{ "Event": { "analysis": "1", "date": "2026-05-06", "extends_uuid": "", "info": "[Threat Intel] OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI", "protected": false, "publish_timestamp": "1779546622", "published": true, "threat_level_id": "2", "timestamp": "1779546621", "uuid": "25b75e79-d053-4462-b023-07d0549f2905", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#201172", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Dependencies and Development Tools - T1195.001\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#256f6a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL - T1574.001\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": "" }, { "colour": "#7d37d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778151610", "to_ids": false, "type": "link", "uuid": "7b4f991a-6adf-4c9f-877a-07542f6ad61e", "value": "https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778151610", "to_ids": false, "type": "text", "uuid": "9003b8a0-7c18-4988-8300-ed90d646ce22", "value": "Between July 2025 and present, threat actors suspected to be OceanLotus distributed malicious wheel packages through PyPI targeting both Windows and Linux platforms. Three fake libraries (uuid32-utils, colorinal, and termncolor) were created to imitate legitimate packages, implementing a sophisticated supply chain attack. The packages deployed droppers that delivered ZiChatBot, a previously unknown malware family using Zulip's REST APIs as command and control infrastructure instead of traditional C2 servers. The malware supports executing shellcode commands and establishes persistence through registry keys on Windows or crontab on Linux. Attribution to OceanLotus is based on 64% similarity with known droppers analyzed by KTAE system. The malicious packages were swiftly removed from PyPI following discovery." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778151610", "to_ids": false, "type": "text", "uuid": "b407ac81-9069-4e63-99b0-caa952252ee2", "value": "Name: OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI\nAuthor: AlienVault\nAdversary: APT32\nTags: [\"pypi\", \"dropper\", \"wheel packages\", \"supply chain attack\", \"python packages\", \"zichatbot\", \"zulip c2\", \"cross-platform\"]\nTgtd countries: []\nMlwr families: [\"ZiChatBot\"]\nAttack_ids: [\"T1132.001\", \"T1195.001\", \"T1036.005\", \"T1204.002\", \"T1574.001\", \"T1106\", \"T1140\", \"T1055\", \"T1547.001\", \"T1059.004\", \"T1027\", \"T1102.002\", \"T1059.006\", \"T1070.004\", \"T1027.002\", \"T1071.001\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778893965", "to_ids": false, "type": "threat-actor", "uuid": "706a46c0-bc4c-498b-a8da-cc67f8693703", "value": "OceanLotus" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546619", "to_ids": true, "type": "md5", "uuid": "2bbf944d-8d1a-4a05-a9c5-6d0df82dc124", "value": "48be833b0b0ca1ad3cf99c66dc89c3f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546621", "to_ids": true, "type": "md5", "uuid": "b45c766a-5976-46be-9fe8-0635132fd6f2", "value": "a26019b68ef060e593b8651262cbd0f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778899947", "to_ids": true, "type": "hostname", "uuid": "ddb36469-ea18-49ef-a82f-851bc5f09fc7", "value": "helper.zulipchat.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546577", "uuid": "08d3b925-8b7a-4dcc-ab71-609f43d30209", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546576", "to_ids": true, "type": "md5", "uuid": "1a766f38-3bbb-4056-9d6e-385c72e8f98f", "value": "ba2f1868f2af9e191ebf47a5fab5cbab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546577", "to_ids": true, "type": "sha1", "uuid": "2d729fed-c588-4abe-83bb-f876770a7eca", "value": "05391e972db01ed9d55b202b9ae3feec700eabf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546577", "to_ids": true, "type": "sha256", "uuid": "853b80c0-918d-4514-bbc4-34b03cfee03b", "value": "c7e93e50f1f241e63e738925e4f8c7f8ee004506723c2b49ed0789100f4ce4ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