{ "Event": { "analysis": "1", "date": "2026-05-13", "extends_uuid": "", "info": "[Threat Intel] Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware", "protected": false, "publish_timestamp": "1779596379", "published": true, "threat_level_id": "2", "timestamp": "1779596379", "uuid": "2a009741-12ae-4be9-8bd5-9f1fb78483bf", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#9dfeaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Abuse Elevation Control Mechanism - T1548\"", "relationship_type": "" }, { "colour": "#d74cce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#c295b4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade File Type - T1036.008\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779577561", "to_ids": false, "type": "link", "uuid": "068e0015-4141-4cc9-bf29-75e7bb70a19d", "value": "https://www.catonetworks.com/blog/cato-ctrl-suspected-china-linked-threat-actor-targets-global-manufacturer/", "Tag": [ { "colour": "#6b003a", "local": false, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1779159615", "to_ids": false, "type": "text", "uuid": "d0af7cbd-6586-40cf-8643-87b08313f319", "value": "In April 2026, Cato CTRL identified and blocked an attempted intrusion against a global manufacturing customer involving TencShell, a previously undocumented, Go-based implant derived from the open-source Rshell C2 framework. The activity appeared in traffic associated with a third-party user connected to the customer environment." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1779159615", "to_ids": false, "type": "text", "uuid": "41f34885-9b9c-46fc-99c7-904a198391b1", "value": "Name: Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware\nAuthor: AlienVault\nAdversary: \nTags: [\"cato ctrl\", \"china-linked\", \"tencshell\", \"rshell\", \"go\", \"tencent\"]\nTgtd countries: []\nMlwr families: [\"TencShell\"]\nAttack_ids: [\"T1005\", \"T1036\", \"T1041\", \"T1055\", \"T1057\", \"T1059\", \"T1071\", \"T1082\", \"T1083\", \"T1090\", \"T1102\", \"T1105\", \"T1106\", \"T1113\", \"T1129\", \"T1547\", \"T1548\"]\nIndustries: [\"Manufacturing\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779595026", "to_ids": true, "type": "hostname", "uuid": "e9fb33ac-40fe-4d79-be5f-60e580bead6a", "value": "gin-tne-fahcesmukw.cn-hangzhou.fcapp.run", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IOC-description:CC=HK ASN=AS64050 bgpnet global asn", "deleted": false, "disable_correlation": false, "timestamp": "1779595047", "to_ids": true, "type": "ip-dst", "uuid": "3107a966-2c93-45e4-ab48-684b993a3a69", "value": "45.64.52.242", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779595068", "to_ids": true, "type": "ip-dst", "uuid": "e808f314-4c3f-4626-964e-8a0d80a22e0a", "value": "192.238.134.166", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1779595090", "to_ids": true, "type": "ip-dst", "uuid": "2b4d069e-dc33-46b6-9cd6-a5004040b929", "value": "45.115.38.27", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595111", "uuid": "9b26ec17-ceaa-4d33-b421-4138972deb75", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:TEL:Trojan:Win64/GoCLR.MR!MTB", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595111", "to_ids": true, "type": "md5", "uuid": "2554a2ee-c380-4546-9e1e-cb3ecfaa33d4", "value": "2c3e4e7219e33327915a4371051fe84f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:TEL:Trojan:Win64/GoCLR.MR!MTB", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593182", "to_ids": true, "type": "sha1", "uuid": "c5001c08-477e-492e-902c-a8a0b988107e", "value": "6c972d0f0f8c11c28272826add94f4e16e59dda1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:TEL:Trojan:Win64/GoCLR.MR!MTB", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593183", "to_ids": true, "type": "sha256", "uuid": "ac4dff35-5c3d-43f7-a0b5-2eef4397c072", "value": "cdb9d76093d0938f30d93bcce4f58b13b4b21c9188eea387c6d9ec6f4cb4aad4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591646", "to_ids": true, "type": "ssdeep", "uuid": "536c78fd-0981-41e3-9e10-12c6198dd769", "value": "49152:kVprFUD3fWrb/T4vO90d7HjmAFd4A64nsfJBOfS5UZPpUCAXR9+ct3blDy8RUM8y:f3f+UZ6DyYOkEHaRp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591646", "to_ids": false, "type": "size-in-bytes", "uuid": "512ffa9c-6a46-4202-a6ab-a71004771fc2", "value": "6373380" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591646", "to_ids": true, "type": "vhash", "uuid": "bf27a744-fbdd-45e9-b755-ec8207bd0a7d", "value": "066066655d1d1554bz28!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591646", "to_ids": true, "type": "filename", "uuid": "ddd35150-cddd-499b-b298-311d11753663", "value": "ju1cql7t.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 23/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591646", "to_ids": false, "type": "text", "uuid": "c977aa83-dda8-4c59-b406-a7797fe4cbed", "value": "IOC-title:TEL:Trojan:Win64/GoCLR.MR!MTB\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:50/71\nFirst Submission:2025-11-09T13:39:52.000000+00:00\nLast Submission:2025-11-10T06:45:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595132", "uuid": "ccded9f2-a481-4af7-8937-071cbeabb098", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595132", "to_ids": true, "type": "md5", "uuid": "c38c5c85-9bc5-4c02-a949-f628c7edb8dc", "value": "12986838bf5c0b638edca3ac84c9e18f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593183", "to_ids": true, "type": "sha1", "uuid": "94d4e23a-7e27-42d0-b356-8aa3d99e43bf", "value": "3d56fb150811ef2d5769b15cca5d3c363edfb926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593183", "to_ids": true, "type": "sha256", "uuid": "3f571d72-7ebb-49ed-a651-33cd2f3f68da", "value": "01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591668", "to_ids": true, "type": "ssdeep", "uuid": "d7a306ba-2b7d-46f7-ab03-ad4a6ec97cc0", "value": "49152:xKb0e7jQHs6t8O83WS/NXgHQTXdJbSCr2N8+fvOmRL/IEBVjggDl24MCKVK1Ksey:xKwYsv3fWmhrI4FQmuOvBhdhuTAE6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591668", "to_ids": false, "type": "size-in-bytes", "uuid": "7e6f0caa-51db-40c3-8ca6-543f86e52860", "value": "8676864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591668", "to_ids": true, "type": "vhash", "uuid": "f1bb0927-0767-4d14-8016-d60dfef64062", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591668", "to_ids": true, "type": "filename", "uuid": "84a61214-1706-48b0-a006-65cb75a1f163", "value": "8y6nccv.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591668", "to_ids": false, "type": "text", "uuid": "c80a6888-d92b-4f79-800b-7c76a1d9518b", "value": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 01dc3e7e673b4f2682f29b19ecabf9a6ec9c3042c9b1cfb39dbdddf1dda680ab\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-30T10:48:14.000000+00:00\nLast Submission:2026-04-30T10:48:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595153", "uuid": "5eee6312-cdeb-4321-8275-58a17fd8be42", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595153", "to_ids": true, "type": "md5", "uuid": "ab661f2d-aca9-4500-8fc4-edde7707332f", "value": "1da53ba0766c902a50ba40271b82e557", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593184", "to_ids": true, "type": "sha1", "uuid": "c95bebad-3341-4588-a5b5-56176bfea031", "value": "637c77e4b952ca38410f68c1fdcc3e57e75858ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593184", "to_ids": true, "type": "sha256", "uuid": "56f3dd43-fa0b-4555-ba00-f118e7e9c40f", "value": "12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591690", "to_ids": true, "type": "ssdeep", "uuid": "e74bae37-8c13-470a-9413-7b5460ef2185", "value": "49152:sekQTJR/2DG//Xg/NbBVY+QnOG1+4VA90CDuqNwKsIcKGr09L4jnuDsgZMY+KVK9:seXt1VkFhcoZKKAuOvBhdhuTaE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591690", "to_ids": false, "type": "size-in-bytes", "uuid": "ece1713b-8d03-4007-a5e1-2cf8f0879361", "value": "8263680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591690", "to_ids": true, "type": "vhash", "uuid": "f8fc2d8f-e503-46e5-9118-44feebe6ec2d", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591690", "to_ids": true, "type": "filename", "uuid": "0d12ff00-0a65-4dbe-9da6-bfa3f79394cc", "value": "x416ciq9.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591690", "to_ids": false, "type": "text", "uuid": "0af788e6-d775-40f1-b9cf-63759b30edb5", "value": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 12c6d0e603386b81751d95b32d1698d794c99343abb06d066b0f6060e8690aca\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-23T10:15:40.000000+00:00\nLast Submission:2026-04-23T10:15:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595174", "uuid": "4d175259-9051-4e7f-b666-ba770ce7bf24", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:is__elf\nIOC-description:MD5 of 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595174", "to_ids": true, "type": "md5", "uuid": "8d022a2b-b6aa-4372-a1c3-fd4f6685cfa9", "value": "20150ed3ac726c486d60b2be05ee2b74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:is__elf\nIOC-description:MD5 of 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593186", "to_ids": true, "type": "sha1", "uuid": "58c60a95-8046-4a4d-99b8-81746ab1a8d7", "value": "7412708f87194b3dc27b776840d83d7965aabc5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:is__elf\nIOC-description:MD5 of 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593186", "to_ids": true, "type": "sha256", "uuid": "b0f8a249-f707-4442-b287-70dcc53c47fe", "value": "5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591712", "to_ids": true, "type": "ssdeep", "uuid": "f7ae4087-d40e-4fe7-a3da-3cf89256b4ca", "value": "49152:LF2oQcvWJHSCQqhtCyFdboFA3Q9UbHM+4q1B1PyV3vvv0Mpo34BXzTFtudNNNNNA:LFzILea4A/yV3XNsYzTF63BrEt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591712", "to_ids": false, "type": "size-in-bytes", "uuid": "47ede1b7-7c41-4022-8e92-fdabdb3a205c", "value": "7549076" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591712", "to_ids": true, "type": "vhash", "uuid": "f4bfa7ed-d4af-4dfe-9bc0-1ea7485f5e8a", "value": "a32d859bd1256dc8d6bca18d4f8c19bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591712", "to_ids": true, "type": "filename", "uuid": "f3e1f15d-115a-4bbc-8214-faf9ddeae317", "value": "k4u0f.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591712", "to_ids": false, "type": "text", "uuid": "ec4b8764-9d54-410a-b442-84c795b8c5a0", "value": "IOC-title:is__elf\nIOC-description:MD5 of 5d19c07e3fb7ac4ff56a23f6e658d691f381442b1db2f8c5f345563c1cdc8998\r\nType Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:28/64\nFirst Submission:2025-10-11T02:28:59.000000+00:00\nLast Submission:2025-10-11T02:28:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595195", "uuid": "654b7dbd-47c2-4ad5-8d54-e716fadec31c", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:is__elf\nIOC-description:MD5 of 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595195", "to_ids": true, "type": "md5", "uuid": "d90b6dd4-c6a4-46e6-9ce8-6f276f93db0b", "value": "35f56e4a65b73a29e446b13eaff7eede", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:is__elf\nIOC-description:MD5 of 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593187", "to_ids": true, "type": "sha1", "uuid": "faf7070b-499f-4ca9-a0cc-8cdfd86072f3", "value": "3874881233450ced72e743e3d9e6e3a7f0dc7ff9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:is__elf\nIOC-description:MD5 of 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593187", "to_ids": true, "type": "sha256", "uuid": "80cbc497-691b-4398-885b-a098d6afb860", "value": "3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591734", "to_ids": true, "type": "ssdeep", "uuid": "c071df50-ced1-4567-9d1e-479bed316e34", "value": "98304:zoi/uL6J/PSqga928LVj37OsBxIEEIAZpHGfbLX9G5i4jEM:ZuGJ/PPgadhjLzbL4wM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591734", "to_ids": false, "type": "size-in-bytes", "uuid": "3bb1fa5a-bf7f-48b9-ad3f-3f8705677a3f", "value": "7303316" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591734", "to_ids": true, "type": "vhash", "uuid": "15b72ffa-8491-4d2b-b0ff-490307490f6d", "value": "40aca5ef6b8ba9488ede2429c0c7e83e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591734", "to_ids": true, "type": "filename", "uuid": "fc315bac-8eca-460c-80a5-777c495b29d0", "value": "8kg9g4hau.