{ "Event": { "analysis": "1", "date": "2026-05-05", "extends_uuid": "", "info": "[Threat Intel] Popular DAEMON Tools software compromised", "protected": false, "publish_timestamp": "1779546478", "published": true, "threat_level_id": "2", "timestamp": "1779546477", "uuid": "21f675fc-977d-426a-9622-aed934c463c8", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#177fb7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1218.011\"", "relationship_type": "" }, { "colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#4bc785", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Hollowing - T1055.012\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#d596aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"", "relationship_type": "" }, { "colour": "#4494e4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol or Service Impersonation - T1001.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1518.001\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#cb2c9b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"", "relationship_type": "" }, { "colour": "#bd512b", "local": false, "name": "misp-galaxy:target-information=\"Belarus\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778036411", "to_ids": false, "type": "link", "uuid": "6d83ee08-fb79-4087-8f26-75cc9cb2d331", "value": "https://securelist.com/tr/daemon-tools-backdoor/119654/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778036411", "to_ids": false, "type": "text", "uuid": "d2ee5ec9-7dc6-48a3-ab09-a495647fee48", "value": "Since April 8, 2026, installers of DAEMON Tools software have been compromised with malicious payloads distributed through the legitimate website. Versions 12.5.0.2421 to 12.5.0.2434 contain trojaned binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe) signed with legitimate developer certificates. The attack has affected thousands of systems across over 100 countries, though advanced payloads were selectively deployed to approximately a dozen machines in government, scientific, manufacturing, and retail organizations. Initial infection establishes backdoor communications to typosquatted domains, followed by deployment of an information collector for system profiling. Targeted systems receive additional implants including a minimalistic backdoor and QUIC RAT. Chinese-language strings found in malicious components suggest a Chinese-speaking threat actor. The attack remains active at time of publication, demonstrating sophisticated supply chain compromise techniques comparable to the 2023 3CX ..." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778036411", "to_ids": false, "type": "text", "uuid": "9a2884c5-7201-4215-b0e6-ede9a9977bd4", "value": "Name: Popular DAEMON Tools software compromised\nAuthor: AlienVault\nAdversary: \nTags: [\"software compromise\", \"quic rat\", \"daemon tools\"]\nTgtd countries: [\"Belarus\", \"Russian Federation\", \"Thailand\"]\nMlwr families: [\"QUIC RAT\"]\nAttack_ids: [\"T1033\", \"T1218.011\", \"T1071.004\", \"T1573.001\", \"T1082\", \"T1140\", \"T1016\", \"T1057\", \"T1059.001\", \"T1547.001\", \"T1055.012\", \"T1027\", \"T1195.002\", \"T1001.003\", \"T1518.001\", \"T1059.003\", \"T1070.004\", \"T1071.001\", \"T1105\", \"T1055.001\"]\nIndustries: [\"Government\", \"Retail\", \"Manufacturing\", \"Education\"]" }, { "category": "Payload delivery", "comment": "Minimalistic backdoor (decrypted from mcrypto.dat) No sample in VT\r\nLast check:13/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546475", "to_ids": true, "type": "sha1", "uuid": "f18e8916-0317-4f62-8d76-0ed21a9c29e9", "value": "a3e90653bd0a81ebe2ae387a67a59bb8d07ce7b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Minimalistic backdoor (decrypted from core.tmp / cdg.tmp) No sample in VT\r\nLast check:13/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546477", "to_ids": true, "type": "sha1", "uuid": "68c76890-8014-4ed4-8e12-a9095b272c27", "value": "3ee71d75020b2634b2c23866211a0c91b942c8d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1778627026", "to_ids": true, "type": "hostname", "uuid": "3e0551a2-1e5b-4dab-9251-ca9e5968cfe1", "value": "env-check.daemontools.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1778627048", "to_ids": true, "type": "ip-dst", "uuid": "8cf51934-6f21-4d1c-b7df-705170bc569e", "value": "38.180.107.76", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546416", "uuid": "efbc9c4b-d268-430c-a223-dccbc108cb4e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546415", "to_ids": true, "type": "md5", "uuid": "78106ad3-565e-472a-b50c-97081d642457", "value": "f2bd550773af344661689e259ffb97ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546415", "to_ids": true, "type": "sha1", "uuid": "d1d858a1-4852-40c4-b73d-5f02b6b33c5c", "value": "2d4eb55b01f59c62c6de9aacba9b47267d398fe4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546416", "to_ids": true, "type": "sha256", "uuid": "f3364b4a-1c2d-4e7d-b3e9-cd8608ab1a69", "value": "a916e56121212613d17932e124b68752c9312e73bde8f2351054bd64394257df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622424", "to_ids": true, "type": "ssdeep", "uuid": "9ade51c7-fe09-4a17-a453-02f7dcedd44f", "value": "192:VLQOTxQvxzoCwdulHkb6Wl4u7qxPg7WRcau0m:VLQOT+JzXzdfDuONQWRcw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622424", "to_ids": false, "type": "size-in-bytes", "uuid": "7b7e9c9d-3a35-424c-bd59-713668cd4c51", "value": "11264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622424", "to_ids": true, "type": "vhash", "uuid": "02f6d5c0-82a4-4c22-8a58-7a517c1cf464", "value": "21403655151d061d20010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622424", "to_ids": true, "type": "filename", "uuid": "6d83b7c4-77e6-4472-9f5b-39363ebeedc3", "value": "InfoCollector.