896767", "to_ids": true, "type": "ssdeep", "uuid": "77110ced-d933-4f6c-b355-470cca74fbab", "value": "24576:q61wooGsspz4vrRb4aSW3WHBKiiZn4tAPR8frtj:OKpcrRb4aSW3WHBpon4tSItj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896767", "to_ids": false, "type": "size-in-bytes", "uuid": "edb7880b-fdec-4c68-8cf2-d2f5358cec10", "value": "1192658" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896767", "to_ids": true, "type": "vhash", "uuid": "5f1de6b4-a248-49ed-a4c9-f78eef716a6a", "value": "2abff83314a78b0787aae1b543ede49a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896767", "to_ids": true, "type": "filename", "uuid": "0c25e2c8-2a14-4a25-a332-d8fb244f2cf2", "value": "colorinal-0.1.7-py3-none-win32.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896767", "to_ids": false, "type": "text", "uuid": "d8e5e8ca-92ec-4a96-938c-624758d99ae4", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:35/68\nFirst Submission:2025-07-22T10:15:34.000000+00:00\nLast Submission:2025-07-22T10:15:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546580", "uuid": "0da8f10c-2ba9-46cf-8668-d12795ebdbaa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546579", "to_ids": true, "type": "md5", "uuid": "ef22ba17-06bf-4f2b-b3e3-28f94fcfb2fc", "value": "1995682d600e329b7833003a01609252", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546579", "to_ids": true, "type": "sha1", "uuid": "95e49cfa-cd17-4633-84fb-d4c44513e140", "value": "1c0a5b35c003ac3182c589c6e014a42678a0647f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546580", "to_ids": true, "type": "sha256", "uuid": "42364740-d730-4767-91ac-754b926dff53", "value": "08a75a092e9793b6d3eb473c246d3c5e4750cd525342276d8bf1ab7d1fe45112", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896789", "to_ids": true, "type": "ssdeep", "uuid": "4ab0cbe9-cd7e-4262-ade2-a4a4f5f9d598", "value": "24576:J4Uf5nJ0TR0f79EaR2e7XLDgy0CtWHBKeiXH4dMJ/2fqT:JZb0TR0f79EYDXLDgy0CtWHBvGH4dc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896789", "to_ids": false, "type": "size-in-bytes", "uuid": "c4a4b917-6352-4e43-9385-25a8b0a632bc", "value": "1559552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896789", "to_ids": true, "type": "vhash", "uuid": "d7f75051-c6b9-41e7-a144-9cb05a08de12", "value": "116066657d155d055038z464a&z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896789", "to_ids": true, "type": "filename", "uuid": "41bc931f-fa94-443f-819d-69e3b69883b4", "value": "terminate.dll" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896789", "to_ids": false, "type": "text", "uuid": "b352e5cb-f685-4cfb-9d8d-af32317beabb", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/DLLHijack.DSK4!MTB\nVT Total Detection:46/71\nFirst Submission:2025-07-22T10:20:26.000000+00:00\nLast Submission:2025-09-19T02:36:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546582", "uuid": "1ae85256-336d-4c64-9c4c-f3f144a26882", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546582", "to_ids": true, "type": "md5", "uuid": "8bbb28d6-5540-4c7a-990e-ca3dae836b2c", "value": "5152410aeef667ffaf42d40746af4d84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546582", "to_ids": true, "type": "sha1", "uuid": "9536b0d6-39fd-4943-89e7-2427aab031c8", "value": "ccc71ba929add58ad89dff289295659b69ad43a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546582", "to_ids": true, "type": "sha256", "uuid": "93f7781f-7d25-4bc8-86fa-33fc7331c7d6", "value": "437a824e63975a350108e20881020ad288fb6343d4f61fff7d64811270219dea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896810", "to_ids": true, "type": "ssdeep", "uuid": "c15c0758-9fa6-4270-88bc-5fcdec390b12", "value": "96:UwVQigVhznWj+bKganMkj1oxS3x/G+o5ERhUQCj6NRRfkk2iLMYo:lmigzM3r9oSs+BRAAjfr8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896810", "to_ids": false, "type": "size-in-bytes", "uuid": "86d8a2be-de03-4636-88a7-94541a85187e", "value": "5570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896810", "to_ids": true, "type": "vhash", "uuid": "77b96a41-7723-4c66-abf3-c116a5aec3a3", "value": "b97df9ce2a125307e1c7ff0be695f44a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896810", "to_ids": true, "type": "filename", "uuid": "872e9534-f307-4b8c-9b6d-1d0f21c86202", "value": "termncolor-3.1.0-py3-none-any.