f4a4dfe0-d033-479a-9132-ec26f546dbf7", "value": "207872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882468", "to_ids": true, "type": "vhash", "uuid": "ffe3ece0-5daf-4c89-96ce-3f0aa7b95374", "value": "125076655d15551d055az53?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882468", "to_ids": true, "type": "filename", "uuid": "6fe8a21a-f660-4532-b4e4-08012c28b113", "value": "adwapi64.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882468", "to_ids": false, "type": "text", "uuid": "a25c3990-1ad1-4153-8bfb-46974d2b6366", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:40/72\nFirst Submission:2025-12-04T12:58:42.000000+00:00\nLast Submission:2025-12-04T12:58:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887587", "uuid": "3f4fce46-cd5b-4e6b-90c7-6a779c1d3d6b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887587", "to_ids": true, "type": "md5", "uuid": "8b977dd3-6e4a-462b-a2ed-9ccdb1520025", "value": "a7d1d249c43c2198a7c8d66db45c66bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884313", "to_ids": true, "type": "sha1", "uuid": "bf8a842a-8a0f-4775-bca0-0d0c7cf213aa", "value": "e3c12aa91067098035feb3caf3011ef954f75777", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884313", "to_ids": true, "type": "sha256", "uuid": "7c0eb32a-e855-4135-b4b1-fdf1034c077b", "value": "a1b86c8957f460b78d906e1bdede829c4f3b5500d6449e8eba3ae5c302be2b86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882490", "to_ids": true, "type": "ssdeep", "uuid": "a82a8c1c-b3ac-4f9e-8de1-fafa3e68ac74", "value": "12288:9RKgArhHsQWpo6hzJv6kDMSDS2eTXENH4:+gA1M3pv56aMSuTk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882490", "to_ids": false, "type": "size-in-bytes", "uuid": "cc511de6-0139-4886-9a20-543dfdca45fa", "value": "587264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882490", "to_ids": true, "type": "vhash", "uuid": "00e20b80-83cf-442b-a368-393881c52d74", "value": "66f6ee5183df3fcb1966098d94ba8ff6" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882490", "to_ids": false, "type": "text", "uuid": "e427b991-185a-4305-b5ff-a6d2aacd4cd5", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.BA!dha\nVT Total Detection:32/63\nFirst Submission:2025-11-27T14:38:43.000000+00:00\nLast Submission:2025-11-27T14:38:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887608", "uuid": "6ab7e84b-d709-406c-adfa-fe3baea5e843", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887608", "to_ids": true, "type": "md5", "uuid": "6ddfa1a6-7d56-4087-a375-b183b3d23ec9", "value": "b120e5a38c593246388688b26b9284b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884314", "to_ids": true, "type": "sha1", "uuid": "2071cdae-c731-4466-ab5c-439e7e22fbf1", "value": "440e2c7134d8501db45d5785d5b2f5c11f48c884", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884314", "to_ids": true, "type": "sha256", "uuid": "b5a58e3b-4c15-4c0d-a8c4-0ca1a78c9c41", "value": "ff310202cbff28b47f03b4b0129a5b925a4b7b065af002072a3796920720c34e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882512", "to_ids": true, "type": "ssdeep", "uuid": "31e2cd23-ea32-4342-8136-6c62102f80b7", "value": "768:zPxf6AK4rwJZHtGPQtLsA/3OTM5995kScHivgVxq8/IDeR+QqU0QKRZiqAuYWZkP:zJf6xdZ4Qdx5XBgGEKq4lZFAuY8Ctf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882512", "to_ids": false, "type": "size-in-bytes", "uuid": "148c075d-0b59-432c-be44-5aa2f3af57f0", "value": "64512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882512", "to_ids": true, "type": "vhash", "uuid": "9b566ada-c6a7-4111-94aa-99ca0de17a0d", "value": "2640366515116081816600574" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882512", "to_ids": true, "type": "filename", "uuid": "b428f5d8-c9a0-449d-8cad-573b45e31abf", "value": "Publish.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882512", "to_ids": false, "type": "text", "uuid": "23cb7cc4-0dcd-43c3-afe0-2715913265a8", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/ShellInject.DE!MTB\nVT Total Detection:47/72\nFirst Submission:2026-02-02T10:17:09.000000+00:00\nLast Submission:2026-02-02T10:17:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887630", "uuid": "5c498cc9-9909-4ca3-a34c-a7ab038b5153", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887630", "to_ids": true, "type": "md5", "uuid": "552bec26-efeb-47a0-a26c-36deca58e40f", "value": "b6a86f44d0a3fa5a5ac979d691189f2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884316", "to_ids": true, "type": "sha1", "uuid": "df3245d7-07a3-4b0f-81c8-39ffd61ad8d3", "value": "8913090d7329c09b096625e9d57edf6c5d00978e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884316", "to_ids": true, "type": "sha256", "uuid": "a93a97eb-14cf-454f-b99b-101ce008b728", "value": "969d2776df0674a1cca0f74c2fccbc43802b4f2b62ecccecc26ed538e9565eae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882533", "to_ids": true, "type": "ssdeep", "uuid": "cca7a5c7-1484-4ec3-9ef7-03b22f8d7bba", "value": "768:8X3opn65xUdCzjn8lBERJ0RDWsXq3u7QBxYX1ICs4kTFwvl5ibP2HcGQo9:8opn6nlbkZJqbBxYXxkT6lsbP2HcGD9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882533", "to_ids": false, "type": "size-in-bytes", "uuid": "65a89194-edff-4e94-a214-838db1d74a52", "value": "127614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882533", "to_ids": true, "type": "vhash", "uuid": "0ecb5fef-7d4a-46c8-91c5-f45480ef375e", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882533", "to_ids": true, "type": "filename", "uuid": "4ac858c9-cb49-4390-a587-e347bd7ed4da", "value": "0019.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882533", "to_ids": false, "type": "text", "uuid": "2bf0499b-c2df-4ee0-beb2-6fbfa1579713", "value": "Type Description: Rich Text Format\nMicrosoft: Trojan:Win32/Znyonm!rfn\nVT Total Detection:33/61\nFirst Submission:2026-01-31T12:02:04.000000+00:00\nLast Submission:2026-03-15T10:02:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887651", "uuid": "2955a2be-52a6-4e94-9163-4e602779f345", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887651", "to_ids": true, "type": "md5", "uuid": "d406e060-d2bf-4b24-a648-5077246da95f", "value": "d47261e52335b516a777da368208ee91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884317", "to_ids": true, "type": "sha1", "uuid": "d0220c19-20a2-44ed-acb4-578b1e03845d", "value": "c8c84bf33c05fb3a69bc5e2d6377b73649b93dce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884317", "to_ids": true, "type": "sha256", "uuid": "c6f2710f-e496-4639-9f12-1442b4fa446b", "value": "fd3f13db41cd5b442fa26ba8bc0e9703ed243b3516374e3ef89be71cbf07436b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882556", "to_ids": true, "type": "ssdeep", "uuid": "f15473f5-4d7a-4763-b072-b5f45de4b2ba", "value": "768:8e3opn65yR5eujn8lBERJ0ZIWsxq3u7QBxYX1ICs4kTFwvl5ibP2HcGQo9:8Rpn6IrbkZuqbBxYXxkT6lsbP2HcGD9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882556", "to_ids": false, "type": "size-in-bytes", "uuid": "7408af26-4076-47af-8384-d77ac43638c4", "value": "127631" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882556", "to_ids": true, "type": "vhash", "uuid": "5088da0a-907d-49be-b4d3-e67cd46a11a5", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882556", "to_ids": true, "type": "filename", "uuid": "81b75c97-33f7-4a64-950b-a9738840b8b5", "value": "0020.doc" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882556", "to_ids": false, "type": "text", "uuid": "7f1912a6-c042-4aeb-a361-2aab9b6c8e55", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Tudimons.A!dha\nVT Total Detection:37/61\nFirst Submission:2026-01-30T18:45:57.000000+00:00\nLast Submission:2026-03-15T10:03:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887673", "uuid": "df122b6a-12c7-4061-bf25-33fbcd359d82", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887673", "to_ids": true, "type": "md5", "uuid": "57c4cb3f-5dd3-4133-8ef2-3bfdaef66daf", "value": "d58e538b6f762f9c5cf220966e5cdc18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884318", "to_ids": true, "type": "sha1", "uuid": "3535aaa9-6be7-4ad6-a878-9465ae030d13", "value": "8e5c60c4355b03cfdbb55276f84e31451ae8db80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884318", "to_ids": true, "type": "sha256", "uuid": "81873f6d-47f1-444d-9778-018421473fa7", "value": "0148c79cdfb21d87731f8e45d38c27242863ec4ea9621c59e537f59ed501c119", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882577", "to_ids": true, "type": "ssdeep", "uuid": "2ad5b4f0-6a1f-40de-b0df-9eec9b0e8c89", "value": "12288:TwE99Ze79AaTKvCrlnxf+9LUgK7ZLKPn:MEkhLTKvg29LelL4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882577", "to_ids": false, "type": "size-in-bytes", "uuid": "7dd6729a-26ef-43af-a0a9-1cdbd908e106", "value": "578048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882577", "to_ids": true, "type": "vhash", "uuid": "b061c923-35f0-4501-9766-455edacf37ed", "value": "b403a31e2f4b5efabe4551f8826f8b35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882577", "to_ids": true, "type": "filename", "uuid": "347d8fca-4488-4fb6-b049-3a0a90a877c3", "value": "4mp600f5.