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622424", "to_ids": false, "type": "text", "uuid": "bbc51041-a924-4f80-a273-6ee795f6ba1c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:46/71\nFirst Submission:2026-04-14T20:02:35.000000+00:00\nLast Submission:2026-05-11T08:44:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546419", "uuid": "c4f18ab8-0ee0-4a26-92de-301f550c6824", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546418", "to_ids": true, "type": "md5", "uuid": "c44ceafb-cc4e-48a6-91c8-35f04fdcfeb7", "value": "8c67ae3b4b8d30d13a8118701134d94e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546418", "to_ids": true, "type": "sha1", "uuid": "d7600a94-f117-47f8-b015-a2cb2535b9d8", "value": "9ccd769624de98eeeb12714ff1707ec4f5bf196d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546419", "to_ids": true, "type": "sha256", "uuid": "9123a64b-6274-4f4b-a24f-f37231810b66", "value": "12edcaafab7703d0819b1395f45c35e3083dd83fb8b128292cb11033453fb6e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622446", "to_ids": true, "type": "ssdeep", "uuid": "7d37e8e1-c6df-4176-a0e1-0600da1584a1", "value": "1572864:HuyZl/5eb3ZCYt1Kn3fEcvFtjkhsl6V1J7acC8x52uI:OynYb3ZdK3ccvFtjkhP750" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622446", "to_ids": false, "type": "size-in-bytes", "uuid": "81ec1397-41f3-44b3-aab9-b12b4be7bbe8", "value": "51902576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622446", "to_ids": true, "type": "filename", "uuid": "8404edd3-4771-42e5-a307-97cdaecb238d", "value": "DTWpfInstaller.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622446", "to_ids": false, "type": "text", "uuid": "beb190c5-167e-4615-a128-5edc34e65544", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RogueDaemon.LTSN!MTB\nVT Total Detection:36/69\nFirst Submission:2026-04-08T14:59:25.000000+00:00\nLast Submission:2026-05-12T01:16:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546422", "uuid": "fccfbc3d-8f43-48d3-9431-f5caa957bd14", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546421", "to_ids": true, "type": "md5", "uuid": "02c25ebe-1f98-4857-a16f-0328343ea666", "value": "a7f6308f3c7624a603e2242b19a0a8e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546422", "to_ids": true, "type": "sha1", "uuid": "0ac8fa7f-24e4-4854-a4bb-192c848e6be9", "value": "28b72576d67ae21d9587d782942628ea46dcc870", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546422", "to_ids": true, "type": "sha256", "uuid": "755a1631-c020-4469-b641-520395d4734c", "value": "d2a5c9cbb73849cc0667987c33a9bf3822718e1528faef005f1628de3348ffb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622468", "to_ids": true, "type": "ssdeep", "uuid": "a7361b75-bf1d-4d09-9dbd-f9b2f59bbe40", "value": "1572864:luyZlif2XXn3fEMOwal6w1JpacCGxLje:8y6+H3cfwFmW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622468", "to_ids": false, "type": "size-in-bytes", "uuid": "b55414fe-d69a-4ee9-8ff6-2216f8fcaa5f", "value": "52434032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622468", "to_ids": true, "type": "filename", "uuid": "32610a3a-71f5-43a3-b011-1922e47bb733", "value": "DTWpfInstaller.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 09/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622468", "to_ids": false, "type": "text", "uuid": "df70183e-d6bd-41bd-94ec-40d73ed0fcea", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RogueDaemon.LTSN!MTB\nVT Total Detection:28/70\nFirst Submission:2026-04-21T15:14:26.000000+00:00\nLast Submission:2026-05-07T16:24:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546425", "uuid": "d9fdc89c-27db-455e-9e34-7c0017976222", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546424", "to_ids": true, "type": "md5", "uuid": "2581800d-7019-4e47-be8e-6a0150b2b431", "value": "a920a32eff288e5b48c62d273defeada", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546424", "to_ids": true, "type": "sha1", "uuid": "5af16bd1-dc7c-4e21-a352-08d360050da0", "value": "0c1d3da9c7a651ba40b40e12d48ebd32b3f31820", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546425", "to_ids": true, "type": "sha256", "uuid": "36b86aec-6ef3-45f0-8c87-ca6345808b0f", "value": "f8599bec9a6e86aab534f6282e8b812d4997ecdf2f6064a4c0326c5e7771eb42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622489", "to_ids": true, "type": "ssdeep", "uuid": "9e927978-400a-4061-a5b6-7a22a8223e85", "value": "1572864:NuyZl9S5t81Kn3fE+8V2kBSl6a1Jh+acC4xi2u:0y1SAK3c++2kBN/i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622489", "to_ids": false, "type": "size-in-bytes", "uuid": "3eb19098-0540-4012-a3e0-75e61ca5fabc", "value": "51903088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622489", "to_ids": true, "type": "filename", "uuid": "0873127e-e1ac-4e5a-9165-de66c4bab6a8", "value": "DTWpfInstaller.