{ "Event": { "analysis": "1", "date": "2026-03-02", "extends_uuid": "", "info": "[Threat Intel] SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh", "protected": false, "publish_timestamp": "1772824051", "published": true, "threat_level_id": "2", "timestamp": "1772824051", "uuid": "209ca852-87cc-4f9b-9d7c-41bb603c91e5", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#d2ee74", "local": false, "name": "misp-galaxy:producer=\"Arctic Wolf\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#9edfba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#256f6a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL - T1574.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#98f3da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#c295b4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": "" }, { "colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#09ea0d", "local": false, "name": "misp-galaxy:target-information=\"Sri Lanka\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"india\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"SloppyLemming\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593223", "to_ids": false, "type": "link", "uuid": "f63c86ce-12de-4552-99e4-fb4dda6580f1", "value": "https://arcticwolf.com/resources/blog/sloppylemming-deploys-burrowshell-and-rust-based-rat-to-target-pakistan-and-bangladesh/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772593223", "to_ids": false, "type": "text", "uuid": "7b1f7ab7-4bfc-41b1-b79a-f04269f30f65", "value": "An extensive cyber espionage campaign conducted by SloppyLemming, an India-nexus threat actor, targeted government entities and critical infrastructure in Pakistan and Bangladesh from January 2025 to January 2026. The campaign used two attack vectors: PDF lures with ClickOnce execution chains and macro-enabled Excel documents. It deployed a custom x64 shellcode implant named BurrowShell and a Rust-based keylogger. The attackers extensively abused Cloudflare Workers for C2 and payload delivery, registering 112 domains impersonating government entities. The campaign focused on nuclear, defense, telecommunications, energy, and financial sectors, aligning with regional strategic competition in South Asia." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772593223", "to_ids": false, "type": "text", "uuid": "7de41e11-7783-42a6-9fa4-d50eefc086f7", "value": "Name: SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh\nAuthor: AlienVault\nAdversary: SloppyLemming\nTags: [\"clickonce\", \"havoc\", \"burrowshell\", \"cyber espionage\", \"rust rat\", \"dll sideloading\", \"pakistan\", \"cloudflare workers\", \"bangladesh\", \"geopolitical conflict\"]\nTgtd countries: [\"Bangladesh\", \"Pakistan\", \"Sri Lanka\"]\nMlwr families: [\"BurrowShell\", \"Havoc\"]\nAttack_ids: [\"T1113\", \"T1056.001\", \"T1036.005\", \"T1587.001\", \"T1204.002\", \"T1573.001\", \"T1566.002\", \"T1566.001\", \"T1574.001\", \"T1082\", \"T1140\", \"T1583.001\", \"T1218\", \"T1560\", \"T1083\", \"T1057\", \"T1041\", \"T1547.001\", \"T1571\", \"T1102.002\", \"T1027.002\", \"T1071.001\", \"T1059.005\", \"T1574.002\", \"T1090.001\"]\nIndustries: [\"Government\", \"Defense\", \"Telecommunications\", \"Energy\", \"Finance\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1772593223", "to_ids": false, "type": "threat-actor", "uuid": "b5f5c3ed-3c56-49c6-a10d-7f410565837b", "value": "SloppyLemming" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809603", "to_ids": true, "type": "sha256", "uuid": "87082f1c-ccac-4e3f-814e-a8aa3074d7cd", "value": "6ea8fd10725676c886692d3acda9782e044c9f3988276360c87559dcaf1a3123", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809605", "to_ids": true, "type": "sha256", "uuid": "09b5a8e0-ad36-44a3-a421-cbc45f92c451", "value": "7a34070f98bd129764f053d8003b402975f73e85da87eebdfcc718ac7c8bb0bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809607", "to_ids": true, "type": "sha256", "uuid": "ca355bed-1279-487d-ab90-16daecf0d1c1", "value": "7e16fc7603e450b28f06e55748ef65204f8685b0f75e963da997192fdec5f96e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809609", "to_ids": true, "type": "sha256", "uuid": "06b19f54-ef1e-45d7-9aa3-f63c90d13e8b", "value": "87822f