{ "Event": { "analysis": "1", "date": "2026-04-16", "extends_uuid": "", "info": "[Threat Intel] Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain", "protected": false, "publish_timestamp": "1776767205", "published": true, "threat_level_id": "3", "timestamp": "1776767205", "uuid": "2a0d8200-6a33-4182-8423-de845a8cbc0d", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#77a4ec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Collection - T1114\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#2c1d2e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"", "relationship_type": "" }, { "colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asynchronous Procedure Call - T1055.004\"", "relationship_type": "" }, { "colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Activity Based Checks - T1497.002\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#e43954", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Transfer Size Limits - T1030\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1518.001\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776423619", "to_ids": false, "type": "link", "uuid": "21b9b595-6ed2-4b6c-849d-47aaca751fcd", "value": "https://www.cyderes.com/howler-cell/direct-sys-loader-cgrabber-stealer-five-stage-malware-chain", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776423619", "to_ids": false, "type": "text", "uuid": "f58deae2-aeee-4657-851c-f792b3dc53f1", "value": "A sophisticated five-stage malware operation delivers two new malware families: Direct-Sys Loader and CGrabber Stealer. The attack begins with ZIP archives distributed via GitHub user attachment URLs, exploiting a legitimate Microsoft-signed binary (Launcher_x64.exe) for DLL sideloading. Direct-Sys Loader employs ChaCha20 encryption, direct syscall execution, and multiple anti-analysis checks including text file verification, enumeration of 67 analysis tool processes, and hypervisor detection. CGrabber Stealer collects extensive system metadata, browser credentials, cryptocurrency wallets, password managers, VPN configurations, and application artifacts from over 150 applications and extensions. The stealer excludes CIS region systems and uses ChaCha20 encryption with HMAC SHA256 authentication for data exfiltration via custom HTTP headers. Both families share identical cryptographic implementations, suggesting common development origin and representing operationally mature infrastructure designed for larg..." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776423619", "to_ids": false, "type": "text", "uuid": "b52ca83e-ce56-40c4-88f6-3f11c55dfdd3", "value": "Name: Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain\nAuthor: AlienVault\nAdversary: \nTags: [\"information stealer\", \"cryptocurrency theft\", \"syscall\", \"direct-sys loader\", \"cgrabber stealer\", \"anti-analysis\", \"dll sideloading\", \"github distribution\"]\nTgtd countries: []\nMlwr families: [\"Direct-Sys Loader\", \"CGrabber Stealer\"]\nAttack_ids: [\"T1114\", \"T1204.002\", \"T1497.001\", \"T1119\", \"T1082\", \"T1106\", \"T1005\", \"T1555\", \"T1055.004\", \"T1552.001\", \"T1057\", \"T1497.002\", \"T1041\", \"T1562.001\", \"T1027\", \"T1012\", \"T1030\", \"T1518.001\", \"T1071.001\"]\nIndustries: []" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694339", "to_ids": true, "type": "domain", "uuid": "23d74cf6-02be-48d9-a924-57c0cd77af76", "value": "sinixproduction.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694362", "to_ids": true, "type": "domain", "uuid": "9da28422-ea44-4b8a-acff-7bb85752f0b6", "value": "evasivestars.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694383", "to_ids": true, "type": "domain", "uuid": "c3f0049f-0367-491a-9da0-962dc034617c", "value": "attackzombie.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694404", "to_ids": true, "type": "domain", "uuid": "2230c7ad-9f93-4e4c-9318-3d921cb57fa6", "value": "gogenbydet.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694425", "to_ids": true, "type": "domain", "uuid": "e266857b-a2c0-4d1d-8826-e5b3965fbc9c", "value": "playbergs.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694446", "to_ids": true, "type": "domain", "uuid": "2ff63ab9-40e8-4294-89a7-c507857aacf9", "value": "startbuldingship.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694467", "to_ids": true, "type": "domain", "uuid": "08dd65a6-bb93-42ff-8961-1dc54728d3f8", "value": "technologytorg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776692131", "to_ids": true, "type": "sha256", "uuid": "b8a1034f-2121-4cd5-b3f9-8ad491f799f1", "value": "cbdcd2ae13258d7681b84a0066a59785eff2ec1ab5943a3a031584d9fe1946b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776692131", "to_ids": true, "type": "sha256", "uuid": "d30def21-d593-4579-aa55-367370ddb91a", "value": "6a7e947d6d672c27261f75d8cfa52cea8234e43b2ec72d9dd066d2b8e0429fa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694489", "to_ids": true, "type": "url", "uuid": "9f4f85e6-78c0-4471-8e4d-1760b4db99f7", "value": "http://technologytorg.com/api/auth", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694510", "to_ids": true, "type": "url", "uuid": "591f7bce-46f2-45a0-a85d-5d9af946f68c", "value": "http://technologytorg.com/api/upload/chunk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694531", "to_ids": true, "type": "url", "uuid": "4386335c-b3aa-4472-93dc-05a8d01883bc", "value": "http://technologytorg.com/api/upload/complete", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694552", "to_ids": true, "type": "url", "uuid": "199a2f5c-5f0c-4eb8-b2f8-c91f6ab10cdc", "value": "http://technologytorg.com/api/upload/start", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776692132", "to_ids": true, "type": "sha1", "uuid": "165a2a0b-2b18-4d05-b871-4572651e143f", "value": "c686657afbb6c86e97e1a546cb3a5035b9770f3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694573", "to_ids": true, "type": "url", "uuid": "ea1f06c3-485d-433a-bfee-00648907f160", "value": "technologytorg.com/api/auth", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694594", "to_ids": true, "type": "url", "uuid": "51b02a13-dda4-4e45-8bf7-62c7e16cf230", "value": "technologytorg.com/api/upload/start", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694615", "to_ids": true, "type": "url", "uuid": "5ade57e3-d130-4035-a51e-50205ebb2837", "value": "technologytorg.com/api/upload/chunk", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776694636", "to_ids": true, "type": "url", "uuid": "5983625c-f789-4b41-940c-ee5ab7eef93f", "value": "technologytorg.com/api/upload/complete", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1776688390", "uuid": "63bf6c74-6a8b-4ef4-82da-05dfee8d0202", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1776688390", "to_ids": false, "type": "text", "uuid": "208d9ddd-4fd5-47e9-b7a3-095839353855", "value": "CGrabberStealer" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1776688390", "to_ids": false, "type": "comment", "uuid": "e2681846-37ad-411b-a9f3-e5da35f33b85", "value": "Detects unpacked CGrabber Stealer" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1776688390", "to_ids": true, "type": "yara", "uuid": "980783a0-3167-4861-b2ab-9697bc85361f", "value": "rule CGrabberStealer {\r\n\tmeta:\r\n\t\tauthor = \"Cyderes Howler Cell\"\r\n\t\tdescription = \"Detects unpacked CGrabber Stealer\"\r\n\t\tdate = \"30-March-2026\"\r\n\t \r\n\tstrings:\r\n\t\t$mutex = \"CGrabber_Instance_\" ascii nocase\r\n\t\t$banner = \"Build: grabber\" ascii nocase\r\n\t\t$httpheader1 = \"X-Upload-Id\" ascii nocase\r\n\t\t$httpheader2 = \"X-Offset\" ascii nocase\r\n\t\t$httpheader3 = \"X-Auth-Token\" ascii nocase\r\n\t\t$httpheader4 = \"X-Session\" ascii nocase\r\n\t \r\n\tcondition:\r\n\t\t($mutex or (all of ($httpheader*) and $banner)) and filesize < 700KB\r\n}" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694657", "uuid": "5b4c23d2-bfff-4526-8dd7-d499f84aa0b8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694657", "to_ids": true, "type": "md5", "uuid": "544287a3-a642-43e9-9421-4d0841ebacd1", "value": "50fcf93b14a6898347d1ca2c43e1b180", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692046", "to_ids": true, "type": "sha1", "uuid": "ee47fae9-0504-4c4e-b86f-d75fe9d7e2d4", "value": "4279e7a6dca9aced5169ad271aeaf0d94cbede41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692046", "to_ids": true, "type": "sha256", "uuid": "f2967e2c-6d43-40b6-bd40-2cb6afe50874", "value": "3fc7e8f1e0845f1524e5a39ed191bfd8dba988fcd9549e07635509ccaabf5c6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689749", "to_ids": true, "type": "ssdeep", "uuid": "08453f4b-2260-4b19-a073-b19711896014", "value": "12288:VQPchJ1O6rZsGQqY6YIwqvYz0Q+m+9j2wA:VekJ1OfGQqY6YsYz0QJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689749", "to_ids": false, "type": "size-in-bytes", "uuid": "c05d8f61-c51a-4f46-b234-fbfa953e7e6a", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689749", "to_ids": true, "type": "vhash", "uuid": "c40d6ca0-0724-4405-b2df-b8895be1be11", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689749", "to_ids": true, "type": "filename", "uuid": "77dad5f6-3a2e-41be-905e-3c77ec77a36a", "value": "2026-02-18_50fcf93b14a6898347d1ca2c43e1b180_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689749", "to_ids": false, "type": "text", "uuid": "3266d35c-4d7d-4a88-a25a-417b4a4c4029", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-16T13:06:54.000000+00:00\nLast Submission:2026-02-18T10:19:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694678", "uuid": "293a82b2-db44-4124-bc3c-2cc276725b43", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694678", "to_ids": true, "type": "md5", "uuid": "7d556167-9969-467f-a043-c82dd9b00e7d", "value": "67f44f53e45f2f8a63eee2fa5a5fb35f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692047", "to_ids": true, "type": "sha1", "uuid": "d3544e26-2de6-4a4d-8a26-95b4251e401e", "value": "77cba77e317d537690008eec5d3e84ce5cae22e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692047", "to_ids": true, "type": "sha256", "uuid": "b40828a4-23bf-4a8e-ba89-632f296781c8", "value": "388301364a3b830a8d807eda1ba5052fd7bb78048fd4d29d7c6037857be8204b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689771", "to_ids": true, "type": "ssdeep", "uuid": "1f3521a8-21dd-48ff-b0ce-f11ee5fdc6eb", "value": "6144:b8cXEdJMVm/9+4CSKZhZ4Ts9lJB59jAx2uSSFzBvDEztY8ZsQYC4xgKT:dmF+4CSShKs9lx9jAzzBv4bZs72KT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689771", "to_ids": false, "type": "size-in-bytes", "uuid": "45c61c9e-737a-41d1-800b-07375fb2bc4b", "value": "484352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689771", "to_ids": true, "type": "vhash", "uuid": "b08cb629-2d95-47e2-b9cc-0ee777300956", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689771", "to_ids": true, "type": "filename", "uuid": "feeb694b-d587-4610-b169-db47fb766558", "value": "rnruki.