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896810", "to_ids": false, "type": "text", "uuid": "6ea8f7b9-ad50-41d4-b9f3-493f5eb0396f", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:7/66\nFirst Submission:2025-07-22T10:30:19.000000+00:00\nLast Submission:2025-07-22T10:30:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546585", "uuid": "be6b6666-12de-45ce-b93d-3c1a32c10e27", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546584", "to_ids": true, "type": "md5", "uuid": "e167e062-7a7a-4a27-8326-9a93726655d8", "value": "38b75af6cbdb60127decd59140d10640", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546585", "to_ids": true, "type": "sha1", "uuid": "1cb5e95a-678d-4995-b224-95f4e45ec69a", "value": "8a4a444761ca8836e6022af4a0e86a2be031aaa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546585", "to_ids": true, "type": "sha256", "uuid": "e0279b8b-1c37-416d-bf3a-32ae7bb59eb7", "value": "d05d6b08078b3d153ab821cd4dd6b5f5bd390c007c6d01653f459c35b917b80c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896832", "to_ids": true, "type": "ssdeep", "uuid": "0720c93c-440f-4b49-b680-ff3d05a7b7a6", "value": "24576:oqk78/ZkI+36VOkfAOjsv/8n4teh62pNmQ2xmV5BRw0HbannTyUDdfY:o5IE6VOb+sHOOxmDZ7EyiZY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896832", "to_ids": false, "type": "size-in-bytes", "uuid": "61d9dd88-5226-4324-b551-d2534d2237f8", "value": "1919016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896832", "to_ids": true, "type": "vhash", "uuid": "1b3cd290-84d1-4735-87e0-245b13f633e8", "value": "76e2d09945a20a9bf5b1eae7b6ba4634" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896832", "to_ids": true, "type": "filename", "uuid": "df362803-4b0a-4911-ac9a-d71ac7b2e69d", "value": "terminate.so" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896832", "to_ids": false, "type": "text", "uuid": "a73e9018-b062-4154-97fa-0c7e6254e61a", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/SAgnt!MTB\nVT Total Detection:27/65\nFirst Submission:2025-07-22T10:17:36.000000+00:00\nLast Submission:2025-08-18T19:30:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546588", "uuid": "d5a1d24d-47f4-42f2-a619-b7e086b97032", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546587", "to_ids": true, "type": "md5", "uuid": "db218658-12a7-4ad5-882c-4770d2d0f25f", "value": "02f4701559fc40067e69bb426776a54f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546587", "to_ids": true, "type": "sha1", "uuid": "6ec63633-d10b-418d-84f9-1538baa481fc", "value": "c7a2684ec7dc6484655e8dfe5b184341c416a3e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546588", "to_ids": true, "type": "sha256", "uuid": "2a1305e5-503f-46a3-8bff-68491c9860bf", "value": "2b5225816089467aacdcd201a44989a2f78491c29f6fad41b52731bfefc1b886", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896854", "to_ids": true, "type": "ssdeep", "uuid": "ed7afee3-02a3-40c4-ab01-3ca6382e6955", "value": "24576:LFNJOsOgqN5pc2EPOsuET2DNUhP+WrTJ+uxT5/Hv5/4zR:hbOgKzEluET2+hWa77HyzR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896854", "to_ids": false, "type": "size-in-bytes", "uuid": "8138eb67-b272-4333-94e7-c118baa9ed31", "value": "1185481" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896854", "to_ids": true, "type": "vhash", "uuid": "e9a2cc0f-1688-4b00-8e57-8f2280f0a877", "value": "3a209055c39411113962a8b00550143f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896854", "to_ids": true, "type": "filename", "uuid": "8db4820e-d33a-4ec0-b05f-30639f3712a4", "value": "uuid32_utils-1.0.1-py3-none-win32.