0b579c6c123c72971ee524a2d977ba4f02027f32d57a533d8f123183c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809611", "to_ids": true, "type": "sha256", "uuid": "3f5c724e-5579-4ac0-8aa2-c90b1393d2ef", "value": "c57baa17321257ea1915ba0336a89f63975e6ed612a89c9888be7067222bef38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809613", "to_ids": true, "type": "sha256", "uuid": "208aa3fd-0f33-443c-b867-700d7a087cd9", "value": "f46dd8154f963a8d49c4503bcfb93caf6551f4c845377c95fdde52ce9ca9798b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809615", "to_ids": true, "type": "sha1", "uuid": "718e3b5d-4ce8-4557-859b-6a1783918cee", "value": "ac53c9e43d93a4d0c30d5ac1155e5513d4428035", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809617", "to_ids": true, "type": "sha1", "uuid": "57ca4600-d72f-4fea-a0da-23812d34a6c5", "value": "fe9954252d97e6b62e3c23c9d6a458a306a93ee8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772809870", "to_ids": true, "type": "hostname", "uuid": "04b95979-a83c-41ec-995a-7a1eb5d17a61", "value": "www.gov-pk.workers.dev", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772809892", "to_ids": true, "type": "hostname", "uuid": "28d2f4b5-2804-41c1-9fa8-b90dc097e1f6", "value": "api.desco-gov-bd.workers.dev", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772809914", "to_ids": true, "type": "hostname", "uuid": "afe87f3e-8b33-48d6-a26e-7fc60b0a4417", "value": "info.bangladesh-islamic-baank.workers.dev", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772804688", "uuid": "05b4c595-e185-4a0d-859f-eaad63d3205f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772804688", "to_ids": false, "type": "text", "uuid": "85d1d8fd-4b99-4e2f-9f94-40f2c66eb979", "value": "targeted_SloppyLemming_Rust_Keylogger_RAT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772804688", "to_ids": false, "type": "comment", "uuid": "70f64444-f782-4fcc-8069-1af92bf2e6fd", "value": "Rule to detect SloppyLemming Keylogging Remote Access tool used to target Bangladesh based entities" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772804688", "to_ids": true, "type": "yara", "uuid": "d36cb02b-e4a2-4cba-90dd-5a0c0a8a29aa", "value": "rule targeted_SloppyLemming_Rust_Keylogger_RAT\r\n{\r\n meta:\r\n description = \"Rule to detect SloppyLemming Keylogging Remote Access tool used to target Bangladesh based entities\"\r\n author = \"Arctic Wolf\"\r\n distribution = \"TLP:CLEAR\"\r\n version = \"1.1\"\r\n creation_date = \"2026-01-08\"\r\n last_modified = \"2026-01-08\"\r\n hash256 = \"4f1628821c13cc27fd4134301cc93a1ad32b2a3f7066c3d90f7ba89e02180754\"\r\n strings: \r\n \r\n $a1 = \"=== KEYLOGGER SUMMARY ===\" ascii wide\r\n $a2 = \"\\\\.cargo\\\\registry\\\\\" ascii wide\r\n $a3 = \"[BACK][ESC][LEFT][UP][RIGHT][DOWN][DEL][HOME][END][PGUP][PGDN]\" ascii wide\r\n $a4 = \"Failed to create log file: \" ascii wide\r\n condition:\r\n uint16(0) == 0x5a4d and ((filesize < 15000KB) and all of ($a*))\r\n }" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772804710", "uuid": "a6cf280e-ea2f-4388-ac07-ec67d6e3cf4c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772804710", "to_ids": false, "type": "text", "uuid": "926a80c5-564e-4f07-842e-981147e6cce2", "value": "targeted_SloppyLemming_BurrowShell_loader" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772804710", "to_ids": false, "type": "comment", "uuid": "5268bc6c-2b9b-45f4-85ca-30aec3b85132", "value": "Rule to detect sloppylemming BurrowShell loader including Encrypted Shellcode" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772804710", "to_ids": true, "type": "yara", "uuid": "3eda4c88-cf7d-4a51-bd1a-59f5f681ae12", "value": "rule targeted_SloppyLemming_BurrowShell_loader\r\n{\r\nmeta:\r\n description = \"Rule to detect sloppylemming BurrowShell loader including Encrypted Shellcode\"\r\n author = \"Arctic Wolf\"\r\n distribution = \"TLP:CLEAR\"\r\n version = \"1.0\"\r\n creation_date = \"2026-01-08\"\r\n last_modified = \"2026-01-27\"\r\n hash256 = \"f46dd8154f963a8d49c4503bcfb93caf6551f4c845377c95fdde52ce9ca9798b\"\r\nstrings:\r\n $a1 = \"Less than 2 GB of RAM detected. Possible virtual environment\" ascii wide\r\n $a2 = \"Less than 2 processors detected. Possible virtual environment\" ascii