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689771", "to_ids": false, "type": "text", "uuid": "2d62c3d5-fd27-40f3-8d44-2e40d0fe5f4e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-20T11:58:41.000000+00:00\nLast Submission:2026-01-20T11:58:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694699", "uuid": "ff254a98-90ff-450a-819d-d12e2aaf3adb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694699", "to_ids": true, "type": "md5", "uuid": "2e3b39ed-5a9f-4e2e-b749-ec5b77e8ff60", "value": "abb9dcd9ffea41c62420921598f6a341", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692048", "to_ids": true, "type": "sha1", "uuid": "1e021575-4edc-4777-a67a-ea0ac81a881e", "value": "e852fd6b3e95b4b557a24847205df1a5f34c0f57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692048", "to_ids": true, "type": "sha256", "uuid": "e95f5418-6d70-4e68-8e48-9f9184c501ef", "value": "e86164199b94e50318893a52c2449180e0a46d02a0954e6acc4299a2388f61fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689793", "to_ids": true, "type": "ssdeep", "uuid": "5d66720c-81af-4f3e-ab9e-27324510ddf7", "value": "6144:zLjCR3J0Nd+Du9enXdjbveOQ8+uN3kscZR+AxsQ6nzllu5s1YC4xtT:denNjbGOQ8+8ksvQ6z/u5su/T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689793", "to_ids": false, "type": "size-in-bytes", "uuid": "048da91f-e5c6-4b0b-9797-a7b02740b0c5", "value": "654336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689793", "to_ids": true, "type": "vhash", "uuid": "f86f16a1-c698-433e-8c64-4043cc23c765", "value": "0650a66d1565551c055d0123z206004e52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689793", "to_ids": true, "type": "filename", "uuid": "3538bf84-f331-40dd-a0f9-b1085fc02b65", "value": "2026-02-04_abb9dcd9ffea41c62420921598f6a341_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689793", "to_ids": false, "type": "text", "uuid": "21644bf5-8088-4358-9424-792994d347d4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:49/72\nFirst Submission:2026-02-02T09:25:50.000000+00:00\nLast Submission:2026-02-04T11:07:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694720", "uuid": "947471cf-1c84-4605-83b5-d0273306715e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694720", "to_ids": true, "type": "md5", "uuid": "6d84caf3-3863-4775-9ea7-9c4fd8b927d0", "value": "ba5137cfb8376ad8013ec5d4d8f96207", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692049", "to_ids": true, "type": "sha1", "uuid": "e4fda251-6e0b-4db0-8a9d-60424a183721", "value": "4322bdcd872c8018ade051825f43e3445b49b509", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692049", "to_ids": true, "type": "sha256", "uuid": "97fd9333-5242-4349-81b9-423ad6786d44", "value": "cf0da23c1b3c24ac80cd0eb2b3d6ad3994ebb347174f0917931c26a7a0b65b41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689815", "to_ids": true, "type": "ssdeep", "uuid": "e4dc8261-7568-4cc1-a3e6-803c5c59b2e3", "value": "6144:kSWK/Vfaa1XX0fso5VKmxHsSi/4vknd/+IUSnGzad8HZTUx3Z5sHYC4xBYT:9ufso3KmJsSiEknS/zad8O3Z5s4fYT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689815", "to_ids": false, "type": "size-in-bytes", "uuid": "19be889d-c647-482e-9311-f3f7d0763467", "value": "653824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689815", "to_ids": true, "type": "vhash", "uuid": "f3c62c22-f23e-4f68-84e3-b218c89dd86d", "value": "0650a66d1565551c055d0123z206004e52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689815", "to_ids": true, "type": "filename", "uuid": "51cdb14c-4c2a-42d5-993d-281aa6ad0cdd", "value": "2026-02-01_ba5137cfb8376ad8013ec5d4d8f96207_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689815", "to_ids": false, "type": "text", "uuid": "ff627efd-dd01-4fd1-bd66-75ccce42d531", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:54/72\nFirst Submission:2026-01-30T11:06:58.000000+00:00\nLast Submission:2026-02-01T11:51:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694742", "uuid": "8c6242e3-5e9a-4432-94ea-5eaac9b92758", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694742", "to_ids": true, "type": "md5", "uuid": "748c41a3-fb8b-454a-825e-d76b5bbe0048", "value": "85b86e178db952be0794738c38c13e57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692050", "to_ids": true, "type": "sha1", "uuid": "9b95ea26-3317-4b20-b22c-7431c4e11fea", "value": "20233a87174857843dcc98c54d44583aefb9dd4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692050", "to_ids": true, "type": "sha256", "uuid": "be79b0e4-f151-4734-a20a-87a0d323cdd6", "value": "0184983d2230ffb21b0e728927fe73cf24bff65e32fbd751f258db1c1b17be7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689837", "to_ids": true, "type": "ssdeep", "uuid": "e23d3231-2821-41cd-b166-2505377ef699", "value": "12288:TAPcyJ1/ardU2fRhF0IwqeYzxWZm+9q9L0A:TOHJ1/r2fRhF05YzIIqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689837", "to_ids": false, "type": "size-in-bytes", "uuid": "8aca0540-ff6d-445a-b55c-2fb59b3fc58a", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689837", "to_ids": true, "type": "vhash", "uuid": "7a96c608-7c6a-4a88-867b-680082f0de7f", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689837", "to_ids": true, "type": "filename", "uuid": "e6938ffd-f8c9-41f3-8d09-af97fea49cb3", "value": "40htvzor.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689837", "to_ids": false, "type": "text", "uuid": "81ae7d0f-d6af-4c26-a7d7-7d4f1190125a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-02-11T11:35:42.000000+00:00\nLast Submission:2026-02-13T10:34:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694763", "uuid": "08bcf6ad-7b92-4114-b6b8-a02aa92acc11", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694763", "to_ids": true, "type": "md5", "uuid": "cc5b1b93-d4d7-4d1a-b442-b9a125a48897", "value": "b332c63d8ac71f15561254231c9b5804", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692051", "to_ids": true, "type": "sha1", "uuid": "f02ab4eb-4ea2-4e9e-bd5d-dfe800835017", "value": "49453f3ec88a706c0f9d3696cbb11c3f217d26e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692051", "to_ids": true, "type": "sha256", "uuid": "9edd10d6-588b-4a6f-bb2e-4756c2d57dcf", "value": "08a1db1836b7495c9d92199c0d5443c3c2eaeaf6b1f17323e1d6ac4837611780", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689859", "to_ids": true, "type": "ssdeep", "uuid": "6453ecb7-07ce-4ac8-b621-4c83eb28a88d", "value": "6144:3lWKPdfaa1XX0fso4VKmxHsSC/4S9Hd/xIiBC7zafU/CZ5snYC4xPts:JufsoiKmJsSCl9HxBAzaMKZ5sYRts" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689859", "to_ids": false, "type": "size-in-bytes", "uuid": "851e8ba7-bd7c-46a3-9850-6919475de175", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689859", "to_ids": true, "type": "vhash", "uuid": "354104ce-9db7-43e9-838c-249037bdc1ae", "value": "0650a66d1565551c055d0123z206004e52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689859", "to_ids": true, "type": "filename", "uuid": "ddc0b088-0e28-407b-9259-806f53124701", "value": "dp4qq.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689859", "to_ids": false, "type": "text", "uuid": "6fd43db6-d2a3-4c33-b041-4dafe861f6fd", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:53/72\nFirst Submission:2026-01-28T18:02:49.000000+00:00\nLast Submission:2026-01-31T20:25:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694784", "uuid": "e766e015-54ac-4247-a26f-417be447660d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694784", "to_ids": true, "type": "md5", "uuid": "45a195ed-62f3-465b-9c8a-a3421d3e19ae", "value": "57418173e874d7799b05f1b01cb0ac8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692052", "to_ids": true, "type": "sha1", "uuid": "e7f8f01c-df43-4028-9688-2695de45b455", "value": "1585d5a4512bc85ec091af386d24a6f125d4d50f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692052", "to_ids": true, "type": "sha256", "uuid": "465d985c-2377-44cf-abb2-a93b0fa2560c", "value": "13b05f330e707cd8e32584ce155ca502254d5767fb3abb9643efba9b680e157c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689880", "to_ids": true, "type": "ssdeep", "uuid": "742973db-664a-49f0-9117-d4b9cbd263ad", "value": "12288:qAPcyJ1QardU2fRhF0IwqeYlYZm+9q9L0A:qOHJ1Qr2fRhF05YlYIqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689880", "to_ids": false, "type": "size-in-bytes", "uuid": "c1205e72-3344-41c7-8802-b021b0acb70e", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689880", "to_ids": true, "type": "vhash", "uuid": "dbfaa544-0599-4f9a-a36e-602d49904181", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689880", "to_ids": true, "type": "filename", "uuid": "70425c92-ded4-4cd9-8449-185b606a1238", "value": "xexe5gwd7.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689880", "to_ids": false, "type": "text", "uuid": "7f2a47c3-e22c-42db-93a6-bbb73f93bc85", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:45/72\nFirst Submission:2026-02-11T04:58:33.000000+00:00\nLast Submission:2026-02-11T04:58:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694805", "uuid": "d7929bae-6ffa-4631-9a27-fa12b2184efa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694805", "to_ids": true, "type": "md5", "uuid": "f86a7495-9d30-4851-9c5e-556caa8f64a1", "value": "f7a7196ccf6d3d7db8941f4d8434ced6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692053", "to_ids": true, "type": "sha1", "uuid": "20ba7e34-2593-4660-a913-0cdc691360f2", "value": "7d418000ff72e0475fea9022ee4d80aa8961f61d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692053", "to_ids": true, "type": "sha256", "uuid": "4789e39c-31e1-4394-b1b3-a6569aeada0e", "value": "1bca9de5c9962888e1fea336777a58d5c0e0071fcd57693fe25c3ff6ea42d43a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689903", "to_ids": true, "type": "ssdeep", "uuid": "9795bb9d-5d94-4078-a116-cb7f9b60c4b1", "value": "12288:O7bjt4ECg/hQeSEJ61zwOKiRyUsbAf1D:O7bjDhQeLKzwQRyQtD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689903", "to_ids": false, "type": "size-in-bytes", "uuid": "b2baca15-d494-4f57-bc2c-0eb0db06075b", "value": "487424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689903", "to_ids": true, "type": "vhash", "uuid": "b6c01b44-858f-4b86-aa44-a7ea38f812fc", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689903", "to_ids": true, "type": "filename", "uuid": "39cedd7c-f406-4a97-8918-c87c815f9310", "value": "2026-01-22_f7a7196ccf6d3d7db8941f4d8434ced6_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689903", "to_ids": false, "type": "text", "uuid": "9cee468b-7d89-4dce-a9e6-e8aec3fbc4d9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-19T23:58:15.000000+00:00\nLast Submission:2026-01-22T11:54:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694826", "uuid": "08db1e52-6643-4ea0-be82-a009949f74a5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694826", "to_ids": true, "type": "md5", "uuid": "ba8c21f5-8ac2-4d72-99f9-89f9464e7e8c", "value": "aa9ce75f468abbb4905b2c5508f6f1cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692054", "to_ids": true, "type": "sha1", "uuid": "641c7e93-15d8-4249-b16c-2903bf5d17c9", "value": "3264ec12148db641450e797d150c7a49e7a980ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692054", "to_ids": true, "type": "sha256", "uuid": "727170d0-d891-4e28-b3ab-f0a4fa1f19ca", "value": "1bf3c7c19516479de60ef3dc67f3fb62bf0c98e9f1a0751978701ea53384f3c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689924", "to_ids": true, "type": "ssdeep", "uuid": "1f0a418e-b935-45e5-9518-bc9eac15d854", "value": "6144:VGTfEdcwBzGWriaJ1zye88mUUuzJFqopCBdzcjqIRsMYC4xonhE:9tGWGaJRye8SUuzk3zcuIRs/mhE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689924", "to_ids": false, "type": "size-in-bytes", "uuid": "0bef3279-c61d-40c8-b6c9-1a51dbf0001e", "value": "650240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689924", "to_ids": true, "type": "vhash", "uuid": "10c1d534-b392-4b15-b69d-163452c01734", "value": "0650a66d1565551c051d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689924", "to_ids": true, "type": "filename", "uuid": "9579d503-7382-40fd-bc16-d6827b74871a", "value": "010z8w7.