{ "Event": { "analysis": "1", "date": "2026-03-26", "extends_uuid": "", "info": "[Threat Intel] Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government", "protected": false, "publish_timestamp": "1775900422", "published": true, "threat_level_id": "2", "timestamp": "1775900421", "uuid": "1bbbb044-8bf3-4b5b-b385-6fede38ddcdf", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#3e2e74", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": "" }, { "colour": "#bce57a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MUSTANG PANDA\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Estries\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Unfading Sea Haze\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MASOL\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PUBLOAD\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609216", "to_ids": false, "type": "link", "uuid": "bb655a04-8ea3-4c2e-82d0-996ab9f00d35", "value": "https://unit42.paloaltonetworks.com/espionage-campaigns-target-se-asian-government-org/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609216", "to_ids": false, "type": "link", "uuid": "4401bf60-954b-46b5-9f58-3909a24c92bb", "value": "https://unit42.paloaltonetworks.com/wp-content/uploads/2026/03/08_Nation-State-cyberattacks_1920x900.jpg" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1774609216", "to_ids": false, "type": "text", "uuid": "e2330167-a1c6-4cb6-aba0-05ec339e050e", "value": "Unit 42 researchers uncovered a series of cyberespionage campaigns targeting a Southeast Asian government organization between June and August 2025. Three distinct activity clusters were identified: Stately Taurus, CL-STA-1048, and CL-STA-1049. Stately Taurus used USB-propagated malware to deploy the PUBLOAD backdoor. CL-STA-1048 employed an espionage toolkit including EggStremeFuel backdoor, Masol RAT, and other tools. CL-STA-1049 utilized a novel Hypnosis loader to deploy FluffyGh0st RAT. These clusters show significant overlap with known China-aligned campaigns, suggesting a coordinated effort to establish persistent access and exfiltrate sensitive data from government networks. The convergence of multiple threat actors indicates a complex, well-resourced operation with a common strategic objective." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1774609216", "to_ids": false, "type": "text", "uuid": "0d8fa378-2f9c-4dcb-8b30-32393c5bcd34", "value": "Name: Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government\nAuthor: AlienVault\nAdversary: \nTags: [\"cl-sta-1048\", \"eggstremefuel\", \"cl-sta-1049\", \"coolclient\", \"claimloader\", \"gorem\", \"stately taurus\", \"backdoor\", \"pubload\", \"usbfect\", \"hypnosis loader\", \"masol\", \"fluffygh0st\"]\nTgtd countries: []\nMlwr families: [\"USBFect\", \"PUBLOAD\", \"EggStremeFuel\", \"Masol\", \"Gorem\", \"TrackBak\", \"FluffyGh0st\", \"Hypnosis loader\", \"CoolClient\", \"ClaimLoader\"]\nAttack_ids: [\"T1003\", \"T1547\", \"T1071\", \"T1091\", \"T1567\", \"T1219\", \"T1036\", \"T1055\", \"T1021\", \"T1059\", \"T1102\", \"T1204\", \"T1078\", \"T1068\", \"T1027\", \"T1573\", \"T1056\", \"T1132\", \"T1574.002\"]\nIndustries: [\"Government\"]" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774609216", "to_ids": false, "type": "vulnerability", "uuid": "82cb9537-65d4-4891-bf07-096292bf632b", "value": "CVE-2026-0628" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884267", "to_ids": true, "type": "md5", "uuid": "0c6f76ab-25f1-44d8-921f-a615af0df13d", "value": "511898b2f71f31932dfb3ee06e904289", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884268", "to_ids": true, "type": "sha256", "uuid": "78f0c97d-bb34-47b2-a1f3-d77a1c60a9ce", "value": "05995284b59ad0066350f43517382228f7eee63cd297e787b2a271f69ecf2dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884269", "to_ids": true, "type": "sha256", "uuid": "333f283e-bbce-47a4-bb40-159b5db7f03b", "value": "1aa37a477c539edf25656a300002a28d4246ec83344422dd705b42d3443a2623", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884270", "to_ids": true, "type": "sha256", "uuid": "5044dea3-19e3-4b56-8831-2dd490721494", "value": "2616dfadf8aa222303269eb7202c75e2a8fc5b05b6b63ae2cb7576b9a27733f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884271", "to_ids": true, "type": "sha256", "uuid": "3af883dd-dd1d-4f48-adab-5860a2accc00", "value": "29d4cc64c7c9b7ecd16d96e9c6dcde1fe22a4c2d202074aadf41cbcef494bc19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884272", "to_ids": true, "type": "sha256", "uuid": "8b590778-c0c2-4e15-b3fc-009c1fc7ae68", "value": "34bf325492614dd4d842ec24f22a402ab73908cb91a74846945eae4775290ff2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884273", "to_ids": true, "type": "sha256", "uuid": "d061a479-a432-454f-b2d1-bbc99f545b44", "value": "35ca351a831c67f0e0a658a186be0065043e0977cb70771c03a24b0523edcf30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884274", "to_ids": true, "type": "sha256", "uuid": "1c6351b7-a7de-4c6f-9c5d-449c5b851437", "value": "6745422717f0ccdf2ae3330d133945268d4cd21215adcf982400d82b38ebeeca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884275", "to_ids": true, "type": "sha256", "uuid": "4e19fd59-0b09-4073-a278-4c1d7e4ab11f", "value": "c774fd7373084f93383593f0a40f56c8a8b95b73e59cd4fc7