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 23/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591734", "to_ids": false, "type": "text", "uuid": "4bf89b83-cd4f-46db-b5c9-5546b7c12cb3", "value": "IOC-title:is__elf\nIOC-description:MD5 of 3ffe3a6f328a6459624bd93edd206e2256b2753e17137cbc1530b91fa325ecac\r\nType Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:28/64\nFirst Submission:2025-10-11T02:22:07.000000+00:00\nLast Submission:2025-10-11T02:22:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595217", "uuid": "3f6b4f43-2918-42e5-8458-a5a29aadb405", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:___FilesToHash_17jun\nIOC-description:MD5 of 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595217", "to_ids": true, "type": "md5", "uuid": "22ac7a3d-94bb-4d34-8a8a-4680489b9d1c", "value": "4dbb6a1ae553dc9659cd734fc5586f8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:___FilesToHash_17jun\nIOC-description:MD5 of 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593188", "to_ids": true, "type": "sha1", "uuid": "9575ab46-cd4e-405e-8509-332ef0191f1d", "value": "552ea6e21dbd17054db51c61607aadee910d6f13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:___FilesToHash_17jun\nIOC-description:MD5 of 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593188", "to_ids": true, "type": "sha256", "uuid": "d6ad4f0f-bce4-4715-bf1f-b6955b6efbb3", "value": "065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591755", "to_ids": true, "type": "ssdeep", "uuid": "41af314b-0131-4bb3-9fb0-18d93efc769d", "value": "49152:850DHicDuR4dxIGzwUb+VAE1BgSQNn1nlSfSh9aSav/shvinpQFcX0RGhhZ12mL:850Ti4pxI+fbhtnHnMshvpR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591755", "to_ids": false, "type": "size-in-bytes", "uuid": "8819edfc-786c-46a8-aba7-6c55e170e15f", "value": "5721088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591755", "to_ids": true, "type": "vhash", "uuid": "20d9d9eb-59b2-47f7-9931-c94e07316254", "value": "056066655d6d15641az27!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591755", "to_ids": true, "type": "filename", "uuid": "5fd3ba04-f3ae-46cd-b31e-ba9f162f7387", "value": "lfbk4.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591755", "to_ids": false, "type": "text", "uuid": "ecc5a027-e371-4abe-ad56-13c41da4f794", "value": "IOC-title:___FilesToHash_17jun\nIOC-description:MD5 of 065f5a605ac04d5f443089b65aa1393414ee38c4ee8f780e7d78c06b46504ae4\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:42/71\nFirst Submission:2025-11-11T05:10:13.000000+00:00\nLast Submission:2025-11-11T05:10:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595238", "uuid": "992f4f76-86bb-4097-bffa-01613c91825b", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595238", "to_ids": true, "type": "md5", "uuid": "52176311-976f-4a56-b49d-403962eb73b4", "value": "7aa333c814c9ac618ae2fab66a6eddef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593190", "to_ids": true, "type": "sha1", "uuid": "d0a611a1-391a-4708-97b9-551acbbb29d6", "value": "e6229e69ace3adb6c6d59354c21e9de30fba0c50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593190", "to_ids": true, "type": "sha256", "uuid": "75fadb5a-85c9-49c4-9a82-fce669886673", "value": "2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591777", "to_ids": true, "type": "ssdeep", "uuid": "5e0f10b4-f8b1-443f-b1bf-f5d73eda61c3", "value": "49152:lekQTJR/2DG//Xg/NbBVY+QnOG1+4VA90CDuqNwKsIcKGrQ99cdL4jzuDsgZMY+1:leXt1VkFhcZZKKAuOvBhdhuTcEEA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591777", "to_ids": false, "type": "size-in-bytes", "uuid": "404063b0-2ffc-48c9-b8ee-4abbcd98b613", "value": "8263680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591777", "to_ids": true, "type": "vhash", "uuid": "d49b8da6-0c55-4dec-a679-a495d2415fc0", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591777", "to_ids": true, "type": "filename", "uuid": "f760122e-8805-49bc-8f8a-a602001e6010", "value": "ogu2yhip7.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591777", "to_ids": false, "type": "text", "uuid": "cd27ffc9-1287-440d-bf37-f85d998c9723", "value": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 2a010bd1061e11da6f5cf951a3ebd23503916e159e3d486cc722b4b8b4a099c9\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:45/71\nFirst Submission:2026-04-23T10:27:17.000000+00:00\nLast Submission:2026-04-23T10:27:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595259", "uuid": "33e645bc-fefb-4083-b5bf-a7143b215284", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595259", "to_ids": true, "type": "md5", "uuid": "6e96b9a1-5f7b-4d63-80e8-fad3022805c5", "value": "d8d4e5be6f2014d17001f3a5ac7c1dcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593191", "to_ids": true, "type": "sha1", "uuid": "a9cc94da-944f-472e-ac7b-d46dc2e322f0", "value": "f6a4b3937dc373549e8f81eb29bfd2454e6e05a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593191", "to_ids": true, "type": "sha256", "uuid": "c65b7dfd-c0b6-44ae-a748-2359df6e86fe", "value": "ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591799", "to_ids": true, "type": "ssdeep", "uuid": "93fdb8e9-285d-42d1-87e6-627272bd2f31", "value": "49152:4Kb0e7jQHs6t8O83WS/NXgHQTXdJbSCr2N8+fvOmRLuIiUVj+gDl24MCKVK1Kse5:4KwYsv3fWmhYj4FQmuOvBhdhuT5Eu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591799", "to_ids": false, "type": "size-in-bytes", "uuid": "e227d272-c0df-4be1-a9d6-c71d14f6d51e", "value": "8676864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591799", "to_ids": true, "type": "vhash", "uuid": "c802c5c5-1fb5-43f7-9e53-a92b59af7c45", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591799", "to_ids": true, "type": "filename", "uuid": "0656c4df-7103-4843-ad12-094eff070d2a", "value": "z43l86rp.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591799", "to_ids": false, "type": "text", "uuid": "654df8f7-d324-42b7-a6ae-82e562a24219", "value": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of ed6058f0b0735ba56b781dea39353625fcb56bc3e77bf2d26a648511d754d216\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-30T10:29:21.000000+00:00\nLast Submission:2026-04-30T10:29:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595280", "uuid": "79c0c1cc-5c4c-43ab-bdcc-0ac674e56879", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595280", "to_ids": true, "type": "md5", "uuid": "5cecaf4e-3808-482b-8b73-520ff5313ca4", "value": "debb2b7123e2b024ac6ae77c1aa59da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593192", "to_ids": true, "type": "sha1", "uuid": "c93502d6-2a28-4a65-91b4-f382d16018b4", "value": "93da3d6daf2ab0433f19d04e28e4736458f5606a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593192", "to_ids": true, "type": "sha256", "uuid": "436a5a9d-6892-477d-92ae-70515f43afac", "value": "5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591820", "to_ids": true, "type": "ssdeep", "uuid": "02a286d9-ddf8-4a61-968b-0a3b2433ded2", "value": "98304:nJi0SOtyxwrO6n4/A8FrLuOvBhdhuTkE:IGQ6nb8s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591820", "to_ids": false, "type": "size-in-bytes", "uuid": "ad21776c-57c1-42c8-bd7d-deba9bb07e90", "value": "8388608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591820", "to_ids": true, "type": "vhash", "uuid": "4cce4b0d-b4c8-4b16-b9e7-ab78d6468841", "value": "086086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591820", "to_ids": true, "type": "filename", "uuid": "15a5ece8-8238-4700-a2e7-31d700b7c45d", "value": "69oT2fym.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 24/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591820", "to_ids": false, "type": "text", "uuid": "a1066135-dc4c-49cf-b11c-863c177187dc", "value": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 5eff99959683480d2280c931e433af836adf6a8b7a8489b1af17cddcf480cf63\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:46/71\nFirst Submission:2026-05-08T05:48:02.000000+00:00\nLast Submission:2026-05-12T07:09:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595303", "uuid": "1910a27d-2948-41cc-8d1b-88d5c05efdcb", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595303", "to_ids": true, "type": "md5", "uuid": "490f2ed3-a13a-409a-a01a-5407d319c45d", "value": "f819c42f5e5dafc87d770cb8f6af8b11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593193", "to_ids": true, "type": "sha1", "uuid": "5fc0f446-cd3b-48c2-948e-e855301cc49b", "value": "fb3484f3b344c89c9c8f56348585e5f0cfc69f68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593193", "to_ids": true, "type": "sha256", "uuid": "706fd26a-b500-4e11-a058-ed075270a217", "value": "7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591842", "to_ids": true, "type": "ssdeep", "uuid": "f092dbdd-d57e-4296-91e9-3c9fca54154b", "value": "49152:dekQTJR/2DG//Xg/NbBVY+QnOG1+4VA90CDuqNwKsIcKGrk9a4jPuDsgZMY+KVKP:deXt1VkFhcLZKKAuOvBhdhuTUE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591842", "to_ids": false, "type": "size-in-bytes", "uuid": "f9f440b3-84b8-4448-9948-04ab68a0bc26", "value": "7967232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591842", "to_ids": true, "type": "vhash", "uuid": "c4378d4c-cd11-42f3-9608-57f57d6e5ec2", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591842", "to_ids": true, "type": "filename", "uuid": "66cbe139-48e3-43c1-afac-a6058639a335", "value": "sm7djf0.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591842", "to_ids": false, "type": "text", "uuid": "accf90ea-05c4-4c69-9c9f-a9cc70f15c29", "value": "IOC-title:GoLandBuildPE\nIOC-description:MD5 of 7abc129482ccdf787b35b92b7d5b7ff2478e72fe516f4ceca0c02e23a1d34314\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-23T10:20:12.000000+00:00\nLast Submission:2026-04-23T10:20:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595324", "uuid": "4f3066b8-54a2-4a6f-aeb6-766c71163eca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595324", "to_ids": true, "type": "md5", "uuid": "045c2147-93e7-4d10-b4ce-2f07b3a64cf9", "value": "cd417ddade774eaa827c6270c4d5e3ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593195", "to_ids": true, "type": "sha1", "uuid": "8de8b54a-66e2-419d-9dc0-5bf7704fe572", "value": "37b02e1ba170e9b0ef1161da2b5d35499db8bc1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593195", "to_ids": true, "type": "sha256", "uuid": "aa9ac3a7-66a1-4348-95c1-81ce3e8d93d0", "value": "065c54893e4777d52be6b7bf30b832d5ffd9d96fd178642a5828a364c0e904a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591864", "to_ids": true, "type": "ssdeep", "uuid": "d2edd2a0-269f-4dd3-8035-ce6d700674b7", "value": "49152:LBApkiUJUkzitVVNFj5FxA0dlQAabXO6KU1eLdA8qY3GUha6EA5ES6:LG+xJJetVVz5Fx1aGlES6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591864", "to_ids": false, "type": "size-in-bytes", "uuid": "306ae6de-e391-43a2-af94-ae15520d7660", "value": "8257684" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591864", "to_ids": true, "type": "vhash", "uuid": "21272a4c-8f47-4ad1-b567-f98af52de473", "value": "c6c4a8b66db8aa56f614da11052df621" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591864", "to_ids": true, "type": "filename", "uuid": "786fe95a-d034-4319-b9fe-22cf2caa7e3b", "value": "g4o3cuwh.