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689924", "to_ids": false, "type": "text", "uuid": "18795ce6-a014-45a7-80f3-007cd6f8da0f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-28T13:10:58.000000+00:00\nLast Submission:2026-01-28T13:10:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694848", "uuid": "f38d7bb7-cf34-446e-a91b-632e7bb7d933", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694848", "to_ids": true, "type": "md5", "uuid": "c5efec4c-3257-4f1b-876a-cbf78b49735a", "value": "d22957e03145af2020a68f0a45b07b78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692054", "to_ids": true, "type": "sha1", "uuid": "f626366b-8625-4154-9074-17f40638ee9b", "value": "feeb6f1cc895de60a148a9735ea60aa574aa4ce3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692054", "to_ids": true, "type": "sha256", "uuid": "45a00ff7-8972-4a65-9f37-e88977843d1d", "value": "1fc2dc830d1ad42261c2842b704ebc75ed782c1814c03915a22becbf161d13ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689946", "to_ids": true, "type": "ssdeep", "uuid": "59765252-a011-4f7e-92cc-ae0756ad3a5c", "value": "6144:uke3TR+O2mF9l8KbhqrJy1XcdcyGfb/bTllvx6w35assxsbYC4xrySZe:q2mTqK0rc1sdEfzx64rsxskpySZe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689946", "to_ids": false, "type": "size-in-bytes", "uuid": "c8230614-39cd-403c-b86e-0dae0f4d244b", "value": "481280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689946", "to_ids": true, "type": "vhash", "uuid": "9534a92e-06dc-4d68-a76b-2360f0c3a08a", "value": "0450a66d1565551c055d014z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689946", "to_ids": true, "type": "filename", "uuid": "f6278796-9080-432d-b391-665c38330e60", "value": "2025-12-30_d22957e03145af2020a68f0a45b07b78_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689946", "to_ids": false, "type": "text", "uuid": "e02639a6-46a4-4f34-b188-fb8a039464d0", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2025-12-29T22:01:32.000000+00:00\nLast Submission:2025-12-30T05:24:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694869", "uuid": "f10f8d16-7eb8-4ba8-8eca-165da7574b08", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694869", "to_ids": true, "type": "md5", "uuid": "a81cae78-fb70-4939-98f7-c922ec00fe12", "value": "d8dc11596c16fa6e3aa526be06551443", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692055", "to_ids": true, "type": "sha1", "uuid": "7347caff-c79a-483c-91f0-a7d7b88cb200", "value": "49866c21138974adf5581f607442471270e15e99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692055", "to_ids": true, "type": "sha256", "uuid": "ea047073-4861-40c6-a9a8-3654515d194e", "value": "21f21efcf7771daa6037b7304caa7eaf819c3feee7aaa65b943d9066753f2951", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689968", "to_ids": true, "type": "ssdeep", "uuid": "b6a57905-fcbd-4662-a4b0-9c0c418ab520", "value": "6144:4PHyZ78nfOmy49TMaDJQWaKlvSOZHBMvSxErVzf74gAMUJsRYC4xae:p0tymT9DmWaKsOAzf74gdUJsCEe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689968", "to_ids": false, "type": "size-in-bytes", "uuid": "90e5765d-871e-4c3a-9361-e8f785226d1d", "value": "488960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689968", "to_ids": true, "type": "vhash", "uuid": "30dd0815-0d90-4a0d-80ca-a2da9da24f82", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689968", "to_ids": true, "type": "filename", "uuid": "e47de76c-2a24-48fe-b882-316871971958", "value": "oyqtp.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689968", "to_ids": false, "type": "text", "uuid": "709965d7-abf9-4812-bc0d-6e160440167c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-02T14:19:12.000000+00:00\nLast Submission:2026-01-07T23:12:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694890", "uuid": "d514c01e-a772-4553-9007-27645b5e8343", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694890", "to_ids": true, "type": "md5", "uuid": "5dc93507-f49b-4e6a-b45c-ee9f89858270", "value": "3a8b9aac41a6edc65e0b6d8fca1e21c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692056", "to_ids": true, "type": "sha1", "uuid": "f9124f52-d1ad-4bcd-9ede-de1e114d295e", "value": "b0cc148f6607fe24e7bda8ec0e7957394e832798", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692056", "to_ids": true, "type": "sha256", "uuid": "9eeef1ea-3cb2-45e6-85d2-71d3693c8208", "value": "224de3e2bc78d1f991e2d0fc44fa71fda99f7b3164a7a49d4f01f764c9006633", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776689990", "to_ids": true, "type": "ssdeep", "uuid": "bf0c57d0-1295-4dcb-a78f-c2247030d1b3", "value": "12288:iNkLSy/p1M2VPSEB96Fczk+dy/KJso6eWCm:ikLSephPSEyezkRKaym" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776689990", "to_ids": false, "type": "size-in-bytes", "uuid": "2a4a7ff1-838f-4b20-a121-b61e539e6382", "value": "491008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776689990", "to_ids": true, "type": "vhash", "uuid": "1856b360-c923-4cf5-a43a-588bf96157ca", "value": "0450a66d1565555c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776689990", "to_ids": true, "type": "filename", "uuid": "39e4e349-6134-4a4b-8e31-783e2acfcbdd", "value": "2026-01-14_3a8b9aac41a6edc65e0b6d8fca1e21c6_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776689990", "to_ids": false, "type": "text", "uuid": "0cd56c8d-e152-4cc3-a463-ba3748d72a69", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-01-13T19:38:59.000000+00:00\nLast Submission:2026-01-14T03:41:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694911", "uuid": "c4d40c6c-5282-4bab-89d7-33ed3e420922", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694911", "to_ids": true, "type": "md5", "uuid": "e6bbc99f-43d0-4ff9-9de0-c95cc4aec79d", "value": "931e2c5efc0ffd4400ceae50f3f3de65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692057", "to_ids": true, "type": "sha1", "uuid": "ff23d22b-b98d-4906-8594-d41babae9ede", "value": "bcc4473d5d06c30b2c222aad02c8c63428f3f109", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692058", "to_ids": true, "type": "sha256", "uuid": "895dc71e-8913-4e64-a57e-9d0c182dc188", "value": "25477b4862be0ecbbe783926a3f9f1b26c35acef23a87100a208d52371ab66e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690011", "to_ids": true, "type": "ssdeep", "uuid": "cab81bd6-ef3f-469a-b247-8f189b9993ad", "value": "6144:QtX9guQu3c8dgUG0+En1lyeD8mUUulJlP4kma2zcpUvS1sBYC4x89t:MgUG9EnPyeDSUul4Fzc6vS1syG9t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690011", "to_ids": false, "type": "size-in-bytes", "uuid": "2fb4c979-b605-484e-b609-2bef27fd5bfb", "value": "651264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690011", "to_ids": true, "type": "vhash", "uuid": "52b55651-088c-4fcf-9022-edd36fb39938", "value": "0650a66d1565551c051d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690011", "to_ids": true, "type": "filename", "uuid": "b85b4baa-0fc0-49f0-b93a-ac201b6c431a", "value": "v4jkqh.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690011", "to_ids": false, "type": "text", "uuid": "edde0861-7f22-4903-ae88-a3fe35d4dfc8", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:30/72\nFirst Submission:2026-01-27T16:51:45.000000+00:00\nLast Submission:2026-01-27T16:51:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694932", "uuid": "c64496fa-0b39-4c96-9d50-425efa056e31", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694932", "to_ids": true, "type": "md5", "uuid": "a6ddc795-5227-4878-96ce-742346e1e7b1", "value": "fd122db18ae4f805c4c65d6f75fa7b3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692058", "to_ids": true, "type": "sha1", "uuid": "45909339-124b-44dd-ace0-05782ee8d42c", "value": "52f27cb3b318449f9edf643bb8996d2f88c51734", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692058", "to_ids": true, "type": "sha256", "uuid": "1efcad5e-0405-46a3-aed3-84c7c52ccbd9", "value": "2e4960d8f0601d9838b2a724af51dbd7bdc6843731af1f11b855c36d4e15616f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690033", "to_ids": true, "type": "ssdeep", "uuid": "0245af5d-5dfd-46df-929e-fb138334bf15", "value": "6144:jpRdfcbqNGv9KnPNgCtpsskyDtE17sgpiayzBDg7+tYiZsuYC4x6TT:FGVKnVgCbsskQE17WzBDgqpZsJUTT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690033", "to_ids": false, "type": "size-in-bytes", "uuid": "0d947cd7-b38a-438c-87e4-eac748a4f976", "value": "484352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690033", "to_ids": true, "type": "vhash", "uuid": "abfd3dcf-f0a0-43f6-9024-576abfc1d7a5", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690033", "to_ids": true, "type": "filename", "uuid": "78cedcd0-de63-40b7-a332-de326fa9fa44", "value": "2026-01-11_fd122db18ae4f805c4c65d6f75fa7b3d_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690033", "to_ids": false, "type": "text", "uuid": "dc4eed36-1db6-46a4-a9ae-78765aade116", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-10T17:57:44.000000+00:00\nLast Submission:2026-01-11T01:54:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694953", "uuid": "df17f6d2-2661-4c34-83b7-450d51bbc2c8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694953", "to_ids": true, "type": "md5", "uuid": "7769f95a-24c8-47d1-913f-f5a009d67fb1", "value": "76048023aa87f8b619c8889905b2e7ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692060", "to_ids": true, "type": "sha1", "uuid": "ff661e35-3fc9-4827-bad3-2b80d713050f", "value": "ce5e9cd8e37789f440e90c80644ba6b85fc86745", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692060", "to_ids": true, "type": "sha256", "uuid": "766e7411-715a-45a1-a5e4-f05fc67f3444", "value": "32738964380f85bf4cbe0573ec2eff4874c0057764bddfc7e15eae0ba3636416", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690055", "to_ids": true, "type": "ssdeep", "uuid": "58d7c59a-88b9-4023-959c-91710a0e21f5", "value": "6144:fuZuHx7J4ANZSv3YswVjlHm6VcpkPaMjSN1JYxA9bOSBsMtYC4x0dR:RZSv3YswVRHm6wkPaYxA9bOSBs7OR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690055", "to_ids": false, "type": "size-in-bytes", "uuid": "3610189f-7316-4a25-999f-9b1be2eb8204", "value": "659456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690055", "to_ids": true, "type": "vhash", "uuid": "c5723ba4-ff6e-45ee-bc0c-e5d2e8dce299", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690055", "to_ids": true, "type": "filename", "uuid": "3c41e05d-29d6-4278-8d34-dd96d661105c", "value": "hkjpy08.