117daa6b7441e73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884276", "to_ids": true, "type": "sha256", "uuid": "90da5041-96f6-4464-b7f8-dd0b27fe662b", "value": "e1672dab0daf1c84f14f7bb827851c27753da067490e10cd6144fe7873892fec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775884277", "to_ids": true, "type": "sha256", "uuid": "8882a7bc-339d-4bd6-a5f4-857a25d94ef3", "value": "e9b52577091c8e25e91c485216de34d5a26ab707a10b1e5cd31ed7aa055939d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884503", "to_ids": true, "type": "ip-dst", "uuid": "c8b84f49-6686-4238-9b4c-c852e5d04202", "value": "103.122.164.106", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884525", "to_ids": true, "type": "ip-dst", "uuid": "6542b223-318c-4a86-bdb3-806cd369092b", "value": "103.131.95.107", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884546", "to_ids": true, "type": "ip-dst", "uuid": "f64bc6a3-6483-4c91-a874-94ae4679df4a", "value": "103.15.29.17", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884567", "to_ids": true, "type": "ip-dst", "uuid": "dae650c7-eadf-4c98-a8d0-31029f2c23c4", "value": "109.248.24.177", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884589", "to_ids": true, "type": "ip-dst", "uuid": "1df9469f-514e-457c-aaba-fa7950ac2c54", "value": "120.89.46.135", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884610", "to_ids": true, "type": "domain", "uuid": "aec51761-884d-4f4d-9d3c-6522e8cb89d4", "value": "distrilyy.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884631", "to_ids": true, "type": "domain", "uuid": "692eb570-7b75-43d2-9c18-e5b757227bca", "value": "fikksvex.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884652", "to_ids": true, "type": "domain", "uuid": "fd9c3e33-af02-4a93-8129-71f3ac6d0fe7", "value": "laichingte.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884674", "to_ids": true, "type": "domain", "uuid": "e24131d9-fe15-460c-8687-9bcf5eb1f765", "value": "popnike-share.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884695", "to_ids": true, "type": "domain", "uuid": "1c54365b-86b3-4706-844b-aed946e6c28c", "value": "shepinspect.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884716", "to_ids": true, "type": "domain", "uuid": "53629c05-3016-4d5f-8793-b3883a1ef6b0", "value": "theuklg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884737", "to_ids": true, "type": "hostname", "uuid": "bd6e09bb-a848-46b9-b8dd-6e6572766a98", "value": "webmail.homesmountain.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775884759", "to_ids": true, "type": "hostname", "uuid": "70b6ae6b-e711-41e3-b860-f6e9f614e1f8", "value": "webmail.rpcthai.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775768784", "to_ids": false, "type": "threat-actor", "uuid": "30584da5-1e63-48e5-ad03-8eaf908cdfdb", "value": "CL-STA-1048" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775878651", "to_ids": false, "type": "threat-actor", "uuid": "c3b7b433-28f1-4a96-9762-0a7424e260ec", "value": "CL-STA-1049", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Unfading Sea Haze\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884780", "uuid": "38bf1159-9f41-4c07-b60c-ec69e8d2ed22", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884780", "to_ids": true, "type": "md5", "uuid": "baf26bb9-33c4-4775-a968-de5bbeb690a8", "value": "5b147fe5b25af7e2bbc9c6c6a8b4bd4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884243", "to_ids": true, "type": "sha1", "uuid": "946a106b-ad99-4937-bedd-fde3168c3996", "value": "9d0729d08637815cd509d1d62a026f93182312f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884243", "to_ids": true, "type": "sha256", "uuid": "5e0b4170-7bea-448d-97d5-4c90555aa2fc", "value": "f62223c9750fb2edfd979a8cae204cb9ce5e0950b52a47b62f195cd05dd3e2fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881276", "to_ids": true, "type": "ssdeep", "uuid": "b25b51c1-fa19-494d-b031-8b2b8752e741", "value": "192:qnkeXcfRnyPm7SUThAe0V77hrKJ6lNvwRC/hX8ncP3YZ6oIRKiaWUQq8PDZgF+yL:BJnyetlIV7hr68wRC1s6oI6WI0FtCZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881276", "to_ids": false, "type": "size-in-bytes", "uuid": "d2b564b6-1c94-4edd-a374-be15ceb385e8", "value": "18944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881276", "to_ids": true, "type": "vhash", "uuid": "23d4a530-348d-4f09-9852-9eb7282fbab0", "value": "114056651d15151az13?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881276", "to_ids": true, "type": "filename", "uuid": "fb575e0b-5080-4c67-83e9-8bb157cb6287", "value": "f62223c9750fb2edfd979a8cae204cb9ce5e0950b52a47b62f195cd05dd3e2fb.