wide\r\n $a3 = \"GlobalMemoryStatusEx Failed With Error\" ascii wide\r\n $a4 = \"SystemFunction033\" ascii wide\r\n\r\ncondition:\r\n uint16(0) == 0x5a4d and ((filesize < 15000KB) and all of ($a*))\r\n \r\n}" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772809937", "uuid": "ea2b8cdd-712f-4f10-b67b-4595d1a5f838", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772809937", "to_ids": true, "type": "md5", "uuid": "b8f71f7f-5154-4ac6-a8d2-6ce01112e607", "value": "753bb1b5d8b879f478babb21ed4d9696", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809568", "to_ids": true, "type": "sha1", "uuid": "206da284-49e2-45c0-83de-62e5beac5d4c", "value": "87fbf997ab96dd4129e008119a3853de2127fbfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809569", "to_ids": true, "type": "sha256", "uuid": "2ad47b6b-78ef-4fe4-b800-d7eebc6b4385", "value": "1946315d645d9a8c5114759b350ec4f85dba5f9ee4a63d74437d7a068bff7752", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807446", "to_ids": true, "type": "ssdeep", "uuid": "29b30adb-e360-454a-949f-fddd6c8f414f", "value": "12288:nQV2lyco3pMceN2QnJGDwHtz/UQJoLLatvQpVzv:QIyP5eN2QoDGzdoKtvgV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807446", "to_ids": false, "type": "size-in-bytes", "uuid": "7b23e587-0c42-4a2f-9bb4-eb1d7c23c306", "value": "803840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772807446", "to_ids": true, "type": "vhash", "uuid": "c71ef976-e99f-4fe0-842d-8d953738312e", "value": "97ce42305b2b88cf9de207237de8835a" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807446", "to_ids": false, "type": "text", "uuid": "309fd7c6-a5c4-4240-a6cd-7dfa9ea7104d", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:31/64\nFirst Submission:2026-01-07T10:42:58.000000+00:00\nLast Submission:2026-01-07T10:42:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772809959", "uuid": "7f99e822-41c4-44e9-b67e-845c5a41729a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772809959", "to_ids": true, "type": "md5", "uuid": "58e440d7-d0bd-4a9e-9fa5-a4e807f99503", "value": "76195b41d2e0c8008c23e77363a7455a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809570", "to_ids": true, "type": "sha1", "uuid": "d3a8d7bf-2109-472b-83af-9642c505b65f", "value": "d4141e449a59298d073cdad32d8120979541a610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809570", "to_ids": true, "type": "sha256", "uuid": "308fbcba-d13b-442c-b70e-4ba298a45ab7", "value": "81d1a62c00724c1dfbc05a79ac4ae921c459350a2a4a93366c0842fadc40b011", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807469", "to_ids": true, "type": "ssdeep", "uuid": "71ce870d-ddb3-4e2e-ac4c-230620a9b71b", "value": "96:mJgwnE1s7vd584nYoEFRsFCgxPPGcdlMJinqIKHhQPdWGrXkkSOL:mbE2Z58d4FCgYcdGJU64TXkOL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807469", "to_ids": false, "type": "size-in-bytes", "uuid": "8a691c90-db24-4c91-8502-284bd203215d", "value": "8704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772807469", "to_ids": true, "type": "vhash", "uuid": "81190d3d-81c0-4cf0-95cb-e86e7e6139df", "value": "183046551d551039z6?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807469", "to_ids": true, "type": "filename", "uuid": "adf6bd0c-aba1-4755-b6ea-21cc801c3bee", "value": "ygwix30k.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807469", "to_ids": false, "type": "text", "uuid": "cced3cdb-7c05-454c-ac26-05ed2a84b219", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:43/72\nFirst Submission:2026-01-12T09:33:22.000000+00:00\nLast Submission:2026-01-12T09:33:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772809981", "uuid": "a5cf0de8-5cfa-412d-9c4f-d5de1a574bdb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772809981", "to_ids": true, "type": "md5", "uuid": "2ed9b622-18ac-4ce1-8d0e-d0062f61617b", "value": "7bec405eafc16a6f65d9a0bf7d30cec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809573", "to_ids": true, "type": "sha1", "uuid": "6d7635c8-63d4-4ce8-ad38-df783d7eaffa", "value": "9b1e51e383d086d0ccc2a9366eae80cbcff0c2a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809573", "to_ids": true, "type": "sha256", "uuid": "15dc0c63-8c37-4c94-9bb9-652231d929a5", "value": "3269829b50da5b3c4120a103ef72b09a8bbbf258ab3086ca24b2aa24dc00039b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807491", "to_ids": true, "type": "ssdeep", "uuid": "c3735e16-da17-4468-b73c-ca895d8dfd89", "value": "192:dTxjIQGmEaKNt/TuJqZkIoSYXrX/X8X/dZCdF3XOX+YEP5f/TfG+XOk70NI:z0QvEh/TuJN7vsg+WXXF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807491", "to_ids": false, "type": "size-in-bytes", "uuid": "3321fcd6-1121-47d4-98e6-9024af184257", "value": "14336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807491", "to_ids": true, "type": "filename", "uuid": "c8381bf7-346f-44e4-8b1d-96984624ebbb", "value": "efviejxh4.