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 10/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622489", "to_ids": false, "type": "text", "uuid": "66ecac4f-1457-4851-b030-157c024bb7a9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RogueDaemon.LTSN!MTB\nVT Total Detection:23/70\nFirst Submission:2026-04-20T15:13:10.000000+00:00\nLast Submission:2026-05-02T14:44:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546428", "uuid": "d9b4916f-d3e0-48ce-8382-9a7c95483314", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546427", "to_ids": true, "type": "md5", "uuid": "b8366bdb-5996-4dbd-8604-3ffb3d204733", "value": "fd3602ef891dc6d53e42c310fa268826", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546427", "to_ids": true, "type": "sha1", "uuid": "504f9399-11db-448c-8b6f-bd6b54421e36", "value": "15ed5c3384e12fe4314ad6edbd1dcccf5ac1ee29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546428", "to_ids": true, "type": "sha256", "uuid": "932a6c09-a11e-4bc8-a4ed-3fd981248ae4", "value": "626ba9c1913f775f45f5be6c8bc0e579d551ded4ec97fde1ef78662f2659929e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622511", "to_ids": true, "type": "ssdeep", "uuid": "660c880b-0583-4d90-ad9f-8e7110a8808e", "value": "786432:xXpsfdFewgyAGIm9dW4yCtnsP1Kn3+uhCIeGAerh0fFmnOH2/cUDj7Vb6sVe1woi:+uyZl9dWdCaP1Kn3fEVed5nOoll6x1J8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622511", "to_ids": false, "type": "size-in-bytes", "uuid": "2506ee97-86ab-41ed-8d57-2a41779ad83c", "value": "48269424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622511", "to_ids": true, "type": "filename", "uuid": "e48e508e-26e0-4f3f-b8b7-14d5defde4aa", "value": "DTWpfInstaller.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 09/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622511", "to_ids": false, "type": "text", "uuid": "85d35934-6309-4e5f-a94d-ae02a9fb2146", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RogueDaemon.LTSN!MTB\nVT Total Detection:31/70\nFirst Submission:2026-04-29T16:50:53.000000+00:00\nLast Submission:2026-05-06T12:30:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546430", "uuid": "8140ea5b-d008-4fd5-be11-769b89c7c604", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546430", "to_ids": true, "type": "md5", "uuid": "bb470a08-98b7-4fe4-a7ba-898cbb968ec9", "value": "647e91eb563af6e5962d50395e4e2b3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546430", "to_ids": true, "type": "sha1", "uuid": "a788b81b-7d52-45db-aa45-0507a1414911", "value": "46b90bf370e60d61075d3472828fdc0b85ab0492", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546430", "to_ids": true, "type": "sha256", "uuid": "43fb69c6-abff-4102-a6ae-93d642126d57", "value": "0066ed9b9de2b8e251f7bcf73edcb549218179398cf90124a221958fedce6212", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622533", "to_ids": true, "type": "ssdeep", "uuid": "593522d0-e193-4f9b-a224-a6c63a1560f6", "value": "786432:1NpsfdFewgyAGImqhrpl1Kn3+uhCIeGrMMpw9OH2PJDj7Vb6sca/kCMxP:guyZlqJpl1Kn3fEKLpw9OgNl6RacCMxP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622533", "to_ids": false, "type": "size-in-bytes", "uuid": "9740f98b-d2f7-4b47-bc07-910011bf7aee", "value": "45788272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622533", "to_ids": true, "type": "filename", "uuid": "cb4e6c9e-4b4f-4b52-949c-1222825fb8ce", "value": "DTWpfInstaller.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622533", "to_ids": false, "type": "text", "uuid": "ec9c7654-b2b0-49d0-82cd-bc68ec448b2c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RogueDaemon.LTSN!MTB\nVT Total Detection:37/70\nFirst Submission:2026-04-24T00:03:09.000000+00:00\nLast Submission:2026-05-06T12:21:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546433", "uuid": "ce3f4695-0812-4169-95bc-b93b28dc12e1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546432", "to_ids": true, "type": "md5", "uuid": "3d269bc4-55dc-44b6-9a51-44435d87ed72", "value": "13dd6de4a0b298b44637da2f948bd229", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546433", "to_ids": true, "type": "sha1", "uuid": "93535839-3081-4eda-a37a-3a51f262a768", "value": "50d47adb6dd45215c7cb4c68bae28b129ca09645", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546433", "to_ids": true, "type": "sha256", "uuid": "19761741-5f0d-4b0d-8746-2187d40e8dcd", "value": "60e623bb18867240a7db2b292e7ec6b4c3efbd4671080b7108bdb6cb1da7843c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622555", "to_ids": true, "type": "ssdeep", "uuid": "6e2bb623-2476-4b66-a2bd-4ae29002b07b", "value": "786432:0psfdFewgyAGImP+RMyVHaomyZl1Kn3+uhCIexxvk5HDj7Vb6shFStYKqa/kC9xP:DuyZlP+RMIHaorl1Kn3fETk5Tl6CS3q0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622555", "to_ids": false, "type": "size-in-bytes", "uuid": "b570c1de-18be-487d-a5db-04bd715994b9", "value": "47968368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622555", "to_ids": true, "type": "filename", "uuid": "1cdeb98d-be96-4a60-bcad-3442a4fe4f9d", "value": "DTWpfInstaller.