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881276", "to_ids": false, "type": "text", "uuid": "ee7c5619-376d-4ec3-a53d-2e98bccc889e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/EggStremeLoader.CA!MTB\nVT Total Detection:47/72\nFirst Submission:2025-07-29T22:30:14.000000+00:00\nLast Submission:2025-10-17T19:21:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884802", "uuid": "72f96021-b273-45a7-bd63-f9b44b362e99", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884802", "to_ids": true, "type": "md5", "uuid": "0bafe935-39bb-4e88-888b-09d9f2c7e174", "value": "7ec144401e983edbb5196699773c3660", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884244", "to_ids": true, "type": "sha1", "uuid": "01f7507b-7615-41b9-842b-b4f22f5f631c", "value": "694d5e33d814836ed91be25026e8cfede8968d44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884244", "to_ids": true, "type": "sha256", "uuid": "67546937-f318-4c5f-a757-8c67a12425de", "value": "6caa78943939bd7518f5e7eaa44fa778d0db8b822e260d7fe281cf45513f82d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881298", "to_ids": true, "type": "ssdeep", "uuid": "25ad81be-196c-4c9b-b2aa-181b57ee63b2", "value": "192:oli9qHSBou7KU7hW+ZUByhXG8AlbyhX0E/WdOTetgBTv+ZckBw49:olipouV9vuyhXG8US0E/WwsglvSBw2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881298", "to_ids": false, "type": "size-in-bytes", "uuid": "c4e9cd86-7dbe-4835-8ca4-1089c91cd44e", "value": "19968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881298", "to_ids": true, "type": "vhash", "uuid": "4eef4e16-b31a-48ec-9d0e-e1e1399a02d4", "value": "114066651d1515151az14?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881298", "to_ids": true, "type": "filename", "uuid": "bdf42326-1d10-4b72-a442-04d156bde885", "value": "6caa78943939bd7518f5e7eaa44fa778d0db8b822e260d7fe281cf45513f82d9.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881298", "to_ids": false, "type": "text", "uuid": "232bc2d5-5959-402c-a5a8-f1756fd95c60", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/EggStremeLoader.CA!MTB\nVT Total Detection:51/72\nFirst Submission:2025-06-19T09:38:08.000000+00:00\nLast Submission:2026-02-18T11:22:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884823", "uuid": "17ac307d-9a48-4741-8f51-1b2abc23b8b9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884823", "to_ids": true, "type": "md5", "uuid": "660303b9-d702-4237-ae76-763bc4d97a79", "value": "f9c56b1ecd1adb3c9380b698d9744a94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884246", "to_ids": true, "type": "sha1", "uuid": "d735d4ae-fc19-427d-ae45-50aeb2df3926", "value": "14684a015fa0c4583e5f7717287a30420c9ae042", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884246", "to_ids": true, "type": "sha256", "uuid": "7c27c2f9-c65c-4e5c-9c4d-d16589ec233c", "value": "835795aa494021752f21fbef63c81227c1b934437a02aa1f2a258c9f60b0b7a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881320", "to_ids": true, "type": "ssdeep", "uuid": "c74bc397-6121-44c6-b559-b1e6f45a4492", "value": "1536:4rWPc0FavG6r5Z3zfIsj+3wePPfweFHl+vCN9isWFcd5ynIOXRGqz:16rf3zfItwePPfl+qNh5gIOXR1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881320", "to_ids": false, "type": "size-in-bytes", "uuid": "df293fe4-e080-41af-bcf6-cfa5ad84c88f", "value": "84480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881320", "to_ids": true, "type": "vhash", "uuid": "28823af7-7ad1-44d5-b664-5147b187c902", "value": "184066655d1515156az47?z7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881320", "to_ids": true, "type": "filename", "uuid": "e173baf6-80b6-460b-b80e-92c8c0b32144", "value": "f9c56b1ecd1adb3c9380b698d9744a94.virus" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881320", "to_ids": false, "type": "text", "uuid": "f99ed31a-0958-4b60-946b-cd11c569b306", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:22/72\nFirst Submission:2023-10-19T08:41:28.000000+00:00\nLast Submission:2023-10-19T08:41:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884844", "uuid": "0db4e3f6-e1ee-4ffd-a30f-33798f0ab909", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884844", "to_ids": true, "type": "md5", "uuid": "f1d559e6-cd7d-47bf-a71a-2e6760c680de", "value": "5c216753ac6d051a7283feb6c1958bad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884247", "to_ids": true, "type": "sha1", "uuid": "886b80ea-444f-4451-a1e5-a08511b42ff6", "value": "785cb17eaaa2320f0f000c14e87e60b9c3acbcb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884247", "to_ids": true, "type": "sha256", "uuid": "92ed4cd0-3bf4-47c9-b9e4-5a01f084b851", "value": "07bd506d2a8db98c2478ac11bb6c46d84f1aa84f4a9af643804ed857ad7399c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881363", "to_ids": true, "type": "ssdeep", "uuid": "8050cfa1-5f76-43cb-8378-c8035711c633", "value": "192:S2Wewv6k+b5dzvZ7OpoGJFwdN/MBCgL7Y4P3pRYacd+3UBVf+QLx8bzfam:JWtvy5dzBOpomIN/MB57fvoaa4yn8Xy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881363", "to_ids": false, "type": "size-in-bytes", "uuid": "240af24c-5075-4533-846e-c7368a1e6303", "value": "18432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881363", "to_ids": true, "type": "vhash", "uuid": "78da0dd3-bce1-401f-a3a9-85b3a9b09054", "value": "114056651d15151058z13xz24z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881363", "to_ids": true, "type": "filename", "uuid": "9186f272-7a7e-41ad-b2e2-2ae939e55be3", "value": "58n4j.