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591864", "to_ids": false, "type": "text", "uuid": "3d665779-a534-4428-97f7-db0175b178a3", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:29/63\nFirst Submission:2025-10-11T01:58:14.000000+00:00\nLast Submission:2025-10-11T01:58:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595345", "uuid": "0fe14272-1ff5-476b-8ea3-dfc30816d778", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595345", "to_ids": true, "type": "md5", "uuid": "6f428686-757b-4957-a3a1-6be2e99291eb", "value": "b343ce45f26f7abc72925277e88e18b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593196", "to_ids": true, "type": "sha1", "uuid": "b936e86b-69a2-464a-a8f5-ec0e8d27236c", "value": "4bc049d76d99308ec70768ca2ca1187b03f4654f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593196", "to_ids": true, "type": "sha256", "uuid": "acdd5aa8-f7d7-421c-aece-0badfbf9e8b0", "value": "06776635e386d536b1b0fc21e6aa41865d44d83dae5e9b109868d71ca309eeaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591886", "to_ids": true, "type": "ssdeep", "uuid": "e4e05533-0d48-4a06-8456-44c6cd3364df", "value": "49152:is9nmcfQ3q9wrb/TsvO90d7HjmAFd4A64nsfJRRBfklwWwQblCpAqS6IDi5BKiXY:W3qwslw75IXEP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591886", "to_ids": false, "type": "size-in-bytes", "uuid": "9ffa8b50-37ac-4bbd-a8d3-0a7a772e4016", "value": "5868544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591886", "to_ids": true, "type": "vhash", "uuid": "e79834bd-ace7-40a7-b7b1-8dc8a0d94421", "value": "056066655d5d15541az28!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591886", "to_ids": true, "type": "filename", "uuid": "7596037a-386a-4235-adad-310b677686c6", "value": "4c0ty.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591886", "to_ids": false, "type": "text", "uuid": "183bd59e-ce7d-441d-99c7-fe2ea2d3905a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:43/71\nFirst Submission:2025-08-22T12:16:04.000000+00:00\nLast Submission:2025-08-22T12:16:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595367", "uuid": "ab7968c7-a0ff-4fd6-9d1f-a3333beeeaa8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595367", "to_ids": true, "type": "md5", "uuid": "5f6ce12b-2bb3-4ebe-98d2-caad148060ab", "value": "19e7558fc7fa0f44005e935c9bbce94c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593197", "to_ids": true, "type": "sha1", "uuid": "a01f14f9-667f-4528-9fc0-355f0757dc86", "value": "d2582a981a7002cf68c2d676b24dc188a7c06309", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593198", "to_ids": true, "type": "sha256", "uuid": "aa66216d-419b-4587-a51b-2e564a1760a7", "value": "0fe91200a2bb4aed13b1a1ba4ec8fd4454566f5929ffed4f537d9a87c1bf1187", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591908", "to_ids": true, "type": "ssdeep", "uuid": "e21e250f-55df-4955-85cc-a85cd6120865", "value": "98304:1Ji0SOtyxwrOA14/A8FrLuOvBhdhuToE:uGQA1b8s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591908", "to_ids": false, "type": "size-in-bytes", "uuid": "91c29a93-c5b2-4515-aa7f-7fae557b6461", "value": "8689152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591908", "to_ids": true, "type": "vhash", "uuid": "316a31f2-fb95-48a4-bd44-01a551bb3b15", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591908", "to_ids": true, "type": "filename", "uuid": "c22bf48c-b083-4c6d-83c3-13169e265de4", "value": "e0w7jxj4.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591908", "to_ids": false, "type": "text", "uuid": "7ea990e8-a2d7-4776-bbfb-422b9f936d9b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:46/71\nFirst Submission:2026-05-08T05:45:49.000000+00:00\nLast Submission:2026-05-08T05:45:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595388", "uuid": "c3b3b0c0-cfc5-4045-825e-cd33bc678e00", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595388", "to_ids": true, "type": "md5", "uuid": "e536c359-bfed-430f-9584-bedd07f1c351", "value": "7569ad4ecc939f87ecfd50cbf9c48f35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593198", "to_ids": true, "type": "sha1", "uuid": "ea2cae1a-f915-4094-99e2-751f922f9bf9", "value": "834a416abbbdf6ea162e04e384db1b477eb2ec6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593199", "to_ids": true, "type": "sha256", "uuid": "a97554e1-9e3a-447c-beaa-7f1c0ad5389c", "value": "12f76f48727916d6c05f53f8cd94915db5de5ffcbfa02c4807c27e090cfa47c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591929", "to_ids": true, "type": "ssdeep", "uuid": "ea2d91c8-ba87-4d39-b739-cdef7e1a1dd3", "value": "98304:eca2jWFnrVVqxAZeENZmCQMuOvBhdhuT2E:n1yRu8eENSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591929", "to_ids": false, "type": "size-in-bytes", "uuid": "a1087957-f1b4-4bd7-a791-b515ca912ded", "value": "7971840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591929", "to_ids": true, "type": "vhash", "uuid": "adcd56f9-d471-4baf-8f88-0b7392a9f4c8", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591929", "to_ids": true, "type": "filename", "uuid": "ddcb1536-c073-4012-9f35-137319879842", "value": "3x6g8.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591929", "to_ids": false, "type": "text", "uuid": "bf97ad2b-b941-46b8-8dfd-ff7e1669065f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-25T01:01:31.000000+00:00\nLast Submission:2026-04-25T01:01:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595409", "uuid": "949c31ac-0455-4424-a38a-00533f7e93c8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595409", "to_ids": true, "type": "md5", "uuid": "10d88f6f-29ce-4138-bfbe-817c084b19da", "value": "a5ac4a2ba6db416e2aa6a802539ba496", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593200", "to_ids": true, "type": "sha1", "uuid": "3454e4b3-224d-4fd5-ac7c-11974f25df90", "value": "4b1404e19b91f4d75a971a7e0956b7eb84470b94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593200", "to_ids": true, "type": "sha256", "uuid": "ce8eacbb-47dd-413d-8ee4-fe9e9f673c57", "value": "1329be66458962dabfa20185c230439c57d32b90a20de791afdce9c15226fccb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591951", "to_ids": true, "type": "ssdeep", "uuid": "51cf05af-e75d-44aa-926a-c923fcaa4c4f", "value": "98304:dca2jWFnrVVqxAZeG9ZmCQMuOvBhdhuTtE:K1yRu8eG9SM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591951", "to_ids": false, "type": "size-in-bytes", "uuid": "9dbefbc9-dcd1-4609-b8bf-ba2f7c9d1705", "value": "8268288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591951", "to_ids": true, "type": "vhash", "uuid": "7572b509-e371-4b91-90a8-a81dfe69840d", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591951", "to_ids": true, "type": "filename", "uuid": "27069d25-8b20-44ca-8caa-16988063f6b8", "value": "0fdm55kb3.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591951", "to_ids": false, "type": "text", "uuid": "b1f44c37-cb47-42c0-b84a-8cafd80c88cd", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:48/71\nFirst Submission:2026-04-25T07:16:15.000000+00:00\nLast Submission:2026-04-25T07:16:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595431", "uuid": "0c5cd633-67ac-47f8-9627-e998eba7a724", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595431", "to_ids": true, "type": "md5", "uuid": "1b036c91-127d-472e-bca1-b31c37c6634f", "value": "5250b3aa9b16c00fd7ef5b98dd26921f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593201", "to_ids": true, "type": "sha1", "uuid": "db27ea6d-bead-4ab6-bbf3-9b9dfa7f2efa", "value": "14d23ec9391a28225a733b2c5e8134edbbd0c043", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593201", "to_ids": true, "type": "sha256", "uuid": "60df602d-977b-4d04-b8ea-9489a0d5f475", "value": "147f86854690ba096f3797c623b66365d6adbf7140d7d7c3dcf746b83a4b6dac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591973", "to_ids": true, "type": "ssdeep", "uuid": "278a9689-f9f9-4fed-b6d2-f8e2aabaa9b7", "value": "49152:kVKiWFZWaBuI3zrSgCukKM3cLELnO/+Nid0jnDDX4XkcopzkQ01jUR1w2jAxDsg+:kVKHZwCshVkgqZqH/uOvBhdhuTVE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591973", "to_ids": false, "type": "size-in-bytes", "uuid": "cbdcc76f-58b9-443d-86e0-19beca0e0184", "value": "8266752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591973", "to_ids": true, "type": "vhash", "uuid": "cb6d6163-cba6-4fb3-aced-f591a5e57400", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591973", "to_ids": true, "type": "filename", "uuid": "bdec052d-60a7-4e70-b0f9-e9e8399ad718", "value": "jkjx4kag.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591973", "to_ids": false, "type": "text", "uuid": "bfb15836-c063-4951-8f7c-099eb6977764", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-28T12:59:23.000000+00:00\nLast Submission:2026-04-28T12:59:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595452", "uuid": "54bf3ba6-da06-486e-9408-2c1905f02474", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595452", "to_ids": true, "type": "md5", "uuid": "25d862af-3aee-4e8c-abf5-73fc7707b0df", "value": "ae4eb1429eebc200e5a8bbaea15246c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593202", "to_ids": true, "type": "sha1", "uuid": "b850929f-7cb9-483b-9347-f293aaa217e6", "value": "22d2a6e3e6cd0e157412db63e5defdd0b8aa80bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593202", "to_ids": true, "type": "sha256", "uuid": "2cbb1563-3b20-4793-95c2-52dd132814ab", "value": "1ba73df60e12b3feb8b5574e65cfceb6910460ab7fae2cf5554769fafdad049e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779591994", "to_ids": true, "type": "ssdeep", "uuid": "dde2a3ac-f352-421b-bacd-1395002ba343", "value": "49152:XLfFmFdYsimZ9WQnjcDv+b4TUdzv7ehH3o9W7zIDVWHH+kX57699C4j2QDsgZMaC:XLtm3xWLXaCrERZktuOvBhdhuTZE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779591994", "to_ids": false, "type": "size-in-bytes", "uuid": "be4a6d25-0a8d-41b3-9a45-ff32bb406f7b", "value": "7967232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779591994", "to_ids": true, "type": "vhash", "uuid": "b031d303-0183-4604-8a49-9a7ab0200b78", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779591994", "to_ids": true, "type": "filename", "uuid": "2c13e8e9-980c-4291-9182-be8437963ce5", "value": "0wk1k8ub.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779591994", "to_ids": false, "type": "text", "uuid": "a73643ea-2dcd-4135-ae77-9145f00175b4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-24T06:44:08.000000+00:00\nLast Submission:2026-04-24T06:44:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595473", "uuid": "15bb2735-1843-4d36-8f07-d4d6dc398848", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595473", "to_ids": true, "type": "md5", "uuid": "aaaf9576-0428-4cc3-869b-8de5e0caf6c8", "value": "70a652dd7f94c21249c55225bbf227ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593203", "to_ids": true, "type": "sha1", "uuid": "4bfd0d4e-d8b4-40e4-a9aa-fc2e317d861c", "value": "8a2ed746ee495c035b90ed2f900535684e183dd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593204", "to_ids": true, "type": "sha256", "uuid": "5ac5e8ce-0b33-418a-8edb-803c806c27b9", "value": "1d2e37b41d616ecb32b8bd2f2a52c792f1808fdc938574fc366d737b6f643c61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592016", "to_ids": true, "type": "ssdeep", "uuid": "ad94c122-2965-4839-9569-ae5c2d5db82a", "value": "49152:nKb0e7jQHs6t8O83WS/NXgHQTXdJbSCr2N8+fvOmRLUINJuVj/gDl24MCKVK1Ksm:nKwYsv3fWmhHo4FQmuOvBhdhuT+ESW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592016", "to_ids": false, "type": "size-in-bytes", "uuid": "1666aa4b-5713-4751-a6cc-58785f800577", "value": "8376832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592016", "to_ids": true, "type": "vhash", "uuid": "a23235a0-5c46-43fd-bf73-57d810ec7b8f", "value": "086086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592016", "to_ids": true, "type": "filename", "uuid": "2885c9f8-3256-41c7-b0d0-d5d46383c8b2", "value": "z5qc1ryd.