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896854", "to_ids": false, "type": "text", "uuid": "586b851e-b947-4f6b-8fd9-c443069b0fae", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:37/68\nFirst Submission:2025-07-16T08:00:52.000000+00:00\nLast Submission:2025-07-16T08:00:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546590", "uuid": "277cb5b0-7a12-46a8-aa5f-f48636ce0c7f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546589", "to_ids": true, "type": "md5", "uuid": "19201168-fb7e-49da-8592-41a37a649e5d", "value": "0a5a06fa2e74a57fd5ed8e85f04a483a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546590", "to_ids": true, "type": "sha1", "uuid": "572d75d1-7192-4e22-8950-d7482fbcc30a", "value": "95ecfdbc7ea239d124ac3a42a522f920487eb1b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546590", "to_ids": true, "type": "sha256", "uuid": "d4bbda72-2a90-4cd5-8441-41fc943d8c03", "value": "cdc099d8ec7a6683b90b624856247a98d61dd173a127834ca8988c0a95d456ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896875", "to_ids": true, "type": "ssdeep", "uuid": "dbf45db5-8650-4daf-84fb-215066121ad3", "value": "24576:W5SmUUwjeJuzrNNwOl2GqekrqCD/bm+mYB:W5TwjekAOqFVD/qRYB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896875", "to_ids": false, "type": "size-in-bytes", "uuid": "2ddfdd10-e315-49a0-8321-558a78484412", "value": "946844" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896875", "to_ids": true, "type": "vhash", "uuid": "a0fadf39-8b21-448b-8aec-6dee4ea844ba", "value": "6356b5c4098478436ed0fdcb68b7d71a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896875", "to_ids": true, "type": "filename", "uuid": "a586bd27-9d03-42ce-8ab9-6a862ab88404", "value": "uuid32_utils-1.0.0-py3-none-manylinux1_x86_64.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 13/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896875", "to_ids": false, "type": "text", "uuid": "02588ef0-eaae-4feb-b2c1-e1f1f2f37888", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:21/67\nFirst Submission:2025-07-16T07:15:19.000000+00:00\nLast Submission:2025-07-16T07:15:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546593", "uuid": "40b9a4bb-a566-42a0-bdb3-e8374635631d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546592", "to_ids": true, "type": "md5", "uuid": "5f8664db-8c32-4c16-9807-45abb8570c6c", "value": "22538214a3c917ff3b13a9e2035ca521", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546592", "to_ids": true, "type": "sha1", "uuid": "59da24dd-8d30-486c-beef-9129470d4d97", "value": "6083b1c3cdfc5dbc27010cc38d3d66c6ddcf0347", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546593", "to_ids": true, "type": "sha256", "uuid": "aeaaf2b1-018c-42f4-8130-8ed655385b37", "value": "b69c192e2361dd303ec6cb1062948a9c60152f94d1a975dd99b2ec404214c5f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896897", "to_ids": true, "type": "ssdeep", "uuid": "c6381bf2-35fc-4867-b20a-f263416a3dff", "value": "24576:bFNJOsOgqN5pc2EPOsuET2DNUhP+WrTJ+uxT5/Hv5/4zZ:xbOgKzEluET2+hWa77HyzZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896897", "to_ids": false, "type": "size-in-bytes", "uuid": "6628ae8f-8c07-4282-bfcf-c531e2fd093d", "value": "1185482" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896897", "to_ids": true, "type": "vhash", "uuid": "5ce675f3-6278-4530-bd49-c749a2758b24", "value": "3a209055c39411113962a8b00550143f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896897", "to_ids": true, "type": "filename", "uuid": "9e7564f1-2d1a-4052-9e50-4feb4c25968e", "value": "uuid32_utils-1.0.2-py3-none-win32.