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881363", "to_ids": false, "type": "text", "uuid": "eb334aae-3bfe-4ac4-939e-708e449f36d0", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/EggStremeLoader.G!dha\nVT Total Detection:51/72\nFirst Submission:2026-02-24T07:37:13.000000+00:00\nLast Submission:2026-02-24T07:37:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884866", "uuid": "6ea17506-30db-4654-9928-a216c4032ec1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884866", "to_ids": true, "type": "md5", "uuid": "dded545c-9f11-4bad-b7d5-a4558aeed3c7", "value": "8d60719191443479313e4936fb5cd31b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884248", "to_ids": true, "type": "sha1", "uuid": "f5c7cd9b-2a60-4fce-ab6c-f08b76cf633e", "value": "061a4b9ebeaed65a7c517a0015a95446d18f8a25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884249", "to_ids": true, "type": "sha256", "uuid": "95913492-6683-43b7-b9a7-fe9423ee7ad2", "value": "11c7728697d5ea11c592fee213063c6369340051157f71ddc7ca891f5f367720", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881385", "to_ids": true, "type": "ssdeep", "uuid": "4906ac42-8277-4927-a4d8-6267d64c1282", "value": "49152:+WliacjcKWr3iiYSd8jyVTIU6iYS/pdwfoxm:rYsr8+1rwf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881385", "to_ids": false, "type": "size-in-bytes", "uuid": "004b7d83-7904-44ca-9b43-dcb756298482", "value": "2465792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881385", "to_ids": true, "type": "vhash", "uuid": "b0f6b448-a7a7-4f63-a64b-1d3113aa61cd", "value": "126066655d1565555173z72z773z6hz94z126z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881385", "to_ids": true, "type": "filename", "uuid": "57be3148-0d54-49da-93d3-866f3abeae14", "value": "msiconf.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881385", "to_ids": false, "type": "text", "uuid": "3737791e-5489-4d2c-bd9f-6dadc3c396b0", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:50/72\nFirst Submission:2024-06-13T07:47:18.000000+00:00\nLast Submission:2024-06-13T07:47:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884887", "uuid": "a7546c34-60c1-4e16-99f8-c08413b9e0de", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884887", "to_ids": true, "type": "md5", "uuid": "4022d4d0-51c1-4635-ba0b-eb3846db9dc8", "value": "1b7cc1d4161a290f1a96050dbfb56a41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884249", "to_ids": true, "type": "sha1", "uuid": "a5b2aa5c-887d-44d3-9d41-a334dbaf8188", "value": "013b75b560e9710651c05639c9958e5e7b91cdce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884249", "to_ids": true, "type": "sha256", "uuid": "44fe6cff-e3f8-479e-8d7f-3f01c4c3ab68", "value": "21fe238c462b2f22a7e97f1f06e4f12e8c6e5f3a6fffe671b671909b501fa537", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881428", "to_ids": true, "type": "ssdeep", "uuid": "fc2924a0-6553-473d-ba55-681e4b0016ac", "value": "3072:BVya7ASCDKy4C869bpZlnWaVHerfu+G6BdA1nvsplKjkRorVjp:XynSct869l7np+rHpDHZ8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881428", "to_ids": false, "type": "size-in-bytes", "uuid": "a49698ef-95c2-4bae-b40b-d5133ce978f3", "value": "186368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881428", "to_ids": true, "type": "vhash", "uuid": "ee8785a1-7e44-4de3-a712-e92d3fffa724", "value": "115066655d1555555088z52hz11z17z16z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881428", "to_ids": true, "type": "filename", "uuid": "070db925-ffd7-4468-bc5d-8077b4a44294", "value": "iscsidcs.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881428", "to_ids": false, "type": "text", "uuid": "97a95b56-cd44-4dd5-bf88-3c0d3a6c005f", "value": "Type Description: Win32 DLL\nMicrosoft: Backdoor:Win64/OpagueCulvert.B!dha\nVT Total Detection:47/71\nFirst Submission:2021-07-26T13:54:57.000000+00:00\nLast Submission:2023-07-22T10:10:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884908", "uuid": "e4e425ad-f7e9-4a0c-9a86-880a629f3263", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884908", "to_ids": true, "type": "md5", "uuid": "a70a081d-9906-417a-8d88-d09ee1e13ed3", "value": "a188c05cf4d74944ddde6afe5c8d0710", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884250", "to_ids": true, "type": "sha1", "uuid": "ac81b3a8-0cd5-4993-ba69-58e9b94581dc", "value": "646fe203930f3478363a1b21c64a0c8dd01a5055", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884250", "to_ids": true, "type": "sha256", "uuid": "e8ae31c7-2551-425b-8140-0f69502e875e", "value": "4b29b74798a4e6538f2ba245c57be82953383dc91fe0a91b984b903d12043e92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881534", "to_ids": true, "type": "ssdeep", "uuid": "e3cff088-50d7-49a9-ab49-cc69874e90af", "value": "3072:UUHIqtdHdSRFdq6N6OlbekufzYCjJ1l9xhZIt6K7mkgTdUz/5fGY0MPrjybU+d0a:THHt1MRPdNHbePzfl9xhm69w5ec2o3Nu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881534", "to_ids": false, "type": "size-in-bytes", "uuid": "0768ff12-6ca2-455a-a866-3e5ce13dc37e", "value": "293040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881534", "to_ids": true, "type": "vhash", "uuid": "1d16752c-94cc-49af-999b-3484c46ab9a3", "value": "125046651d655033z12z54jz1iz4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881534", "to_ids": true, "type": "filename", "uuid": "ed740c69-f5be-4992-aff2-1a809c937ece", "value": "EVENT.