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 08/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622555", "to_ids": false, "type": "text", "uuid": "23c57b89-50ce-4e4b-b052-af09a708f41e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RogueDaemon.LTSN!MTB\nVT Total Detection:27/71\nFirst Submission:2026-04-12T06:52:57.000000+00:00\nLast Submission:2026-04-22T18:11:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546436", "uuid": "0905244a-e987-4e90-9404-a6b644060614", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546436", "to_ids": true, "type": "md5", "uuid": "0d2f99c0-937e-4584-9531-ae5354c7bf90", "value": "d2c4c61684c26bee09782227f81b1c16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546436", "to_ids": true, "type": "sha1", "uuid": "d9f292c4-8b1d-49c1-b7a7-96a6467da291", "value": "524d2d92909eef80c406e87a0fc37d7bb4dadc14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546436", "to_ids": true, "type": "sha256", "uuid": "6f8391bb-3785-4517-a6cc-5c712415f335", "value": "da1a51b7022d8e726de981fcdb364096e90a8134dd380f9d76c4c20fea701836", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622577", "to_ids": true, "type": "ssdeep", "uuid": "2948692f-1abb-4ef4-8a5e-f5377de831af", "value": "49152:CeNDnK5hKX1UZqjiTDDyzKp9qoONK0oY+wsx5t+VH1SFRFxlfoUKyia6x/xj4m:HDoZqKMV0BoTyY/Wm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622577", "to_ids": false, "type": "size-in-bytes", "uuid": "1d396b7e-5d60-40c4-be1a-3575b125805e", "value": "4924528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622577", "to_ids": true, "type": "vhash", "uuid": "32ed2dfb-ced3-4b4c-8034-d6e27a14fb7e", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622577", "to_ids": true, "type": "filename", "uuid": "dbee01d2-9982-4925-a1c9-d3a833783969", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 10/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622577", "to_ids": false, "type": "text", "uuid": "6ce8eee5-5696-4fc3-96f0-2144989786c3", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.LTSN!MTB\nVT Total Detection:40/71\nFirst Submission:2026-04-12T01:50:19.000000+00:00\nLast Submission:2026-05-11T08:44:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546439", "uuid": "cb8db4ca-7951-4b72-91a8-e2307dbc16ee", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546438", "to_ids": true, "type": "md5", "uuid": "cd12b4e2-d01f-4791-a6d3-3a590aa18037", "value": "3a1553153b4d192dd935c571457f44dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546439", "to_ids": true, "type": "sha1", "uuid": "6489ea8d-a15d-4c26-bde2-cb504002de33", "value": "6325179f442e5b1a716580cd70dea644ac9ecd18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546439", "to_ids": true, "type": "sha256", "uuid": "201ff284-d7f9-4caa-99ab-8b80cd044d7a", "value": "3ecf78b53704422cc4c00db624b0535f36835c985d1e0b8c3d0f3d846eae1a3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622599", "to_ids": true, "type": "ssdeep", "uuid": "793722c0-e7ab-465e-9e55-e4b4650de49d", "value": "786432:spsfdFewgyAGImjhi1Kn3+uhCIe+vRdtWBOH23VDj7Vb6sDa/kC7xNAte+:ruyZljA1Kn3fEivReBOoRl6CacC7x4e+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622599", "to_ids": false, "type": "size-in-bytes", "uuid": "951ae5dd-b478-4239-b41d-b5276f474ee3", "value": "49979504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622599", "to_ids": true, "type": "filename", "uuid": "c92c0392-83d8-4079-963e-048fc20e729c", "value": "DTWpfInstaller.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 09/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622599", "to_ids": false, "type": "text", "uuid": "b6534e74-1dc3-4639-ae23-95a1878c33c1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RogueDaemon.LTSN!MTB\nVT Total Detection:23/71\nFirst Submission:2026-04-23T11:17:43.000000+00:00\nLast Submission:2026-05-12T10:02:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546442", "uuid": "b1cdeca1-5eb6-4617-845f-ea6dff18282d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546441", "to_ids": true, "type": "md5", "uuid": "d53b3e62-5f64-4aa5-87fe-cad2aaa8e34b", "value": "9cbb03932dc71ca41c418d020b10b5ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546441", "to_ids": true, "type": "sha1", "uuid": "6dc18893-8a34-403d-af1b-9939ccd5b9c6", "value": "64462f751788f529c1eb09023b26a47792ecdc54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546442", "to_ids": true, "type": "sha256", "uuid": "2cdfb0a2-db10-40ad-8ac8-323c19cc021a", "value": "3212ea730397c6f5b11faffc1d05c243cb962ca487de17179ad4aedc4a10ae92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622621", "to_ids": true, "type": "ssdeep", "uuid": "f8425446-ded6-47d8-a092-9c09a3f01f1e", "value": "49152:O22iJPElQC4W4YduLk8lm5uBiWQKzQuFKwLmY9VRyrp9jjclwVnRdOv1vWkkjQA/:0iNWXx6VszVRdgWkkjSmD1L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622621", "to_ids": false, "type": "size-in-bytes", "uuid": "9d37bcfa-1fb4-4b34-89f1-016852df2c9f", "value": "4925040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622621", "to_ids": true, "type": "vhash", "uuid": "d23cd50a-233d-40f1-8e51-1246cf458b68", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622621", "to_ids": true, "type": "filename", "uuid": "db02cf93-6bdd-4380-b48e-dc586c4ca3c7", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 09/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622621", "to_ids": false, "type": "text", "uuid": "b8fa7ac3-a825-4ca8-ba7b-2ef001d3787f", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.LTSN!MTB\nVT