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690055", "to_ids": false, "type": "text", "uuid": "3e214a55-dc69-43ec-b298-b6f1e0c9d92a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:54/72\nFirst Submission:2026-02-05T23:32:37.000000+00:00\nLast Submission:2026-02-05T23:32:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694974", "uuid": "c51c43b6-9086-4e3c-989d-7e46617b8f4c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694974", "to_ids": true, "type": "md5", "uuid": "fd9160f4-6a0c-47f8-b311-a89550c1691a", "value": "a14dab81e84e1477ac824d32e7135ae9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692060", "to_ids": true, "type": "sha1", "uuid": "cb83569e-251d-427f-a849-bce482d49b8c", "value": "b2dbb57c2fb118364ec91b6c78a750fa4575357f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692061", "to_ids": true, "type": "sha256", "uuid": "f77f0c4e-7d15-4186-b7fd-f51579d14c9f", "value": "36a11595becbc011e39247028ae2352118edc578eee228ae116955b75e3d9dd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690077", "to_ids": true, "type": "ssdeep", "uuid": "c962c7e8-cdd6-4aa7-b511-30fc2d350b6b", "value": "6144:BdVkgi360XIf+GwIoImydhCrcikuNThtnl6YZN4ymbmNshYC4x5kR:tf+GwIomdhCxku+YZN4rmNsSjkR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690077", "to_ids": false, "type": "size-in-bytes", "uuid": "88bd8470-1bb8-4695-848c-57d1c9ecb380", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690077", "to_ids": true, "type": "vhash", "uuid": "3491a4ec-eae7-4bcc-b41c-70595c083f24", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690077", "to_ids": true, "type": "filename", "uuid": "dd7df658-ee4a-4c20-92d2-b0f38bca1b1d", "value": "5vnznsry.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690077", "to_ids": false, "type": "text", "uuid": "de8cfb01-75e4-48ea-9255-fd97dfa44142", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-09T23:51:48.000000+00:00\nLast Submission:2026-02-09T23:51:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776694995", "uuid": "d285d794-0ab8-45e8-97fb-6be95f56c13c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776694995", "to_ids": true, "type": "md5", "uuid": "2d80abe5-0325-4ad6-a47f-54bde21aa55d", "value": "14bd670972999345175301e42e0db882", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692062", "to_ids": true, "type": "sha1", "uuid": "97c4c83f-e73b-4d20-82eb-c73a7653ea0f", "value": "a205feb83dd6e6c244a1723e8ef39fd2c3a3ef57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692062", "to_ids": true, "type": "sha256", "uuid": "8ef69222-7a23-4541-9f4a-608ee9673928", "value": "3ce809c2d8a73a63eab49b305ebbe79b8e425b964c7f1e51ea2e215399039692", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690100", "to_ids": true, "type": "ssdeep", "uuid": "a9745aab-dc2b-473f-b351-7bd2fe3c19e4", "value": "6144:6Ppa9czYoBobvKlwP0NdqaP/y1yzFK2SozkjjqFLxsoYC4xvwW:kBobilwPAdqaS18zkjj2LxsTlwW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690100", "to_ids": false, "type": "size-in-bytes", "uuid": "bfebd59b-7e83-42a5-8631-285d50971e2d", "value": "491008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690100", "to_ids": true, "type": "vhash", "uuid": "ec391013-01f8-4c93-9ca6-976bc6c94881", "value": "0450a66d1565551c055d0123z206004e4f1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690100", "to_ids": true, "type": "filename", "uuid": "8653099c-ef53-4008-8bb2-9a8016bb6c9d", "value": "y4za9hhe.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690100", "to_ids": false, "type": "text", "uuid": "12f04aa2-b0fe-4a76-bf5c-083481fb7c54", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-17T16:15:19.000000+00:00\nLast Submission:2026-01-17T16:15:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695016", "uuid": "478d7573-0f70-4f2e-93c7-6aa1e87b3725", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695016", "to_ids": true, "type": "md5", "uuid": "c61b6385-47bd-403f-87e0-d55cd045de24", "value": "bf262cb4ed97db9ab5da398fdea2dea4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692063", "to_ids": true, "type": "sha1", "uuid": "6502a0e4-1f72-4c8f-b31d-dc5afa25019f", "value": "ccc122d87a6a916dd45dc092cb254f70c24e3ef7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692063", "to_ids": true, "type": "sha256", "uuid": "a00fc2d3-d84b-4641-aaae-b4fb68f2a203", "value": "426f777c4a654390205a24f42a26ac10c6c58f71e9b7d7a48a526fd8b99764a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690122", "to_ids": true, "type": "ssdeep", "uuid": "6d2addb5-5e6b-45bb-93da-d184533faa9c", "value": "6144:iuZuHx7J4ANZSvBYswVjlHm6VcpkPaMjSN1JY/EgDISBsMtYC4x0dR:eZSvBYswVRHm6wkPaYM6ISBs7OR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690122", "to_ids": false, "type": "size-in-bytes", "uuid": "c1720fd1-8487-471d-969d-557ebca47a71", "value": "659456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690122", "to_ids": true, "type": "vhash", "uuid": "896fb519-aa12-4ebb-a451-3c7326fa7917", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690122", "to_ids": true, "type": "filename", "uuid": "7f881728-1f62-4992-8e6c-779b9f1270bb", "value": "tx710hu7.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690122", "to_ids": false, "type": "text", "uuid": "5a49b97b-40a8-44b4-bda2-f3ca24cf5263", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-02-05T06:07:43.000000+00:00\nLast Submission:2026-02-05T07:08:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695037", "uuid": "8b6b60ed-9379-4dd9-a74b-bb95002b6014", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695037", "to_ids": true, "type": "md5", "uuid": "a67ac54a-ca68-416d-a7a5-cd0318dbcd5a", "value": "cdb17e8ff6b2344db3ebd8791802387e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692063", "to_ids": true, "type": "sha1", "uuid": "b5eff3eb-cfa3-46e9-95c7-76e0df292d3f", "value": "90273c3e1fddb3548245ca72158a6e414c3bcd90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692064", "to_ids": true, "type": "sha256", "uuid": "c981d6a2-bf66-45d5-91f9-72bc632e0777", "value": "43b3c946f04abe68371942181d3d83ca3a79b65969bcd40f9967ee63b3759fb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690144", "to_ids": true, "type": "ssdeep", "uuid": "e3192b6e-0e3e-4b65-b2f1-1ef9914dbce4", "value": "6144:mtoAHBHzil8OkFCctcsU7SAzEgLTJBSN5bbzcL2Oa1sPYC4xmyE:fkFC5sySAzfTK3zcaOa1sg0yE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690144", "to_ids": false, "type": "size-in-bytes", "uuid": "e92730ce-3582-43c8-915a-31be3c4982e0", "value": "650752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690144", "to_ids": true, "type": "vhash", "uuid": "9921972e-e733-4f16-8c96-19c74160e1ef", "value": "0650a66d1565551c051d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690144", "to_ids": true, "type": "filename", "uuid": "c3eed2b4-28ce-46fe-a545-13c5af3994ac", "value": "2026-01-27_cdb17e8ff6b2344db3ebd8791802387e_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690144", "to_ids": false, "type": "text", "uuid": "f803a823-01fb-4e3d-beb9-91cc19c5ee82", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-27T02:13:25.000000+00:00\nLast Submission:2026-01-27T08:34:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695059", "uuid": "ed0aedc1-b867-4c7a-8fc1-aa6a28211ef6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695059", "to_ids": true, "type": "md5", "uuid": "74f12b50-f9cc-45e8-9d98-8a530656d7bb", "value": "1893a6c117d2cf1f4352bc638c72d6f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692064", "to_ids": true, "type": "sha1", "uuid": "aabc3430-068a-418b-b84d-e33538488828", "value": "90de3691c14e134e4a5035d4265632561beb662e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692064", "to_ids": true, "type": "sha256", "uuid": "fde1d619-f332-4909-9afd-fd65bd668b91", "value": "47e729605419ac23d07cbdc6d13db748117f98c2159ccd8307abd79d3bd3f236", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690166", "to_ids": true, "type": "ssdeep", "uuid": "b41b8bf4-68b5-4394-b789-b95ecf310551", "value": "6144:m/X92HQu3c8dgUf22O9x74iiyMEUU9liw5IAxC+zc5J0ivIsRs7YC4x89t:HgUfXO9l4iiOUU97Nzc5zIsRsEG9t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690166", "to_ids": false, "type": "size-in-bytes", "uuid": "c431eac4-7ac4-4f59-a584-ad4d7d965d28", "value": "650752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690166", "to_ids": true, "type": "vhash", "uuid": "f6ea2f18-35fe-4127-9b97-1520a7c743f4", "value": "0650a66d1565551c051d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690166", "to_ids": false, "type": "text", "uuid": "5cc734b0-454a-4aea-880e-c0c15e525678", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:47/72\nFirst Submission:2026-01-28T03:25:46.000000+00:00\nLast Submission:2026-01-28T03:25:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695080", "uuid": "d6a37ce2-dce2-42b9-9684-fa63e0e00a2e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695080", "to_ids": true, "type": "md5", "uuid": "8c90eab8-c17f-464b-9da8-381098dd9b5f", "value": "3366b711bbe4ca9d0d5cda32ee7a8dc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692066", "to_ids": true, "type": "sha1", "uuid": "c6b8c4f8-93fd-44dc-be05-a9958f4a60b4", "value": "44b2af65c41c203b4fb08b8491404d8e627a75c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692066", "to_ids": true, "type": "sha256", "uuid": "d577da66-072b-4410-97d4-54f8b695975b", "value": "486a121d3a32218e2df9cdaa2db117ffc1a4254ef7f9eda1f334316244c7849c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690187", "to_ids": true, "type": "ssdeep", "uuid": "65e30cfc-9535-4d97-94da-aa29f9819826", "value": "12288:oKaQefn/UqzNaXlE0oBzXdq11lVs+pnXT:oKaVfndNaXVAzXdqXlvXT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690187", "to_ids": false, "type": "size-in-bytes", "uuid": "232c5e46-6130-4643-89c4-bbeddf6b0c6b", "value": "484352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690187", "to_ids": true, "type": "vhash", "uuid": "bbd2a82a-4173-49f1-b07d-28819f90e7ca", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690187", "to_ids": true, "type": "filename", "uuid": "f593e7fe-a7ac-4197-a852-62d33a1785b7", "value": "2026-01-10_3366b711bbe4ca9d0d5cda32ee7a8dc8_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690187", "to_ids": false, "type": "text", "uuid": "974d4330-ecaf-40e4-89d3-a5ca00cd864c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-10T16:42:24.000000+00:00\nLast Submission:2026-01-10T22:23:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695101", "uuid": "214c80fa-6398-4132-a2fa-8d645d25cce9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695101", "to_ids": true, "type": "md5", "uuid": "fc84e70b-c81d-45be-a33b-6458350b2bde", "value": "a05613cacb8362d81fb121256493a712", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692067", "to_ids": true, "type": "sha1", "uuid": "e6e198de-e979-41cb-b5c8-cb7ce0ffa3a7", "value": "79194347dd8cc8a40e01681110536e51f402e2e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692067", "to_ids": true, "type": "sha256", "uuid": "ff327e43-add8-4b67-80a6-0e53e0bd4d9f", "value": "48a5027c0e8121f9900022eebc3be702f41c102d30a6d0ebea2290c05fb7ae08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690209", "to_ids": true, "type": "ssdeep", "uuid": "a07bfaa9-9e24-40ce-ad86-1933a944bc22", "value": "6144:llcW/5+sWWV89gy63oRONY9VbSim2CCm1xTNr6yzvrjR2WZJsFYC4xGe:XPtVygvACY9VXmrzvrLZJs+Ie" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690209", "to_ids": false, "type": "size-in-bytes", "uuid": "d63ae71e-3aad-40d7-a6bf-19436dc363c1", "value": "488448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690209", "to_ids": true, "type": "vhash", "uuid": "aa76fd9d-76b0-495e-8108-acb2e5192a41", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690209", "to_ids": true, "type": "filename", "uuid": "becee61c-72d0-4e0b-a55b-31f2457e11d0", "value": "h1nsdp0co.