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881534", "to_ids": false, "type": "text", "uuid": "a65d217f-a581-483a-b01a-a0554d27054b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Plugx\nVT Total Detection:49/72\nFirst Submission:2024-09-18T03:55:55.000000+00:00\nLast Submission:2026-03-20T08:43:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884929", "uuid": "ede357b7-2f42-449c-b511-519dd0eb6d8d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884929", "to_ids": true, "type": "md5", "uuid": "cfedc02e-6837-491b-ac5d-5ce435f76db9", "value": "705070961a10a28e81b1754d7e1adbb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884252", "to_ids": true, "type": "sha1", "uuid": "bb44fb20-bdc2-4f92-a710-65e92afc634d", "value": "b4125339c545f7baff09a0f3fdf3449ad9b895b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884252", "to_ids": true, "type": "sha256", "uuid": "859f0c7e-fd0f-4604-b52a-ac7964eaf765", "value": "4e26aa1bb28874f0897ab9a08e61d4b99caaa395fe63cbe4398f7297371e388c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881556", "to_ids": true, "type": "ssdeep", "uuid": "c3b1393e-ce22-4180-a3c0-d59668711c41", "value": "49152:GWliacjcKWr3iiYSd8jyVTIU6iYS/pdwfoxtC:zYsr8+1rwfv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881556", "to_ids": false, "type": "size-in-bytes", "uuid": "921fec8c-382a-4b1d-895d-d6d3c1de7b8d", "value": "2473592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881556", "to_ids": true, "type": "vhash", "uuid": "3ec98490-2e90-493c-a182-af07dad594a9", "value": "126066655d1565555173z72z773z6hz94z126z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881556", "to_ids": true, "type": "filename", "uuid": "f9681a0b-5906-4970-b0b5-de3addb7701f", "value": "4e26aa1bb28874f0897ab9a08e61d4b99caaa395fe63cbe4398f7297371e388c.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881556", "to_ids": false, "type": "text", "uuid": "8638126b-cbb7-4c9a-b420-da4037eed76a", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:37/72\nFirst Submission:2024-05-14T12:48:59.000000+00:00\nLast Submission:2026-03-28T17:41:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884950", "uuid": "d383aedc-1739-431a-9fb7-96310f0e2aa6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884950", "to_ids": true, "type": "md5", "uuid": "06ec0f41-f492-46b4-b460-d10ad330cd76", "value": "d4d29cd88d25fe6867eee7676ce36644", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884253", "to_ids": true, "type": "sha1", "uuid": "2c39a7bb-359d-4689-a3c4-ff2d25ce5cac", "value": "a9ad109d0ff933a553232ac8862e8e501030484c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884253", "to_ids": true, "type": "sha256", "uuid": "64466074-17c7-47eb-85f1-61852f15b5fc", "value": "58ed0463d4cb393cd09198a6409591b39cae06bb0ba5f5d760186de88410f6b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881577", "to_ids": true, "type": "ssdeep", "uuid": "104b2653-ece1-4806-b663-6b9b04e69bdf", "value": "1536:rDZGzbPkhOoCp0z3XMQjT5PJ1T6y5VP9QVhr3CJ3zO/c/uSL4+MEv4:r9TApVIPJ1Tn5VWVJeq/h+MEv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881577", "to_ids": false, "type": "size-in-bytes", "uuid": "2700d9cc-1a65-49d1-8ccf-f8cade6312e2", "value": "96768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881577", "to_ids": true, "type": "vhash", "uuid": "5592a9a1-7f4e-43cb-ab77-e80c96ccdd0b", "value": "194066655d1555551088z523z6hz64z17z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881577", "to_ids": true, "type": "filename", "uuid": "06308c50-5117-4010-b2c4-25e5af133db9", "value": "58ed0463d4cb393cd09198a6409591b39cae06bb0ba5f5d760186de88410f6b8.sample" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881577", "to_ids": false, "type": "text", "uuid": "b37612ce-d756-4f95-8a3f-91fa4ea44816", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:43/72\nFirst Submission:2024-04-16T13:15:11.000000+00:00\nLast Submission:2024-04-16T13:15:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884972", "uuid": "1d9ff0fe-2435-4094-9831-1e8fa403cab7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884972", "to_ids": true, "type": "md5", "uuid": "79487599-6b29-40d5-881a-82099f16f88e", "value": "7efd5a6fc12800c0a01f27e5113c216f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884254", "to_ids": true, "type": "sha1", "uuid": "6480acf4-d7a8-4ce5-8c04-609c3e1ed176", "value": "c013e613a1e22a4569d43148bd5d94f0337a22fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884254", "to_ids": true, "type": "sha256", "uuid": "91f7b341-93e1-4b0d-bbd9-ad981d88a9f0", "value": "6f4f76c7a2638087a0da6002cd2c76d1673305b1e850a1f4068f14755f59d45b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881620", "to_ids": true, "type": "ssdeep", "uuid": "93802a36-b8ca-49d8-978e-19f9a2a752d9", "value": "384:hsxB9F5TK9khreZ9cNjSy1XuWcntp02c:hsx2kZmquhnTH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881620", "to_ids": false, "type": "size-in-bytes", "uuid": "e5513713-d28d-4385-92a4-07e2256a10d4", "value": "19456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881620", "to_ids": true, "type": "vhash", "uuid": "ee87ff0e-7c06-4d6e-a984-1d9bf7ada3d9", "value": "114056651d15151az15xz24z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881620", "to_ids": true, "type": "filename", "uuid": "1086cfc3-f87c-4fa0-a1de-3f9313d39ef1", "value": "2o7kef0.