Total Detection:38/71\nFirst Submission:2026-05-05T10:07:25.000000+00:00\nLast Submission:2026-05-05T22:52:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546444", "uuid": "225e9978-bf2a-42e8-b3dc-8e8cc3959b6b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546444", "to_ids": true, "type": "md5", "uuid": "c551b22f-358d-44d4-be8d-10e19ae35b1e", "value": "589f0705c7ed10716d5d4c6a881740cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546444", "to_ids": true, "type": "sha1", "uuid": "15ce214f-889d-47bd-ad68-cba54741a17e", "value": "8e7eb0f5ac60dd3b4a9474d2544348c3bda48045", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546444", "to_ids": true, "type": "sha256", "uuid": "d68cae8a-0bf5-47e7-893a-cdce185d5bc0", "value": "97dd013d448631be7e8059c3367a30bbc0d4712907e684bb2e2c0ab2de84cb0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622643", "to_ids": true, "type": "ssdeep", "uuid": "693f359e-12c8-450b-8e64-970d73235424", "value": "49152:seNDnK5hK91UZFjiTDDtzKp9qoONK0oY+wsx5t+VH1SFRFxlfoDmyia6hTnLLI4Q:pDGZNZMV0BoKySm/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622643", "to_ids": false, "type": "size-in-bytes", "uuid": "30fa0356-ae3e-489d-a7f7-c7b5cf5310e9", "value": "4925040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622643", "to_ids": true, "type": "vhash", "uuid": "a73fb2fc-8d73-4a6c-8f98-a3bf5b7b5a38", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622643", "to_ids": true, "type": "filename", "uuid": "a83dfc16-5954-4bf4-9d8e-8d45911ff86c", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622643", "to_ids": false, "type": "text", "uuid": "c4ccca8a-6620-41da-826f-e6abba2da60d", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.LTSN!MTB\nVT Total Detection:22/70\nFirst Submission:2026-05-05T23:09:15.000000+00:00\nLast Submission:2026-05-05T23:09:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546447", "uuid": "97a50771-7413-45d4-ba00-21f907a19e90", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546446", "to_ids": true, "type": "md5", "uuid": "9b11e0bb-cd1a-4c76-8e88-adb732509282", "value": "f209fbca69e9a25c2cdbfbd9c973ba9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546446", "to_ids": true, "type": "sha1", "uuid": "e47a86ed-0b73-4fd7-ac1d-8c0e468b5792", "value": "9a09ad7b7e9ff7a465aa1150541e231189911afb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546447", "to_ids": true, "type": "sha256", "uuid": "81413baa-debe-412e-ac90-109b8a9ce15d", "value": "70fb6c312529dcea7e7b2cd8fba198b5cae9fa8e3e4fe4da9f4d19997e24a00b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622665", "to_ids": true, "type": "ssdeep", "uuid": "18835abb-7eb6-4acf-82c6-ac0281ad541a", "value": "49152:Q22iJPElSC4WlYduLkQlm5uBiWQKzQuFKwLmY9VRyrp9jjclwVS7dOv1x50N4mD1:SiPW6F6VszVAdX6mD1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622665", "to_ids": false, "type": "size-in-bytes", "uuid": "e2ff5e4a-ced0-44af-9e64-8415e53432a2", "value": "4925040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622665", "to_ids": true, "type": "vhash", "uuid": "7b67227b-9d40-4a30-873f-4f8ccee6fab1", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622665", "to_ids": true, "type": "filename", "uuid": "d2513ed7-f5cd-4f46-ba19-3002a929b433", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 09/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622665", "to_ids": false, "type": "text", "uuid": "442ae703-44a0-4da7-8e28-feaacbdc7d8f", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.LTSN!MTB\nVT Total Detection:36/71\nFirst Submission:2026-04-24T11:36:27.000000+00:00\nLast Submission:2026-05-06T15:30:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546450", "uuid": "80838448-0397-493c-8eb8-d9d7c0711977", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546449", "to_ids": true, "type": "md5", "uuid": "0883c01f-1f2f-41f8-a30a-59146beacb88", "value": "7a9335ed73fab541f5a414ec15e334d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546449", "to_ids": true, "type": "sha1", "uuid": "53dc9575-9807-4607-8255-95f78296f4b1", "value": "9dbfc23ebf36b3c0b56d2f93116abb32656c42e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546450", "to_ids": true, "type": "sha256", "uuid": "5afe4a85-b0b2-46c7-8c35-13cd0aff8265", "value": "395ec7acd475a8acd358adc75c4615cf41737aed8a96c4f2dd792c8a6af4140c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622686", "to_ids": true, "type": "ssdeep", "uuid": "efcefd28-91ac-40e7-a1f9-e167bd2a7c85", "value": "192:hmiI7gtwGOmkkZ2WPpZ988VeLpZNvX4nqJL92N7iT:4iYgtnOmkkZH3FCprXSqJa2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622686", "to_ids": false, "type": "size-in-bytes", "uuid": "f1470ab6-87be-4959-ad2f-32632cceea00", "value": "11776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622686", "to_ids": true, "type": "vhash", "uuid": "bed60932-00d0-4217-a440-6e8859bb2ffd", "value": "014026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622686", "to_ids": true, "type": "filename", "uuid": "77118514-1e6b-4b71-bb04-fb5f36fd330f", "value": "CodeInj.