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807491", "to_ids": false, "type": "text", "uuid": "708cb72d-6ff6-42a4-a77c-2c4831bba652", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:8/62\nFirst Submission:2026-01-15T08:56:14.000000+00:00\nLast Submission:2026-01-15T08:56:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810003", "uuid": "ad600a5a-dc1f-4807-8789-ecda4c7b3c3f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810003", "to_ids": true, "type": "md5", "uuid": "5c994daf-8b22-4a5a-9c88-d89b4e8347ef", "value": "7c9642f73e6acb9f95af7db6bd3461a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809575", "to_ids": true, "type": "sha1", "uuid": "5aef2ade-db00-4486-aac4-03fc6bb8eaaa", "value": "a9877fd32c74a668d569234a2a7b3476c5cfe7c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809575", "to_ids": true, "type": "sha256", "uuid": "1041a803-99ea-4139-8d2a-8ab873cc697c", "value": "1f79f88e97e60bc431ab641ccbbfb09e9d2633d258d3d4bc8b0cb5b9adbc9a4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807513", "to_ids": true, "type": "ssdeep", "uuid": "4ebede3a-d8d6-49fa-bd7b-3a7b37ffda3e", "value": "96:xWLwO9ZcTWYptIXTD8SkrXLGsAnmO4HYa4EPAQSAn3bNN1adAtMBDA:okCjkrXrn1JN1aWtqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807513", "to_ids": false, "type": "size-in-bytes", "uuid": "94cb2b0b-5da4-4ffd-b418-ab486176261c", "value": "5808" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807513", "to_ids": true, "type": "filename", "uuid": "77cb6efd-d538-4c63-b846-1dcfd279efcb", "value": "PDF-Reader.application" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807513", "to_ids": false, "type": "text", "uuid": "cc138cab-3c60-46d7-b781-c7059c41d5cf", "value": "Type Description: XML\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2025-07-18T18:58:05.000000+00:00\nLast Submission:2025-07-18T18:58:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810027", "uuid": "378a3cd6-2704-44fa-8eee-2559e42cf355", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810027", "to_ids": true, "type": "md5", "uuid": "b5ee1301-e216-4238-ac66-366185bbedc6", "value": "7faf7a4f5b7f0d6b2e1d9f7957b30640", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809577", "to_ids": true, "type": "sha1", "uuid": "8d785200-151a-4eca-acc3-ec22d0a391d8", "value": "ff9473d2b0dfe7cd0cff33ce7e83bc2a243c6aea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809578", "to_ids": true, "type": "sha256", "uuid": "ded714d6-33b6-4087-9a13-ab249cf04af8", "value": "3dbf64da37616acbe16bc6bd06a320fed416c4c8ec37a04f811a32389af3d46c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807538", "to_ids": true, "type": "ssdeep", "uuid": "fc063017-327e-4e64-92a1-a6a26d246848", "value": "1536:dKfWd1zKopvGLpjXxZlBi0Ixz8mPt91s7JS/Q27mxcqZpaZkQlQ:gWeopvG/PjpYVSxhZpGkQlQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807538", "to_ids": false, "type": "size-in-bytes", "uuid": "b535a66c-1750-44b1-8ab7-80f4c8fee2ed", "value": "81008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807538", "to_ids": true, "type": "filename", "uuid": "4ac116c4-6f2d-440b-ac8d-e83db5bf68b5", "value": "system32.