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882577", "to_ids": false, "type": "text", "uuid": "4a5eb664-a3cc-423d-b1f5-8ef6947f86e1", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.BA!dha\nVT Total Detection:35/63\nFirst Submission:2025-12-09T13:58:30.000000+00:00\nLast Submission:2025-12-11T20:52:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887695", "uuid": "38d6ccaf-2180-4997-9787-e658ee1fb909", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887695", "to_ids": true, "type": "md5", "uuid": "61b62b7f-3b47-46c5-8444-dc8c2cbb46c9", "value": "da3ed6eb6cf4255efccf4596bb932a45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884319", "to_ids": true, "type": "sha1", "uuid": "0be8c30f-5a39-4a24-94c5-278966e32006", "value": "dc33f3136363a0a18b89522afec4949c23143aff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884320", "to_ids": true, "type": "sha256", "uuid": "141809f5-ff1b-4fcc-b518-4c91b04e6509", "value": "e8889528e2114a700438f73da09449cfdde655a29da6794d0449b5e8aa4dbf2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882599", "to_ids": true, "type": "ssdeep", "uuid": "60f0f4e0-9127-4ff5-8691-595b3cc1360a", "value": "768:8X3opn65xUdCzjn8lBERJ0RDWsmq3u7QBxYX1ICs4kTFwvl5ibP2HcGQo9:8opn6nlbkZ8qbBxYXxkT6lsbP2HcGD9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882599", "to_ids": false, "type": "size-in-bytes", "uuid": "2b78986b-efe1-4402-b954-c303e492399a", "value": "122412" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882599", "to_ids": true, "type": "vhash", "uuid": "09a6ad76-c605-4965-80ea-6a14ffd1c8d7", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882599", "to_ids": true, "type": "filename", "uuid": "3ce01ad6-033d-4724-a680-82470fd2e904", "value": "__e8889528e2114a700438f73da09449cfdde655a29da6794d0449b5e8aa4dbf2a.rtf.bin" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882599", "to_ids": false, "type": "text", "uuid": "d8627726-2e33-4cf8-83fe-e613a1d6e292", "value": "Type Description: Rich Text Format\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:33/61\nFirst Submission:2026-02-04T09:21:52.000000+00:00\nLast Submission:2026-03-02T10:41:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887716", "uuid": "78736ff0-a3e8-4d63-b89d-b2addf520242", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887716", "to_ids": true, "type": "md5", "uuid": "6834d271-9522-4c8d-88d3-5bc38c461512", "value": "e4122e880c1d946f41d36e74056871c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884320", "to_ids": true, "type": "sha1", "uuid": "5249acc0-17c6-4601-a388-4246c1ae8076", "value": "850cc399a70713aecf22324f006eefc3a03bc946", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884320", "to_ids": true, "type": "sha256", "uuid": "1af50bd2-5536-4660-b55c-92af9e74c4b9", "value": "f7bda19543074c788c321aed42d955b4d50b7b0a2c3ca83b7f45b5e8b9a10491", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882621", "to_ids": true, "type": "ssdeep", "uuid": "4c695da3-a63f-49e6-b974-60e811431299", "value": "768:8X3opn65xUdCpERJ0RDWsVq3u7QBxYX1ICs4kTFwvl5ibP2HcGQo9:8opn6nnZ3qbBxYXxkT6lsbP2HcGD9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882621", "to_ids": false, "type": "size-in-bytes", "uuid": "9b01391d-50bf-4040-adc5-8d48836e080f", "value": "120820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882621", "to_ids": true, "type": "vhash", "uuid": "a8b083de-5fe3-4f14-b62f-5c610a729f3a", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882621", "to_ids": true, "type": "filename", "uuid": "7ade6d18-0b89-410b-aa66-f6706a29c381", "value": "f7bda19543074c788c321aed42d955b4d50b7b0a2c3ca83b7f45b5e8b9a10491.rtf" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882621", "to_ids": false, "type": "text", "uuid": "e9d4ce55-3506-4f6a-9431-131d21b1885e", "value": "Type Description: Rich Text Format\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:37/63\nFirst Submission:2026-02-04T09:24:58.000000+00:00\nLast Submission:2026-02-13T05:41:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887737", "uuid": "0a1e155c-9f73-4395-ab59-684db7047f9f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887737", "to_ids": true, "type": "md5", "uuid": "774069c6-a325-4ae3-95dd-cd4f6424a6d5", "value": "e4a5c4b205e1b80dc20d9a2fb4126d06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884322", "to_ids": true, "type": "sha1", "uuid": "2c676a03-58cd-4450-851c-70799c77e4d9", "value": "e52a9f004f4359ea0f8f9c6eb91731ed78e5c4d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884322", "to_ids": true, "type": "sha256", "uuid": "eff08198-376a-4768-8987-fa0795184e41", "value": "a876f648991711e44a8dcf888a271880c6c930e5138f284cd6ca6128eca56ba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882642", "to_ids": true, "type": "ssdeep", "uuid": "e3d53365-3bd8-4262-b21e-73aae1c52651", "value": "6144:rnpW9LsEaMQZ7GfWqFDR3/KHinC64ZiuohzNTd:1W94t7GfWqJR3/KCn4iuond" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882642", "to_ids": false, "type": "size-in-bytes", "uuid": "41597dcf-8b9c-4be2-a110-f8e9fb6f0520", "value": "221696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882642", "to_ids": true, "type": "vhash", "uuid": "b4fda23d-aad1-4aab-9046-5c99b0423363", "value": "125056655d15555az56?z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882642", "to_ids": true, "type": "filename", "uuid": "26a84d02-9aed-4f5c-9292-c265a8f45881", "value": "_a876f648991711e44a8dcf888a271880c6c930e5138f284cd6ca6128eca56ba1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882642", "to_ids": false, "type": "text", "uuid": "a849296c-15b8-49fb-b9a8-337d52a3646e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/ShellInject.DD!MTB\nVT Total Detection:33/72\nFirst Submission:2026-01-30T12:48:26.000000+00:00\nLast Submission:2026-02-27T09:16:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887758", "uuid": "36ce6978-8c6a-4ab9-adc8-a6b9909aae4b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887758", "to_ids": true, "type": "md5", "uuid": "410789c8-e51b-4f25-b52d-437d254ccb09", "value": "ea6615942f2c23dba7810a6f7d69e2da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884323", "to_ids": true, "type": "sha1", "uuid": "cdb2fa3f-d178-42ae-8544-3a6472dcee0e", "value": "23b6f9c00b9d5475212173ec3cbbcff34c4400a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884323", "to_ids": true, "type": "sha256", "uuid": "dcda538d-7ba4-4843-8294-6af507cb0e6e", "value": "3f446d316efe2514efd70c975d0c87e12357db9fca54a25834d60b28192c6a69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882664", "to_ids": true, "type": "ssdeep", "uuid": "0032eb93-872c-4f9d-aa61-3f782b1929fb", "value": "1536:LJf6xdZGQrIHFYFd/p7m0j4aENnYs4AKcdeU58Djf:LJf6zu2njQNnYFAKcdeU5qT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882664", "to_ids": false, "type": "size-in-bytes", "uuid": "c3e81e5d-3ab6-4a8e-bcc6-addab3d2533a", "value": "64512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882664", "to_ids": true, "type": "vhash", "uuid": "bd7e88e9-5dde-41ed-a3bb-dc4bfac8ddc1", "value": "2640366515116081816600574" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882664", "to_ids": true, "type": "filename", "uuid": "082ecfbc-74b1-481b-bb1c-d6150b96fbcb", "value": "Publish.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882664", "to_ids": false, "type": "text", "uuid": "bcb3bf39-bfc4-4212-8637-00e995567f15", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/ShellInject.DE!MTB\nVT Total Detection:47/72\nFirst Submission:2026-01-30T10:50:34.000000+00:00\nLast Submission:2026-02-27T13:42:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887779", "uuid": "32dd3256-76f9-4a35-bd4d-8986c985b154", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887779", "to_ids": true, "type": "md5", "uuid": "fc66d081-5fe6-45e7-91b0-6370f1eea81d", "value": "ee0b44346db028a621d1dec99f429823", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884325", "to_ids": true, "type": "sha1", "uuid": "05ef3d93-b2ac-4b14-a144-0af43ca80f49", "value": "cea7e9323d79054f92634f4032c26d30c1cedd7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884325", "to_ids": true, "type": "sha256", "uuid": "3500c814-a15a-4238-a877-60c5e0abf43b", "value": "9f4672c1374034ac4556264f0d4bf96ee242c0b5a9edaa4715b5e61fe8d55cc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882685", "to_ids": true, "type": "ssdeep", "uuid": "8015accf-7c9a-4247-ba39-48df1dad781c", "value": "48:yeiTq97TP6leb9Onknj9V9Lvara+iaiudupRCRf9ufAuRa7G5X3l+3BNdhPsV8iF:LKIpOnkntGdiaigV9ll7UY5hFZXPPx5+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882685", "to_ids": false, "type": "size-in-bytes", "uuid": "2c97d5e0-f004-4660-94e3-745411e951fa", "value": "3556" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882685", "to_ids": true, "type": "filename", "uuid": "ea2d61f8-9100-46c1-9147-3e33d9c4a8e7", "value": "9f4672c1374034ac4556264f0d4bf96ee242c0b5a9edaa4715b5e61fe8d55cc8.hta" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882686", "to_ids": false, "type": "text", "uuid": "f195bdb8-7e96-4ccb-80ca-c0108055abb2", "value": "Type Description: XML\nMicrosoft: Trojan:XML/Dilanop.A\nVT Total Detection:26/62\nFirst Submission:2026-02-02T09:45:55.000000+00:00\nLast