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622686", "to_ids": false, "type": "text", "uuid": "3928e821-5b03-47ee-aab3-8ed02b2b83c3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Shelm.VGK!MTB\nVT Total Detection:51/71\nFirst Submission:2026-04-21T00:15:15.000000+00:00\nLast Submission:2026-05-11T08:44:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546452", "uuid": "90ca76e0-403b-4d95-829f-5c12199fc080", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546452", "to_ids": true, "type": "md5", "uuid": "4f502e72-13bd-43d0-ae61-0ced43456b69", "value": "8fa12ca8e0b75257c16b35e104174188", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546452", "to_ids": true, "type": "sha1", "uuid": "16134463-91bf-4743-a741-9455390478bd", "value": "aea55e42c4436236278e5692d3dcbcbe5fe6ce0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546452", "to_ids": true, "type": "sha256", "uuid": "d6bad7ed-6051-4d04-807f-4d9fa46985f7", "value": "0f3c3058661fcc1df9619e0a177d827f2da84864e0084f4ade159972f5048f7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622708", "to_ids": true, "type": "ssdeep", "uuid": "970bc7bf-faeb-4617-9bae-5be54105a567", "value": "49152:Z22iJPElZC4WMYduLk0lm5uBiWQKzQuFKwLmY9VRyrp9jjclwVORdOv1igQ4mD1:FigWLV6VszVudKTmD1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622708", "to_ids": false, "type": "size-in-bytes", "uuid": "b39ebd30-a607-4907-9d7c-0469416f72e1", "value": "4925552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622708", "to_ids": true, "type": "vhash", "uuid": "891879f8-48a7-4779-b9c5-1e90f2222015", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622708", "to_ids": true, "type": "filename", "uuid": "b9f48472-b7e9-4d71-91a2-cb698680a010", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622708", "to_ids": false, "type": "text", "uuid": "426f5562-0df3-4cfb-9d51-b21a275a764b", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.DA!MTB\nVT Total Detection:44/71\nFirst Submission:2026-05-09T17:12:55.000000+00:00\nLast Submission:2026-05-09T17:12:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546455", "uuid": "a082912a-3558-4e9b-8727-dc4c7bee394f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546454", "to_ids": true, "type": "md5", "uuid": "5ac952ff-416a-477b-93b8-85a9e783edb6", "value": "788cefa34466afd1470573ebbac50d98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546455", "to_ids": true, "type": "sha1", "uuid": "75742868-19c2-4691-ac5c-e972e382bc0f", "value": "bd8fbb5e6842df8683163adbd6a36136164eac58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546455", "to_ids": true, "type": "sha256", "uuid": "d3edcacf-ad40-44ac-be18-3b1e0df94368", "value": "e22024a58de56b3655d6be7e3b21703325a57e0dd920bd9611588f5e33bb5132", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622730", "to_ids": true, "type": "ssdeep", "uuid": "08958a49-085c-4576-81f8-66a6a2bc4f48", "value": "1572864:fuyZljRo7XXn3fEiAbJa5OY6l6p1JUacCnxWge:2ybOH3ciA9aIYl3e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622730", "to_ids": false, "type": "size-in-bytes", "uuid": "13ef8817-e8ca-43b6-aa5e-f2dfc45db777", "value": "52421232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622730", "to_ids": true, "type": "filename", "uuid": "106f85b3-e3a8-4dc6-8e79-70e3c1f1df56", "value": "DTWpfInstaller.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 11/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622730", "to_ids": false, "type": "text", "uuid": "a0530d11-a6f7-4ce1-8caf-4b894e71e9e0", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/RogueDaemon.LTSN!MTB\nVT Total Detection:30/70\nFirst Submission:2026-04-29T14:50:16.000000+00:00\nLast Submission:2026-05-09T00:45:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546458", "uuid": "087248fb-cb68-4a4c-88cc-c0ba5bb539c5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546457", "to_ids": true, "type": "md5", "uuid": "29012a52-1181-4c07-8376-adab01f5dced", "value": "5a18c1bcf88bf495c4eaa72aa3f10c4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546457", "to_ids": true, "type": "sha1", "uuid": "e9fa2c52-16bf-43a9-8576-267e22552cdb", "value": "427f1728682ebc7ffe3300fef67d0e3cb6b62948", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546458", "to_ids": true, "type": "sha256", "uuid": "e5896725-1ad8-41fb-aa12-cca8b36e71a8", "value": "11d4e581521d81ab7daa1a490edf34d36cd92c4e44c427272af3122529e2a40c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622752", "to_ids": true, "type": "ssdeep", "uuid": "713fc561-317c-48bf-9a2b-4ac4f0f6730c", "value": "49152:ieNDnK5hK81UZajiTDDNzKp9qoONK0oY+wsx5t+VH1SFRFxlfo0jyia6N04m:nD7Z6BMV0BoqyCm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622752", "to_ids": false, "type": "size-in-bytes", "uuid": "dbe2f286-282d-421e-a426-30eef3035ac5", "value": "4924528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622752", "to_ids": true, "type": "vhash", "uuid": "79ee36c0-2db6-49c2-a3a6-b52ae3d3078e", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622752", "to_ids": true, "type": "filename", "uuid": "37ee3940-c147-4abc-b580-94546ad5f0f4", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622752", "to_ids": false, "type": "text", "uuid": "c3e4c3ab-dd96-43c9-8a1c-6e57f4ef60de", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.LTSN!MTB\nVT Total Detection:47/71\nFirst Submission:2026-05-05T22:45:10.000000+00:00\nLast