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592016", "to_ids": false, "type": "text", "uuid": "2037249f-3466-49e5-8619-70625df787e2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-29T17:08:57.000000+00:00\nLast Submission:2026-04-29T17:08:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595494", "uuid": "7158d98e-d9e0-45fc-b409-28d20c5e1d09", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595494", "to_ids": true, "type": "md5", "uuid": "65c81572-f838-4d2b-9fc7-a2ebb3de65b8", "value": "313a166ca49455c0022ef12a739176dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593205", "to_ids": true, "type": "sha1", "uuid": "74a4a8aa-5a07-4ccd-b2f8-5dc24107468d", "value": "452e87e718349b847c088556b7dd30b2c6ce0b71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593205", "to_ids": true, "type": "sha256", "uuid": "125962cc-16fb-4988-a8fb-d45d9d69cc67", "value": "2012ff4d7c36e42d256d78c265f242d29a305af66686866c581ee96c2b05d5a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592037", "to_ids": true, "type": "ssdeep", "uuid": "f88cac5b-9ef8-407f-a8dd-5c408e53b933", "value": "49152:RNA4wXsSsSPsLWM7mGKdPvlzy6sW2lkj6EwraBM4nqD/GPletd0MKvTWiSLFNjED:RNuBNcyU5EgGam2Eh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592037", "to_ids": false, "type": "size-in-bytes", "uuid": "fe615c93-a829-48d5-9f14-4b515df859d0", "value": "7340180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592037", "to_ids": true, "type": "vhash", "uuid": "4e9acfc6-8358-45c7-aaf1-5db36d186809", "value": "44b926bcea341ad63140018df95609a7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592037", "to_ids": true, "type": "filename", "uuid": "74d35b24-dc8d-4650-b675-c6d153d71582", "value": "zff9lki.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592037", "to_ids": false, "type": "text", "uuid": "f3a91d21-9638-420b-b44f-2f64805212a2", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:28/63\nFirst Submission:2025-10-11T02:20:10.000000+00:00\nLast Submission:2025-10-11T02:20:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595515", "uuid": "6533c202-83a3-492e-89b3-9f31d4dd9564", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595515", "to_ids": true, "type": "md5", "uuid": "92b3f48a-4bb3-434b-8580-fe3c44652818", "value": "e8ccfa96c700eee1de3da70e05ea55ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593206", "to_ids": true, "type": "sha1", "uuid": "43586125-270e-43c0-8769-5610e78c40a0", "value": "d9ab3b29a996b8a2f5d5f62ff6274805d901791b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593206", "to_ids": true, "type": "sha256", "uuid": "7b967aea-221c-4775-a9cb-8027ef328a76", "value": "31635e4667eba1ba3588e1bc9c05d18a78d9693c801e5176e6cddf74e0d5bcc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592059", "to_ids": true, "type": "ssdeep", "uuid": "7a6e132a-fadb-4a47-b83e-940218d9bc15", "value": "98304:jLRQuHGsesgMLq4wIoWMXdK8uOvBhdhuTpE:viuLqCU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592059", "to_ids": false, "type": "size-in-bytes", "uuid": "8dafb060-65b5-470c-8756-7b44e9b6f9db", "value": "8381952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592059", "to_ids": true, "type": "vhash", "uuid": "9be5ca2a-a77a-4886-bc16-7cd38cb25b2e", "value": "086086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592059", "to_ids": true, "type": "filename", "uuid": "09372abf-05b3-4f0e-973c-42b9ae60f360", "value": "wr9jg.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592059", "to_ids": false, "type": "text", "uuid": "45f44a43-3d69-4387-9a80-df7c43dbddee", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:47/71\nFirst Submission:2026-05-02T16:33:07.000000+00:00\nLast Submission:2026-05-02T16:33:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595536", "uuid": "0e06830a-82f9-4d44-afe3-e5a5541c0ce1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595536", "to_ids": true, "type": "md5", "uuid": "bc2a0547-26a3-459c-bc6e-ccb66e0e5f00", "value": "00c6206cb4ce5fc13a4babbe4e381cd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593207", "to_ids": true, "type": "sha1", "uuid": "d8cc16c3-bb69-42a9-ad4d-c49326cb8d87", "value": "fee7b9649f00447af5d273edcb2adff4e1430a56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593207", "to_ids": true, "type": "sha256", "uuid": "ca93cf45-4907-40d3-8df4-54f6b266bff6", "value": "37facbbd0047c19f4efdea75ccb9e3ec793cb9b1d7846afa4fb8e900d6e9ed95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592081", "to_ids": true, "type": "ssdeep", "uuid": "2212dacf-d009-4400-8269-5c257c85e82f", "value": "98304:cuf37oaLYnzSFV4rG7MuOvBhdhuTLEwg:fvESFV6wg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592081", "to_ids": false, "type": "size-in-bytes", "uuid": "a974a0cc-c227-4a74-b259-522b0350c085", "value": "8345400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592081", "to_ids": true, "type": "vhash", "uuid": "a384defc-1eb1-42ba-9504-aa16488c352b", "value": "086086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592081", "to_ids": true, "type": "filename", "uuid": "36782fef-71b2-41b0-97a8-9c6503711f0e", "value": "mc5lwbw0.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592081", "to_ids": false, "type": "text", "uuid": "f8c4173d-d865-4045-ad4e-bc2d48576e12", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:48/71\nFirst Submission:2026-05-03T08:06:31.000000+00:00\nLast Submission:2026-05-03T08:06:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595557", "uuid": "1151ac8f-963a-4348-a360-eeaa5bf15395", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595557", "to_ids": true, "type": "md5", "uuid": "2df85882-403e-4d11-9539-7c735dc28c8d", "value": "28d220312367aa21f6954e52b446a435", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593209", "to_ids": true, "type": "sha1", "uuid": "724b2242-7fc2-42c7-a717-e01ffae7d0b8", "value": "d1dedc25d245f452e2c583490dac14f40a0ff16f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593209", "to_ids": true, "type": "sha256", "uuid": "3dd87fce-d9ad-4b4a-be59-cca424932344", "value": "4ae8de40153c66455d972e6e98fe06fb68db7301ba126557e96599527bc5509c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592103", "to_ids": true, "type": "ssdeep", "uuid": "3b7647fe-c208-4c78-996b-5f3cf6bfe267", "value": "98304:2Ji0SOtCDAA1kflb4/wU8cuOvBhdhuToE:rGnfZ3/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592103", "to_ids": false, "type": "size-in-bytes", "uuid": "081374eb-ad0f-4067-86b6-f1df09e8c043", "value": "8388608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592103", "to_ids": true, "type": "vhash", "uuid": "95967685-8771-472f-88ec-7cb1c10f8b4a", "value": "086086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592103", "to_ids": true, "type": "filename", "uuid": "0f36ace2-16ee-4963-b955-72d5b88b49fe", "value": "v8vk6.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592103", "to_ids": false, "type": "text", "uuid": "e9b8687f-9c45-49f0-99ec-9b0ac6b03385", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:47/71\nFirst Submission:2026-05-07T03:01:49.000000+00:00\nLast Submission:2026-05-07T03:01:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595578", "uuid": "b3bd5029-44b3-48ef-995f-71be87f390a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595578", "to_ids": true, "type": "md5", "uuid": "da0b2d03-bf26-4557-b8bd-8f7ff4c545db", "value": "07ac8e43618f03eacb54494653681cfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593209", "to_ids": true, "type": "sha1", "uuid": "1d1757c0-e400-4261-bc63-a6e32d72772c", "value": "45b5b4149eba0f9f872843ea614920bc57382b5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593210", "to_ids": true, "type": "sha256", "uuid": "4a656121-5d38-4f48-9ced-96b3f1988258", "value": "5ac484ec0846fff8f099b234dfd1602864300da8c68b01822c6036eb709fc584", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592125", "to_ids": true, "type": "ssdeep", "uuid": "05fc1299-3d6d-4ee5-9106-967d4984bb57", "value": "98304:qVYzV4bppq9HYc8aTgu4ynqPu6vBhFhuTRE:q4wcl8aTKR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592125", "to_ids": false, "type": "size-in-bytes", "uuid": "029c4509-fe67-4243-bb99-e465f42eb601", "value": "7878656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592125", "to_ids": true, "type": "vhash", "uuid": "dd87bc82-caef-41b0-9dbf-74f0a4c0c443", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592125", "to_ids": true, "type": "filename", "uuid": "781dfbac-29cb-4abf-8267-766cd1f67cc7", "value": "zabqg8xm.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592125", "to_ids": false, "type": "text", "uuid": "8171fe1d-f516-492b-9541-783299b92424", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:47/71\nFirst Submission:2026-04-14T12:08:49.000000+00:00\nLast Submission:2026-04-14T12:08:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595600", "uuid": "65bbfca4-efd7-4fd6-9acb-7c821dc87cc1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595600", "to_ids": true, "type": "md5", "uuid": "e8d34308-1c62-4dbb-84e1-a0b52a2214f8", "value": "ed3b7ed575e45b54dfc0cac2d2d2fd29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593210", "to_ids": true, "type": "sha1", "uuid": "838eaab5-8d60-4ea9-afd3-b9af0c755cae", "value": "52462142c665cdfa32eb2de675e55c282492c584", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593210", "to_ids": true, "type": "sha256", "uuid": "72c7d463-684d-4aab-a6ce-154496c44463", "value": "5c02115b3f090551393cca3ce91fe837727d1c4586164c580759eb94387dba10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592147", "to_ids": true, "type": "ssdeep", "uuid": "30cb1bb2-863a-4b0b-848a-12bfcca1c56f", "value": "98304:GVYzV4bppq9HYcVq8wcqoNgu4ynqPu6vBhFhuTfE:G4wcl3KP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592147", "to_ids": false, "type": "size-in-bytes", "uuid": "a93ed308-65a7-4b98-bc8e-bb44204172e4", "value": "8180224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592147", "to_ids": true, "type": "vhash", "uuid": "43388389-f820-4f6e-b1b0-a16eda7052ea", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592147", "to_ids": true, "type": "filename", "uuid": "b9473913-08ea-452d-96d9-c6ced5285661", "value": "hq39v.