Submission:2026-02-02T16:16:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887800", "uuid": "c5b2572e-0269-4ec7-8ace-b861a73d32c7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887800", "to_ids": true, "type": "md5", "uuid": "baf03600-5a8f-46af-a2ee-f38c37951d73", "value": "f8d9b7c864fb7558e8bad4cfb5c8e6ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884326", "to_ids": true, "type": "sha1", "uuid": "192e368f-126a-4268-a0c9-a3f8db648915", "value": "a45ab1a9dec488278ee9682735d42d61dfc38b9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884326", "to_ids": true, "type": "sha256", "uuid": "6443404c-8d60-46d1-a86d-797ccd7a2c1b", "value": "8f4bca3c62268fff0458322d111a511e0bcfba255d5ab78c45973bd293379901", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882707", "to_ids": true, "type": "ssdeep", "uuid": "d083a5c6-496f-4d1a-9d6c-26134bcdbb41", "value": "6144:5FlXoKOs8GeWQ6BSpQS6eFlqoKOs8GeWQ6BSpQS6:flXowSpQS66lqowSpQS6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882707", "to_ids": false, "type": "size-in-bytes", "uuid": "b8ac00a7-e0d3-4fa3-8060-54ca8c0049f0", "value": "262144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882707", "to_ids": true, "type": "vhash", "uuid": "02d1e235-267e-4bdd-a638-4578e104a6ee", "value": "db37c4c6965dfac4a28e99c0c29b3cc7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882707", "to_ids": true, "type": "filename", "uuid": "8358a19e-e537-4a5c-b541-ca2aba921f8b", "value": "APT28.xls" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882707", "to_ids": false, "type": "text", "uuid": "bf395564-e249-49e3-9eb2-d4b7ae47764d", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: Backdoor:VBA/NotDoor.C!dha\nVT Total Detection:34/64\nFirst Submission:2025-07-17T15:52:40.000000+00:00\nLast Submission:2025-09-24T06:13:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887822", "uuid": "3d44a912-959b-46ed-82ac-1679855b8e8d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887822", "to_ids": true, "type": "md5", "uuid": "0a4f9217-1d2d-437f-a622-541c610be7b0", "value": "91147704b0fc199cdcec93bccc143213", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884327", "to_ids": true, "type": "sha1", "uuid": "1ac0172e-58d3-45f8-a96e-d0aaa6129e0f", "value": "05eb0054bcc6da1be4aa2456970dd045f9648116", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884327", "to_ids": true, "type": "sha256", "uuid": "eac8838a-4da1-4cec-87ac-6c7a038b9567", "value": "003cd35535ab9350a407a7dcd016c305fb8dbac03d41d5b7d3917c804b66dd2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882729", "to_ids": true, "type": "ssdeep", "uuid": "ec768c15-64be-4f03-b3de-137f2afc40e0", "value": "3072:0veIoZeTJzNcwIMpp2MJHeX2FpwJHdos/fC4zlnq0lWb0dnKoY4T4ZN4dFjni2:PedG1Mb2e/Fugy7w0lWbNohJdpn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882729", "to_ids": false, "type": "size-in-bytes", "uuid": "831e8d52-b818-4278-8db5-aae0737c23eb", "value": "210944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882729", "to_ids": true, "type": "vhash", "uuid": "015305e6-ae4e-437b-9566-5f5215b34b64", "value": "125066655d1555155az53?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882729", "to_ids": true, "type": "filename", "uuid": "efb9394e-7854-4fe8-8539-af1e2d46ba9d", "value": "adwapi64.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882729", "to_ids": false, "type": "text", "uuid": "0e218c06-d22d-429c-aaa0-5bb56cfbf240", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/ZooFang.D!dha\nVT Total Detection:31/72\nFirst Submission:2025-11-27T14:46:39.000000+00:00\nLast Submission:2025-11-27T14:46:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887843", "uuid": "64cc270c-9c3b-4608-bbf3-5fec7d7bd001", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887843", "to_ids": true, "type": "md5", "uuid": "77c2878d-7ae4-4907-bf31-fa730cdfb819", "value": "e0363a78a2715c3239c55dbe9d42db70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884328", "to_ids": true, "type": "sha1", "uuid": "44ed3fea-0afc-4aa5-9b3c-0b9fee81b3d6", "value": "68aaff6ea258fca36c08c000751ec8edd0ce7ab7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884328", "to_ids": true, "type": "sha256", "uuid": "a5d677ed-b0ae-4232-8d87-5e038d5e4eb8", "value": "0366b9bc02b00fda8ea28929b7159a038a43da0aa0299b8279bffc2d7e73892a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882750", "to_ids": true, "type": "ssdeep", "uuid": "f23d360c-0a72-4cf4-8109-a57c8fed6fbf", "value": "12288:VW7SwLGYrSyjGLAWQt858S8rQ0P3cutQ0MtSnu:EmwKUSyjGLbCg8rQ4tQfSnu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882750", "to_ids": false, "type": "size-in-bytes", "uuid": "e95aabf0-c17f-4a14-bdd8-8347bfb28939", "value": "573440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882750", "to_ids": true, "type": "vhash", "uuid": "df672a63-a9f6-486f-b74f-d21ef873c51c", "value": "b403a31e2f4b5efabe4551f8826f8b35" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882750", "to_ids": false, "type": "text", "uuid": "22a6ff28-f193-492a-be0b-e09e88ba56d4", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.BA!dha\nVT Total Detection:31/63\nFirst Submission:2025-12-04T12:54:52.000000+00:00\nLast Submission:2025-12-04T12:54:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887864", "uuid": "23c80ea3-3bf8-427d-9318-34dcbffe873d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887864", "to_ids": true, "type": "md5", "uuid": "62ab21ca-d7ca-4002-920f-4c71f77e28c3", "value": "3297e71a54086d24f5fa9c45853f9b5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884329", "to_ids": true, "type": "sha1", "uuid": "1a4f13ba-1012-4752-8889-8357aaba12f3", "value": "d8be1359a0b8c6f04c3152caac4a4619e49779ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884329", "to_ids": true, "type": "sha256", "uuid": "69d24a09-08f0-4e81-a36d-0b8595c8b84d", "value": "0ab301b3e43ac2394ec25c5d1caf79aa0785a2eaca801b0b1b6d4621f5e8c736", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882772", "to_ids": true, "type": "ssdeep", "uuid": "99a28eeb-aa52-4860-a113-341cafaea11f", "value": "12288:ZXJK19Ge5amAQmOB0wJyeIFOWwLg5utoIEZ4c8:5JK198vRs0woItoT4h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882772", "to_ids": false, "type": "size-in-bytes", "uuid": "68120652-8e33-4f10-bf9e-ebea1b8e0d66", "value": "672256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882772", "to_ids": true, "type": "vhash", "uuid": "a74c0092-bce6-4d81-a7d2-e8357adcdc62", "value": "c07daf7fc89905788c84a49aeef75aae" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882772", "to_ids": false, "type": "text", "uuid": "c0c7a4ec-9ff6-4be2-9cbc-c1e70bcb93c2", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.BA!dha\nVT Total Detection:28/63\nFirst Submission:2025-12-09T14:29:55.000000+00:00\nLast Submission:2025-12-09T14:29:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887885", "uuid": "337e2d2a-1bbe-4177-89a1-62dc4716af73", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887885", "to_ids": true, "type": "md5", "uuid": "1c5cc3cb-e173-45ba-9ad5-6ccf27f1f9ad", "value": "a9d561d6e2411cfb42701d5305c97365", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884330", "to_ids": true, "type": "sha1", "uuid": "9f35a4a5-fd64-4f0d-8b4d-266e78865d3a", "value": "2cb9f08a56dc254796a15e2a7828a89ff570b355", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884330", "to_ids": true, "type": "sha256", "uuid": "795f5df8-b162-4016-bfef-c73036679fbf", "value": "0db5bd9cb832618c60e0f3c0dfad719403473b85a82253dc0f6a8391800c0d0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882794", "to_ids": true, "type": "ssdeep", "uuid": "3a5bfe73-d476-40eb-96bd-04a859ac7c8a", "value": "12288:/3cupC47kfo/8FrUWlEaWnlBj7AM9/H9L1:0uY4IfloWnG7bj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882794", "to_ids": false, "type": "size-in-bytes", "uuid": "b54d5a3c-26a6-465c-8359-b94f950ba0a7", "value": "622080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882794", "to_ids": true, "type": "vhash", "uuid": "72e3732d-e174-4a83-8cf6-60faf887c4ed", "value": "d2575658318c9d1c28b8966942a5c1f5" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882794", "to_ids": false, "type": "text", "uuid": "f462f177-e2d4-4e98-9960-ca8983e0e617", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.B!dha\nVT Total Detection:29/63\nFirst Submission:2025-08-29T11:14:44.000000+00:00\nLast Submission:2025-08-29T11:14:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887907", "uuid": "ff3b3e6f-92ed-47f3-88ad-48df57aebf27", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887907", "to_ids": true, "type": "md5", "uuid": "7448817f-6cb8-4734-be80-3485c3791275", "value": "9a1c1ef5afd23988e4ebae208df224e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884331", "to_ids": true, "type": "sha1", "uuid": "3f41dd4f-d36b-4642-9b7a-3ef5ada8f74e", "value": "72841ae7fe3364146e90280b37aea9601558d8dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884331", "to_ids": true, "type": "sha256", "uuid": "3a17fc4f-8a3f-441f-bd2a-c0fa7d6e2288", "value": "144bddb48890fa680dfd226e36c0ef2c6d6f98a365aea48399edd0d0388711a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882816", "to_ids": true, "type": "ssdeep", "uuid": "289a2b61-fc07-4533-a5f9-c3b006a762ad", "value": "1536:RlCNpBgloPlFeQhgQ84FjF/OqpFJmWFFBFnh8KFVLDFmH9F8ckJFyFn3kSF6bex:LCpBgaPlFeQhgQ84FjF/PpFJmWFFBFn+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882816", "to_ids": false, "type": "size-in-bytes", "uuid": "7cb45738-bb59-475c-844a-aacca4b760f5", "value": "86223" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882816", "to_ids": true, "type": "vhash", "uuid": "1e4da29e-dbd3-4fcc-acf7-2b1142472790", "value": "b1f9916ffe0f7cb0a3e9cb0430863ed6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882816", "to_ids": true, "type": "filename", "uuid": "3604414c-aab6-4d4e-af2b-5e8bec27b12c", "value": "ThisOutlookSession.cls" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882816", "to_ids": false, "type": "text", "uuid": "ef5717d8-442d-482e-bcf0-9cde93716baf", "value": "Type