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896897", "to_ids": false, "type": "text", "uuid": "968c8629-e4cb-4ef9-89fd-22c79ee2313d", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:38/68\nFirst Submission:2025-07-16T08:30:15.000000+00:00\nLast Submission:2025-07-16T08:30:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546595", "uuid": "41731a58-19c6-4407-a8de-0eb0593f151d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546594", "to_ids": true, "type": "md5", "uuid": "c697ad49-2f21-442a-888f-076726a15653", "value": "454b85dc32dc8023cd2be04e4501f16a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546595", "to_ids": true, "type": "sha1", "uuid": "e074ade3-ac7d-4b6b-a4d0-219d4fef04af", "value": "06adabcb962b5cf5d9fb63542518a5b80b5a9ad4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546595", "to_ids": true, "type": "sha256", "uuid": "b49b3b4f-e76d-4d3e-9482-ac270d3ca159", "value": "68dfa75e916f4fb44a071851965493a324d331e37b791e21c45feba54aec23d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896919", "to_ids": true, "type": "ssdeep", "uuid": "8d83be2e-ffc4-4890-9143-464b26b1387e", "value": "49152:rkN11x+cHNBnRIL9EvDmnufu+N2wTWgTVrBy:o1x+cH5WYSufhBBF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896919", "to_ids": false, "type": "size-in-bytes", "uuid": "4905e73b-03ac-44a6-a178-2321d0e94f7c", "value": "1639936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896919", "to_ids": true, "type": "vhash", "uuid": "ae369af2-1235-45ac-9036-b0ec79f494a5", "value": "116076657d155d5d056038z4349&z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896919", "to_ids": true, "type": "filename", "uuid": "17c13e7e-1601-4b9d-a92d-b7fc94fdd1c0", "value": "Backward.dll" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896919", "to_ids": false, "type": "text", "uuid": "9dd40677-5943-44d4-af29-d299c19b665d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/DLLHijack.DSK4!MTB\nVT Total Detection:43/71\nFirst Submission:2025-07-16T07:18:55.000000+00:00\nLast Submission:2025-07-16T07:18:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546598", "uuid": "858f80ff-ed47-4810-8b55-aec7ce927abf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546597", "to_ids": true, "type": "md5", "uuid": "c0ecfc24-451e-4831-a55c-67372d3251dc", "value": "5598baa59c716590d8841c6312d8349e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546597", "to_ids": true, "type": "sha1", "uuid": "ef96356b-394b-42a7-ba61-f9a1c9914680", "value": "93708b635f11f182d5541274d0ac7b7d5baf3795", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546598", "to_ids": true, "type": "sha256", "uuid": "05cd8bef-db74-4543-807e-0e38e86671bc", "value": "f85f44ebdd341f22f0cbd408ee40f162d697fc48c3824c897b61980fa38a4d92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896961", "to_ids": true, "type": "ssdeep", "uuid": "90c16945-9207-46f7-90ce-56b7df2ca71e", "value": "24576:bFNJOsOgqN5pc2EPOsuET2DNUhP+WrTJ+uxT5/Hv5/4z8:xbOgKzEluET2+hWa77Hyz8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896961", "to_ids": false, "type": "size-in-bytes", "uuid": "20e2c8c5-1387-4e22-b4a6-503cb2369be1", "value": "1185483" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896961", "to_ids": true, "type": "vhash", "uuid": "80d3270a-6bef-496c-91c6-45e2a71fa366", "value": "3a209055c39411113962a8b00550143f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896961", "to_ids": true, "type": "filename", "uuid": "d198038a-8211-4131-bb94-b2d9f2776b02", "value": "uuid32_utils-1.0.0-py3-none-win32.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896961", "to_ids": false, "type": "text", "uuid": "671f3e4e-ea48-4838-b61a-183a05d4e7e9", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:34/68\nFirst Submission:2025-07-16T07:15:17.000000+00:00\nLast Submission:2025-07-16T07:15:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546601", "uuid": "cbae78a6-27bf-4483-a52f-ef18dda83ff7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546600", "to_ids": true, "type": "md5", "uuid": "1e6e95eb-4b9c-4d0c-a34a-86c79bc8f242", "value": "652f4da6c467838957de19eed40d39da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546600", "to_ids": true, "type": "sha1", "uuid": "fb195386-ab5c-493f-a822-146aa497712f", "value": "1760fa80380a0b582236f255ea837b6969a41c51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546601", "to_ids": true, "type": "sha256", "uuid": "32394afc-b412-4a17-88e2-aa74562341f3", "value": "1feaa9e376dd64942ce40ff7355f3220