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592147", "to_ids": false, "type": "text", "uuid": "fbbd4a93-7979-4d38-b58e-38635752a68b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:49/71\nFirst Submission:2026-04-14T12:08:26.000000+00:00\nLast Submission:2026-04-14T12:08:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595621", "uuid": "7ba4a5fe-2d1e-4e44-8144-5ef74bccbbcb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595621", "to_ids": true, "type": "md5", "uuid": "a0c4352d-701c-4280-b4d4-10e9e3f88e36", "value": "23fc95bf15a6d629fa6dc2227949b05c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593211", "to_ids": true, "type": "sha1", "uuid": "79ddd564-1015-4af4-a136-75a495b43827", "value": "76f67197e319153ea6d4ca0a6bc0f1b5d4964ed2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593211", "to_ids": true, "type": "sha256", "uuid": "47d62fc6-e9a9-42f2-867b-cc95b81aeaa4", "value": "5ef76098be5ed1559b71ebd8d29cb32c1825991824051d8a641746e08bf9e1b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592169", "to_ids": true, "type": "ssdeep", "uuid": "baa2891a-ca1c-4e38-841b-6adf314fd823", "value": "49152:emOvFHSvnoD0Srdg4xCdVy6Tt7wFU8j/syJRsc8PXAx6os/EjeGtZaz0fyKm+Zot:qvFHSveDodVyw7Uj/syJRIiaovqEl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592169", "to_ids": false, "type": "size-in-bytes", "uuid": "630efffd-a2e5-4fd4-b123-d2408b38994f", "value": "7435776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592169", "to_ids": true, "type": "vhash", "uuid": "fd61bffa-4e5e-49de-9d2c-9abda8db1820", "value": "076066655d5d15641az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592169", "to_ids": true, "type": "filename", "uuid": "90072fc8-4842-4b1d-8539-f155c6bb0191", "value": "2n1q3q.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592169", "to_ids": false, "type": "text", "uuid": "efa28f24-f922-4975-b841-aa633213c657", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:39/71\nFirst Submission:2026-04-07T13:31:36.000000+00:00\nLast Submission:2026-04-11T02:28:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595643", "uuid": "a4e968aa-be5b-413f-a0f4-f43d2dce56fe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595643", "to_ids": true, "type": "md5", "uuid": "1a8f7b39-2ca0-4535-9f7f-45d8cf131b64", "value": "337378836baa5e8c3787d644c7d16e9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593213", "to_ids": true, "type": "sha1", "uuid": "47c2290c-a771-49a7-aa3d-e75f999b2a8a", "value": "0d3073f21ad8ed12093dc9a5215620dd6fac89d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593213", "to_ids": true, "type": "sha256", "uuid": "79dd2699-676f-4c83-9d37-e4e1bccb6409", "value": "64944d2a6129631ff675c6dcfdd57a7e99a1e4dc41802cbd0eabcef3eb3e81c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592190", "to_ids": true, "type": "ssdeep", "uuid": "9c4bbfbb-8ba0-4966-89b1-28e103754fe1", "value": "49152:GFcWXNlJApGwa5CYrCvRbWdecYgMXSCMOtZexddcR/TI5g5hoc+JFBtkG9YEA5E/:GuWXrwa5CYrC9OecYg3QE/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592190", "to_ids": false, "type": "size-in-bytes", "uuid": "eb2beec5-c93f-42ed-afa5-a48300964091", "value": "7209108" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592190", "to_ids": true, "type": "vhash", "uuid": "06c3359d-f54c-4671-9aee-9d4e593a80e3", "value": "6c625ba8045acd8c783b1954fb128059" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592190", "to_ids": true, "type": "filename", "uuid": "08fcdaf7-5bef-4604-81dc-cf65bb12aa4d", "value": "7bzfdpth.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592190", "to_ids": false, "type": "text", "uuid": "4ee63658-c0df-4ebf-a296-a881ab14aa5e", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:27/63\nFirst Submission:2025-10-12T01:32:19.000000+00:00\nLast Submission:2025-10-12T01:32:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595664", "uuid": "9abad9aa-ef3f-4fbb-bd09-f567de13e6a4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595664", "to_ids": true, "type": "md5", "uuid": "944a988a-d79f-4c9b-8cbb-3a3d013ae090", "value": "6d3d943a4eacc9d6c11d19b5475537cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593214", "to_ids": true, "type": "sha1", "uuid": "66406f92-1117-4004-9ff9-9ef7a206fd06", "value": "494dcf9c25f2f473916edb3431ac85226c70d60b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593214", "to_ids": true, "type": "sha256", "uuid": "ee1999e7-98db-4bd0-91db-bb6782ec22c3", "value": "660af53acdc505f333f6d4f4269cec740a5eb05e41a4c7926742606b18f22d33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592212", "to_ids": true, "type": "ssdeep", "uuid": "b33390fa-9e72-4be9-8e15-f72bd474e78b", "value": "49152:nVKiWFZWaBuI3zrSgCukKM3cLELnO/+Nid0jnDDX4XkcopzkQ01jUI15V2j2lxDr:nVKHZwCshVkgUhNZqH/uOvBhdhuTWE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592212", "to_ids": false, "type": "size-in-bytes", "uuid": "4db8bed7-3c76-4373-aa92-2c4f08ec5edf", "value": "8266752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592212", "to_ids": true, "type": "vhash", "uuid": "cdb0ef14-9860-4cd0-b210-718e281b8789", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592212", "to_ids": true, "type": "filename", "uuid": "0d3fccb3-e86a-4068-a229-ea9bb999f4f3", "value": "o6q5i.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592212", "to_ids": false, "type": "text", "uuid": "a9af4c07-5808-4d6e-827d-29ccfe2c262b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-28T06:17:36.000000+00:00\nLast Submission:2026-04-28T06:17:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595685", "uuid": "dd5d5f27-0444-4621-a4be-7945de86d7c8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595685", "to_ids": true, "type": "md5", "uuid": "832ad9e2-57de-4ad2-9394-2503e2fae72a", "value": "3b4e7f7e039726f786df44c397562d6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593215", "to_ids": true, "type": "sha1", "uuid": "f0341272-a71d-46ab-b18c-f0f86eacdf53", "value": "a7a8c3adcf7558866e6baebb48477b7781f44bf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593215", "to_ids": true, "type": "sha256", "uuid": "6717f5e4-0f00-43e1-9cce-adff5cbf7ca1", "value": "6de4da7919185f84212d02011e955530011b08c389408f2a012b81757c3d0c0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592234", "to_ids": true, "type": "ssdeep", "uuid": "ad5a7838-fd7c-499a-8ecc-979a01e97373", "value": "98304:ADXhYftdMz3m5JWW4OCsR5luOvBhdhuTtE:SRcyWYe7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592234", "to_ids": false, "type": "size-in-bytes", "uuid": "8b194981-8377-4201-8a37-69effc7a45e3", "value": "8684032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592234", "to_ids": true, "type": "vhash", "uuid": "7262f7aa-f1e0-4a48-b25c-5cd05d847117", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592234", "to_ids": true, "type": "filename", "uuid": "6f2ba94e-d3fc-4c5b-b1fc-f4169c3d23be", "value": "1lx612t2.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592234", "to_ids": false, "type": "text", "uuid": "4059aedf-101c-40ca-af84-717d8fa79145", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:47/71\nFirst Submission:2026-05-05T04:38:32.000000+00:00\nLast Submission:2026-05-05T04:38:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595706", "uuid": "acca7646-8f86-43b2-b30a-b2d26ab442e8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595706", "to_ids": true, "type": "md5", "uuid": "024ce3bd-1a65-4986-8722-248ca403a809", "value": "bcd41016deee9777be98e386394e4a82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593217", "to_ids": true, "type": "sha1", "uuid": "620ec823-23cc-4aa3-8a35-96bf3002f0e0", "value": "e738174338e4de5d54cf8eda27e4c03659aa3225", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593217", "to_ids": true, "type": "sha256", "uuid": "83c23277-fabf-4c36-b33f-2c1fdb4ae5c4", "value": "710539554f065fe9a0bf6a6e32d3ea73ab3c797a033f8bfef57ad929bcdf9195", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592256", "to_ids": true, "type": "ssdeep", "uuid": "b6c2eb47-c708-43b4-9480-7ba63b1b10ec", "value": "98304:sJi0SOtCDAA1kIb4/wU8cuOvBhdhuTyE:hGn83Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592256", "to_ids": false, "type": "size-in-bytes", "uuid": "7a57e031-c4e5-420a-9fef-5cc20e4d252e", "value": "8689152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592256", "to_ids": true, "type": "vhash", "uuid": "82411a27-3528-4d00-8bb8-32545226df19", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592256", "to_ids": true, "type": "filename", "uuid": "db702e48-522d-49c6-a7bc-6dd2a16553c1", "value": "jrmgi.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592256", "to_ids": false, "type": "text", "uuid": "f786f5de-9106-4521-a135-b1000ddf7862", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:48/71\nFirst Submission:2026-05-07T07:27:49.000000+00:00\nLast Submission:2026-05-07T07:27:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595727", "uuid": "055320b2-836e-4090-98cd-c93dd2fc3bba", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595727", "to_ids": true, "type": "md5", "uuid": "b42a3046-88a7-43f5-b759-6b1c0a2e2800", "value": "0c1273357ec76e37d36600c97c919a84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593218", "to_ids": true, "type": "sha1", "uuid": "ef108ba9-ba3d-4467-a457-09220474d6bc", "value": "bc3655ac5fc0d8416f1ba54032068db31b76a7cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593218", "to_ids": true, "type": "sha256", "uuid": "c1382ff9-36a2-4832-8516-630812cdae44", "value": "7170f3051cc9f4520e84f1ea3b599616d82be8e5087f19d8e2951fa6848924b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592278", "to_ids": true, "type": "ssdeep", "uuid": "3b49a713-d81b-4e75-93ac-e1e965e0a012", "value": "49152:XLfFmFdYsimZ9WQnjcDv+b4TUdzv7ehH3o9W7zIDVWHH+kX57699C4jHQDsgZMaC:XLtm3xWLXaCrEyZktuOvBhdhuTZE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592278", "to_ids": false, "type": "size-in-bytes", "uuid": "a5972000-dddd-4386-8fc6-d0338ce7ccc7", "value": "7967232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592278", "to_ids": true, "type": "vhash", "uuid": "643d2718-afd2-4595-a8b1-07d7b98f2207", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592278", "to_ids": true, "type": "filename", "uuid": "a11a796d-cb2a-4412-b1a0-2691a301aabc", "value": "dbb4ieq8.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592278", "to_ids": false, "type": "text", "uuid": "a1af3103-b90c-420f-8ed7-84e417073f88", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:44/71\nFirst Submission:2026-04-30T04:08:42.000000+00:00\nLast Submission:2026-04-30T04:08:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595749", "uuid": "efb8fb45-8123-4b00-9793-c0de3d87c3a1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595749", "to_ids": true, "type": "md5", "uuid": "11070010-262a-4288-8326-f94598a9110e", "value": "dacedc9896acc62da10e50bb78a42fc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593219", "to_ids": true, "type": "sha1", "uuid": "36d1a4df-4ff7-4869-8ee3-599198403a1a", "value": "6acf5d377bf0846656538239c32d3516a324da5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593220", "to_ids": true, "type": "sha256", "uuid": "abadaf2d-4ae0-4608-b8f4-18e663ab00d2", "value": "73c24bafba21f871cc9d28de92ee7e4b9f9c8ec337279c14c1facdb9feeb7af4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592299", "to_ids": true, "type": "ssdeep", "uuid": "6c6dde30-1623-4756-81fc-ba7ed38afe98", "value": "98304:ZVYzV4bppq9HYcFPZggu4ynqPu6vBhFhuTXE:Z4wclFPZgKH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592299", "to_ids": false, "type": "size-in-bytes", "uuid": "e2e8dcec-a594-45d3-8423-e7c60e832e8b", "value": "7883264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592299", "to_ids": true, "type": "vhash", "uuid": "43e51e23-f6e6-4f2e-8891-b059ace411f9", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592299", "to_ids": true, "type": "filename", "uuid": "30d05ffd-e4da-48dd-81f9-89e1b99ea228", "value": "ixi4hw.