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 05/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881620", "to_ids": false, "type": "text", "uuid": "595de9ed-6425-4061-a902-2c8b7f9bf306", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/EggStremeLoader.G!dha\nVT Total Detection:46/72\nFirst Submission:2026-03-27T11:13:46.000000+00:00\nLast Submission:2026-03-27T11:13:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775884993", "uuid": "cc992fe8-9d89-4add-afc8-f09370d897ef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775884993", "to_ids": true, "type": "md5", "uuid": "deb86d41-f764-483f-b640-38b3442c613b", "value": "c55f7c7a499a32405361a474bb5e9472", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884255", "to_ids": true, "type": "sha1", "uuid": "f0d0cd44-80ee-456c-acc1-7807e97d4694", "value": "f81337968a28fce96f476535c5967301796ad142", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884255", "to_ids": true, "type": "sha256", "uuid": "7d57f942-fc0e-4dda-94ec-3a668a55d868", "value": "74e7093615da36b28effb3aa6eef5a31e7ea59627bd619b488f087091e8d65e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881642", "to_ids": true, "type": "ssdeep", "uuid": "c239df54-081e-4894-87f5-82e1331b7d13", "value": "384:hWwJV15EKWchzuh9cNjSy1XuWcV9p02v:hWwIzcRequhVDH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881642", "to_ids": false, "type": "size-in-bytes", "uuid": "7f4e7dc3-fab0-40c0-b93d-79acb1424916", "value": "19456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881642", "to_ids": true, "type": "vhash", "uuid": "1c88eacf-1ad1-4a75-8b73-df270d1a1eb2", "value": "114056651d15151az15xz24z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881642", "to_ids": true, "type": "filename", "uuid": "45b11ee9-66ce-4e21-85bb-64e9b60d3b38", "value": "appmgmts.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881642", "to_ids": false, "type": "text", "uuid": "c0e2c4ba-c8db-454f-8f18-ebb6e7d37eac", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/EggStremeLoader.G!dha\nVT Total Detection:39/72\nFirst Submission:2025-04-23T10:02:10.000000+00:00\nLast Submission:2025-05-03T05:09:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775885014", "uuid": "cd0bfa67-9e67-428e-a4a8-d529f5b91935", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775885014", "to_ids": true, "type": "md5", "uuid": "fb668546-5031-4ab8-a5b9-55ad3f5146ed", "value": "656d205d25727a0852c4e918ad357280", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884256", "to_ids": true, "type": "sha1", "uuid": "77d3573b-a914-4d83-9ff2-f7b873a52781", "value": "e0903f050c10bd5cb059d7646d4455ec028e7776", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884256", "to_ids": true, "type": "sha256", "uuid": "b9dbcdbf-bbb9-46ca-9a3b-4ce821b9e4c9", "value": "83f06fa37f1136f765f799851812f11060ab34df3b34bc61777acc59a30b4c6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881663", "to_ids": true, "type": "ssdeep", "uuid": "22ce5894-3c03-4def-bcab-be0dd1d62860", "value": "384:M8kSIFn0MOvfqIbxgsH6JuCKw/zZwWstY9MMCn5PjCnrqNufC8PyzpkEkrNyLH5U:MFS+iqi1LCR7ZF2//UgsRE0ENAMxzXw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881663", "to_ids": false, "type": "size-in-bytes", "uuid": "41c49943-c259-46e0-b978-c06343b8d064", "value": "42952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881663", "to_ids": true, "type": "vhash", "uuid": "89844394-deab-44d8-b2b6-4e56a0dec8ba", "value": "14403655551bz3=z3e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881663", "to_ids": true, "type": "filename", "uuid": "70145b7f-4806-4b5e-9f03-4d43a5067221", "value": "u2ec.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881663", "to_ids": false, "type": "text", "uuid": "6899712a-66aa-483d-8613-1daa14e98733", "value": "Type Description: Win32 DLL\nMicrosoft: Worm:Win32/Hiupan.A\nVT Total Detection:46/72\nFirst Submission:2024-07-17T01:11:53.000000+00:00\nLast Submission:2026-03-25T05:29:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775885035", "uuid": "2510b209-a2bd-46f2-8f24-a99cb8edecc1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775885035", "to_ids": true, "type": "md5", "uuid": "921c4d3d-2bf7-41f6-84e3-57dbb87f3b2d", "value": "56fad1417e9d29c1d4ae3077fc4b9ccd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884258", "to_ids": true, "type": "sha1", "uuid": "6fe399f4-7e43-491d-875e-fb8237ef7172", "value": "4115ce32ac5a622d9b2fc354c8ed0b3450d4b04d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884258", "to_ids": true, "type": "sha256", "uuid": "c6bc64a3-80ba-4a88-b1ee-84196a2882f6", "value": "84e37e42312b9a502c40cf1f3fc181e3ebd4f3e35c58bbf182740dfe38d3b6b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881686", "to_ids": true, "type": "ssdeep", "uuid": "1583a17a-1d57-4b3a-9844-8d61171f7347", "value": "6144:AQobTDDGhFfWnghk2o1DeG20MP1L6HWCupDjR7sp9jSUdiA4hXAmCQhGfohBGp4u:WLAWnIPR56H1SCpdkQoni" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881686", "to_ids": false, "type": "size-in-bytes", "uuid": "471ece73-c390-4dc4-ab7b-8de858bc765b", "value": "433664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881686", "to_ids": true, "type": "vhash", "uuid": "c499cad2-5130-4574-adc0-929a4a941346", "value": "145096655d1555151d155014z1700827z303az67ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881686", "to_ids": true, "type": "filename", "uuid": "f8c21e36-93d4-48b7-80f5-91d8ad25801f", "value": "mscorsvc.