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807538", "to_ids": false, "type": "text", "uuid": "333a6db0-6eec-4d9c-87fd-8080a7e715f8", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2026-01-13T07:44:02.000000+00:00\nLast Submission:2026-01-13T07:44:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810049", "uuid": "ce769d10-2b11-4f25-8bdf-62726983d30a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810049", "to_ids": true, "type": "md5", "uuid": "0e84e6a5-405a-44bf-9678-f347792e5848", "value": "86c3d19dcfb5775a4895832fad052d17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809579", "to_ids": true, "type": "sha1", "uuid": "ec6603fd-4b61-43a0-884c-6d74b4726592", "value": "9315cca5f6bf475776e9e0bd6b248c374d0ec43e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809579", "to_ids": true, "type": "sha256", "uuid": "f7e2c84d-0f0a-4940-adc2-abd42bf51ea4", "value": "c4cea4147719c3abe7eb6c7c7e3420480361773b602d4270af0a607d29f8771f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807562", "to_ids": true, "type": "ssdeep", "uuid": "263be745-bcd6-4ce2-9715-b9e83c3ccbb7", "value": "96:xWLwO9ZcTtzWqIzTs4SkihlAnmOvV6a4EZQiz4An3bNN1adAtMBDA:oke/Li+PzJN1aWtqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807562", "to_ids": false, "type": "size-in-bytes", "uuid": "c0e56d29-9d08-416d-8a54-4fef4d256f77", "value": "5833" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807562", "to_ids": true, "type": "filename", "uuid": "7395aefa-0393-4603-b6dd-c7de6cd1c4e2", "value": "ftp.pnra.org.application" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807562", "to_ids": false, "type": "text", "uuid": "e531fb82-3185-485c-9743-4f4e56c10e50", "value": "Type Description: XML\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2026-01-07T11:16:33.000000+00:00\nLast Submission:2026-01-07T11:16:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810071", "uuid": "57368c86-992b-4879-a95e-dbc602ee859b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810071", "to_ids": true, "type": "md5", "uuid": "b01abcd4-836c-49de-8960-8610091315fe", "value": "97d4cf28319ce4556b87e1e3105287f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809582", "to_ids": true, "type": "sha1", "uuid": "0a05bcd3-5246-4876-98f7-26264c5866a2", "value": "0e38a7039db2350982ae174778f34303bf405306", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809582", "to_ids": true, "type": "sha256", "uuid": "03f68bf7-6c70-434d-a34d-170602d702fd", "value": "c603e7a1018f7b3a168404bcf2f709950c4e29e0596c78823647baaadaf317c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807585", "to_ids": true, "type": "ssdeep", "uuid": "f1a4d15a-7d2c-42b6-b793-03754f5df492", "value": "96:xWLwOhoyTZzw31S5tUehvyYkok0NQHkitnAAnmOsw+4E8BAn3bNN1adAtMBDA:oRtCU5tUeYN0NQEOnx+JN1aWtqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807585", "to_ids": false, "type": "size-in-bytes", "uuid": "2d986a49-c1ab-4aa2-a960-56784733610c", "value": "7709" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807585", "to_ids": true, "type": "filename", "uuid": "fb0fb329-0fc3-425a-82fd-5827e3ab4944", "value": "ftp.pnra.org.exe.manifest" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807585", "to_ids": false, "type": "text", "uuid": "18a86b71-fe6d-41e0-b7c2-490e5d47a5f5", "value": "Type Description: XML\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2026-01-12T09:32:53.000000+00:00\nLast Submission:2026-01-12T09:32:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810094", "uuid": "2524aee5-af6d-4fcf-b16f-ff86ad7c1298", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810094", "to_ids": true, "type": "md5", "uuid": "ae7d2dc4-f847-425b-97df-c190d41c959b", "value": "9a95078a7a5f1045c61fe95ab308ec3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809584", "to_ids": true, "type": "sha1", "uuid": "b027a695-e443-407a-8844-0a1f80ce66d0", "value": "fd3b37622ed4187c869c8427391c4f265a9ae1be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809585", "to_ids": true, "type": "sha256", "uuid": "fb8c12de-c473-40b5-aef2-2ae6f95a7e59", "value": "67c341e187ddfcd5a4a7df8743ae82e72db1e5c3747d5c4e185d99f54182f093", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807608", "to_ids": true, "type": "ssdeep", "uuid": "ad04647c-dc80-4a01-a624-d7bf3d54e8c3", "value": "6144:UqN80g33fjLWM/LI/K3OwuzNKG1l8PZmQdj1tsqvK/7FfJ:pDQ/cCe91OPPAqv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807608", "to_ids": false, "type": "size-in-bytes", "uuid": "408411eb-66be-4538-bc29-a8afb7d855f1", "value": "417792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772807608", "to_ids": true, "type": "vhash", "uuid": "2690447b-3378-4bfe-b085-54e0f0bd6023", "value": "145056655d155557z700443z4hzd5z96zb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807608", "to_ids": true, "type": "filename", "uuid": "6f537f26-40ea-40f9-aba9-ce1ae9f088dd", "value": "j0el2p.