Description: VBA\nMicrosoft: Backdoor:VBS/NotDoor.B!dha\nVT Total Detection:22/62\nFirst Submission:2025-07-17T15:53:14.000000+00:00\nLast Submission:2025-07-17T15:53:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887928", "uuid": "94bfe47f-1c88-44b0-bb89-4893a8910920", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887928", "to_ids": true, "type": "md5", "uuid": "4fda8d1c-5ed0-457c-913d-994a8c2c2a11", "value": "8ace52e8044f5ef16affe1121c0d41c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884332", "to_ids": true, "type": "sha1", "uuid": "3a2ada3d-eef6-4277-b4f8-52267162f901", "value": "2f6fdd6e7cbbb2501e1dbab4d0a31c6dab4691ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884332", "to_ids": true, "type": "sha256", "uuid": "eecce41d-43d5-490c-a873-2183149c5952", "value": "14acfaca5fc59d5ee9592399e51636ec47fbea36623555635a1361fcd2f50dfa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882837", "to_ids": true, "type": "ssdeep", "uuid": "771b91b8-c8d6-4c97-a847-e5b4521aa620", "value": "768:qPjzXYq6UJl6V6P1RcJ89nPE+AA286y2L6+yP6w66U6/XptALgFJi0tmPBqdQkSu:qPjzIqBPYUPHHY3CUhQjALgxDFKFQT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882837", "to_ids": false, "type": "size-in-bytes", "uuid": "4441d88a-2916-4e83-b9e8-cd4fc028a5c3", "value": "90715" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882837", "to_ids": true, "type": "vhash", "uuid": "51b71d60-88c9-4339-93d8-3fd8796944d5", "value": "8c30b729e4127707308fff6551f3babb1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882837", "to_ids": true, "type": "filename", "uuid": "cc2a75d8-245c-4afa-ae84-8d93a3014128", "value": "XSS_Vulnerability_Report_2025-09-05.rtf" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882837", "to_ids": false, "type": "text", "uuid": "79944d91-b4cf-40c2-9472-48d989f3b35b", "value": "Type Description: Rich Text Format\nMicrosoft: Exploit:Win32/Tudimons.A\nVT Total Detection:32/62\nFirst Submission:2025-05-14T15:41:25.000000+00:00\nLast Submission:2025-05-14T15:41:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887950", "uuid": "c872764d-8192-45f5-b854-305618f26aa6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887950", "to_ids": true, "type": "md5", "uuid": "a96262c7-d65c-42ca-9efb-889a7bd5ec35", "value": "f727805e7b341f6dea118136fe1b04bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884333", "to_ids": true, "type": "sha1", "uuid": "5ac5d4d6-37e8-43a8-9888-8b5868683b93", "value": "f2cf16e81d1c1304864fd75f86c0e75ce6c8fc87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884333", "to_ids": true, "type": "sha256", "uuid": "40c046c4-9fee-4ca1-90d4-dad6dc5beecf", "value": "1565934e529b5a9b6af7e60800a91f7ac3a6ec2e24b4f6df0f808d253b45cf42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882859", "to_ids": true, "type": "ssdeep", "uuid": "83af4149-e9d1-4680-a159-f0bbb0604583", "value": "3072:2NTaOO/62QsK1JKuKY5Y8K24zVwMfrIIYvKtqLl1epUypbaA8zhOwnPKjVR:V/tQsK1JKC5fkuW8KtUhC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882859", "to_ids": false, "type": "size-in-bytes", "uuid": "ffe3b54b-a6d4-4a13-88f9-8bffa41776b5", "value": "201728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882859", "to_ids": true, "type": "vhash", "uuid": "16ea2e59-dd5d-4f8b-b7d1-dcc029b33f01", "value": "125076655d15551d055az55?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882859", "to_ids": true, "type": "filename", "uuid": "fcaecf07-b58a-46b0-8f79-e980520f4d2a", "value": "adwapi64.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882859", "to_ids": false, "type": "text", "uuid": "cb8efaa8-4327-4c67-b522-43bdfa3f90ff", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:35/72\nFirst Submission:2025-12-09T14:34:49.000000+00:00\nLast Submission:2025-12-09T14:34:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887971", "uuid": "8a3b27eb-7995-4408-9f54-1f107fd7ba94", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887971", "to_ids": true, "type": "md5", "uuid": "95dbd315-14d2-438c-aa08-1b4e08c1a32f", "value": "6c2ca66c92d2aa8b42b4e046fab1305e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884334", "to_ids": true, "type": "sha1", "uuid": "f19d3058-53ae-4d78-8a08-a648af0b0d87", "value": "6a866552cc046a46e3937de540d22e0d5788e16e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884334", "to_ids": true, "type": "sha256", "uuid": "af04e4c2-0a99-4d92-b2ad-6cb0263d2bbb", "value": "18f9c08e60bb88891f5bb5dd133ae804703c0797bebdde397c01513a67b86a1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882901", "to_ids": true, "type": "ssdeep", "uuid": "cc0e378e-c52c-44d4-b823-486fc7c99047", "value": "768:8X3opn65xUdCzjn8lBERJ0RDWsbq3u7QBxYX1ICs4kTFwvl5ibP2HcGQo9:8opn6nlbkZVqbBxYXxkT6lsbP2HcGD9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882901", "to_ids": false, "type": "size-in-bytes", "uuid": "014f74ef-b7d7-4b70-84a2-1aae4b76a3a2", "value": "122412" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882901", "to_ids": true, "type": "vhash", "uuid": "d79b93a1-b443-4491-aeaf-bbc0102643f8", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882901", "to_ids": true, "type": "filename", "uuid": "2d80f13b-fa4b-40a0-b67a-fe97b060cc72", "value": "96.rtf" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882901", "to_ids": false, "type": "text", "uuid": "07411488-f3d5-4561-a022-9c89140f2df8", "value": "Type Description: Rich Text Format\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:35/63\nFirst Submission:2026-02-04T09:22:26.000000+00:00\nLast Submission:2026-02-04T09:22:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775887992", "uuid": "fc54c149-430b-410e-8086-b75c0139419d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775887992", "to_ids": true, "type": "md5", "uuid": "cfca0df7-0d1d-456f-8463-773ac7e6a9f2", "value": "09046c9786961780b77e936d4f70b3fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884335", "to_ids": true, "type": "sha1", "uuid": "e6d7d899-d49e-44de-b4c0-fdddae589bfa", "value": "bebbb32089825263a83be0b81dc4468a7dfd006f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884335", "to_ids": true, "type": "sha256", "uuid": "d467f2dd-096e-4a8f-a396-c82c572e92b6", "value": "36f5e04213d446c4208864f32a6af18d5184bbbb628808ef0a876ea6c31ea0b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882944", "to_ids": true, "type": "ssdeep", "uuid": "7f276138-9eaf-442f-8f9a-d3043d8fac1c", "value": "3072:9llJKffx2HedxLh4Yg5XWBXKzxgIhGaAggS5qskE7OA1tpCVNHy/8GeEAWPX7muR:doZVvy/8GeCjma4oZVvy/8GeCjma" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882944", "to_ids": false, "type": "size-in-bytes", "uuid": "3d305bba-55a6-49d6-a02f-4dbc19c2fe7e", "value": "262144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882944", "to_ids": true, "type": "vhash", "uuid": "f2338703-a1e5-4160-9929-8bfb941cda62", "value": "8e5e7c574e72e0878216721d28bfab5f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882944", "to_ids": true, "type": "filename", "uuid": "d35d9e43-065d-4cb2-8a86-e1f7a9fe4ab2", "value": "vbaproject.otm" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882944", "to_ids": false, "type": "text", "uuid": "67df4fdc-2422-4f64-a7e5-d8ae395cfcdb", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:O97M/NotDoor\nVT Total Detection:28/62\nFirst Submission:2025-02-19T07:20:56.000000+00:00\nLast Submission:2025-02-19T07:20:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888013", "uuid": "db452a89-abfa-4de1-b491-eeff7fbaa4de", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888013", "to_ids": true, "type": "md5", "uuid": "c4bff515-984f-460d-a66c-545226d69268", "value": "3a7d04818e6c722c23863cf129f63010", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884336", "to_ids": true, "type": "sha1", "uuid": "57e85f90-4dba-43e1-8c66-f5bf5adc5d31", "value": "bbf75682696eb9f69edaf8961201bff5e04da75b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884336", "to_ids": true, "type": "sha256", "uuid": "e7ee9eb3-aee4-4306-a5c4-d24d079c7119", "value": "4f6aa45f2ead7ddb6a81f4a2b9745f8ec117d96971d4d80bb06f3ec3db5951da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775882987", "to_ids": true, "type": "ssdeep", "uuid": "5fc15831-8bfa-4dc0-8d65-ccb930be0de7", "value": "6144:JNvtVlAbQtlny17E86pvL+4CSYbohxMOo:JNVHYQtNyK9pv+/Gxzo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775882987", "to_ids": false, "type": "size-in-bytes", "uuid": "38f3b442-deb6-4dc6-9cf9-9ef4db2b1979", "value": "289053" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775882987", "to_ids": true, "type": "vhash", "uuid": "fb413a51-433f-42e4-8b17-0506c9558eb3", "value": "9e4826b8a75ef497d532a7df15e4f51b2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775882987", "to_ids": true, "type": "filename", "uuid": "c13d692e-8e58-4f20-929e-0b647f01282b", "value": "izjava o opterecenju zarade preko pola ovjerena - ivan simovic.pdf" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 30/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775882987", "to_ids": false, "type": "text", "uuid": "dde0611d-a9a4-4418-87fd-2b8bae846a69", "value": "Type