Submission:2026-05-11T08:43:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546460", "uuid": "4763427b-3b85-47b6-92e0-1bb4ba162173", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546460", "to_ids": true, "type": "md5", "uuid": "73490149-2948-4393-8000-b953bcb79783", "value": "6167e8d07c72ded360cb644d803e6c94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546460", "to_ids": true, "type": "sha1", "uuid": "11a00673-bf58-42fa-a38c-ae45f7db2429", "value": "00e2df8f42d14072e4385e500d4669ec783aa517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546460", "to_ids": true, "type": "sha256", "uuid": "18b7f87a-55b8-48e6-bbcd-666774be8e14", "value": "756d1dd5c2afb86906ed09ed8b883278f73b37538995ceb6987c65097042e6b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622774", "to_ids": true, "type": "ssdeep", "uuid": "f331d0ea-b68a-4f2c-95cb-c263dca70aff", "value": "49152:V22iJPElEC4WEYduLk1lm5uBiWQKzQuFKwLmY9VRyrp9jjclwVGxdOv1aDMPCv4z:hilWTY6VszV6dhQPDmD16" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622774", "to_ids": false, "type": "size-in-bytes", "uuid": "be4477ff-f287-433c-a3b9-6ffbf589a5cc", "value": "4925552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622774", "to_ids": true, "type": "vhash", "uuid": "3f9f8244-88f9-4b25-bccc-fa36e3b290ae", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622774", "to_ids": true, "type": "filename", "uuid": "33e63f97-7364-4344-87d7-49577aa9a357", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 09/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622774", "to_ids": false, "type": "text", "uuid": "10f29b32-5778-450d-92db-a9add6a2bb17", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.LTSN!MTB\nVT Total Detection:36/71\nFirst Submission:2026-05-05T23:19:14.000000+00:00\nLast Submission:2026-05-05T23:19:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546463", "uuid": "d44f9749-899a-4afd-a27e-952bc07e8be3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546462", "to_ids": true, "type": "md5", "uuid": "5e01a039-0e1d-4d83-a51f-06d1cc822c57", "value": "9bb1cc315675e1a41492ef2d52ac160d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546463", "to_ids": true, "type": "sha1", "uuid": "0c63feea-7674-49d0-be95-be430cf31845", "value": "0456e2f5f56ec8ed16078941248e7cbba9f1c8eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546463", "to_ids": true, "type": "sha256", "uuid": "e9072fb9-d2d8-4a99-9530-be39d10e1995", "value": "3a3e1af41c6706bcb5d9fbf9039cba96277286bd462641e3de262538ee4bd666", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622797", "to_ids": true, "type": "ssdeep", "uuid": "74e0b525-c11f-4a85-869c-d516bd6e156b", "value": "49152:N22iJPElzC4WqYduLk8lm5uBiWQKzQuFKwLmY9VRyrp9jjclwV3EdOv16YZrf4m4:Zi6W916VszVUdwZrwmD1G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622797", "to_ids": false, "type": "size-in-bytes", "uuid": "e713a190-22a5-42aa-b2b1-56ca9ecf04ee", "value": "4925040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622797", "to_ids": true, "type": "vhash", "uuid": "a65a9b0f-1c05-4890-90d5-2d571a1bdf76", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622797", "to_ids": true, "type": "filename", "uuid": "72d0a630-e27b-4507-b1cf-eb45326432e0", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622797", "to_ids": false, "type": "text", "uuid": "adf8c350-1250-4ad0-8a9f-c3f9f7bf64cb", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.LTSN!MTB\nVT Total Detection:27/70\nFirst Submission:2026-04-29T04:07:15.000000+00:00\nLast Submission:2026-05-05T22:40:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546466", "uuid": "e1fcb4e6-3d8b-4b25-87ad-787872cdbf34", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546465", "to_ids": true, "type": "md5", "uuid": "5e81f9fe-b1b0-49ad-98d1-53a01d824ac1", "value": "36c697881561026c941ff7594077f564", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546465", "to_ids": true, "type": "sha1", "uuid": "3b6f29ee-a239-4756-ba65-74583f12acc8", "value": "8d435918d304fc38d54b104a13f2e33e8e598c82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546466", "to_ids": true, "type": "sha256", "uuid": "3727efa2-4f60-49f0-9618-2099a3ba78ce", "value": "44a79c7f38b31cacfa6e46d2ece79245d2434d00f2f33eb7de161c899342d9f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622818", "to_ids": true, "type": "ssdeep", "uuid": "5cf26161-4214-4c20-a5ec-43fe63b33c30", "value": "49152:N22iJPElPWC4WsYduLkIlm5uBiWQKzQuFKwLmY9VRyrp9jjclwVjmdOv1RWHsiJG:ZiTWrN6VszVCd7HLnmD1R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622818", "to_ids": false, "type": "size-in-bytes", "uuid": "be33162f-b5b2-4122-9fa5-000866975b84", "value": "4925040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622818", "to_ids": true, "type": "vhash", "uuid": "c71bec16-5b59-4aa2-860c-a641efb54f24", "value": "0460c666166666655d557363za0300ed6z15121z31z603001b4z2b6zc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622818", "to_ids": true, "type": "filename", "uuid": "75f4358d-1f0f-4e5a-b005-5301d3a6b499", "value": "DiscSoftBusServiceLite.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 13/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622818", "to_ids": false, "type": "text", "uuid": "72747efd-d948-4960-bb18-103df3001b54", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win64/RogueDaemon.LTSN!