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807608", "to_ids": false, "type": "text", "uuid": "b02b2913-4fc2-44ee-b6bf-6165bc99c71a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:44/72\nFirst Submission:2025-11-26T04:29:18.000000+00:00\nLast Submission:2025-11-26T04:29:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810116", "uuid": "43962465-662a-4a95-81f4-2aa2d8623834", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810116", "to_ids": true, "type": "md5", "uuid": "5c845173-0f7e-4885-9f1a-2acffe63f49d", "value": "a0345cd01e10d6a2860cc3aa712d3bc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809587", "to_ids": true, "type": "sha1", "uuid": "fde7db3c-ba10-4e47-bda3-5a356f82eeff", "value": "b4ff5f83dbec21a3089ae98ebeab55ab3ec8e6b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809587", "to_ids": true, "type": "sha256", "uuid": "57d5fbc9-462c-44ca-8ec9-f0a8317a3082", "value": "bb83cd7ebe75cf62f06859ab2166a35a16cac924f874109b78dd5c4b653d6d44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807633", "to_ids": true, "type": "ssdeep", "uuid": "fa18480f-eaac-4515-abe5-a8d2982f36c4", "value": "1536:mbURR4bPtDLYXwyV8mUx07cmyJNI23AqsvClArhTMSg456pzNr:ywQD2wyVb37F23AqcClKTMq5qzNr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807633", "to_ids": false, "type": "size-in-bytes", "uuid": "8b991adc-52dd-4354-ab53-27f4495fb1de", "value": "81008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807633", "to_ids": true, "type": "filename", "uuid": "18c28542-211e-483b-8e5b-5d51d2a58dc1", "value": "system32.pdf" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807633", "to_ids": false, "type": "text", "uuid": "74eedea6-4986-4ff9-8cc7-6b768e5f63b3", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2026-01-15T08:57:24.000000+00:00\nLast Submission:2026-01-15T08:57:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810139", "uuid": "ba77bd6d-1564-4b23-b3e8-a2a77258b2f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810139", "to_ids": true, "type": "md5", "uuid": "17770751-48b7-487d-856f-52e6087a0663", "value": "ac0623ac3349356060f8f37838ec332b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809589", "to_ids": true, "type": "sha1", "uuid": "3bdbd054-7c7d-43f1-ae02-3040fb293de6", "value": "8a3b2c21808d5936e5583bb9a8a0191dfbeccbf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809590", "to_ids": true, "type": "sha256", "uuid": "6aa38535-f67a-41a0-84b6-6ecf78f23196", "value": "8faeea306a331d86ce1acb92c8028b4322efbd11a971379ba81a6b769ff5ac4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807656", "to_ids": true, "type": "ssdeep", "uuid": "a1af422e-6bc9-419c-a07d-324f6408bdb0", "value": "3072:aMr0ChYgF4LRiNR69OgrHkfYQ05uqbW9UQxa:cIRAg30VzX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807656", "to_ids": false, "type": "size-in-bytes", "uuid": "a0cfed62-1c80-43fd-a47f-918051b80283", "value": "123495" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772807656", "to_ids": true, "type": "vhash", "uuid": "638e1ce4-14e4-4304-96b4-ed81373cbb30", "value": "9269a316ce3db9cd5abe5db9d79c39ec2" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807656", "to_ids": false, "type": "text", "uuid": "8dcf9497-380f-470a-a3e5-6cff25556560", "value": "Type Description: PDF\nMicrosoft: None\nVT Total Detection:9/64\nFirst Submission:2026-01-07T10:55:31.000000+00:00\nLast Submission:2026-01-07T10:55:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810162", "uuid": "258aed1d-c5ed-4137-9c1f-3fe8090efd34", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810162", "to_ids": true, "type": "md5", "uuid": "f490d063-1f15-49c6-8b71-d8a2ce9a1bad", "value": "f310ee836f88cc43d3939f8a88b20495", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809592", "to_ids": true, "type": "sha1", "uuid": "f57f9d44-beff-4cb1-8408-b70a5adaf146", "value": "c5171b00bfe40113f4e99cab21e71f955c397d7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809592", "to_ids": true, "type": "sha256", "uuid": "f82246e4-77ba-415b-9b27-6979063793e4", "value": "4f1628821c13cc27fd4134301cc93a1ad32b2a3f7066c3d90f7ba89e02180754", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807679", "to_ids": true, "type": "ssdeep", "uuid": "6610aac7-012b-4c32-8ab5-699ef1f0a96d", "value": "6144:5TkkYh8IGDV9+/9v7phFkP3A0yDYiccTdhz0GDz6bxYdTvmmaQ:tkkYSc9DphGgYiPexYdTvm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807679", "to_ids": false, "type": "size-in-bytes", "uuid": "1de0109e-c4dd-4b08-a6fa-d55a679760ef", "value": "429568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772807679", "to_ids": true, "type": "vhash", "uuid": "1ad41a35-5102-4967-958d-ad3abe0c8c3a", "value": "145066655d1555551015z700443z4hzd5z95z43" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807679", "to_ids": true, "type": "filename", "uuid": "9d44e12b-a8ae-47b3-85d3-b48b9cedfdbe", "value": "sppc.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807679", "to_ids": false, "type": "text", "uuid": "61256214-989d-472a-af9b-bab850324ee5", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:35/72\nFirst Submission:2025-11-25T08:52:26.000000+00:00\nLast Submission:2026-01-20T16:10:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810185", "uuid": "21bc5fc9-ee80-4196-a1e6-50c19cdfd226", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810185", "to_ids": true, "type": "md5", "uuid": "a7e0cfe6-dbf8-48da-857d-77e590b3a2c5", "value": "6ac130b757177ecfc2d70acc0da05f8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809594", "to_ids": true, "type": "sha1", "uuid": "b3986ffa-efee-41b1-b5a5-bc5cb620c5ae", "value": "680aac6207d0826cb653213b3d85dfa272d12e83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809594", "to_ids": true, "type": "sha256", "uuid": "e9ed9e30-4553-45ed-95a5-c48fea8459fe", "value": "9dca24630c06463a01ca6d38b73987589bbe68650b0ff893770eab9ff6ec581a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807791", "to_ids": true, "type": "ssdeep", "uuid": "4ab49ffe-07f1-43ea-8047-9b4dd4361a0c", "value": "96:xWLwOhoyT5N50v31S5tUehvykk2n5k2/n6FFAnmOKMKlKN5+4EwAVTX1An3bNN1D:oRavU5tUe26y2/n6JMKm4XaJN1aWtqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807791", "to_ids": false, "type": "size-in-bytes", "uuid": "10871e35-d3eb-4796-bb40-5c0a43f988e5", "value": "7325" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807791", "to_ids": true, "type": "filename", "uuid": "8c693b14-fea7-4aad-817a-9ef230c892a0", "value": "MicrosoftPDF-Reader.exe.manifest" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807791", "to_ids": false, "type": "text", "uuid": "0470bd92-5cec-4a88-ae32-c30a86bf1b36", "value": "Type Description: XML\nMicrosoft: None\nVT Total Detection:0/61\nFirst Submission:2026-03-06T08:37:03.000000+00:00\nLast Submission:2026-03-06T08:37:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810207", "uuid": "9c63eac8-a9ea-4db9-9727-3a99db7966b5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810207", "to_ids": true, "type": "md5", "uuid": "efd220f6-1fda-4600-9edc-60b70b075c92", "value": "aada47195db066d3820067057523a890", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809596", "to_ids": true, "type": "sha1", "uuid": "b3ea57db-2232-4caf-a8a5-60279b3b5b99", "value": "50e940d8b19a149c429473ff12635ff6a19a55f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809596", "to_ids": true, "type": "sha256", "uuid": "7dc1ebd1-557a-43ae-b8dd-3209bf992460", "value": "d071ea65ea30df38623afe959ccc142f14dc4659dce21c2d7195e31245ee2df1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807837", "to_ids": true, "type": "ssdeep", "uuid": "86c81bc8-061b-46af-8181-ba879dcbe1fa", "value": "96:xWLwO9ZcTRNkYzWqIP0NkTFNd8N5SkD0kAnmOMKNkYa4EvhAjHAAn3bNN1adAtM+:okgzg4QhATHJN1aWtqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807837", "to_ids": false, "type": "size-in-bytes", "uuid": "102ca515-5b93-43c8-b843-2b881fa89095", "value": "5862" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807837", "to_ids": false, "type": "text", "uuid": "9b007330-0a2d-4d32-8945-8b030a8c5d32", "value": "Type Description: XML\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2026-03-04T13:11:57.000000+00:00\nLast