Description: PDF\nMicrosoft: None\nVT Total Detection:0/63\nFirst Submission:2025-02-19T07:25:00.000000+00:00\nLast Submission:2025-02-19T07:25:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888034", "uuid": "7a2bc949-fde3-47e9-85f7-51e2c56f2a46", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888034", "to_ids": true, "type": "md5", "uuid": "e2bf80dc-4c84-40a3-8b15-962ddf081c6d", "value": "2145941f76ff77c62f35a8bab6c162a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884337", "to_ids": true, "type": "sha1", "uuid": "c9cb172b-7476-4af0-a857-3fe717a27f95", "value": "4edc089f40759ffdc24e4af413d4605f78cb9ee4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884337", "to_ids": true, "type": "sha256", "uuid": "ccbdb92b-8d10-432d-a878-f3ce6e9a90f5", "value": "57357655a62e3a8b1f4b78e1d3ed7e0f6d59a9bac213087294f91bb7847b2a8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883009", "to_ids": true, "type": "ssdeep", "uuid": "37d29248-5266-431f-b204-704a35371c7e", "value": "24576:H5lsk4Si7/WtirDxjVq3hWckC8mQRip22ovdov89pCGxI:HQk4S8/WtSxjOhnQRW29vWv89" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883009", "to_ids": false, "type": "size-in-bytes", "uuid": "8fef081e-9592-4942-b35a-7a2d3f31e7de", "value": "2144256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883009", "to_ids": true, "type": "vhash", "uuid": "43ab7a05-bda8-48a9-9d4f-5b8629977a0b", "value": "026096655d65551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883009", "to_ids": true, "type": "filename", "uuid": "20ec469b-6b8c-43c1-9ad6-e79c1bb3a0f4", "value": "build.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883009", "to_ids": false, "type": "text", "uuid": "3f5f3e56-58a0-45d5-8ed3-2629c2541bdd", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:46/72\nFirst Submission:2025-02-19T07:21:26.000000+00:00\nLast Submission:2025-02-19T07:21:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888056", "uuid": "27aaec2d-131e-4b0c-8b2d-b20fd81bda57", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888056", "to_ids": true, "type": "md5", "uuid": "0455144b-8a4d-45a9-a9cc-22673ce223e8", "value": "acdfa0042cd6007dcf39dcd7f1aa0331", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884338", "to_ids": true, "type": "sha1", "uuid": "669fe75b-d3a0-4e9f-9801-d319d032c236", "value": "ae1c865ace7d220beec34e016a33b633fb242b17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884338", "to_ids": true, "type": "sha256", "uuid": "c2164a02-f8f9-464a-876d-6259ab7c52e7", "value": "5c2a2c49e200a2d048f477440da75ff4a99c676943f6f7cac1ce70190520f998", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883031", "to_ids": true, "type": "ssdeep", "uuid": "9fb6d05e-3323-429d-b07f-af9c9e2d7830", "value": "12288:kYuXRdTUWXRpozIsaNde1v148KzTdZlQqviJIevuOSdsF5z:tMxVOIu1G8KzTdbQqwDT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883031", "to_ids": false, "type": "size-in-bytes", "uuid": "70783cbc-ab56-4969-abbc-016e5e520a45", "value": "574464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883031", "to_ids": true, "type": "vhash", "uuid": "90ca7254-bf60-4354-b196-e21759dfc556", "value": "155056655d75555038z53?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883031", "to_ids": true, "type": "filename", "uuid": "14b4c237-15dd-4a12-96ba-60ad978e6ec7", "value": "s6uzn12.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883031", "to_ids": false, "type": "text", "uuid": "98522e8b-6d93-4440-8492-e5cca3b6d1ef", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/ShellInject.DC!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-02T18:51:23.000000+00:00\nLast Submission:2026-02-02T18:51:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888077", "uuid": "0e33ff03-2506-4ee0-bdae-861fe4a4e4e0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888077", "to_ids": true, "type": "md5", "uuid": "9367ca9a-1eb6-48c8-a67b-704d5258f736", "value": "4448f7a6f02c3e65a9c481106cc0bea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884338", "to_ids": true, "type": "sha1", "uuid": "1016acfc-5c20-4285-b731-3c44bc0f04da", "value": "634840a42e771f44a30283b77c428c35ebb8ae5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884339", "to_ids": true, "type": "sha256", "uuid": "031eee8f-b5dd-42bb-b0c0-5a0539aa6304", "value": "64f2d135603220b47dd430be5e059dcedd80ad2bc3c17500816ec5d07e39d3d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883053", "to_ids": true, "type": "ssdeep", "uuid": "fc4b6eba-2b9d-4653-b95e-9ba87d0b17a7", "value": "12288:4UlsWFRfYuGvHkH9jOOkyuq3NSEb+RU39EbVB:4SFptx9jOOAM1CbVB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883053", "to_ids": false, "type": "size-in-bytes", "uuid": "8c6a221a-d040-43d7-8851-e47d06167e62", "value": "711168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883053", "to_ids": true, "type": "vhash", "uuid": "e701d097-92ac-405a-ac74-9addbbcf298a", "value": "8147a2faf4b94f1c7602c13cd55d1965" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883053", "to_ids": true, "type": "filename", "uuid": "9286c8f2-f320-420d-884e-05072694c9d8", "value": "\u0414\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u0432\u0456\u0434 markiz.xls" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883053", "to_ids": false, "type": "text", "uuid": "78804d40-11d8-4d23-8acc-6bf35a65c8f3", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.BA!dha\nVT Total Detection:31/63\nFirst Submission:2025-12-01T11:45:09.000000+00:00\nLast Submission:2025-12-01T12:05:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888098", "uuid": "1660d44b-5a38-4961-a7cb-4b4a15330000", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888098", "to_ids": true, "type": "md5", "uuid": "b383aa57-277c-4ced-87eb-56271c924f2b", "value": "b5b95878703b8ab5ea04a9c8a25272ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884339", "to_ids": true, "type": "sha1", "uuid": "a0bf2412-44cd-47f0-bda3-ad935218dd9d", "value": "eb3e96fb80eaa5b2fc8617f5318e3842f0d253aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884340", "to_ids": true, "type": "sha256", "uuid": "503cef3f-fad7-4033-9b28-f206f4179482", "value": "71ef7438d785f3102735ed9d9233ac366507c82fc4fac4de88f687a105c84df6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883075", "to_ids": true, "type": "ssdeep", "uuid": "3d4f10f5-19b1-4a06-918a-9a8389c6891b", "value": "6:9cNAWdgUsBNq92GU9vEfcoH+bKAcoH+Tvot1IGU13ACiILix9V9WnDo:9vWdU20IH+bpH+Et1VBJmM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883075", "to_ids": false, "type": "size-in-bytes", "uuid": "812dc066-d4fb-423c-8a05-ea4d166b1b76", "value": "317" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883075", "to_ids": true, "type": "vhash", "uuid": "4f7a9ea6-fa54-4d92-9a35-fbbacb4f0001", "value": "4b02a6472d6aeafe1eae134439052ad4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883075", "to_ids": true, "type": "filename", "uuid": "66b21818-c998-4731-b8c6-c507039ef9fe", "value": "EHygbjYHlw.vbs" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883075", "to_ids": false, "type": "text", "uuid": "c7d96c1c-9e2e-4799-aabf-372ea60a6286", "value": "Type Description: VBA\nMicrosoft: None\nVT Total Detection:22/62\nFirst Submission:2025-02-19T07:25:00.000000+00:00\nLast Submission:2025-02-19T07:25:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888119", "uuid": "d13635ad-3895-44bc-a175-681861f70e2c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888119", "to_ids": true, "type": "md5", "uuid": "83e28565-165a-4fc1-a5da-2b52ba4fa840", "value": "e1c87ca0c69fefb470ef84bad847cabd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884340", "to_ids": true, "type": "sha1", "uuid": "fbdbaa18-e3e5-4465-9e96-e11d11ad48c0", "value": "12f0fd417b4727a4fcf2e360378d4cb9e3a18577", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884340", "to_ids": true, "type": "sha256", "uuid": "cdd45e64-6516-44f7-ba88-c8664a122ce6", "value": "8d09eb897f2bc98035ef88152e2b5d571a7b61878dd12b451e0437089487a417", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883181", "to_ids": true, "type": "ssdeep", "uuid": "4aa84812-c1f9-4c48-9412-a2e9dd16c72f", "value": "12288:6UlsWFRfYuGvHkH9jOOkyuq3NSEb+RU39EbVB:6SFptx9jOOAM1CbVB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883181", "to_ids": false, "type": "size-in-bytes", "uuid": "609d1b13-f750-4356-aa8f-1bc27b4c849b", "value": "711168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883181", "to_ids": true, "type": "vhash", "uuid": "861ef857-4281-4b65-b52b-2bf0f86319ad", "value": "8147a2faf4b94f1c7602c13cd55d1965" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883181", "to_ids": false, "type": "text", "uuid": "f387ec32-a7df-4b05-a6f7-2a7039be5db8", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.BA!dha\nVT Total Detection:34/63\nFirst Submission:2025-11-29T12:52:03.000000+00:00\nLast