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690209", "to_ids": false, "type": "text", "uuid": "f83d200e-99cd-451f-949e-6b7faa9a265e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-01T20:15:33.000000+00:00\nLast Submission:2026-01-01T22:08:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695122", "uuid": "ea528c88-af79-413a-b2d0-513ec4041438", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695122", "to_ids": true, "type": "md5", "uuid": "fea78e0e-0c59-4b5b-a4ab-c316ddf57ce3", "value": "3c2f1fbb66891d4e98e7592df7730a6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692068", "to_ids": true, "type": "sha1", "uuid": "ec399421-c720-4148-9e78-7ca89d402bc1", "value": "f2a65f365e8d4e4c15660699ff6a0c2c2363821f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692068", "to_ids": true, "type": "sha256", "uuid": "cd984e11-601c-4917-af2b-217c03ae45a1", "value": "4a5212b541773ffed373e5aebcf86c3bfbe4ede363606e6bcec6dd84e525928a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690231", "to_ids": true, "type": "ssdeep", "uuid": "5f261420-8b7b-4b6a-9934-cb31f3987e82", "value": "6144:XLjCR3J0Nd+Du9en+djbveOQ8+uN3kscZR+AxsQ6k9fnu5s1YC4xtT:penajbGOQ8+8ksvQ60fu5su/T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690231", "to_ids": false, "type": "size-in-bytes", "uuid": "162c95c1-22f5-422c-8f4d-89df806c5753", "value": "654336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690231", "to_ids": true, "type": "vhash", "uuid": "bd6efb21-1a26-47b9-a673-872b2c8cd208", "value": "0650a66d1565551c055d0123z206004e52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690231", "to_ids": true, "type": "filename", "uuid": "ba245c22-d8e0-46b9-8b30-5ea31083a405", "value": "o6j7bp.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690231", "to_ids": false, "type": "text", "uuid": "ce81e9d7-f64a-4b25-8161-2bd5798bbca6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:49/72\nFirst Submission:2026-01-31T03:38:13.000000+00:00\nLast Submission:2026-01-31T03:38:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695144", "uuid": "9ad31bec-81b8-4a61-97ee-065a3371f6e6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695144", "to_ids": true, "type": "md5", "uuid": "253497c5-e83e-4763-8432-6055d76a1dbf", "value": "9a66180ac8fd30ff8720a89a488b6b1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692069", "to_ids": true, "type": "sha1", "uuid": "d88da440-3df7-4126-bb27-0ecb22060dc6", "value": "a4d973c070653898921024c15402ec38bdd55193", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692069", "to_ids": true, "type": "sha256", "uuid": "808f5f71-5dac-4712-aece-f28eb5a73b91", "value": "5394d9eca45c6d092a44619322aeb2fb2af5838c2eea0efa88793048aadf7e24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690253", "to_ids": true, "type": "ssdeep", "uuid": "41b1260a-0e7c-4fa0-8617-4ceb64c293f9", "value": "12288:WAPcyJ1MarqU2fRhF0IwqeYVZm+9q9L0A:WOHJ1Mu2fRhF05YVIqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690253", "to_ids": false, "type": "size-in-bytes", "uuid": "c4cc5e8b-f832-463e-920b-af14c3264d25", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690253", "to_ids": true, "type": "vhash", "uuid": "fe52a92b-c9fd-4bf4-8887-ffa6fcf1a18c", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690253", "to_ids": true, "type": "filename", "uuid": "dffd8f66-bbc1-4082-927a-0bfa4e812da2", "value": "2026-02-13_9a66180ac8fd30ff8720a89a488b6b1a_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690253", "to_ids": false, "type": "text", "uuid": "cafaf9fe-e42d-4cdc-956e-b9296faea59a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-02-11T20:22:15.000000+00:00\nLast Submission:2026-02-13T04:14:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695165", "uuid": "7769a217-bff4-4e6e-8745-07bc890895b7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695165", "to_ids": true, "type": "md5", "uuid": "16dc8174-4557-40eb-9a43-94917644a750", "value": "2e4f3cc29ad13b030abb1d50abcb0313", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692070", "to_ids": true, "type": "sha1", "uuid": "d7002217-845a-444f-b9d6-cc9df26614f2", "value": "2e4de97c178769682d3b42c94037cb74ce798b52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692070", "to_ids": true, "type": "sha256", "uuid": "77247a99-4cd3-49cb-ad54-a001a5973887", "value": "53cb0d58c1ba8e71f611880a9fa596c23fa0a9d35a7bf1ac75cdfe498cbfb602", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690274", "to_ids": true, "type": "ssdeep", "uuid": "65ff75a0-af2e-45ec-b8a2-6ce5193dc04b", "value": "12288:GQPchJ1O6rZsGQqY6YIwqvY6yLL+m+9j2wA:GekJ1OfGQqY6YsYbLLJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690274", "to_ids": false, "type": "size-in-bytes", "uuid": "9b52749d-3496-4572-a78f-1a7052ef8510", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690274", "to_ids": true, "type": "vhash", "uuid": "f7864868-5bf6-4977-a649-658d41729e39", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690274", "to_ids": true, "type": "filename", "uuid": "c2eeeac7-45ac-4d98-989b-9751cc9075f6", "value": "2026-02-23_2e4f3cc29ad13b030abb1d50abcb0313_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690274", "to_ids": false, "type": "text", "uuid": "36b71d8d-71e0-4739-8368-82ffdeedb7be", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:37/72\nFirst Submission:2026-02-14T19:15:36.000000+00:00\nLast Submission:2026-02-23T18:11:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695187", "uuid": "bedf9e75-d71a-4ee1-97bc-ac4ac2b96ff8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695187", "to_ids": true, "type": "md5", "uuid": "dc99edbd-5e9a-4153-83fa-78eecb5a977d", "value": "0f0618fe46929ace3f2998ec6bf21b98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692070", "to_ids": true, "type": "sha1", "uuid": "d0281490-9b2c-46f1-9e7f-4510ba704dc9", "value": "c458e03b2de68a0c9c1f4a61d3f3d731a4d6dae1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692070", "to_ids": true, "type": "sha256", "uuid": "2724e291-3dcd-4e9f-8038-8a6d3de63be5", "value": "54a506ca31052a24554089f4d82cb071d65d3ec3cff50bf74188bc1f11480532", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690296", "to_ids": true, "type": "ssdeep", "uuid": "dfa57c5e-3420-4c6d-9f62-c97aa90ef5ad", "value": "6144:NXjfxLs5v1U8Bj99OwSAUOqYii0/fJE9biE2mAxTn108z4zNFy37psSYC4xugN2:vYJj99O3Oqni0/y9bi5z4o7psVgO2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690296", "to_ids": false, "type": "size-in-bytes", "uuid": "2303c54e-1533-4d5d-907a-b421660eccbf", "value": "488448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690296", "to_ids": true, "type": "vhash", "uuid": "1daa0394-f5a4-495f-bcb1-137fd907b2f9", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690296", "to_ids": true, "type": "filename", "uuid": "4b8bb399-f489-486a-a549-a9baae475f86", "value": "ys09pei0.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690296", "to_ids": false, "type": "text", "uuid": "b908bcc6-cfea-4aca-b11f-ce8cb0c9667e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:36/72\nFirst Submission:2026-01-20T10:23:57.000000+00:00\nLast Submission:2026-01-20T10:23:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695209", "uuid": "1df61b5d-d887-4f2a-9a93-a1d3ffb7a377", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695209", "to_ids": true, "type": "md5", "uuid": "3ac0fb82-2e31-44a9-84a9-5c2b76dd7660", "value": "1b165fdeb1248fff989a621c149061db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692071", "to_ids": true, "type": "sha1", "uuid": "3a6705f8-fb66-44b7-84b5-1748650cf4c3", "value": "f1f375472902dfb1e3bf983af0c7883405ddbf46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692071", "to_ids": true, "type": "sha256", "uuid": "68b655a5-cbb9-4cf4-a995-5d02ac4a3e4f", "value": "5b771509b90aca14ea3664a48cef0a1556b8ec2f57cc20db80ecd91890f18888", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690320", "to_ids": true, "type": "ssdeep", "uuid": "1893e6b5-092c-4d66-beb4-3c03330e48c9", "value": "6144:uzT6k928tCcsaqzYiVmJUDoLPjwYV6X3GZcYmaXRaWe9bYC4xqew:K2aC5aSrmJUDoXwYeYlaWe9k5w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690320", "to_ids": false, "type": "size-in-bytes", "uuid": "10c78f80-82b0-42af-8b4e-5c3da308602a", "value": "693248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690320", "to_ids": true, "type": "vhash", "uuid": "7b605271-deb0-4700-9bba-6459891674ad", "value": "0650a66d1565551c055d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690320", "to_ids": true, "type": "filename", "uuid": "6909b10f-3e63-4c69-8840-55ea87470e22", "value": "en3v4ior.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690320", "to_ids": false, "type": "text", "uuid": "75476d0a-603c-41b4-be5d-b4dae842d016", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-02-23T22:35:29.000000+00:00\nLast Submission:2026-02-23T22:35:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695230", "uuid": "4f1b1f44-1e21-43f6-bec2-c0687b8330d1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695230", "to_ids": true, "type": "md5", "uuid": "872761b2-1225-4371-8112-1277f896b472", "value": "5721b5be83df3cb9117178ee138d0aa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692072", "to_ids": true, "type": "sha1", "uuid": "e5f5482f-d828-4c62-a15e-7f005b06db76", "value": "e0dc5744176e03425c28f53fc72b2e457ec531c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692072", "to_ids": true, "type": "sha256", "uuid": "c2fb17d8-2a52-4096-bcf6-54d048aa648d", "value": "5c9835ddd74c6b85519b4d888464979704a60e295a2c7ce404ae8724e3d6bf34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690342", "to_ids": true, "type": "ssdeep", "uuid": "41657be1-0f60-46bd-a5dc-d9a515e7f600", "value": "12288:yQPchJ1t6rVsGQqY6YIwqvYo+H+m+9j2wA:yekJ1trGQqY6YsY7HJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690342", "to_ids": false, "type": "size-in-bytes", "uuid": "74985036-93fd-417b-b98a-284fecd974f8", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690342", "to_ids": true, "type": "vhash", "uuid": "a38c2bb5-2f92-4c73-9ad0-dca8cd57f4b2", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690342", "to_ids": true, "type": "filename", "uuid": "220e139a-8f4d-4a1b-b016-9a1c8bb82325", "value": "d5ckqga.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690342", "to_ids": false, "type": "text", "uuid": "b7cd6217-a5e9-4881-9ce5-ac5f652687a1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-02-18T05:24:32.000000+00:00\nLast Submission:2026-02-18T05:24:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695251", "uuid": "d1cbe0f5-ce90-42c3-8f66-e2c4e9b9cf42", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695251", "to_ids": true, "type": "md5", "uuid": "9fea2b14-219f-4d1a-b986-cd2042f0bc5e", "value": "157e65681071829c6dbe93a9024592e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692073", "to_ids": true, "type": "sha1", "uuid": "66e72b41-6928-47c3-b645-f351550f5b66", "value": "93ff7f0069f64e7bf3c9bf667c5f984801ebbda7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692073", "to_ids": true, "type": "sha256", "uuid": "179c3104-1e78-4c4c-8d8f-956844d0d64f", "value": "5dbbd9b8bbca090e197dc18e6e7b0a10ba5901db3a0ab95d3b143c0d4a21d8a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690364", "to_ids": true, "type": "ssdeep", "uuid": "468446d3-41a4-4685-a203-32ab69a75073", "value": "6144:wSWK/Vfaa1XX0fsoxVKmxHsSi/4vknd/+IUSnGzaqmEZ5sHYC4xBYT:hufsofKmJsSiEknS/zaTEZ5s4fYT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690364", "to_ids": false, "type": "size-in-bytes", "uuid": "45b81020-7132-4dec-b46e-34e7bfde5406", "value": "653824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690364", "to_ids": true, "type": "vhash", "uuid": "ef534843-7b8b-46e9-87d5-71f3b97d4f48", "value": "0650a66d1565551c055d0123z206004e52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690364", "to_ids": true, "type": "filename", "uuid": "aee7acdc-05c0-413c-b119-f015d769c78f", "value": "sshymud.