Submission:2026-03-04T13:11:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810229", "uuid": "af8f99f6-7500-4f43-8693-45a45a137a1c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810229", "to_ids": true, "type": "md5", "uuid": "f81e35a7-03bb-4d41-ac13-2c19c75d3c66", "value": "1ca52739f7f494012f1aacc925328c7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809599", "to_ids": true, "type": "sha1", "uuid": "bc3690eb-e7cd-4bd8-aab5-83dfe2d0953e", "value": "9b8542e238697dc1f5c524f68d9f7b27f5b78e73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809599", "to_ids": true, "type": "sha256", "uuid": "8c7a9302-001b-4c14-8837-db575134d038", "value": "9fd133b11abcbbed33ccea71bd4743e8f35e42cd637fb763f5ab2a8fbb9b6261", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807927", "to_ids": true, "type": "ssdeep", "uuid": "7eacdc6c-8c22-4591-9373-90b790387aea", "value": "1536:g9eGa2NzJNfbiUtgnqCztRz/foexgBpR8InFuige6N4Spzgv:uY2NTbZORz/foe+B38IF+eIJEv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807927", "to_ids": false, "type": "size-in-bytes", "uuid": "2b65723b-dcb3-4a6c-b0a0-5f4a295b5435", "value": "79848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772807927", "to_ids": true, "type": "vhash", "uuid": "3cb02f30-4a31-4bd7-a0a8-e27e7c0ca771", "value": "074026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807927", "to_ids": true, "type": "filename", "uuid": "25e73c69-e091-4b7b-8561-b5532e33e87d", "value": "NGenTask.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807927", "to_ids": false, "type": "text", "uuid": "668e695d-11a4-432d-908b-ce144f800655", "value": "Type Description: Win32 EXE\nFile distributed by: ['Microsoft']\nData sources: ['Microsoft Corporation', 'National Software Reference Library (NSRL)']\nVerdict filename: ['(Image4187)_Windows_Microsoft.NET_Framework64_v4.0.30319_ngentask.exe', '[part(2)FileId(23707)Name(ngentask.exe)]', 'ngentask_6.exe', 'ngentask_7108a4d6-e54a-44e9-a061-0dec4df92936.exe', 'ngentask_fc1f34f9-d678-4cb2-a5ef-37597785dbd7.exe', 'ngentask_14.exe', '[part(1)FileId(39937)Name(ngentask.exe)]', 'ngentask_205b20cd-cab1-44a7-8357-319f71d5f65f.exe', 'ngentask.exe', 'ngentask_301034d1-fa3a-44de-acb7-23cf113cbf63.exe']\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2022-04-30T03:22:55.000000+00:00\nLast Submission:2026-02-26T03:13:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772810251", "uuid": "d3d5df59-b67d-4e99-b86f-717dd6b8684a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772810251", "to_ids": true, "type": "md5", "uuid": "48fd1888-43f9-4d02-a6a0-ca602d5ac819", "value": "6c360ac502fa4c54b8b5d5a732ee569c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809601", "to_ids": true, "type": "sha1", "uuid": "f74d221a-81d6-4967-aa90-cf2ac63b19e3", "value": "215d1b72665aa505e7e28319d4bcb4ac4d624b8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809601", "to_ids": true, "type": "sha256", "uuid": "b50b79ff-19ca-4ecc-82ac-1a63a7a7ad74", "value": "8cc46f6ef1b659fa463b7eb343b4ca033de89c313af2e68e2cc7ce08eaff88de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772807951", "to_ids": true, "type": "ssdeep", "uuid": "8ea67910-6efb-4344-acf7-3e0fc0714629", "value": "1536:haa0LQfEPXIcjk2SdvonDeuzWCiW/nZoNOZBUVg6nDJQjjzcEPkpzWU:hpfEP5SFgWs/34O6nDJgYEcpKU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772807951", "to_ids": false, "type": "size-in-bytes", "uuid": "f53a9364-b411-4090-aa71-9b7e680d21db", "value": "133688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772807951", "to_ids": true, "type": "vhash", "uuid": "7e4650bb-3248-4077-b5f2-6c127063fe75", "value": "015086661c055d1515551058z1f28z35z4021zbfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772807951", "to_ids": true, "type": "filename", "uuid": "f28978ef-b7dd-45d2-84bb-20c250856fb3", "value": "phoneactivate.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772807951", "to_ids": false, "type": "text", "uuid": "0d8ff2be-add9-4784-bc85-868ac4bab4c3", "value": "Type Description: Win32 EXE\nFile distributed by: ['Microsoft']\nData sources: ['Microsoft Corporation']\nVerdict filename: ['phoneactivate.exe', '[part(1)FileId(60549)Name(phoneactivate.exe)]', '[part(1)FileId(61532)Name(phoneactivate.exe)]', '[part(1)FileId(60264)Name(phoneactivate.exe)]']\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2024-07-11T00:44:53.000000+00:00\nLast Submission:2026-02-01T23:44:20.000000+00:00" } ] } ] } }