Submission:2025-11-29T12:52:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888140", "uuid": "3ed50b59-7398-4758-8817-cd190125c8a1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888140", "to_ids": true, "type": "md5", "uuid": "e7a485b2-47b2-45b2-8189-cee1a825f3ec", "value": "d5c7aed8f34f88650b5c0019869c9663", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884342", "to_ids": true, "type": "sha1", "uuid": "dd9bf150-b170-467a-9d07-eb93e8e427bf", "value": "186789401f97dbbcfcea9b3fff9fd97b006c9403", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884342", "to_ids": true, "type": "sha256", "uuid": "06017842-0b7c-4b15-a687-7acc88ef78c8", "value": "92697d518e72a30800e96b63cf875573bd536c9b993d22014238f6a9f0e19e0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883203", "to_ids": true, "type": "ssdeep", "uuid": "6a5db6c0-f042-4d5b-b1cd-5111a3fb02d8", "value": "1536:RC7Q+ur+c+jMPyjljD0KQhRsxJr2QdU/7YsupzhXh0j51tiCFeuJ6rEJ/n/zD6gO:jhRsxJiQAtiCplsso" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883203", "to_ids": false, "type": "size-in-bytes", "uuid": "2fc3f921-b87c-4f19-b537-22d14e5a6f6a", "value": "87105" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883203", "to_ids": true, "type": "vhash", "uuid": "e235cb12-bfd7-40b3-b850-97d2fcb0bd70", "value": "6ab9855ca5c6a067bbb411410001ca3e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883203", "to_ids": true, "type": "filename", "uuid": "c3be4802-dc67-418d-9ccb-11d3e2f1b61a", "value": "ThisOutlookSession.cls" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883203", "to_ids": false, "type": "text", "uuid": "1d0f7c4b-dcc5-43e5-b890-97963d09eef3", "value": "Type Description: VBA\nMicrosoft: Backdoor:VBS/NotDoor.B!dha\nVT Total Detection:21/63\nFirst Submission:2025-02-19T07:53:30.000000+00:00\nLast Submission:2025-02-19T07:53:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888161", "uuid": "f34bbcfa-2fc2-4534-9185-aa6f8e8d5157", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888161", "to_ids": true, "type": "md5", "uuid": "91ccadf1-5f21-48cc-a235-61ceaee25d61", "value": "14cbb1503bbb1a91d591c7bf1a27e95f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884343", "to_ids": true, "type": "sha1", "uuid": "620f9a59-45fb-476b-bfef-806a4ae6cc9f", "value": "c3ab2ff92607ed4c0f7ef7d2a1d8900d54bc403b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884343", "to_ids": true, "type": "sha256", "uuid": "86362e0d-aad0-4980-a3f2-c4642d08cbf8", "value": "92a56faf6eccfad8281213393fad584cbd7b9e04db875dfb8fc01e1dbf4cbdd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883225", "to_ids": true, "type": "ssdeep", "uuid": "25fba018-c11d-4926-af9a-174b90f77479", "value": "3072:WpI1ZIn6SUBPKg4A+FlwlrDQr+Ffz56oVnZOI0KXX8V0V3NwpxAejspI1ZIn6S3k:ZKyL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883225", "to_ids": false, "type": "size-in-bytes", "uuid": "318a53f0-d4ad-41cc-a6d0-d55e7d02afab", "value": "1191936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883225", "to_ids": true, "type": "vhash", "uuid": "958af274-9f7b-4400-b3be-18c3c1913524", "value": "21603615151908111z14" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883225", "to_ids": true, "type": "filename", "uuid": "f3e583cd-658a-481e-8e6a-569c84c311bc", "value": "Project1.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883225", "to_ids": false, "type": "text", "uuid": "5bbd4c04-df51-45d1-a053-52f3814758c5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:44/72\nFirst Submission:2025-02-19T07:49:28.000000+00:00\nLast Submission:2025-02-19T07:49:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888183", "uuid": "f513e90e-b41c-4856-a829-a72319ac86e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888183", "to_ids": true, "type": "md5", "uuid": "e4ff086d-79dc-45af-ac52-62b957577fea", "value": "f1c1ad94abf69e72f9ed491c4618f87f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884345", "to_ids": true, "type": "sha1", "uuid": "427b1722-fd4e-4749-a745-946ef3f27bcc", "value": "73cd5cce8b243543b66475d737fb7c9bb7b736f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884345", "to_ids": true, "type": "sha256", "uuid": "e38d08c2-4363-407e-a9f3-b4855156c45a", "value": "948f109756cba0b01f11fd3db9c47a76125c4b1d9467ff1bd9c5013d214c933f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883246", "to_ids": true, "type": "ssdeep", "uuid": "b3e13ca0-280b-4a8f-adf7-563be609a413", "value": "12288:TwE99Ze79AaTKvCrlnxf+9LUgK7ZLKPn:MEkhLTKvg29LelL4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883246", "to_ids": false, "type": "size-in-bytes", "uuid": "928238f1-4112-4ac7-93e5-351c5b15e5d9", "value": "578048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883246", "to_ids": true, "type": "vhash", "uuid": "6ea1d193-c2de-4c4d-95f6-953ff67d2c16", "value": "b403a31e2f4b5efabe4551f8826f8b35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883246", "to_ids": true, "type": "filename", "uuid": "07d2e09a-3dae-49ce-9fe2-4ba26bf60bc8", "value": "5948945454516551" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883246", "to_ids": false, "type": "text", "uuid": "ca5224ff-1c36-488c-8d97-236db4849ed3", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/ZooFlip.BA!dha\nVT Total Detection:33/63\nFirst Submission:2025-12-10T12:50:18.000000+00:00\nLast Submission:2025-12-10T12:50:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888204", "uuid": "f8281f18-2fb8-4753-b073-a42e370b7f26", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888204", "to_ids": true, "type": "md5", "uuid": "a2ef01f6-b4b0-45dc-807c-8e41e0a33e89", "value": "2c2a8ee4ebeeda90b32da2df1b4e161e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884345", "to_ids": true, "type": "sha1", "uuid": "3eca0367-294e-4048-b03d-70c680871fa5", "value": "7a18e7eaa86d54d909f981d37339d8933c21d4b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884346", "to_ids": true, "type": "sha256", "uuid": "4c1f922d-ab71-428d-b89c-f67d9f5a760d", "value": "970e68e8b68e0c5f3f18cd55e0c82304e81547f8ebf349390db1c8a0681699fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883289", "to_ids": true, "type": "ssdeep", "uuid": "be2cc28a-9836-4a74-b9d1-5512e1debde3", "value": "768:Ri+ZJx5/0pSrWrJBgxkoQ6sigQMdcxmvLd5/RcA0b8+RsO:Ri+ZJx5/08Szg9sr6xS5/RcA0gE9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883289", "to_ids": false, "type": "size-in-bytes", "uuid": "a1238cf8-a677-425c-a571-3f17e4c8a98b", "value": "87105" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883289", "to_ids": true, "type": "vhash", "uuid": "f2fc98cc-85e1-4667-8a70-6fc02c51efbb", "value": "b1f9916ffe0f7cb0a3e9cb0430863ed6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883289", "to_ids": true, "type": "filename", "uuid": "7bb62007-ed23-4454-ab7d-560ea79096c7", "value": "ThisOutlookSession.cls" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883289", "to_ids": false, "type": "text", "uuid": "def1b94b-327c-44a1-a31c-712fe276c999", "value": "Type Description: VBA\nMicrosoft: Backdoor:VBS/NotDoor.B!dha\nVT Total Detection:26/62\nFirst Submission:2025-02-19T07:27:34.000000+00:00\nLast Submission:2025-02-19T07:27:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888225", "uuid": "cc33bfe1-7671-4bb6-956c-59711acd112e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888225", "to_ids": true, "type": "md5", "uuid": "aedb8468-3e1f-4108-adfb-4de568c0be30", "value": "044bedb87a127d8d20f21e76fbdb1af4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884347", "to_ids": true, "type": "sha1", "uuid": "d3ddcd7f-ebb5-4b2a-b724-511962002c08", "value": "873203e44671322ae6d833addbe2be77b49a32de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884347", "to_ids": true, "type": "sha256", "uuid": "80f8658a-17a7-42b5-bdc9-c12e95b77dc2", "value": "9aa8b46d62eb426842b8ff0fc28e64719494f0f64d516253caa71a6fd86e9ad3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883311", "to_ids": true, "type": "ssdeep", "uuid": "1db10707-afff-40cb-b7af-bde024b03b5e", "value": "24:9AU208PxQS8PV8P5b8bQxQS8bQV8bQ55FIerzeEt14:eVPuDP2P+cuDc2c9TrKEt14" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883311", "to_ids": false, "type": "size-in-bytes", "uuid": "2e179f19-cb28-46fd-9ee8-7bd79c940cf0", "value": "914" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883311", "to_ids": true, "type": "vhash", "uuid": "846836b7-2d4f-452f-9194-0310590d7aad", "value": "61fafee93c08bb3d3c53d0f429525f68" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883311", "to_ids": true, "type": "filename", "uuid": "3e327f4d-a7d5-40f9-8fcc-a40fb76ea342", "value": "outlook.vbs" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883311", "to_ids": false, "type": "text", "uuid": "ecd8d981-513f-485f-8ac3-fac2a3846448", "value": "Type Description: VBA\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:23/62\nFirst Submission:2025-02-19T07:50:30.000000+00:00\nLast Submission:2025-02-19T07:50:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888247", "uuid": "f049441f-ae5f-4537-a2d1-d2e52c0255b7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888247", "to_ids": true, "type": "md5", "uuid": "8a8f1f29-1fb3-401b-86c3-8fcbf0cfd5b4", "value": "0cbea00ae07f3498f3a78f6a82b57c2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884348", "to_ids": true, "type": "sha1", "uuid": "504fe7f7-c7a1-4fec-9a26-70a2bf2929e1", "value": "9cec9ead0cb8ba1587b2fe703a4b86e9b5d42b18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884348", "to_ids": true, "type": "sha256", "uuid": "0d586fce-edc5-4915-992b-91701f876534", "value": "a848d48c79b77753a876d876baa3e802a5a37be37e7a772ddbd9a266cd1796ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883354", "to_ids": true, "type": "ssdeep", "uuid": "88f7333e-6de0-4401-9347-6f54f0f1f1ab", "value": "384:dzqiHv7GQQKQd0si2BQTRRW7LI+F6Nxt/ZtNNHIndM/IyTEntNon6SDp:oi7QTd0siMQTRU7DwxllN4dMbTqNI9Dp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883354", "to_ids": false, "type": "size-in-bytes", "uuid": "4345e5b9-027d-4369-a898-9ae0731a3189", "value": "26147" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883354", "to_ids": true, "type": "vhash", "uuid": "1aac557b-bddd-408f-9312-4873649539b5", "value": "f107c4fa7fe1241f249a9127e7a08052" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883354", "to_ids": true, "type": "filename", "uuid": "30efd8e3-00ea-4d60-873c-81876088b4c1", "value": "egsnrx.