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690364", "to_ids": false, "type": "text", "uuid": "4d808fa2-e8ba-4acf-915a-00f14120ac09", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-29T10:42:59.000000+00:00\nLast Submission:2026-01-29T10:42:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695272", "uuid": "00bc8a9c-d3d7-423d-8825-d6b421ca629f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695272", "to_ids": true, "type": "md5", "uuid": "2ab0bf81-290a-4c27-9151-1a6a1913a4af", "value": "d68b8ba30a321029d7a04a0cc497cf50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692074", "to_ids": true, "type": "sha1", "uuid": "c094463b-8c97-410e-8984-82642bf8c81f", "value": "b1e22180a9821deaeeddc4a3da31eae9d80e096f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692074", "to_ids": true, "type": "sha256", "uuid": "14c106fc-7210-4a29-a193-a8bb3eda315f", "value": "5e8a944131733223a74c0c6c245a19757012e19f7f27d8caf5a3aca7ef122c6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690386", "to_ids": true, "type": "ssdeep", "uuid": "e3dfe9d3-7ed3-420c-9a77-05e7b2e8e4f8", "value": "6144:Y+QlxLynh2MeFLP0V8+AfjNAM2OTb1dsNYC4x4Ru:uynh2MeFz0V8JjZ1dsm2u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690386", "to_ids": false, "type": "size-in-bytes", "uuid": "d5502f27-9c52-4e80-9c40-41bab9da7802", "value": "434176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690386", "to_ids": true, "type": "vhash", "uuid": "77bacbdf-7da5-48c5-9411-fa231ea39d01", "value": "0450a66d1565551c055d014z206004e4c1z21z37z2021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690386", "to_ids": true, "type": "filename", "uuid": "227c5988-0da7-48d9-b742-22aac4aa0744", "value": "9b08jp8.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690386", "to_ids": false, "type": "text", "uuid": "ada54653-dd05-485f-9e68-b93f5708bba9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:46/72\nFirst Submission:2025-12-27T21:46:11.000000+00:00\nLast Submission:2025-12-27T21:46:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695293", "uuid": "9ba84892-a8db-4110-bcff-0122c37d4ae7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695293", "to_ids": true, "type": "md5", "uuid": "5b28f416-7256-4f5f-a62c-8446414fb548", "value": "a3fd4c36fa572064123077b24404608f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692075", "to_ids": true, "type": "sha1", "uuid": "3267504b-e4b3-42df-ba9e-903f6bb00b24", "value": "974fbc7866986c23db8ea36c715312125e73cc53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692075", "to_ids": true, "type": "sha256", "uuid": "0df19b76-e9ac-41cb-beff-7dd443f2c6b3", "value": "64f6fe389b6c8e3ad3d8aee6fda98bd82374269ef0baba8139c6f011f28151fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690407", "to_ids": true, "type": "ssdeep", "uuid": "9c8d0524-26c3-430c-bc83-2f4daedb9b46", "value": "6144:WLjCR3J0Nd+Du9en9djbveOQ8+uN3kscZR+AxsQ6DHeh9jqHu5s1YC4xtT:MenPjbGOQ8+8ksvQ6Sau5su/T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690407", "to_ids": false, "type": "size-in-bytes", "uuid": "3625b6f0-eb6d-4c22-889a-6b82d343a7ef", "value": "654336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690407", "to_ids": true, "type": "vhash", "uuid": "b2c75f08-b135-45a2-a003-20c3a1f002b7", "value": "0650a66d1565551c055d0123z206004e52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690407", "to_ids": true, "type": "filename", "uuid": "8e796368-89a6-47c7-aee6-18087b1b2d16", "value": "bpg01qe.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690407", "to_ids": false, "type": "text", "uuid": "e1911d29-f815-4e6a-8221-2ed29f623e07", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-02-01T10:53:48.000000+00:00\nLast Submission:2026-02-01T10:53:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695314", "uuid": "60b5e5d4-3567-4adf-9de9-51ad58c9a4f7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695314", "to_ids": true, "type": "md5", "uuid": "3339d700-ddf6-455d-9e72-bdd1c5bdf4fd", "value": "af1e39ef27d5abfdc7479cf8ace88d97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692075", "to_ids": true, "type": "sha1", "uuid": "2355e906-9439-4f27-bef1-302293bdbc42", "value": "0ca4c8c79fe3164944e0f076cb6211c5ec75a390", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692076", "to_ids": true, "type": "sha256", "uuid": "4c49d68b-6403-4c84-b07d-8ed26b3621d9", "value": "6b64d5d7e0155f140ce8f9336d13def5e3d0d602510c55f1e572ac0f27e0729f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690429", "to_ids": true, "type": "ssdeep", "uuid": "c40d84b9-87f6-4556-9e6f-c7ac9b7329e8", "value": "6144:jVc3DXqAwt9paKH89bb0e8/xSevTiZDhul2dRiGYTxYxOSsgYC4xvSZe:fAwrpaKc147/xSainRiGYyxOSsL9SZe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690429", "to_ids": false, "type": "size-in-bytes", "uuid": "a18b01d6-896f-4a5c-9729-d82af1364dc9", "value": "482816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690429", "to_ids": true, "type": "vhash", "uuid": "e64cc97a-be4e-4302-abbb-d60210564db2", "value": "0450a66d1565551c055d014z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690429", "to_ids": true, "type": "filename", "uuid": "bcf7c48b-e7f1-487e-9e9b-88ec27fac3db", "value": "2025-12-30_af1e39ef27d5abfdc7479cf8ace88d97_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690429", "to_ids": false, "type": "text", "uuid": "6ddde644-b486-48d3-912a-f426ab6bec2c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2025-12-29T22:11:02.000000+00:00\nLast Submission:2025-12-30T05:18:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695335", "uuid": "a32c93b3-c4aa-4b4c-8fdd-bf34c0d0850e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695335", "to_ids": true, "type": "md5", "uuid": "ab72ab11-d971-4665-8b18-f59794ff81fc", "value": "a17ce5dce3e4114f6ee599d71d2ee94c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692076", "to_ids": true, "type": "sha1", "uuid": "3ed5e21f-f447-4706-94a5-2f87b2065e9f", "value": "a3153ed71ca1807fb19b779e6a7c8c375c41eb3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692076", "to_ids": true, "type": "sha256", "uuid": "459325a1-8299-4690-8233-37995e4eb3cf", "value": "711364c6c7e4d5bd1ffc4fe22b3d82adf8700881c2c6f09df535c3fa2ab5f75d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690451", "to_ids": true, "type": "ssdeep", "uuid": "d75929b4-3d44-4d05-965f-970b08a5d30f", "value": "12288:DQPchJ1N6rZsGQqY6YIwqvYqj+m+9j2wA:DekJ1NfGQqY6YsYyJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690451", "to_ids": false, "type": "size-in-bytes", "uuid": "dc139643-cca3-46d5-909f-f85d61fe06dc", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690451", "to_ids": true, "type": "vhash", "uuid": "0722d455-aac9-4cee-821a-156c74a813e4", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690451", "to_ids": true, "type": "filename", "uuid": "bcdacd77-6a7d-4c15-a070-4604360a77e9", "value": "2026-02-20_a17ce5dce3e4114f6ee599d71d2ee94c_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690451", "to_ids": false, "type": "text", "uuid": "feb28d18-f2de-4cb9-9d1a-03912b7d7ead", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-02-18T10:46:40.000000+00:00\nLast Submission:2026-02-20T11:57:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695357", "uuid": "40fae71b-b92d-4f63-a1fa-86feb7b5a9ec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695357", "to_ids": true, "type": "md5", "uuid": "a982fe34-c534-4ce3-97aa-f6ad4bc8196a", "value": "1544930d0add08ca9fd00518579a302e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692077", "to_ids": true, "type": "sha1", "uuid": "2d5ed197-45df-400f-b8c0-645cc7114558", "value": "e8fe4b8f8419fa0d565480641ea4ff2496df4c39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692077", "to_ids": true, "type": "sha256", "uuid": "2474a066-b383-4fc3-9ab5-b61adbe6fffd", "value": "7193eba9f262a73114d74885b99da63327da650cde1f1c7f7b6246d41d0b6936", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690473", "to_ids": true, "type": "ssdeep", "uuid": "fe8a42d0-6ac5-47e9-961f-35860286b52a", "value": "6144:8f4kPj+c0dgO6AUHgZqKDpyDNRhmRBsIBYC4xIaU4:c+jCO6ALZq5hmRBsNeaU4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690473", "to_ids": false, "type": "size-in-bytes", "uuid": "4308dfe3-9185-4f9b-9609-f892e41eb02f", "value": "437248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690473", "to_ids": true, "type": "vhash", "uuid": "ac31ecad-6fe8-477a-a895-14557edb5b36", "value": "0450a66d1565551c055d014z206004e4d1z21z37z2021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690473", "to_ids": true, "type": "filename", "uuid": "e0e4a7dc-e28a-4ffa-8caa-ba7323af885f", "value": "bn5ck.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690473", "to_ids": false, "type": "text", "uuid": "9191bd04-ebb5-4216-a523-12ddf6404f2f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:42/72\nFirst Submission:2025-12-28T21:30:46.000000+00:00\nLast Submission:2025-12-28T21:30:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695378", "uuid": "562d4df2-9863-4413-917d-9f7eca4121cd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695378", "to_ids": true, "type": "md5", "uuid": "1a50cbf7-6b10-4ce5-aaa7-fa4552a27013", "value": "6291dee6ff9ec9d6dbcf8dee7c40b4ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692079", "to_ids": true, "type": "sha1", "uuid": "e2420913-cedf-4cf4-8952-ae4ad509e83a", "value": "b9f1e9f4b960c5c10d835cf387c7b39a903330f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692079", "to_ids": true, "type": "sha256", "uuid": "d8851c4f-7803-4c32-8391-3f643ac09cf0", "value": "74953ff4ae57d251ca4d173578eb72d02d6f3f23bd72586e769d06fefde94b48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690495", "to_ids": true, "type": "ssdeep", "uuid": "f7598a4e-7cdf-478d-b6c0-025f436eb779", "value": "6144:09qIajXMDz2E9XLIMZsoJgLg9sNSx5baswKHUo0r9zvDV/mJseYC4x0ke:l4Dz2qXzsIeg9sy5ezvDdmJs5ike" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690495", "to_ids": false, "type": "size-in-bytes", "uuid": "4698e413-291d-4325-98d5-3ae9fe6cc62a", "value": "488448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690495", "to_ids": true, "type": "vhash", "uuid": "e5b297a0-6a03-4afc-89c6-0b8d7594492b", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690495", "to_ids": true, "type": "filename", "uuid": "189d4c3b-1c49-42ae-b58d-e18182543712", "value": "32cu8y17.