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-30T05:12:09.000000+00:00\nLast Submission:2026-05-05T11:46:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546468", "uuid": "27cf47d3-be59-4de8-97a7-f0aa6786a824", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546468", "to_ids": true, "type": "md5", "uuid": "9f371109-22a7-41b4-b4fe-6f2620363852", "value": "9635b50b5a3325ec0ef5f23f0e9cea7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546468", "to_ids": true, "type": "sha1", "uuid": "406b76c5-db04-40b5-8a27-68ff45bcee7e", "value": "295ce86226b933e7262c2ce4b36bdd6c389aaaef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546468", "to_ids": true, "type": "sha256", "uuid": "b8468594-86ce-4fc1-9a37-b52359a23e86", "value": "9afc75e8477dbef6a38d81b0854e0789a4e5cd4439587d062250fc5aef69ca15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622840", "to_ids": true, "type": "ssdeep", "uuid": "ff6c0b47-db9b-42a0-a8ee-d33c438cd334", "value": "3072:1GyYb4IrKHCNHRSjFSv9JaO5OipybRDyocnZ2BQsz2evTj0l8fUrOqi:1GN+HDhSvHaEOmybRDyokcBXtH0SfUrK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622840", "to_ids": false, "type": "size-in-bytes", "uuid": "07c47fd0-45b7-46e9-89e5-8cbb55f29608", "value": "175911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622840", "to_ids": true, "type": "filename", "uuid": "ad2fe213-5ac5-42c9-919a-196eec303f0c", "value": "368b1365bd9176b359" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 11/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622840", "to_ids": false, "type": "text", "uuid": "38ccd585-6528-4932-8816-0de236d3cde4", "value": "Type Description: unknown\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:26/61\nFirst Submission:2026-05-05T15:32:14.000000+00:00\nLast Submission:2026-05-05T15:32:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546471", "uuid": "69b2c078-581b-4a38-9416-33fe550a5d44", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546470", "to_ids": true, "type": "md5", "uuid": "c74dcdf1-3b59-488e-b2ce-553ef74a030d", "value": "2c00a9ae4d98736d883d0cad6ca289bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546471", "to_ids": true, "type": "sha1", "uuid": "562cfe0c-9837-41f7-8ec7-4d8f54e6578e", "value": "98de8147394b74b27158e02ce9e7b0e25eb6e98a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546471", "to_ids": true, "type": "sha256", "uuid": "97bd39e1-e40a-44cc-8d8e-9e94f1dae89e", "value": "e91cc605691d215fa6c7f854e5ed99d8e5edc1da2f2da37e568a381f235e9a15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622862", "to_ids": true, "type": "ssdeep", "uuid": "88bd7ecd-53bd-4f4b-90e6-11562ef215a2", "value": "3072:ERUYSKBz/tbII++U+I73LDPwhHuNmSVo61/OUXf2aCiLi:EJS8pbIXnx3LTT1H52GLi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622862", "to_ids": false, "type": "size-in-bytes", "uuid": "5f5e4c2e-1310-4878-872a-46a96ab466d9", "value": "187392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622862", "to_ids": true, "type": "vhash", "uuid": "7faf7933-b3da-4c4d-9d0d-e58966e74e00", "value": "115076655d155d051555z32z57nz1dz23" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622862", "to_ids": true, "type": "filename", "uuid": "7fc28232-b540-463b-a1e0-17afef404f8f", "value": "407fbb423143f99fe0" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622862", "to_ids": false, "type": "text", "uuid": "c8f4a1a5-8376-45cf-97d6-bc51a02221d7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:31/71\nFirst Submission:2026-05-05T09:13:08.000000+00:00\nLast Submission:2026-05-05T09:26:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546474", "uuid": "dbaaf93f-2502-420b-941b-f29c4ab92853", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546473", "to_ids": true, "type": "md5", "uuid": "6422b114-03b3-4496-8933-ba33edf2ecaa", "value": "0f62479234aca99ef023dadde1d14bac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546473", "to_ids": true, "type": "sha1", "uuid": "67f94d43-5bb7-488d-911e-7ac1d1421733", "value": "2ecb292d27c36c1d4e47fb5cafa42af7ffbdda99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546474", "to_ids": true, "type": "sha256", "uuid": "e06454f1-3539-4fa3-aef2-c6f1c7c2a629", "value": "66c40c2b3b67027d55d678b77d858861b03a0d541499a7f1dff059ca6c874458", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622884", "to_ids": true, "type": "ssdeep", "uuid": "43e1c241-f31e-45fd-82c3-13e3ddb4cdb2", "value": "3072:5wtJOthL/exiXR0XJk54D7mHP94ntT1uFsJtX50Ihy2/A1zyn2T5jg26RzpDANfO:+wDeqR0eKDI4tEFmtJ023yzdTZR6RtkY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622884", "to_ids": false, "type": "size-in-bytes", "uuid": "c10ca3e6-27bc-416a-9dce-cd9f49d3fb65", "value": "175911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622884", "to_ids": true, "type": "filename", "uuid": "3fcea67b-7877-4215-acd6-f49a1b4e7d19", "value": "baddywaddy" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622884", "to_ids": false, "type": "text", "uuid": "2bfcdf6f-fc7e-4b79-b4b4-9e34438da746", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:2/61\nFirst Submission:2026-04-25T15:56:41.000000+00:00\nLast Submission:2026-04-25T15:56:41.000000+00:00" } ] } ] } }