793ca69a4a4a610ecd39ad950c6b9ba4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778896983", "to_ids": true, "type": "ssdeep", "uuid": "5acff2e2-55a4-4d5d-b91a-53a67df57624", "value": "24576:Savk78/bk1Z36/e1wwCMjG+hPLmOV24qUkTIMDDPgVtgY:SDL36/fwCMjrioqjHDD4QY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778896983", "to_ids": false, "type": "size-in-bytes", "uuid": "5fc6024b-1fb9-4746-9d25-97be0e598a58", "value": "1918984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778896983", "to_ids": true, "type": "vhash", "uuid": "43b3606b-d73b-4224-824d-273c16bbb599", "value": "76e2d09945a20a9bf5b1eae7b6ba4634" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778896983", "to_ids": true, "type": "filename", "uuid": "b55aba62-8628-44c0-aa86-cdb19edc4528", "value": "Backward.so" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778896983", "to_ids": false, "type": "text", "uuid": "7d9a6ce9-b11d-4037-99db-a46ff9610285", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/ZiChatBot.DA!MTB\nVT Total Detection:28/64\nFirst Submission:2025-07-16T08:30:40.000000+00:00\nLast Submission:2025-07-16T08:30:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546605", "uuid": "0c008e6e-8685-46a5-802e-8fc46a4d46c0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546604", "to_ids": true, "type": "md5", "uuid": "fef885ea-1007-489b-a301-50784a6bcf8b", "value": "968782b4feb4236858e3253f77ecf4b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546604", "to_ids": true, "type": "sha1", "uuid": "4d030f85-7a95-4628-83f3-bd9fe320ddb5", "value": "67b2e7eb4255f6b990f1bd9917ea54228af2c6a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546605", "to_ids": true, "type": "sha256", "uuid": "c6b3e7b6-a547-4964-a7cd-038e0aed2fd2", "value": "50d2fb75ef2bb56915e28595574663d8a1e0193e335e3e4f0ad2c0a4770fd787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778897005", "to_ids": true, "type": "ssdeep", "uuid": "c0214e76-9463-4c70-a929-d0cea02730bd", "value": "24576:SUzoB5g22S1NZpE2MPcYuWZ2FNwFx+ULLJ+kfzfr3ZZ/nrE:Js3g22oLMvuWZ2kFo8Jj9C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778897005", "to_ids": false, "type": "size-in-bytes", "uuid": "40a681f6-0d65-459e-bc0d-ea33ffcb20ad", "value": "1146006" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778897005", "to_ids": true, "type": "vhash", "uuid": "eaff357a-124e-443a-942f-b40b1be7e187", "value": "3a209055c39411113962a8b00550143f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778897005", "to_ids": true, "type": "filename", "uuid": "a2a19d05-c71c-4fc3-bad7-d9aad5228b0e", "value": "uuid32_utils-1.0.1-py3-none-win_amd64.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778897005", "to_ids": false, "type": "text", "uuid": "97491a05-c1bb-4e4a-9e03-bba4f2d7d400", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:35/68\nFirst Submission:2025-07-16T08:00:51.000000+00:00\nLast Submission:2025-07-16T08:00:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546607", "uuid": "9d2b7283-164e-4346-8444-506e94f682d0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546606", "to_ids": true, "type": "md5", "uuid": "3c4a0cf3-be2e-4230-b098-e2d4cf152c1a", "value": "b55b6e364be44f27e3fecdce5ad69eca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546607", "to_ids": true, "type": "sha1", "uuid": "ec7c8389-a9b6-4d83-84d1-2e7ff5872b57", "value": "9a7106fa55da528705207d2cf1125874db7670b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546607", "to_ids": true, "type": "sha256", "uuid": "197f783c-147f-480d-b2e5-131d0be4a714", "value": "c00869f91cedc04838f46ca15e1f844439761db6c45b3a042e4a34aebc77b1bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778897048", "to_ids": true, "type": "ssdeep", "uuid": "f2b41045-1f8d-4ba0-9339-647f7dbd1ee9", "value": "24576:g5SmUUwjeJuzrNNwOl2GqekrqCD/bm+mYg:g5TwjekAOqFVD/qRYg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778897048", "to_ids": false, "type": "size-in-bytes", "uuid": "d022b738-8595-498f-9b02-9df772787cd7", "value": "946843" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778897048", "to_ids": true, "type": "vhash", "uuid": "d986469c-b7fe-46b5-863e-22ef3e735bb7", "value": "6356b5c4098478436ed0fdcb68b7d71a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778897048", "to_ids": true, "type": "filename", "uuid": "43553a4c-d4bf-40b2-afc0-0133244e1628", "value": "uuid32_utils-1.0.1-py3-none-manylinux1_x86_64.