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592299", "to_ids": false, "type": "text", "uuid": "390143e8-e3f7-4e04-83e2-732ebd9f999e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:43/71\nFirst Submission:2026-04-14T09:21:17.000000+00:00\nLast Submission:2026-04-14T09:21:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595770", "uuid": "35afa9a4-f25f-443c-8f7d-6b81dc976be7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595770", "to_ids": true, "type": "md5", "uuid": "b96e0f62-7b51-48e8-ad13-62264d3ee656", "value": "85006fcbc10a589a5e8ac1192e5b4fdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593221", "to_ids": true, "type": "sha1", "uuid": "883fd4cf-8b57-48d2-bb5d-d16336386520", "value": "42ac17cedac112e74b96b24ed443648032ca9d74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593221", "to_ids": true, "type": "sha256", "uuid": "904cb0ac-d648-4781-8629-56415cd7f763", "value": "746c4cd5fe3a8edd37d4b37b23af64b1086b5ea7c1ab0bcfd9c47e4e2e986518", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592321", "to_ids": true, "type": "ssdeep", "uuid": "517f5a9b-6d41-4f71-95c0-adf012bf2abb", "value": "98304:SbK0jaWNxLZ64W+wj3mF/essOuhSYQEO9BMEk:SXeiq+wijk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592321", "to_ids": false, "type": "size-in-bytes", "uuid": "daa62947-cf6e-4334-9e54-ee3134eeeab1", "value": "7664640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592321", "to_ids": true, "type": "vhash", "uuid": "e4bcf9a8-1c57-4378-a027-367d95c3012a", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592321", "to_ids": true, "type": "filename", "uuid": "f2d680af-c4db-48d1-8c4a-1300241b1d6f", "value": "hv0ws8v6.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592321", "to_ids": false, "type": "text", "uuid": "e7591563-c20a-4809-b533-d92f33cff07a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-07T13:35:05.000000+00:00\nLast Submission:2026-04-07T13:35:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595791", "uuid": "60eac004-576d-4a60-a511-14f424c058eb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595791", "to_ids": true, "type": "md5", "uuid": "c1463a6d-4539-4bd6-aeb6-52269f636388", "value": "e626504addd6a6dc6caf287fbed430e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593223", "to_ids": true, "type": "sha1", "uuid": "e538c513-5194-461b-a2bf-152d4cb6c749", "value": "fcb17f2b09bfe30e356560b0eccf274ef6733f69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593223", "to_ids": true, "type": "sha256", "uuid": "ee191f88-2010-4d50-a7f7-3ab6bfbeada8", "value": "750a707084839fe970266964957b8eaa7e25b4d9ca1050cd7ab19e4a2add707d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592344", "to_ids": true, "type": "ssdeep", "uuid": "c9eb01b6-89f0-4025-855e-5510e26a3977", "value": "98304:nJi0SOtCDAA1kTb4/wU8cuOvBhdhuTWE:IGn331" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592344", "to_ids": false, "type": "size-in-bytes", "uuid": "770246b1-3426-4d94-a5a3-6405f86bd146", "value": "8689152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592344", "to_ids": true, "type": "vhash", "uuid": "bbbd2ec1-c3f6-4257-85c9-35bd65df4631", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592344", "to_ids": true, "type": "filename", "uuid": "367d8786-bd24-4be9-98e5-a25bb4ba3621", "value": "f13hf.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592344", "to_ids": false, "type": "text", "uuid": "e9082e20-7514-4e0a-9be1-b4cfde777128", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:47/71\nFirst Submission:2026-05-07T02:58:14.000000+00:00\nLast Submission:2026-05-07T02:58:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595812", "uuid": "4bf23b02-c732-4058-a862-13e9473bae7a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595812", "to_ids": true, "type": "md5", "uuid": "3e0edacc-95b9-47c7-8cb1-2d0ce90eefc2", "value": "aaed5210dec17cd0d23887f470f568b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593224", "to_ids": true, "type": "sha1", "uuid": "d7c333da-9e40-48d9-95c2-e2a385e64078", "value": "3a444ba38520f21afc99d4841ccfa555fd33309b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593224", "to_ids": true, "type": "sha256", "uuid": "ea1bcbdb-8eb0-4e63-b9ea-518caa113f71", "value": "75b36769f0d36c05be74d41610d4af3f73397983ba746f8c569de6f23ee130e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592366", "to_ids": true, "type": "ssdeep", "uuid": "a885d66e-a489-47db-af8c-9cd52f7d8838", "value": "1572864:y/EV3y6LcrnY2WMGwhANW/ey71TJbn6PuwdI1HqlfkA7STXAw9Rkf3/KEG45l8QY:AEVkLTSSEG45l8QY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592366", "to_ids": false, "type": "size-in-bytes", "uuid": "fefc4bfa-3afc-4bbc-ba7c-b3500fca63a1", "value": "467529112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592366", "to_ids": true, "type": "vhash", "uuid": "4dc74aab-a24e-44e0-a26a-0c6f1297801d", "value": "787b80f3747126360dcb0007029088ac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592366", "to_ids": true, "type": "filename", "uuid": "eeaf6c7c-65b7-4715-a7d0-e267678589ea", "value": "Rshell_linux_amd64" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592366", "to_ids": false, "type": "text", "uuid": "60ede36f-91a1-49d5-be14-bdd05fc16f2a", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:6/65\nFirst Submission:2025-10-23T03:26:35.000000+00:00\nLast Submission:2025-10-23T03:26:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595834", "uuid": "c0a17bc7-bbe1-41c1-94f9-12d66c9f6ba4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595834", "to_ids": true, "type": "md5", "uuid": "87629370-5f02-4323-b2a7-1563cf70155c", "value": "06e03ebfe4d725cc539da39a0a8032b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593225", "to_ids": true, "type": "sha1", "uuid": "5908d74d-32b7-4d1c-80db-c5f76b901faf", "value": "27cc1782b2aaf4b079a4936947474f7a44125f93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593225", "to_ids": true, "type": "sha256", "uuid": "dc4edab4-195d-4744-aa3b-be55df1bdecd", "value": "79340e589a69f5dc204d4073341a07e98a588d0401d18f34991d14b71a475063", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592388", "to_ids": true, "type": "ssdeep", "uuid": "7ae8060d-772a-43f0-b2b9-172b5196d90e", "value": "98304:KJi0SOtCDAA1kfb4/wU8cuOvBhdhuTDE:/Gnfb3i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592388", "to_ids": false, "type": "size-in-bytes", "uuid": "8bc4dbda-cceb-42cf-9fd3-f8b93fe627f7", "value": "8388608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592388", "to_ids": true, "type": "vhash", "uuid": "ddbc24c4-0edd-420e-a8b2-931014b393ee", "value": "086086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592388", "to_ids": true, "type": "filename", "uuid": "00c7e9db-5ec2-4a62-886b-e2e968e2056e", "value": "4jis1xw.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592388", "to_ids": false, "type": "text", "uuid": "1bd7e080-eeeb-47c6-bb1a-a15f6c1e6dcc", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:45/71\nFirst Submission:2026-05-05T16:38:52.000000+00:00\nLast Submission:2026-05-05T16:38:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595855", "uuid": "fe179b78-98ec-4806-ab04-542f3e0bdec9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595855", "to_ids": true, "type": "md5", "uuid": "fc6f3bac-a365-47cc-83aa-2a01aa10c49b", "value": "23e1e9ef46d293f30f93cb84013af29e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593226", "to_ids": true, "type": "sha1", "uuid": "ed9ba0c0-3048-4ff2-9b91-37a5d990c642", "value": "044be017af940fe80b2766cf73e6c7f4afb56cc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593226", "to_ids": true, "type": "sha256", "uuid": "31704a3c-96a0-4378-b49e-9f181ee46423", "value": "7f6bec5dd217151fcd03087a6e7ba1070f0fa603801fb128a4097076c9976d36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592410", "to_ids": true, "type": "ssdeep", "uuid": "988c5165-bab2-4230-93db-f1343185ffd6", "value": "49152:uKb0e7jQHs6t8O83WS/NXgHQTXdJbSCr2N8+fvOmRLYIvyVj/gDl24MCKVK1KseD:uKwYsv3fWmhz84FQmuOvBhdhuTHEC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592410", "to_ids": false, "type": "size-in-bytes", "uuid": "20b1c950-f37a-4189-a671-0bc933ed5eb1", "value": "8676864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592410", "to_ids": true, "type": "vhash", "uuid": "54eb474a-cc00-46fd-a941-825d831b1fc7", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592410", "to_ids": true, "type": "filename", "uuid": "a5c40735-e16f-4129-9c27-84647d096e46", "value": "evvwlc.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592410", "to_ids": false, "type": "text", "uuid": "9fe9ba35-0635-4d2e-ad4e-1f36f2ef070f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:41/71\nFirst Submission:2026-04-30T13:37:52.000000+00:00\nLast Submission:2026-04-30T13:37:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595876", "uuid": "a08ddc2f-9b63-4a87-be0c-fa1ba5aca6fd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595876", "to_ids": true, "type": "md5", "uuid": "409a3413-51b2-448b-8539-e5ed942af531", "value": "f9cdf5804f9863734b95c69311758655", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593228", "to_ids": true, "type": "sha1", "uuid": "000c1c62-fe42-4480-bab7-328fbcc010b3", "value": "e1b488d1c8fa81c16d15bc97ba2e5d6ce9565cfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593228", "to_ids": true, "type": "sha256", "uuid": "48fed10a-5f2d-410a-a10f-73e15be3c9ba", "value": "8363ff6bddfaf247318308f215ad53f3c77f218d4a6562b537aeaf7e9135d10f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592431", "to_ids": true, "type": "ssdeep", "uuid": "e962bb39-6670-4a61-94be-69cf9331f2c0", "value": "49152:KJi03iwH0cubQtI7zadrEuvZHGLdXnnkCaSjUlMlQo2dFIUsjGrDlC4M6KVK1Ksh:KJi0SOtCDAA1kG4/wU8cuOvBhdhuTtE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592431", "to_ids": false, "type": "size-in-bytes", "uuid": "a8c61f50-ecf1-4345-90aa-36f0351e5683", "value": "8689152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592431", "to_ids": true, "type": "vhash", "uuid": "df0c1707-a3b0-4673-97a7-66e27680c6b1", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592431", "to_ids": true, "type": "filename", "uuid": "08e479e4-68c6-431f-a9f5-e86f9b83b9d1", "value": "v95plfy.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592431", "to_ids": false, "type": "text", "uuid": "743d41fb-56c9-49b2-9652-b55655cc8e33", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:47/71\nFirst Submission:2026-05-06T12:42:25.000000+00:00\nLast Submission:2026-05-06T12:42:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595897", "uuid": "7dd92a93-d420-473e-9a19-76abf472fc2c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595897", "to_ids": true, "type": "md5", "uuid": "fa5ddb1c-42cf-4646-973c-74dfc99901f0", "value": "8db3ab412d8e7344796e3b6f1bf4f0ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593229", "to_ids": true, "type": "sha1", "uuid": "0e328928-307d-4068-ab1a-9cf6b0de5c0f", "value": "2314cb76c89bdfb21f59ba24dd2ca23ccb4a373a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593229", "to_ids": true, "type": "sha256", "uuid": "3dbc0666-1beb-4933-ac28-1c56ee1eafcc", "value": "8f5f4408998bbfc6987d9cb39216071c57c7b087f2867a504e83414ee5cfcd08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592453", "to_ids": true, "type": "ssdeep", "uuid": "7959b692-a827-4008-aa91-870fac603ca7", "value": "49152:hVsvy1t2rlfy7j99zqccOEg8a+9YRnaxGtZAPImFsNiKdCHLPQmB+s0hZ1ImAd:hVi9CXzqccObh+xRt3m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592453", "to_ids": false, "type": "size-in-bytes", "uuid": "97d02f60-9b76-4b8d-8323-22ed954a24f0", "value": "5487104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592453", "to_ids": true, "type": "vhash", "uuid": "6cd04b2d-ea40-4d21-9457-7cbe00038040", "value": "056066655d6d55641az27!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592453", "to_ids": true, "type": "filename", "uuid": "a5757201-8cd6-4df9-a2dd-019acbfe2d4c", "value": "1z2olbu5.