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881686", "to_ids": false, "type": "text", "uuid": "a7c24745-ddb9-4794-9743-b34798e745cd", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:38/72\nFirst Submission:2025-06-27T03:00:09.000000+00:00\nLast Submission:2025-09-11T12:09:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775885057", "uuid": "a2c6f820-0923-4aa0-9119-4170f4eba390", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775885057", "to_ids": true, "type": "md5", "uuid": "1071edcd-e3ec-4d5a-aa67-4e039bbbb03b", "value": "6e5c8a678fd1ced5c12d22eb020a1cae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884259", "to_ids": true, "type": "sha1", "uuid": "9a2429c2-59de-42b3-91a2-38207d736a0c", "value": "5ece36c18b406648be85fc143b725297e18d589f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884259", "to_ids": true, "type": "sha256", "uuid": "a766452d-92c5-4df0-b458-dac87bf9ba70", "value": "851d57a2bf514202f54dafa1eb83a862653be7512b6e9535914b8d1d719d495f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881707", "to_ids": true, "type": "ssdeep", "uuid": "18c73f5d-ad77-4593-9863-9bcc13030778", "value": "96:SxFsRh8fXvJl5EjJTmb7yr9TLLV1Gmjdynv:WsRh8f/JrEjpD1GmjdKv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881707", "to_ids": false, "type": "size-in-bytes", "uuid": "1d21b9d1-f55d-4def-a7e3-cd5271ff037d", "value": "6144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881707", "to_ids": true, "type": "vhash", "uuid": "91f38396-dd44-41a1-bdc0-113182cd119d", "value": "163046551d051019z4?z8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881707", "to_ids": true, "type": "filename", "uuid": "7df06638-28df-46fd-aa7f-96c87f8f1a7a", "value": "sangforvpnlibcrypto-1_1.dll_" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881707", "to_ids": false, "type": "text", "uuid": "5837633f-7708-40f2-a89d-3fbedbbfc2df", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DLLHijack.DJ!MTB\nVT Total Detection:43/71\nFirst Submission:2024-01-06T06:30:51.000000+00:00\nLast Submission:2025-07-06T13:25:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775885079", "uuid": "24dea7d5-42db-4eee-be03-7a0a341e3e76", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775885079", "to_ids": true, "type": "md5", "uuid": "9c33751c-5996-4992-950b-1c60f35b7a26", "value": "122eea867555fe23931437f350ab96b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884260", "to_ids": true, "type": "sha1", "uuid": "c6d85528-dc0f-4565-aabb-0b46ea1ba1ca", "value": "4ae5dba2be14b46001769e572760362bc6310135", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884260", "to_ids": true, "type": "sha256", "uuid": "8cba7dc4-3242-4f55-a182-cb7c77e8808c", "value": "9d7c8d3bc4ac108fb2602424a1f4918c051c2443f0526bbb2c970c8e57dbd90d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881729", "to_ids": true, "type": "ssdeep", "uuid": "2bf465bc-1c87-46b2-a271-ed95e1faa6b8", "value": "3072:cV5IEU1Y/758z7opSx0PKsRYsCRK+jC2ickVPxIiTCayP9rG8Bubn0:yU1Y/7yvbPsRMK9n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881729", "to_ids": false, "type": "size-in-bytes", "uuid": "db2132a6-d6d9-4e2a-98a1-91a3e7138140", "value": "116736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881729", "to_ids": true, "type": "vhash", "uuid": "33e7d1c2-bf5e-41ef-b917-4d472e525966", "value": "1150a6655d15551550151az52=z11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881729", "to_ids": true, "type": "filename", "uuid": "18ee2bbb-ae3b-4a18-a711-ef75df7c87ed", "value": "lv0iwqb.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881729", "to_ids": false, "type": "text", "uuid": "cd7fdeef-fe8b-4eb3-90f8-4ed4878a974d", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:46/72\nFirst Submission:2025-09-03T06:20:50.000000+00:00\nLast Submission:2025-09-03T06:20:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775885100", "uuid": "5425ac47-1f97-487b-9fc4-7810f0585ef6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775885100", "to_ids": true, "type": "md5", "uuid": "35ab6d70-38b3-43b1-b5a7-9d2f2bda8b1a", "value": "7c90f327ee91014607aad125ba4209e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884262", "to_ids": true, "type": "sha1", "uuid": "fbb0b099-c650-4b14-80cc-010e3a27ea04", "value": "3e8b02fd1ead3516942a41e7cc35a327496f985b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884262", "to_ids": true, "type": "sha256", "uuid": "80e0bd4f-ce18-4f75-86bd-1aa042875592", "value": "c47d55ad95a6c6ffac45c2b205e03bddadf5e36f55988599053b1fd0e49448a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881751", "to_ids": true, "type": "ssdeep", "uuid": "3a037aca-fa0f-4fa4-a3cb-5e2bfbdf64fc", "value": "49152:zMqfVOyPce5b2jQySFpI0t0iVuMrFBi34eGiwwNIw6I7PrEGFCJJ+3:zMqfL5CaFmquyFBi345w647jEGFCK3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881751", "to_ids": false, "type": "size-in-bytes", "uuid": "3d963cba-0abc-4fe6-9791-d99cf6f6bb2f", "value": "2282284" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881751", "to_ids": true, "type": "vhash", "uuid": "8fa074ae-36de-4798-ac71-e0984c951e54", "value": "1078b0010022a60be0e6f691345106eb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881751", "to_ids": true, "type": "filename", "uuid": "bc019797-e728-47fb-89c7-d559e5613e5f", "value": "logoco.gif" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881751", "to_ids": false, "type": "text", "uuid": "e6251437-e7a5-445c-a09f-0392e7e69461", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:47/69\nFirst Submission:2024-06-13T07:46:49.000000+00:00\nLast