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 01/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883354", "to_ids": false, "type": "text", "uuid": "416a2db7-5863-4065-a907-78e82d42f4bf", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:0/66\nFirst Submission:2025-02-19T07:20:56.000000+00:00\nLast Submission:2025-02-19T07:20:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888268", "uuid": "bf22b5f7-a70a-4460-b234-7628e633539b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888268", "to_ids": true, "type": "md5", "uuid": "84b7f3c4-f192-4a8b-acd7-51445c2ada23", "value": "2ded5b45c89fbfeb7534f5c84430a6c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884349", "to_ids": true, "type": "sha1", "uuid": "2a79ca1a-de59-4335-812e-2904a2bc1dbb", "value": "3371162faef3e592a39ed17ec253b5298bc5bd7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884349", "to_ids": true, "type": "sha256", "uuid": "e5f40d1b-8c2f-47d2-8dd1-3bc2aed1fba0", "value": "a95ee15e8ccf84521df2c80b1525fd89e205fc0280c3f6cbc24751080ea29206", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883376", "to_ids": true, "type": "ssdeep", "uuid": "c08ef7c2-f26f-499e-90b8-3d83333f4196", "value": "3072:Ezolxhkw5IX3ChEFz/jM2xKBxIrr4X1LToClNvNoyVHVgvg9OaoohKwj1pde:EUl7v5y3CaFr9ZQVTowNv1doofj1v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883376", "to_ids": false, "type": "size-in-bytes", "uuid": "a2cf9810-4c75-4bc2-b316-ac4bba1134e8", "value": "206848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883376", "to_ids": true, "type": "vhash", "uuid": "d9c6c010-680c-4df5-ab10-add74747716c", "value": "125076655d15551d055az53?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883376", "to_ids": true, "type": "filename", "uuid": "8cccbb3b-f764-42e1-a2f7-94bec82d22a8", "value": "adwapi64.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883376", "to_ids": false, "type": "text", "uuid": "f5b12801-0885-4c7e-ad71-6ed30b878898", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:40/72\nFirst Submission:2025-11-29T12:56:10.000000+00:00\nLast Submission:2025-11-29T12:56:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888289", "uuid": "5b4cee01-e1c8-4569-8c9f-ce24d0987af3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888289", "to_ids": true, "type": "md5", "uuid": "b9b517dc-2484-404a-b164-a17f217fc351", "value": "c11dc9e778e45b6edd0f903793039f6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884350", "to_ids": true, "type": "sha1", "uuid": "cc1c9770-2638-40a9-9313-6fe04b7db2f7", "value": "678d334913b1598a25d1a1930297b29b6aef25ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884350", "to_ids": true, "type": "sha256", "uuid": "0ad99c6d-c6cc-4877-96fa-b19d05ad3c8d", "value": "ba01a2355414dfedda9ac5ce0d7a2d8edfb89ec3ae3e68fc81db035caa741854", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883419", "to_ids": true, "type": "ssdeep", "uuid": "bbd716ff-9702-4940-b490-1031fd70a516", "value": "3072:kS5q5vJleiKRlCgV9TUsUKk0rZw5rJp4PARqKmjpdhOSbIWgcKwvo:n0ne9RlCrneSvUAR+x+u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883419", "to_ids": false, "type": "size-in-bytes", "uuid": "133fa0fb-0001-4bdc-a9b1-ee1983800ca7", "value": "215040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883419", "to_ids": true, "type": "vhash", "uuid": "1d7e4257-f39f-4145-af44-e6922001aa91", "value": "125076655d15551d055az55?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883419", "to_ids": true, "type": "filename", "uuid": "501a7bbb-b166-4d7c-b8bc-141c698562c4", "value": "adwapi64.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883419", "to_ids": false, "type": "text", "uuid": "98edea69-4b5d-4a77-bd3d-a5cb2ad67022", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/ZooFang.D!dha\nVT Total Detection:33/72\nFirst Submission:2025-12-09T14:07:56.000000+00:00\nLast Submission:2025-12-09T14:07:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888310", "uuid": "c2c9fa42-d963-4369-b236-c320e8789b94", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888310", "to_ids": true, "type": "md5", "uuid": "40aab28c-16dc-433b-9d21-25489ae97f21", "value": "8351ca31e38dec14c8e77869cef891ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884352", "to_ids": true, "type": "sha1", "uuid": "c5669498-2228-4800-a9df-0b75d588a5ef", "value": "b84fce132a6732aae2c8157fb25411aaa674a488", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884352", "to_ids": true, "type": "sha256", "uuid": "7bcf5930-6e5f-402e-b852-44c76b383543", "value": "bb309ed228f97f3cf864ea89fa502f43214af4fb4b98d78837e42c4a4940b5f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883441", "to_ids": true, "type": "ssdeep", "uuid": "2ba7479c-5726-4ab1-b257-3282e20462f2", "value": "6144:jh5PpNz12xqm8mIw2Y2VOg2GL2t2WE2h2HV2IJ2323o2HrEwtPPS:N5PpNz12xqm8mIw2Y2VOg2GL2t2WE2hh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883441", "to_ids": false, "type": "size-in-bytes", "uuid": "62a30b9a-3e35-43c6-81e3-48c692857d5e", "value": "235026" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883441", "to_ids": true, "type": "vhash", "uuid": "40f2155b-92a7-4fd6-a1c6-3ae410f2326a", "value": "7d16cbadae6d46ff1038013eccbebf66" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883441", "to_ids": true, "type": "filename", "uuid": "a9ff9379-4278-4f98-903b-6deded756c57", "value": "macros_from_8f4bca3c62268fff0458322d111a511e0bcfba255d5ab78c45973bd293379901" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883441", "to_ids": false, "type": "text", "uuid": "d51eeeca-1531-404f-a98c-7aa88d6302e5", "value": "Type Description: VBA\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:16/62\nFirst Submission:2025-07-17T16:28:45.000000+00:00\nLast Submission:2025-07-17T16:28:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888331", "uuid": "92c7c794-4bdb-4226-b329-9392b64ecbff", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888331", "to_ids": true, "type": "md5", "uuid": "93379b73-046f-42d2-8505-79551abf92da", "value": "70c76be9ba22b5f7d6a1366c650f5f14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884353", "to_ids": true, "type": "sha1", "uuid": "c3b7a255-d38f-4e18-acb8-1b80f3cd4b20", "value": "f324d9c7438d6facfc97eb62dfd6b9eedf34e35e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884353", "to_ids": true, "type": "sha256", "uuid": "d2ed1004-883a-498b-82be-fdf7da0e018f", "value": "bbfd93dbf43236b7f64017ad20f72dd611de1acb4b15e02569e42887467b34d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883462", "to_ids": true, "type": "ssdeep", "uuid": "17aeb506-e46b-4c05-a8cd-bbab0c4039f7", "value": "768:8X3opn65xUdCzjn8lBERJ0fq3u7QBxYX1ICs4kTFwvl5ibP2HcGQo9:8opn6nlbkZfqbBxYXxkT6lsbP2HcGD9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883462", "to_ids": false, "type": "size-in-bytes", "uuid": "c5e33850-9dc9-43a0-9738-5fc64b2f4023", "value": "122013" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883462", "to_ids": true, "type": "vhash", "uuid": "5511d0c1-fcc7-4e94-b460-9163d5628341", "value": "8a7d38235637e42a2847d943a240ff39f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883462", "to_ids": true, "type": "filename", "uuid": "4f377627-8c1f-4169-902e-1fe06fe30767", "value": "bbfd93dbf43236b7f64017ad20f72dd611de1acb4b15e02569e42887467b34d4.rtf" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883462", "to_ids": false, "type": "text", "uuid": "bf9973c6-b9c9-42d8-ab69-0041c7fb7aae", "value": "Type Description: Rich Text Format\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:35/61\nFirst Submission:2026-02-04T09:20:49.000000+00:00\nLast Submission:2026-02-04T11:32:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888353", "uuid": "300057c3-22e9-4179-9787-b473f0509c39", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888353", "to_ids": true, "type": "md5", "uuid": "a34b0258-9727-4700-9a5e-8f5b774ba07b", "value": "4abed527785818b7d9b37a5b537c30cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884354", "to_ids": true, "type": "sha1", "uuid": "d859e271-74ee-4b25-a801-e953a273f8a0", "value": "006bae9de197c935720574575a849e04262331c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884354", "to_ids": true, "type": "sha256", "uuid": "1d9aa207-29fd-4327-b5b3-b02a0a9b7112", "value": "c87be2f30cc974d0859526b9dd104e015f0e5d04bc43198305537f276705691e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883505", "to_ids": true, "type": "ssdeep", "uuid": "9cbe5e6d-c553-42fa-baaf-8176983ea568", "value": "49152:ZgPuCPwlNYoHjjSjBBivWv1YDPqxCbFwrIq:ZXtyCvWv2DTJcIq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883505", "to_ids": false, "type": "size-in-bytes", "uuid": "1ef26d65-35ce-4e63-8bdf-b93efe70a1b2", "value": "2631168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883505", "to_ids": true, "type": "vhash", "uuid": "6057d26a-e5fc-4180-8089-45af192769f0", "value": "026106655d55551555757az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883505", "to_ids": true, "type": "filename", "uuid": "f24b81ce-bedf-4375-baaf-982f0570eb28", "value": "UGOVORCI FEBRUAR.docx.