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778897048", "to_ids": false, "type": "text", "uuid": "f329bf56-0b51-40d3-9fed-5105da0239eb", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:26/67\nFirst Submission:2025-07-16T08:00:49.000000+00:00\nLast Submission:2025-07-16T08:00:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546610", "uuid": "9a65f4e9-ea72-41b5-b821-257c739bf9e1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546609", "to_ids": true, "type": "md5", "uuid": "757bf0d0-7d4e-459a-9ed8-26c564fa3690", "value": "c33782c94c29dd268a42cbe03542bca5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546609", "to_ids": true, "type": "sha1", "uuid": "eecbb1ce-b4f6-404d-ba29-7b7021bbce4b", "value": "6a8d20cf325b766e69f6133b3a7325034b76948c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546610", "to_ids": true, "type": "sha256", "uuid": "a9376213-92d9-4915-a82d-4ac7f2f59018", "value": "be19d98b5449a052c03b189d9687543d619c8c1893f12709ef6bef6ff7657510", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778897070", "to_ids": true, "type": "ssdeep", "uuid": "468b5d7b-3f42-4113-aeee-033eaf635fb7", "value": "24576:mwPfXhFVu9XKAzbfW/jygOZM9nyUPi4LXD8bUwIX6TrbVtZfNwNxp42uPYx7cG8A:PXhGaA/6FHnyLRbUr6RtknunGhjlBc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778897070", "to_ids": false, "type": "size-in-bytes", "uuid": "5eeb78d6-6782-41fb-9ca7-75da1c36b38f", "value": "1636864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778897070", "to_ids": true, "type": "vhash", "uuid": "f7eacc83-7ba8-474b-bb77-ebdab5ed6bfc", "value": "116076657d155d5d056038z4349&z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778897070", "to_ids": true, "type": "filename", "uuid": "311e42e3-bd52-4467-8def-a3a12f3abd48", "value": "Backward.dll" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778897070", "to_ids": false, "type": "text", "uuid": "33885c51-f016-4719-9a13-f0231f163627", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/DLLHijack.DSK4!MTB\nVT Total Detection:44/71\nFirst Submission:2025-07-21T07:19:21.000000+00:00\nLast Submission:2025-07-21T07:19:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546612", "uuid": "ab4a6012-9399-47c1-a1c4-de695ed5cfc4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546612", "to_ids": true, "type": "md5", "uuid": "ec62d360-bb13-412d-b210-ffb1599a427a", "value": "e200f2f6a2120286f9056743bc94a49d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546612", "to_ids": true, "type": "sha1", "uuid": "1a142b94-7581-4d2f-8c5b-70bf732343ca", "value": "4cc73a4a49431e4e028c44e9541f80e4eb58cfcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546612", "to_ids": true, "type": "sha256", "uuid": "b57266a0-1831-40eb-8746-c1c0b8cfbb0c", "value": "5a2f6156e23cd80ba97de54afc8325fe4b72deeed523e5bf06ba164900855ea2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778897092", "to_ids": true, "type": "ssdeep", "uuid": "9cff2be4-b6a4-453a-83bb-0adfd68ccbb6", "value": "24576:8g43fdDu+vALLuVHO+hAU32iqekpa4DDDGIot7:AumoLkOjCqj7DDiII7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778897092", "to_ids": false, "type": "size-in-bytes", "uuid": "66a5a255-ad69-464f-9590-888a847f39cc", "value": "946897" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778897092", "to_ids": true, "type": "vhash", "uuid": "17d6a577-343c-493c-8475-96e4794e446d", "value": "6356b5c4098478436ed0fdcb68b7d71a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778897092", "to_ids": true, "type": "filename", "uuid": "b33b816f-4880-4ab6-9ab3-bc25e29d8733", "value": "uuid32_utils-1.0.2-py3-none-manylinux1_x86_64.