Submission:2024-06-13T07:46:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775885121", "uuid": "0538c0f4-98d0-4293-8d23-889e465d66dc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775885121", "to_ids": true, "type": "md5", "uuid": "00ead7cd-6863-46b0-a61e-4096c10285f8", "value": "bd8b107295bb9c79abb38687cdfde353", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884263", "to_ids": true, "type": "sha1", "uuid": "de4b8dc4-70f3-4f09-b4c9-5f4f8484412b", "value": "a6fc9472f94b9eb7e35c34ba5782fcd115448981", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884263", "to_ids": true, "type": "sha256", "uuid": "794904ec-e1ba-4071-8e7e-a95f5bf944bb", "value": "d4d753c6ea5c86a44c9a65cd0d4eaeabb072b19e0ef68ef7da3a879f689772c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881794", "to_ids": true, "type": "ssdeep", "uuid": "4f5411ad-8590-4a1c-9a22-97903b4a4bd0", "value": "384:tBEXY/V9goUOhbOSvB9cpaBWBYQOgPQQ0t+:teXY/+OB5j4aBJIg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881794", "to_ids": false, "type": "size-in-bytes", "uuid": "1a84e38e-dadb-49fa-a967-2105ba2f0238", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881794", "to_ids": true, "type": "vhash", "uuid": "b83859ec-b69f-4d9f-9193-bcf516c5f588", "value": "124066651d1515151az14?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881794", "to_ids": true, "type": "filename", "uuid": "44ae5572-4def-4ebc-9a07-6da84f007b1a", "value": "swprv.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881794", "to_ids": false, "type": "text", "uuid": "4015ec0f-bbc4-451e-a858-49830f6a4f92", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/EggStremeLoader.CA!MTB\nVT Total Detection:40/72\nFirst Submission:2025-03-14T11:30:46.000000+00:00\nLast Submission:2025-06-19T09:36:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775885142", "uuid": "5a5e645c-a098-4fa1-91f3-19d5f57fb9bd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775885142", "to_ids": true, "type": "md5", "uuid": "a83e4a7f-97ef-478a-a048-94a7205ec238", "value": "b050730896575dd68bc0e23ab4cabaa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884265", "to_ids": true, "type": "sha1", "uuid": "2d8c2861-1a77-4792-9087-d60d920e3d90", "value": "09343aca393a05a9681122e8ceaa99960130db5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884265", "to_ids": true, "type": "sha256", "uuid": "ac1cc68b-68aa-4450-989f-44ccb39ac127", "value": "e61a1f4269e934481f6cb19576b3dbc434952b01445fd4e1ebc6906a1b449ef8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881837", "to_ids": true, "type": "ssdeep", "uuid": "c835b9fd-8e2c-4a4c-9530-406d5bc94086", "value": "192:hirhiJP+dk1/7+Ujhqt+b5EsWNgWchzuJhZEocnLRjSPyelw1X5MXWcudswCRt+N:h6wJV15EKWchzuh9cNjSy1XuWczt0Wv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881837", "to_ids": false, "type": "size-in-bytes", "uuid": "1d4a4e68-ae67-4e53-a30d-a0fa225729d5", "value": "19456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881837", "to_ids": true, "type": "vhash", "uuid": "52ae6b8d-5eb7-436c-a217-232d11ea53de", "value": "114056651d15151az15xz24z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881837", "to_ids": true, "type": "filename", "uuid": "159d9ab8-b63e-4209-8d80-d8cc501c9c38", "value": "swprv.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881837", "to_ids": false, "type": "text", "uuid": "7997dff8-1aef-4a38-b2a4-d2c6ec755bfd", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/EggStremeLoader.G!dha\nVT Total Detection:40/71\nFirst Submission:2025-04-28T04:49:30.000000+00:00\nLast Submission:2025-04-28T04:49:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775885163", "uuid": "de1ec9b3-3293-4b1f-ba32-0eb7bf166bb1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775885163", "to_ids": true, "type": "md5", "uuid": "60edac12-563f-4061-8fa5-529cb7b4b8c3", "value": "34463f9ea765466f088334ba82930943", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775884266", "to_ids": true, "type": "sha1", "uuid": "3a297eb2-6f2c-463e-9625-8f112c11cd1a", "value": "3eacd02f847a68266fcb0a55da3f63414819d95b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775884266", "to_ids": true, "type": "sha256", "uuid": "a536243a-076a-4327-88eb-1811db0701de", "value": "f07b2af21e3fab6af5166a44ca77ed0ebc7c9a3e623202a63d4c4492abce8d65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775881879", "to_ids": true, "type": "ssdeep", "uuid": "b8ad8d00-e130-4725-8f61-49c51ba43b18", "value": "1536:8mZGzbPkhOoCp0z3XMQjT5PJ1T6y5VP9QVhr3CJ3zO/c/uSL4+ME74p:8CTApVIPJ1Tn5VWVJeq/h+ME7y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775881879", "to_ids": false, "type": "size-in-bytes", "uuid": "050f95a3-a7cb-47f7-8633-002309006a19", "value": "98824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775881879", "to_ids": true, "type": "vhash", "uuid": "55e87688-1086-4f6a-81c0-32d1405736a1", "value": "194066655d1555551088z523z6hz64z17z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775881879", "to_ids": true, "type": "filename", "uuid": "63ec68b3-9ada-4bcf-ac2e-4c944d8e3958", "value": "f07b2af21e3fab6af5166a44ca77ed0ebc7c9a3e623202a63d4c4492abce8d65.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775881879", "to_ids": false, "type": "text", "uuid": "43015e0f-9d6b-4450-a625-215547dc076a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:41/72\nFirst Submission:2024-06-03T09:48:37.000000+00:00\nLast Submission:2026-03-28T17:42:03.000000+00:00" } ] } ] } }