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690495", "to_ids": false, "type": "text", "uuid": "1a933b3d-23bf-4ab7-a564-db188b0c73a1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:45/72\nFirst Submission:2026-01-01T02:22:11.000000+00:00\nLast Submission:2026-01-01T19:03:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695399", "uuid": "a7fb6d15-2d1c-489a-9cc6-7177314077d3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695399", "to_ids": true, "type": "md5", "uuid": "3101f89d-9a43-4f69-b303-b1084491c696", "value": "73f4e8a89e297f901a5c1309a946c404", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692079", "to_ids": true, "type": "sha1", "uuid": "a93817d7-0334-4a9d-b973-e250e534e425", "value": "0b01f2420756fdddf9b9fb76e0783116d79a8559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692079", "to_ids": true, "type": "sha256", "uuid": "8683ac8c-68e8-46e1-b734-2c79efb7d857", "value": "74d45b5489e561d7bb6d03495fcf3a0dbe8b1c4b3fdce1229d58df01ab63e1f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690516", "to_ids": true, "type": "ssdeep", "uuid": "23b5a5de-17a6-45cb-b121-cfe6e3be4cc3", "value": "6144:HsfTeBdov5r9pzA+pqUPFVf0P16ZT1qljtRwTbmSpsSYC4xNSZe:av55pl86FVf668RwGSpsVXSZe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690516", "to_ids": false, "type": "size-in-bytes", "uuid": "76e02a82-ec60-4d6e-a4d7-f7948d1dc536", "value": "482816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690516", "to_ids": true, "type": "vhash", "uuid": "3223c6a2-6196-4645-a8f8-b5344cea5e21", "value": "0450a66d1565551c055d014z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690516", "to_ids": true, "type": "filename", "uuid": "09f3c1ab-73df-4d0a-8d51-400d53792df6", "value": "2025-12-30_73f4e8a89e297f901a5c1309a946c404_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690516", "to_ids": false, "type": "text", "uuid": "d6c2403f-f03b-4d19-9f2c-3e5207567798", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:49/72\nFirst Submission:2025-12-30T00:21:09.000000+00:00\nLast Submission:2025-12-30T06:51:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695420", "uuid": "47510b11-e2b2-443a-ae12-36fd2743cd9b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695420", "to_ids": true, "type": "md5", "uuid": "9277543c-38f5-49f7-a64e-713840629598", "value": "df4f93f64f174ab55c743f621a39b601", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692081", "to_ids": true, "type": "sha1", "uuid": "406704ef-4cf4-446f-8f55-0f9dd8149253", "value": "7a429aa32988d40a8777c010dd100b694c3da91c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692081", "to_ids": true, "type": "sha256", "uuid": "2a793fac-86ae-4621-bbb3-b04f67ef6a05", "value": "758a6fe99001ea137d6dd8dda7b52af132f33571515bc58a2a9c77231d5cbf81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690538", "to_ids": true, "type": "ssdeep", "uuid": "7d9b9fa5-af54-4669-827e-6545059e0663", "value": "6144:wDT6E9288Cs8F10YiFLA6KSLPjwYV6X3tZcYh4Eiq+rWe9kYC4x/Yw:I2jCZFm7LA6KSXwY7Yh4EUrWe9XSw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690538", "to_ids": false, "type": "size-in-bytes", "uuid": "3ba7efbe-5bc2-4f13-bc79-5d14fb0a3c41", "value": "693248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690538", "to_ids": true, "type": "vhash", "uuid": "81d306e3-7fba-47c9-8f53-aaf323e9b1e8", "value": "0650a66d1565551c055d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690538", "to_ids": true, "type": "filename", "uuid": "eeee9863-f485-4ae6-a991-4ff0ecaebed0", "value": "h1jgpo.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690538", "to_ids": false, "type": "text", "uuid": "9a2f6fc4-3dce-4de8-b511-67220f9ba928", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-02-21T11:55:36.000000+00:00\nLast Submission:2026-02-21T11:55:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695441", "uuid": "1190baa2-37d2-481c-866f-46d1f1f5f854", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695441", "to_ids": true, "type": "md5", "uuid": "2930f362-78c8-4b03-803f-176dd82095d0", "value": "ba494db79bf3f68ca4f1a1c166a1ed3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692082", "to_ids": true, "type": "sha1", "uuid": "2aada0ce-b74d-46e2-9521-427db58d8341", "value": "ae8180b5dab2cdfec3fb69f1e4568238b1965509", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692082", "to_ids": true, "type": "sha256", "uuid": "09750886-1ae8-43aa-b167-b848e1bd0527", "value": "82d7f7bf12e9dc89251fa189b034549497e35c3906e6eb72f1c1c00dd4a45ae2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690560", "to_ids": true, "type": "ssdeep", "uuid": "810fc35d-012a-4f65-ba9f-a51597752f4f", "value": "12288:qAPcyJ1TarGU2fRhF0IwqeY0OZm+9q9Lo/:qOHJ1T22fRhF05Y9Iu/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690560", "to_ids": false, "type": "size-in-bytes", "uuid": "268df2e9-c408-4342-82bf-71fab68dbd77", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690560", "to_ids": true, "type": "vhash", "uuid": "cbbde6cd-a346-46f1-8d17-2a2cf05b5af3", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690560", "to_ids": true, "type": "filename", "uuid": "1fb7954d-53f9-45bf-a2a8-260dac91edc8", "value": "2026-02-19_ba494db79bf3f68ca4f1a1c166a1ed3a_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690560", "to_ids": false, "type": "text", "uuid": "87369d61-4069-4c97-93d7-5b5ee1b5595a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-02-10T21:35:25.000000+00:00\nLast Submission:2026-02-19T01:49:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695463", "uuid": "a029e6b7-a56c-460b-af05-eee9dc9efb17", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695463", "to_ids": true, "type": "md5", "uuid": "c84a0670-90af-4180-b8fe-4866b95d950a", "value": "1bf0df49a96b2eb8dbd40873b9369632", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692083", "to_ids": true, "type": "sha1", "uuid": "45491a28-65d7-4d3b-8b72-e41f21302719", "value": "e3f0dd86d4d361089bbc31068822e7576a950b4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692084", "to_ids": true, "type": "sha256", "uuid": "d9054847-022c-460c-aeaa-5d8a88c45f3f", "value": "83f28f78af88aaeec75f7ca5dd461dd994649c3a3b8e7551ee6e2256a3e2217b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690581", "to_ids": true, "type": "ssdeep", "uuid": "a3d15aa2-8908-4625-8354-b06ffcbb42c6", "value": "6144:0dVkgi360XIf+HwIoImydhCrcikuNThtnl4Yt4pV7mNshYC4x5kR:Af+HwIomdhCxkukYtspmNsSjkR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690581", "to_ids": false, "type": "size-in-bytes", "uuid": "c9e5d0a2-163d-4598-af87-001faf9b66df", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690581", "to_ids": true, "type": "vhash", "uuid": "4fa98881-35b6-4d94-a7f4-217ed6465346", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690581", "to_ids": true, "type": "filename", "uuid": "88f85150-5cf9-444f-97db-d79ad183782a", "value": "7tw21.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690581", "to_ids": false, "type": "text", "uuid": "19e213d8-e31d-410c-8472-04dcc5e01b98", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-08T16:08:46.000000+00:00\nLast Submission:2026-02-08T16:08:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695484", "uuid": "1de7d361-3465-41c1-9e56-c1aaa8c00670", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695484", "to_ids": true, "type": "md5", "uuid": "76702306-89ec-4051-a5c5-a2763b9edef0", "value": "afc558afb310ec601262a74046584b60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692084", "to_ids": true, "type": "sha1", "uuid": "9b904c84-c956-4440-b120-6c89c7fa7ca7", "value": "1e0c801050f1d7896c2e76779bd271b500c1340d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692084", "to_ids": true, "type": "sha256", "uuid": "28b929ad-c872-4579-9dfb-cca250083d4b", "value": "85f573bddcdf838c9b4a40e1c767aff996c6c26c812e7bba635fbf570dc7b19a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690603", "to_ids": true, "type": "ssdeep", "uuid": "1bd74da8-2672-4a4d-9f36-d32e1da6cca3", "value": "12288:VQPchJ196rZsGQqY6YIwqvYf+m+9j2wA:VekJ19fGQqY6YsYfJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690603", "to_ids": false, "type": "size-in-bytes", "uuid": "b0898693-642f-4b55-9e09-4b46bdadf42b", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690603", "to_ids": true, "type": "vhash", "uuid": "3f97ac08-f75a-4c61-844c-b7243994d8ff", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690603", "to_ids": true, "type": "filename", "uuid": "2e06cb02-dc32-4b44-b849-ecb094b02837", "value": "r9mzoeet.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690603", "to_ids": false, "type": "text", "uuid": "35f1ad06-ab1a-40fc-a421-fb6a01ea6f77", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:49/72\nFirst Submission:2026-02-19T18:16:19.000000+00:00\nLast Submission:2026-02-19T19:49:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695505", "uuid": "00afcebd-4bed-486b-b695-2909f6b15c82", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695505", "to_ids": true, "type": "md5", "uuid": "ed1bbfa9-f55b-478e-8070-96720a021aca", "value": "b27ddcbaa9e18952c52ea72f401947fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692085", "to_ids": true, "type": "sha1", "uuid": "3372ee1e-f74e-4982-8f1d-11a89fe8af91", "value": "65a924c0dfc9768be87c14037f521b656878a1d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692085", "to_ids": true, "type": "sha256", "uuid": "c14c42b7-8ef8-45bc-a54d-9ebeec1beb4e", "value": "874da4ec130131674f2b99aabe2004e87b0724e0581e6b0e33f5ffed2c92a7f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690625", "to_ids": true, "type": "ssdeep", "uuid": "75a80bbc-26fd-47dc-be00-b2d020c600d9", "value": "6144:2sfTeBdov5r9pgA+pqUPFVf0P16ZT1qljtRwvxfSpsSYC4xNSZe:Pv55p286FVf668RwvpSpsVXSZe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690625", "to_ids": false, "type": "size-in-bytes", "uuid": "1d5fd4c4-4273-4a9e-8210-904806f905e1", "value": "482816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690625", "to_ids": true, "type": "vhash", "uuid": "a9d3595c-2dac-4d2f-b6fe-ff256bbd2dcf", "value": "0450a66d1565551c055d014z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690625", "to_ids": true, "type": "filename", "uuid": "6a394b68-6053-45e1-b3c9-b8b9fa782169", "value": "2025-12-30_b27ddcbaa9e18952c52ea72f401947fd_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690625", "to_ids": false, "type": "text", "uuid": "7b719fa1-56ce-49da-a437-b39f67085bcf", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:49/72\nFirst Submission:2025-12-29T23:47:19.000000+00:00\nLast Submission:2025-12-30T05:33:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695526", "uuid": "e9b13342-a2d6-4a97-b325-13c8ab5276be", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695526", "to_ids": true, "type": "md5", "uuid": "1b440f9c-617c-424d-9fbf-df7da5502beb", "value": "491d2643152dc5a8333d36c030a4124f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692086", "to_ids": true, "type": "sha1", "uuid": "c8eb5cc0-889f-495b-af34-151c04c77148", "value": "64b3db26213e7d413c7ae7ccbe1de7c6a95810d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692086", "to_ids": true, "type": "sha256", "uuid": "a389ebc6-66bd-460a-a922-27332d26c525", "value": "88bf79cf6297ecd38ad395ef03927129ab3ae81cfc253b10568ca5a0d48f0a7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690647", "to_ids": true, "type": "ssdeep", "uuid": "69139686-a0d0-4b6d-b8c3-515f2fb98267", "value": "6144:XuZuHx7J4ANZSv2YswVjlHm6VcpkPaMjSN10YHvqSBsMtYC4x0dR:5ZSv2YswVRHm6wkP/YHvqSBs7OR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690647", "to_ids": false, "type": "size-in-bytes", "uuid": "4ce43fda-bc73-4bc9-b0ac-e0a07a86b53c", "value": "659456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690647", "to_ids": true, "type": "vhash", "uuid": "13a0e628-657c-4724-b35a-2fd1e481d313", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690647", "to_ids": true, "type": "filename", "uuid": "fd07ed36-5272-4f5e-bfeb-ed08629aa1be", "value": "fwf9fmfye.