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778897092", "to_ids": false, "type": "text", "uuid": "0e67ef79-1ffa-4750-b2a1-d1959ae130d4", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:21/67\nFirst Submission:2025-07-16T08:30:14.000000+00:00\nLast Submission:2025-07-16T08:30:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546615", "uuid": "a5b0c2e9-4e20-4e38-836f-8d72c6f6bc8a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546614", "to_ids": true, "type": "md5", "uuid": "264f03c6-7707-4fa2-be03-142826aaf1de", "value": "e4a0ad38fd18a0e11199d1c52751908b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546615", "to_ids": true, "type": "sha1", "uuid": "0e5bea3e-9ae1-4805-8a8a-0597c8fbcec2", "value": "aa4e6ea503d3fb448d9c81a15dde69082552d286", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546615", "to_ids": true, "type": "sha256", "uuid": "70759256-3bbb-4ece-964e-f78428d20914", "value": "41c405c2579a3f1639438f3ecf6deae8c4b37786c5454af1ff0010733b12e226", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778897114", "to_ids": true, "type": "ssdeep", "uuid": "8dbe80ab-6863-4d07-a3eb-05d22cc308f4", "value": "24576:yUzoB5g22S1NZpE2MPcYuWZ2FNwFx+ULLJ+kfzfr3ZZ/nrT:ps3g22oLMvuWZ2kFo8Jj9V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778897114", "to_ids": false, "type": "size-in-bytes", "uuid": "07e8e92b-3131-4400-b009-be87852367bb", "value": "1146007" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778897114", "to_ids": true, "type": "vhash", "uuid": "cec3c0b5-1114-4224-93d4-b94c9d87f47c", "value": "3a209055c39411113962a8b00550143f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778897114", "to_ids": true, "type": "filename", "uuid": "bd27819b-e1d6-4e77-bb7e-ba0f736216e8", "value": "uuid32_utils-1.0.0-py3-none-win_amd64.whl" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778897114", "to_ids": false, "type": "text", "uuid": "44524ceb-7367-48fc-b9e0-543e571051a6", "value": "Type Description: Python Wheel package\nMicrosoft: None\nVT Total Detection:35/68\nFirst Submission:2025-07-16T07:15:16.000000+00:00\nLast Submission:2025-07-16T07:15:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546617", "uuid": "9c70fffa-512a-4333-9f44-630c94496eba", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546617", "to_ids": true, "type": "md5", "uuid": "00af96dc-ea39-4c9e-9fa6-3e86ded7075f", "value": "fce65c540d8186d9506e2f84c38a57c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546617", "to_ids": true, "type": "sha1", "uuid": "06f2f54e-eb07-40d0-b810-93538efe64e5", "value": "8c5f7f59b83a7d15d7f80e1b2678d570dbf62e8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546617", "to_ids": true, "type": "sha256", "uuid": "94a13851-6926-4dbc-bb86-dee624aa076d", "value": "8726a1d86c3928b99f78442ef8da5d443b23f7cf9ad9173b21303e5c7d0e5eb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778897137", "to_ids": true, "type": "ssdeep", "uuid": "0a8cf1a4-f968-4956-bb38-55a8b59beaab", "value": "24576:PRTk78/bkqYIoxYVqne6qsLmOV24qUkTIMDDPgHhIY:PAq7oxDne64oqjHDD4eY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778897137", "to_ids": false, "type": "size-in-bytes", "uuid": "ae2c17ce-3c5b-4f99-84bb-c3a44c45cb42", "value": "1918984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778897137", "to_ids": true, "type": "vhash", "uuid": "e66157d9-086e-4db3-b85b-06641a0442d6", "value": "76e2d09945a20a9bf5b1eae7b6ba4634" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778897137", "to_ids": true, "type": "filename", "uuid": "4285c551-f0b0-4d53-961e-45602879a503", "value": "Backward.so" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778897137", "to_ids": false, "type": "text", "uuid": "1448c94f-b40e-4f29-8952-a1dbc0760361", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/ZiChatBot.DA!MTB\nVT Total Detection:28/64\nFirst Submission:2025-07-16T07:16:38.000000+00:00\nLast Submission:2025-07-17T07:01:25.000000+00:00" } ] } ] } }