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592453", "to_ids": false, "type": "text", "uuid": "e360f94c-f26c-45a5-a2b6-0cbae7b531f2", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:41/71\nFirst Submission:2025-09-30T05:40:51.000000+00:00\nLast Submission:2025-09-30T18:11:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595918", "uuid": "b5425030-dc27-4992-ad54-7f0c2a8994c0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595918", "to_ids": true, "type": "md5", "uuid": "9ef70cc7-2f8b-45c5-9725-34168c355a64", "value": "9627cb8c465d9d2c9484322ae2c3bef2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593230", "to_ids": true, "type": "sha1", "uuid": "9657ee18-0a78-4b2e-b00a-736b6d867c2a", "value": "55b2c7a9a7dfae4a4d2355d058035e0da8c0d9a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593231", "to_ids": true, "type": "sha256", "uuid": "aef30952-9121-4d0f-9bae-f2d0dcdae31a", "value": "905ae6ac24225db221da346a1695e443ba4c57ea1c9066e8bac3e5fcb4156fc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592475", "to_ids": true, "type": "ssdeep", "uuid": "8f44335a-2b40-4bf7-b0ae-1c6e24d990ba", "value": "98304:SVYzV4bppq9HYcOgu4ynqPu6vBhFhuTbE:S4wclOK/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592475", "to_ids": false, "type": "size-in-bytes", "uuid": "1873fe16-6d71-4e25-9f48-728c8a57e5b3", "value": "8180224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592475", "to_ids": true, "type": "vhash", "uuid": "b8f2369b-7aa9-4bac-8572-4b6fe4da97c2", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592475", "to_ids": true, "type": "filename", "uuid": "cb0e02f4-2683-4c46-b6e2-e6756cd011b5", "value": "4fi8jh13k.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592475", "to_ids": false, "type": "text", "uuid": "786047e1-ca3d-4a45-8ee8-045c6fcec9ae", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:48/71\nFirst Submission:2026-04-14T09:17:35.000000+00:00\nLast Submission:2026-04-14T09:17:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595940", "uuid": "7df962e1-6ebe-43e0-b460-c79110337a9c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595940", "to_ids": true, "type": "md5", "uuid": "558be733-8784-48fb-ad7e-df09200878a4", "value": "d2e7809f5ebc53407e2f2b9d72df8f6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593232", "to_ids": true, "type": "sha1", "uuid": "c211ac06-fbea-4de1-bc15-4aaeadb15974", "value": "dc911c9b1d8a64459dcc33a897efb0d9ed1a7e31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593232", "to_ids": true, "type": "sha256", "uuid": "2dd185c0-fb5c-49c1-97ac-e459c0136f10", "value": "921e41190fed3437ca7a0d53e7590ccb0f1ab5d667532778fbda5664c657d712", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592497", "to_ids": true, "type": "ssdeep", "uuid": "a613f28b-fb33-4ca0-a203-1a8dd10daa08", "value": "49152:TXi9N8xZ0moGs8d/Hyi+jNU5MFKA6NENlxMYMR1goXuWaeBsMt3/dlyOKLV7bYiB:Z0zGejNl6NMMKoXuEsV7bdIE1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592497", "to_ids": false, "type": "size-in-bytes", "uuid": "8962d226-a2c7-4c5a-b04a-65c3ded27be0", "value": "8257715" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592497", "to_ids": true, "type": "vhash", "uuid": "40fec794-2eac-4c51-905e-5fe980abe805", "value": "7122abdfe63b0793e890fe8dc8a4f968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592497", "to_ids": true, "type": "filename", "uuid": "a408056b-0f07-4b5e-b8d1-974b343bdf1c", "value": "921e41190fed3437ca7a0d53e7590ccb0f1ab5d667532778fbda5664c657d712.elf" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592497", "to_ids": false, "type": "text", "uuid": "f130df8e-09de-4cb6-8342-cbcd43996588", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:27/63\nFirst Submission:2025-10-11T02:46:39.000000+00:00\nLast Submission:2025-10-11T02:46:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595961", "uuid": "b6c7f63d-4d1d-42ea-bdfe-c5e0366e77d4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595961", "to_ids": true, "type": "md5", "uuid": "40775c5f-713d-451b-925c-bd9d8cb173f6", "value": "1063aab56fc5d9ebbff3d812590242ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593233", "to_ids": true, "type": "sha1", "uuid": "fed11a82-0f82-4c20-ac77-2a78fab8fc19", "value": "c4889feab62039c3804d796e5492d55864a1d51e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593233", "to_ids": true, "type": "sha256", "uuid": "e3fb4443-fa64-436a-a668-821e73d35209", "value": "943f952652fbc16923c0519449feeee11698304dac51268d4e6065146dcad69e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592519", "to_ids": true, "type": "ssdeep", "uuid": "e2f5f80b-f0ed-488d-b349-7ed6a311c777", "value": "1572864:zPNro/mgRwhuscmIR4kREHZZfJtRhSpUW/sqV5JxBzASjTY3BvJWDpz8Qgve:zZ2uqLuRgd8QYe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592519", "to_ids": false, "type": "size-in-bytes", "uuid": "6bee4f3d-da54-4cbd-815f-fbc22c432c74", "value": "553431202" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592519", "to_ids": true, "type": "vhash", "uuid": "9f45e942-c808-4adf-a24b-f1c0c2230cd8", "value": "77ac44bddf4050b946718bc38ad0cf3e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592519", "to_ids": true, "type": "filename", "uuid": "c83afb3f-8a84-49bd-8f4b-4d3fd07b2205", "value": "Rshell_linux_amd64.bin" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592519", "to_ids": false, "type": "text", "uuid": "863ade3b-154f-47d2-9ee4-3a052e546e88", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:10/64\nFirst Submission:2026-03-22T11:14:32.000000+00:00\nLast Submission:2026-03-22T11:14:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779595982", "uuid": "48ed4d47-1ce3-4841-86c2-73138057c06f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779595982", "to_ids": true, "type": "md5", "uuid": "737b89d9-6424-4a4b-934d-683e66dec528", "value": "e19b590c35900208c869f9713c9fa815", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593235", "to_ids": true, "type": "sha1", "uuid": "dea49ef0-cb42-47e4-83cf-b4decaa539f3", "value": "1816832e5f6510d9b46ce30c0b2734df322876fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593235", "to_ids": true, "type": "sha256", "uuid": "37cfab0f-3cfd-430d-b931-e316c6cbbf78", "value": "94f67819c0f7e200abf4b39fad2fd6fef227da15d939f21a657d1717ca2b3014", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592541", "to_ids": true, "type": "ssdeep", "uuid": "9d4e549f-0197-4f85-b57c-7e64faadadab", "value": "49152:c2ZbmC2EdYR8eY0a1WHq5UowMMfGtsh8bRFIm8YdBzIWQ4el9azfD4/9rnryn3wb:vZbCY+FgUKMfGtsW9FUlo5PD+HObEb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592541", "to_ids": false, "type": "size-in-bytes", "uuid": "4d5bc3a6-2bf7-4371-80d9-c673e55c0c48", "value": "7340180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592541", "to_ids": true, "type": "vhash", "uuid": "ba6cedbb-bcdc-4cac-bb46-5dbd2b241892", "value": "0b0dc9923b9e66bc58ad2c7760cce6e6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592541", "to_ids": true, "type": "filename", "uuid": "4601a5a1-6c9b-40bc-a448-9458c709fad1", "value": "ibkf0o.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592541", "to_ids": false, "type": "text", "uuid": "7ee41d66-135b-4b31-86bc-7de349672bce", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:18/64\nFirst Submission:2025-10-11T02:08:10.000000+00:00\nLast Submission:2025-10-11T02:08:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596003", "uuid": "f0ac689f-1a70-4526-aff3-d57e94e52168", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596003", "to_ids": true, "type": "md5", "uuid": "8e024377-130c-475c-8855-c8b00b828038", "value": "bb1edf39bcb368aef98ff562eb2b0c95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593235", "to_ids": true, "type": "sha1", "uuid": "08bfe260-41bf-495e-862c-bdae542f54d0", "value": "d9c5e392a8ddf76bf21fc87c0ca7d9286fbbc044", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593235", "to_ids": true, "type": "sha256", "uuid": "e6f12e96-6f44-4e1a-9468-70470d12279c", "value": "976f890ab0ee8aac613da2458d0069f00d0ebabc76f1fceb63e05b2113f6a449", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592563", "to_ids": true, "type": "ssdeep", "uuid": "95507ba9-1b4c-4379-b9d7-7a9e35e05931", "value": "49152:Je0IZs8e04GBau73TeR3k/1zpMD+eBF3UFnK0ZnTsfhH3HE8cWXyvCXtvOKFY7Dh:43ir3/0ZTsHE97DsbNRnnE1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592563", "to_ids": false, "type": "size-in-bytes", "uuid": "8acb9d4e-9b13-4573-b058-d829429ca72c", "value": "8257715" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592563", "to_ids": true, "type": "vhash", "uuid": "4732b18b-7279-4dc6-890a-158fa8610d35", "value": "c29ce0952a3090bbcada22b82b679436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592563", "to_ids": true, "type": "filename", "uuid": "86215dab-5668-4827-9b78-568139e984ad", "value": "z803j5rl.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592563", "to_ids": false, "type": "text", "uuid": "6c470f0c-0221-4c4f-9876-5e2df85cd0fc", "value": "Type Description: ELF\nMicrosoft: Adware:Linux/Multiverze!rfn\nVT Total Detection:29/64\nFirst Submission:2025-10-11T02:48:50.000000+00:00\nLast Submission:2025-10-11T02:48:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596024", "uuid": "056df8c9-a829-4914-a630-046839008bd6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596024", "to_ids": true, "type": "md5", "uuid": "7601c0d1-2102-4a98-a9d2-b9fccbb43d95", "value": "cf1764399e7d4f7b971268fbb651d05e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593237", "to_ids": true, "type": "sha1", "uuid": "578a0927-67f5-4dc4-b65c-85be2405377f", "value": "91e70c2298340e605cd4897c90c0cd5e9eae6415", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593237", "to_ids": true, "type": "sha256", "uuid": "131d01f3-70f5-4472-81fa-8bc1eacfbf2e", "value": "aaf49281b2f65390adc2e763af37fc4e3fe03b94af550927fc91141e0d6347db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592585", "to_ids": true, "type": "ssdeep", "uuid": "d394aa60-b26e-4e62-9f05-25b5d6525bc7", "value": "49152:WLfFmFdYsimZ9WQnjcDv+b4TUdzv7ehH3o9W7zIDVWHH+kX576N9cL2F4j606QDo:WLtm3xWLXaCrEaZktuOvBhdhuTgE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592585", "to_ids": false, "type": "size-in-bytes", "uuid": "9380c025-2b76-479f-a635-25f9a9aea7cb", "value": "8263680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592585", "to_ids": true, "type": "vhash", "uuid": "e5a4b46e-113d-48e6-916d-ae990c1d6c33", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592585", "to_ids": true, "type": "filename", "uuid": "d0364b3c-df73-42aa-9ddd-b1cfb986a3d9", "value": "7mrhmn.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592585", "to_ids": false, "type": "text", "uuid": "a2871b5b-d205-4ca1-a5a1-96eae6f4be09", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:46/71\nFirst Submission:2026-04-24T06:40:58.000000+00:00\nLast Submission:2026-04-24T06:40:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596046", "uuid": "0c4ba946-59d8-4074-99ba-b5f35ddef9e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596046", "to_ids": true, "type": "md5", "uuid": "d34d5d7c-623b-40bd-8651-ef7762b87d37", "value": "dfabfaeb7397037523ab4a41e16d4641", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593238", "to_ids": true, "type": "sha1", "uuid": "ff1ecbd8-0451-4e61-bc97-db5b7d4770ac", "value": "e7fe455e002e98b67d521a5075f59078dffb1e14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593239", "to_ids": true, "type": "sha256", "uuid": "fddd82ab-3698-4b14-8008-df699e57ee54", "value": "b5e0866368873b4c5eacc6df01114fc749cc32f507e9324bc6d763999371777d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592606", "to_ids": true, "type": "ssdeep", "uuid": "0189f028-b8e5-4d36-8535-d3f29c219991", "value": "49152:BVprFUD3fWrb/T4vO90d7HjmAFd4A64nsfJBOfS5UZPpUCAXR9+ct3blDy8RUM8i:u3f+UZ6DyYO9EnRp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592606", "to_ids": false, "type": "size-in-bytes", "uuid": "c2fb88f2-eea8-4325-8325-9b4160858928", "value": "5980160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592606", "to_ids": true, "type": "vhash", "uuid": "95b5a9e9-d0c2-4333-bb39-c1c240998ed5", "value": "056066655d5d15541az28!