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883505", "to_ids": false, "type": "text", "uuid": "80bea6ce-1538-4c17-95d4-fb1ae5bc21fd", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:46/72\nFirst Submission:2025-02-19T07:16:06.000000+00:00\nLast Submission:2025-02-19T07:16:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888374", "uuid": "a9279fd8-6379-4092-ade1-a9d4bdf5b3f1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888374", "to_ids": true, "type": "md5", "uuid": "54d79576-619a-4551-86cc-7de00abc3391", "value": "d7087b015fb268916e5027941e68d396", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884355", "to_ids": true, "type": "sha1", "uuid": "0d21183a-b49d-4af9-ac3c-ba236764c073", "value": "c2d8ef25f6c4e319c9837bfd64f19b4ed90a05ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884355", "to_ids": true, "type": "sha256", "uuid": "3c92cfbb-af23-4121-8f5a-d2b50d5187b9", "value": "cbea5c7d71a5a6cb9153b00d2d27e6a3579004c27f5e817f317eeebdce7f805f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883526", "to_ids": true, "type": "ssdeep", "uuid": "0ef6625e-177f-4034-8d32-efa3e6015a0a", "value": "49152:WFRPhBWJEHhJjYjM/9vWv89neNp1rOWL+j:W3lBay9vWvSAWWa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883526", "to_ids": false, "type": "size-in-bytes", "uuid": "93a955a7-ef94-496d-815f-efa8b8d57abe", "value": "2907648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883526", "to_ids": true, "type": "vhash", "uuid": "e5a965d3-5316-4ba2-8502-8786b8b03d9f", "value": "0260f6655d65551555757az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883526", "to_ids": true, "type": "filename", "uuid": "e228b7a5-5d93-4d46-9afb-f34fcbd88ad2", "value": "build.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883526", "to_ids": false, "type": "text", "uuid": "94f0e19a-0b8c-4e85-8637-1b644b96c9e4", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:47/72\nFirst Submission:2025-02-19T07:46:08.000000+00:00\nLast Submission:2025-02-19T07:46:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888395", "uuid": "b2e55acf-6435-42bf-9afb-414a7a7193a2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888395", "to_ids": true, "type": "md5", "uuid": "4b687812-916b-4570-8601-844c00234afa", "value": "7850cc36020a401c888de9f7aceb985f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884356", "to_ids": true, "type": "sha1", "uuid": "bf150c1e-7dd1-49ea-9e2f-5d6ef96c3648", "value": "a0fece34a18df53ac1f2881e3513ca5ec47c6bc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884356", "to_ids": true, "type": "sha256", "uuid": "61c42ed6-e110-42f6-b463-7f6a5645da7e", "value": "dbf33417e40f0fe8078a11d81f7d323bfed1912f5cb62d765c1be72561474659", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883591", "to_ids": true, "type": "ssdeep", "uuid": "8c88be5c-6ac3-4cdd-871e-2db81b7a840d", "value": "12:9vWdU2vyV8P6sQylayV8P4MayV8P52yV83rQ6sQylayV83rQ4MayV83rQ5T:9AU208PxQS8PV8P5b8bQxQS8bQV8bQ5T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883591", "to_ids": false, "type": "size-in-bytes", "uuid": "46bb3aa1-8b97-48e2-9391-0e0e0eee1f79", "value": "780" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883591", "to_ids": true, "type": "vhash", "uuid": "6cf1d42f-7055-4fa8-87c4-531abd23f8b3", "value": "61fafee93c08bb3d3c53d0f429525f68" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883591", "to_ids": true, "type": "filename", "uuid": "d810b046-4114-41a1-a46e-2f8ef05ca152", "value": "FYfnahVXea.vbs" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883591", "to_ids": false, "type": "text", "uuid": "a23ce9f5-b81f-4a38-bbf9-c66bbf9d94db", "value": "Type Description: VBA\nMicrosoft: None\nVT Total Detection:21/61\nFirst Submission:2025-02-19T07:20:57.000000+00:00\nLast Submission:2025-02-19T07:20:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888416", "uuid": "af5b8ce2-8e50-4f23-a201-09088f3867fd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888416", "to_ids": true, "type": "md5", "uuid": "f69ea64e-a4b9-4842-9e88-be2440637374", "value": "189327dd2460c13a331be92479283b48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884356", "to_ids": true, "type": "sha1", "uuid": "cf9f2adc-7ea5-49a6-a48e-e1459a01a18d", "value": "a7e1098544b39084ffe885bf4a0d0f255b545612", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884357", "to_ids": true, "type": "sha256", "uuid": "e51cae49-e8e9-4219-99fd-744c72e70295", "value": "de2b24d08e795ad9cdd1b74882a3626febefadafaf8ff0ae76cba16dcaa0f8bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883613", "to_ids": true, "type": "ssdeep", "uuid": "05c10c60-85d7-4938-9da7-85aef5015996", "value": "3072:QaScwDYEjPipdT3BOcKFA2xp5qRdLINEaScwjYEjPipdT3BOcKFA2xp5qRdLILbN:Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883613", "to_ids": false, "type": "size-in-bytes", "uuid": "86d9b544-2e1c-4aef-81dc-8dc757b60906", "value": "1126400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883613", "to_ids": true, "type": "vhash", "uuid": "d7e883d7-bfb7-4f93-9fa6-02513852b168", "value": "21603615551908111z14" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883613", "to_ids": true, "type": "filename", "uuid": "f59c0497-367a-47a5-afb5-fcd40d302bc1", "value": "Project1.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883613", "to_ids": false, "type": "text", "uuid": "0f618930-7346-4136-8861-fa98b32315b6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:47/72\nFirst Submission:2025-02-19T07:48:41.000000+00:00\nLast Submission:2025-02-19T07:48:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888438", "uuid": "c98972aa-15f4-465e-b58f-0ffda6a60d8e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888438", "to_ids": true, "type": "md5", "uuid": "52b04997-bafa-48ec-aa1e-fd87da69b055", "value": "e07c112dedd5dbec5351b681b32d24cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884358", "to_ids": true, "type": "sha1", "uuid": "efd9517b-701c-4adf-a561-2420c51a84ad", "value": "219226bc5003dd18f5846c6be47b94c29744610e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884358", "to_ids": true, "type": "sha256", "uuid": "f9c23a24-afdd-4df9-ae3b-c604697cbd09", "value": "e3f9519a21a16ff2c8f989034e47fbc91a2d019e09a1d7d17ff751e52a09d15b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883634", "to_ids": true, "type": "ssdeep", "uuid": "531ceab9-4e74-4e2e-8915-167253dec1f5", "value": "6144:psYMQoZzhy/8GeCdXv06sYMJoZzhy/8GeCdXv0:LpoZtWXvx8oZtWXv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883634", "to_ids": false, "type": "size-in-bytes", "uuid": "2b39b170-b60c-40ce-adba-845fed6bab5b", "value": "278528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883634", "to_ids": true, "type": "vhash", "uuid": "05401411-5ebb-4dfa-b1f9-cc3cdddb0ac6", "value": "8e5e7c574e72e0878216721d28bfab5f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883634", "to_ids": true, "type": "filename", "uuid": "d6001dbf-7d71-4488-8b7e-15ac61099d66", "value": "vbaproject.otm" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883634", "to_ids": false, "type": "text", "uuid": "d1bd82bd-7ca9-48aa-ae92-6647248d65ab", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: Trojan:O97M/NotDoor\nVT Total Detection:32/63\nFirst Submission:2025-02-19T07:51:42.000000+00:00\nLast Submission:2025-02-19T07:51:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775888459", "uuid": "dfc6cbde-69a8-4e7d-a7df-cca404e5563b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775888459", "to_ids": true, "type": "md5", "uuid": "42cafd1c-72bf-4aa7-a6aa-cf5d380ee595", "value": "c764d69734499ebd5d667380772af442", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884359", "to_ids": true, "type": "sha1", "uuid": "bd166ce2-0f31-403f-a902-78c7bcfdf58c", "value": "9763042954bb7c4cc7e1819a2668b9afc6871740", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884359", "to_ids": true, "type": "sha256", "uuid": "8d55f094-3eff-451e-8c3e-37f83f9a61f6", "value": "ffca9d56feb5ec8844b42f513cecd67a554a2ddb3408dbc6942e2fd60453aee1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775883719", "to_ids": true, "type": "ssdeep", "uuid": "a2ee35fb-cbd6-42cf-aa77-ea894f533aa5", "value": "6:9cNAWdgUsBNq92GU9vEfcoH+bKAcoH+Tvot1IGUmLILix9V9WnDo:9vWdU20IH+bpH+Et1pJmM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775883719", "to_ids": false, "type": "size-in-bytes", "uuid": "59bc03e6-39da-43ce-85db-dcce06447acf", "value": "307" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775883719", "to_ids": true, "type": "vhash", "uuid": "5ac83bc8-5132-4c24-9c5f-a99774cfa8a0", "value": "4b02a6472d6aeafe1eae134439052ad4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775883719", "to_ids": true, "type": "filename", "uuid": "cb32080d-acfc-48d1-a59e-902f8ce84aac", "value": "2.vbs" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775883719", "to_ids": false, "type": "text", "uuid": "35489525-f883-4526-96fd-8626767ed2db", "value": "Type Description: VBA\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:21/62\nFirst Submission:2025-02-19T07:20:56.000000+00:00\nLast Submission:2025-02-19T07:20:56.000000+00:00" } ] } ] } }