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592606", "to_ids": true, "type": "filename", "uuid": "290c6c86-cda6-4af7-aaa3-86dae914ad81", "value": "9nr2o.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 23/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592606", "to_ids": false, "type": "text", "uuid": "f1a0aa03-4491-4ca3-a89d-d9d7b7f845e7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:51/71\nFirst Submission:2025-11-08T12:17:01.000000+00:00\nLast Submission:2025-11-10T03:31:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596067", "uuid": "35f40a01-6c68-455b-bb57-0ec2e71187ac", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596067", "to_ids": true, "type": "md5", "uuid": "fdbe7f58-b0ac-48a4-b958-b0467f03a345", "value": "a8f74cc84c3ab09b7825c852f1d5c3d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593240", "to_ids": true, "type": "sha1", "uuid": "3fdcd3d7-bc54-47a1-9fa4-f2baeb8177fa", "value": "c8783c550b497394e0b93dd5e69dd67a55906ea0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593240", "to_ids": true, "type": "sha256", "uuid": "2dfa164e-def1-4101-bccd-1e99c8d84a6f", "value": "b77c8531ee45ffdfd63ef19aa1f1ae8b603b274f6951f7d8f4e725130bfca06d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592628", "to_ids": true, "type": "ssdeep", "uuid": "59f8d132-1e3c-4074-9778-9fbad0c399be", "value": "98304:xLRQuHGsesgMLZ4wIoWMXdK8uOvBhdhuTZE:5iuLZCY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592628", "to_ids": false, "type": "size-in-bytes", "uuid": "42fb11ed-3eab-43cc-967a-aeea34152d9c", "value": "8682496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592628", "to_ids": true, "type": "vhash", "uuid": "2247a518-6a93-4a06-8b1b-4c26fef3dda6", "value": "086086655d15551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592628", "to_ids": true, "type": "filename", "uuid": "3b9c8d79-2350-43b7-9a7f-104e7287a3af", "value": "kbxtkn.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592628", "to_ids": false, "type": "text", "uuid": "1ea02b4f-0750-420d-b8b4-d321f602a5c1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:45/71\nFirst Submission:2026-05-04T05:26:38.000000+00:00\nLast Submission:2026-05-04T05:26:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596088", "uuid": "f186ea2f-10b8-47b9-b8dc-ad29625e0ca4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596088", "to_ids": true, "type": "md5", "uuid": "fdbc6e04-f23d-45ec-943b-a64ba739933f", "value": "6e2a8aa3d80a8ccb3442ee198a0ba742", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593241", "to_ids": true, "type": "sha1", "uuid": "779724b3-4b35-442c-b58b-a9046304dfe9", "value": "b64afddeb487ca954688ec5972932b997a483c10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593241", "to_ids": true, "type": "sha256", "uuid": "d482e0d8-89fe-48ee-a20f-22e67722f109", "value": "b7a5192a90c14a9a36e5a3565fed46becffa88dbc719e8ee396a0c9d46f5dde4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592650", "to_ids": true, "type": "ssdeep", "uuid": "4835e4a5-b23d-460c-9fd3-c86b83a7fc48", "value": "98304:adkL10uCRnNSoOLaHAh+hRzzpuOvBhdhuTCE:6KlMghGW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592650", "to_ids": false, "type": "size-in-bytes", "uuid": "d53b8d9d-cb35-436c-99f1-8c1be9f9171b", "value": "7953920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592650", "to_ids": true, "type": "vhash", "uuid": "421151b2-ea3a-43c7-937e-a4e60a44670c", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592650", "to_ids": true, "type": "filename", "uuid": "bbd1f3f0-806d-4c04-8969-ff8eefc91066", "value": "azqxdh77b.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592650", "to_ids": false, "type": "text", "uuid": "26913878-35e4-477f-bb63-04819d8578c4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-30T12:10:44.000000+00:00\nLast Submission:2026-04-30T12:10:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596109", "uuid": "fa25c122-eba3-4e47-a8fa-906883128c91", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596109", "to_ids": true, "type": "md5", "uuid": "26ee93cd-10ea-47ad-b3ef-c84cdd660b5b", "value": "82189de72de1bfd92e980a98d54b0baa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593243", "to_ids": true, "type": "sha1", "uuid": "6e4a7e14-772b-4ecb-a0c1-675797de9fe3", "value": "c0b1722c8f358c73ee7c96a4377f1a0b79a06cc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593243", "to_ids": true, "type": "sha256", "uuid": "bfdea0c4-548e-4c20-88b1-191f0552851c", "value": "c3ecb90c9915daa23aec51f93ff8665778866f0592b2413578c8ba9708df6091", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592672", "to_ids": true, "type": "ssdeep", "uuid": "f282289a-8479-45a8-b088-1c6174389224", "value": "49152:oVKiWFZWaBuI3zrSgCukKM3cLELnO/+Nid0jnDDX4XkcopzkQ01jUq1UxrC2jmxK:oVKHZwCshVkgh2ZqH/uOvBhdhuTUE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592672", "to_ids": false, "type": "size-in-bytes", "uuid": "3e9302f6-8150-4562-af22-0633aacab18e", "value": "7970304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592672", "to_ids": true, "type": "vhash", "uuid": "bbd3189c-1581-4354-ae26-6db9fd205487", "value": "076086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592672", "to_ids": true, "type": "filename", "uuid": "2121a0f4-6051-42c7-a727-e271d05f6ce9", "value": "6aohlqc62.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592672", "to_ids": false, "type": "text", "uuid": "04f47d32-e482-4c84-b0e5-70cd53b922c9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-28T13:01:17.000000+00:00\nLast Submission:2026-04-28T13:01:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596130", "uuid": "c6688be7-39b8-43a1-ae3e-fa9677a00a67", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596130", "to_ids": true, "type": "md5", "uuid": "93e66e87-6d21-4b48-bf8c-5b0ca2949170", "value": "6939125a25afee415dad82f09efd7bb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593243", "to_ids": true, "type": "sha1", "uuid": "f8ae845d-d561-42ad-8d4b-920a6aad35e7", "value": "8d34b31044314551ad46d063df19102c9727c1e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593244", "to_ids": true, "type": "sha256", "uuid": "4a694c6a-1c93-4787-b530-4d6048c3c81d", "value": "d252aeabbf4cd9f336e83d1fa0042fcc2f74f45d4b8cbe2a8bfe790d4db0580d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592694", "to_ids": true, "type": "ssdeep", "uuid": "0b662902-a499-4e51-9ecc-7ffb7dd9fb70", "value": "98304:8DXhYftdMz3m5JWd4OCsR5luOvBhdhuTpE:2RcydYeP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592694", "to_ids": false, "type": "size-in-bytes", "uuid": "694bc19d-abd4-43b2-b913-a6f549aa266a", "value": "8383488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592694", "to_ids": true, "type": "vhash", "uuid": "7327f85e-8dac-4f4b-9fff-f040f78e99fe", "value": "086086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592694", "to_ids": true, "type": "filename", "uuid": "2fdf47a6-2dc6-40fa-99a5-606661e5b389", "value": "7fonh.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592694", "to_ids": false, "type": "text", "uuid": "9c07b282-0d85-463f-bf7f-eb71793c07c8", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:44/71\nFirst Submission:2026-05-04T18:15:09.000000+00:00\nLast Submission:2026-05-04T18:15:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596152", "uuid": "fb78f30f-38dd-4c4a-be95-3209ed4d9228", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596152", "to_ids": true, "type": "md5", "uuid": "cd5d5c50-38ae-493a-9326-54c197b84bfa", "value": "6300da73377136c5a957654c2780a9ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593245", "to_ids": true, "type": "sha1", "uuid": "2602f5d0-3e7c-4e3c-a4ff-cbab18ee4772", "value": "9eec031265f6e4ebf67096e3a895b50e5d7b1b5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593245", "to_ids": true, "type": "sha256", "uuid": "1a3d083c-32ab-46f8-8c7b-282facc9a57b", "value": "df5f74e1e0e5b0a0748de2efd86358293b4d368d171a926af6f14880d55adb57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592715", "to_ids": true, "type": "ssdeep", "uuid": "5a14ef80-7483-44c6-a640-f5c0f97360f2", "value": "98304:cuf37oaLYnzSFV4rG7MuOvBhdhuTLEwg:fvESFV6wg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592715", "to_ids": false, "type": "size-in-bytes", "uuid": "2bf76f4d-a5c2-4305-b3a6-a31e36de181f", "value": "8344064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592715", "to_ids": true, "type": "vhash", "uuid": "0a03f098-5891-43fb-be19-3dd45c4e19bc", "value": "086086655d55551d15541az3-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592715", "to_ids": true, "type": "filename", "uuid": "fa812ce1-8a36-4980-9c46-12f695b895de", "value": "0ep0ro.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 22/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592715", "to_ids": false, "type": "text", "uuid": "299b7d71-49c4-410d-8a71-ba91dde8cce6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/71\nFirst Submission:2026-04-29T12:50:46.000000+00:00\nLast Submission:2026-04-29T12:50:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779596173", "uuid": "6259e70a-678a-458e-ab74-5b0b86bea956", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779596173", "to_ids": true, "type": "md5", "uuid": "65abcd2f-492d-4a30-a0b5-37727e2979eb", "value": "dda1afd7e5974bca02ed3c7dc9f42cd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779593246", "to_ids": true, "type": "sha1", "uuid": "6afc86b2-ccac-4f7f-951d-2ae555dcd2ab", "value": "792379a10a20bef51d61911016b36f8d31ba4881", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779593246", "to_ids": true, "type": "sha256", "uuid": "4dc89079-acea-44a7-b596-00e2961a6a37", "value": "fdb5eca8f00e1802f3c9c0ca79f93a8419353f4ef2a0606bec39c4497da91035", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1779592737", "to_ids": true, "type": "ssdeep", "uuid": "b57c7282-d49a-48ff-ad6d-9dd95a6ca1e0", "value": "49152:AUch5hPu+B/T5HWeQ2Rk6r9ZAEhoweMi61AAE6fY4uLcBRHHR5E+:E79d5HW5AhBRnnE+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1779592737", "to_ids": false, "type": "size-in-bytes", "uuid": "6c676bdb-bc92-439f-bbf8-92359d10ac7e", "value": "8257684" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1779592737", "to_ids": true, "type": "vhash", "uuid": "88317bf8-3cb5-4c1f-8e7e-cdaf9b400be2", "value": "7aa16eb69f044f66350fd13c254ec3a5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1779592737", "to_ids": true, "type": "filename", "uuid": "63b3eac9-660b-4108-9f65-14c7b3d46627", "value": "r5am41l.exe" }, { "category": "Other", "comment": "Checked: 24/05/2026\nLast-scan\t: 20/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1779592737", "to_ids": false, "type": "text", "uuid": "92717fcd-8a8f-4be8-a793-d93a54077426", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Multiverze!rfn\nVT Total Detection:29/64\nFirst Submission:2025-10-11T02:02:35.000000+00:00\nLast Submission:2025-10-11T02:02:35.000000+00:00" } ] } ] } }