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690647", "to_ids": false, "type": "text", "uuid": "a35fc60f-f53a-4b41-98e3-8baa347d541a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:48/72\nFirst Submission:2026-02-06T05:57:41.000000+00:00\nLast Submission:2026-02-06T05:57:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695547", "uuid": "9d3df637-c322-43bb-a06d-f12d83cf1010", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695547", "to_ids": true, "type": "md5", "uuid": "26fad10c-5b58-436b-8089-82cae5edd4ff", "value": "92e07c128db70241555f95e8d8bf29c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692087", "to_ids": true, "type": "sha1", "uuid": "206ab845-48b7-4161-b284-245f0a9c738e", "value": "92b8d434eb3557933a77e78928937881ca0fcfa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692087", "to_ids": true, "type": "sha256", "uuid": "629b81bf-ff61-4b71-b5fa-f9078b082251", "value": "8b9a0e56b267217ccb0423ed86f3baa9ae57f74dbf9c23103031d5dd3bb45012", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690668", "to_ids": true, "type": "ssdeep", "uuid": "d2ce64ec-4838-40b8-b9c9-20ef16dcf0a1", "value": "12288:GL8uFXs19MI3aFRwLX0YDCfts+kEe99zc:GL8uF49MI3aF/YDCVXlYc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690668", "to_ids": false, "type": "size-in-bytes", "uuid": "cee43057-5607-4810-b559-7c837ac84dba", "value": "692224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690668", "to_ids": true, "type": "vhash", "uuid": "87134000-5ef4-4895-b622-c0bada4ab2ff", "value": "0650a66d1565551c055d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690668", "to_ids": true, "type": "filename", "uuid": "0bc26824-3c68-4108-8e49-1bba2aa0ce39", "value": "s5gv6ui.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690668", "to_ids": false, "type": "text", "uuid": "1dec31f2-ab9d-4e54-bea7-9bdbd8c9fd1b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:47/72\nFirst Submission:2026-02-10T19:57:28.000000+00:00\nLast Submission:2026-02-10T19:57:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695569", "uuid": "69e8e16b-fe5e-4ea5-b1d1-20d0e4ee9dad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695569", "to_ids": true, "type": "md5", "uuid": "15e03553-112b-488c-a695-e7914834058f", "value": "e6797c2165212c357a19d55f63199101", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692088", "to_ids": true, "type": "sha1", "uuid": "710784c7-a0f3-4963-9fa4-25ae2b25bdc6", "value": "0571289f53caca1f8854762f610638be0c55a699", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692088", "to_ids": true, "type": "sha256", "uuid": "f33cb036-6188-406f-a210-2794e6294586", "value": "8c7aea915472c54de06aecef05cb54dc07c3387a454f090191933ef2783e7832", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690690", "to_ids": true, "type": "ssdeep", "uuid": "f859aa77-d7d9-4ed4-8758-f2cd1af58294", "value": "12288:YQPchJ1N6r3sGQqY6YIwqvY9j+m+9j2wA:YekJ1NRGQqY6YsY9jJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690690", "to_ids": false, "type": "size-in-bytes", "uuid": "c7c914d4-9c86-482c-8b31-db37a22dd2bf", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690690", "to_ids": true, "type": "vhash", "uuid": "2510de83-1aaa-4241-93a7-2b7a98e03815", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690690", "to_ids": true, "type": "filename", "uuid": "b844bd82-61c1-4c39-bce9-49c590ab21f6", "value": "gaclkk6e8.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690690", "to_ids": false, "type": "text", "uuid": "55b540bb-6ab3-4731-ae86-359ddaa0f25d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:48/72\nFirst Submission:2026-02-18T04:28:30.000000+00:00\nLast Submission:2026-02-18T04:28:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695590", "uuid": "75145e8a-c1ca-453c-ac6b-a886deca047d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695590", "to_ids": true, "type": "md5", "uuid": "9e9bc989-2b38-4a8e-9b8c-221242d6d5c5", "value": "271e48bae4980c502457e268ba3c4bc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692089", "to_ids": true, "type": "sha1", "uuid": "92935a82-091c-4514-aa82-d0215417dcfe", "value": "5b6045803c3c362b9f506bdeca872067145cd530", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692089", "to_ids": true, "type": "sha256", "uuid": "99abcc8b-9b61-40e1-9ffa-e31be78d3792", "value": "8dacdbf7e7dd12da5bbe0f95567c957f2db53468994b100b5ddb00ee85f19d60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690712", "to_ids": true, "type": "ssdeep", "uuid": "2b39ad06-f353-4a83-9f0f-a3b86a200713", "value": "6144:55E9jmqP36G3dNL2vd++HbHnpfdSVflt1Cz1wpa0bRsoYC4xzzaU:o36sNivd37npfxz1wpa0bRsT1+U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690712", "to_ids": false, "type": "size-in-bytes", "uuid": "8f99fbad-a9ee-4ed8-ae17-f03ba1906ad4", "value": "648192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690712", "to_ids": true, "type": "vhash", "uuid": "35493561-29e8-4301-a979-d5f3d5e669e8", "value": "0650a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690712", "to_ids": true, "type": "filename", "uuid": "82d024ca-67d5-43ac-b7c5-e624242cf2b5", "value": "2026-01-25_271e48bae4980c502457e268ba3c4bc2_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690712", "to_ids": false, "type": "text", "uuid": "928de358-b8c0-4d4e-a11c-1914a76bdafa", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-25T11:31:03.000000+00:00\nLast Submission:2026-01-25T17:47:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695611", "uuid": "f3b926c2-e091-48bc-8b10-405d6bc6d021", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695611", "to_ids": true, "type": "md5", "uuid": "2c32583c-2c5c-4497-8d9f-7678b22a06a9", "value": "0255e1f0f646561d303a5c424d563844", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692090", "to_ids": true, "type": "sha1", "uuid": "14d8c7d4-b219-4cc1-91ec-47c799b958e9", "value": "b3a9158e147822caa1f708bdc2208c84c5c5ac48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692090", "to_ids": true, "type": "sha256", "uuid": "ff6d3bd0-7c74-4107-83dd-1d3dfed0e6be", "value": "932a2cbb9b927b97cc67727ace589fbbcf332bf481d955f71f61dfd42f6253d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690734", "to_ids": true, "type": "ssdeep", "uuid": "ba7a6709-d5e5-41ea-bcfa-63f0614c81b6", "value": "12288:rQPchJ1T6r3sGQqY6YIwqvY73OeU+m+9j2wA:rekJ1TRGQqY6YsY73OeUJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690734", "to_ids": false, "type": "size-in-bytes", "uuid": "c6c1cf71-e02f-45ad-916f-f4e7c75289dc", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690734", "to_ids": true, "type": "vhash", "uuid": "b7ab6531-0a8d-42aa-90df-d432e6437388", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690734", "to_ids": true, "type": "filename", "uuid": "6b1a45fd-22f4-43f1-9cfe-030f2c34ba7b", "value": "2026-02-23_0255e1f0f646561d303a5c424d563844_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690734", "to_ids": false, "type": "text", "uuid": "81212f21-2bdc-4be9-9d28-9341e9c991b7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:47/72\nFirst Submission:2026-02-18T21:45:23.000000+00:00\nLast Submission:2026-02-23T11:51:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695633", "uuid": "165bd19c-9837-4c38-a3c0-fe3ac599c274", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695633", "to_ids": true, "type": "md5", "uuid": "b7614749-d2d3-4482-8d8a-070725eaee20", "value": "29566be51c5db5fe85a8fb19a33efaed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692091", "to_ids": true, "type": "sha1", "uuid": "1cf35f3f-6f8b-4f55-b999-6b4e6fdcbb4a", "value": "62a01b7a5dbc2fed3e1ad659eb3ed63724943c58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692091", "to_ids": true, "type": "sha256", "uuid": "87af96e3-ba20-41aa-8d97-6bfbeb1052eb", "value": "939c54956613ed402b43bff9ca54666172ddec13556df4aea2ad36a8fce235f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690756", "to_ids": true, "type": "ssdeep", "uuid": "34f650ed-89ba-456b-9e75-1d696204241d", "value": "6144:kGS9PA4SJ3r9FpLlnixElUcGygG4yC2z6RzyyFgcslYC4xxkmU:MSJ79bLlisUcGez6pyygcse/HU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690756", "to_ids": false, "type": "size-in-bytes", "uuid": "b2469e5f-b4a5-4ed9-8ba9-7f3f5c480329", "value": "648704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690756", "to_ids": true, "type": "vhash", "uuid": "0c868ade-5cfc-4436-9988-45175b06d331", "value": "0650a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690756", "to_ids": true, "type": "filename", "uuid": "9c9c44ea-87c9-40ef-ac31-51a3c0cad43d", "value": "2026-01-26_29566be51c5db5fe85a8fb19a33efaed_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690756", "to_ids": false, "type": "text", "uuid": "4b8ec0d9-d318-40eb-991e-b107117d2442", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:49/72\nFirst Submission:2026-01-26T06:08:05.000000+00:00\nLast Submission:2026-01-26T19:47:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695654", "uuid": "f36329f7-66fe-461d-aa07-3c03291055f2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695654", "to_ids": true, "type": "md5", "uuid": "f1744213-d26f-4496-b2f1-bd0b73f2de23", "value": "72d4cf9df9dfa706583603bc460f957e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692092", "to_ids": true, "type": "sha1", "uuid": "7e1ad774-6077-4962-98b4-4e9bf6a90588", "value": "668eb6d4fcd9e9716ceedb42df29e87d15722157", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692092", "to_ids": true, "type": "sha256", "uuid": "fd2b00ab-38d4-40cf-8ac6-fc60c062d714", "value": "967d303ae8d9db6a0372703555b100ea40bc79b654f4a516528a194aae68b895", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690777", "to_ids": true, "type": "ssdeep", "uuid": "406b2730-74a9-4b30-b2e0-dd6ccadabc5c", "value": "12288:ZQPchJ1v6r3sGQqY6YIwqvYjj+m+9j2wA:ZekJ1vRGQqY6YsYXJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690777", "to_ids": false, "type": "size-in-bytes", "uuid": "39468a63-8762-4882-ac81-8473a53ab615", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690777", "to_ids": true, "type": "vhash", "uuid": "4d0abee3-fa63-4c84-9529-7bc2bc9a3b78", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690777", "to_ids": true, "type": "filename", "uuid": "8f29102a-c21c-4f54-a040-ebf57ceb4ba9", "value": "2026-02-18_72d4cf9df9dfa706583603bc460f957e_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690777", "to_ids": false, "type": "text", "uuid": "20118623-0b54-49d3-9eaa-96dc921f141c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-02-16T00:13:00.000000+00:00\nLast Submission:2026-02-18T17:31:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695675", "uuid": "2cf7f98e-f9cc-4ec8-99a9-d381581c4932", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695675", "to_ids": true, "type": "md5", "uuid": "120ac50b-ce74-4494-9800-effb62c81649", "value": "0778511e171e83e4232b4b38a3f9c0e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692093", "to_ids": true, "type": "sha1", "uuid": "00e8e2d8-dda4-4efd-9e78-35e0ac79f8e7", "value": "aa822aaae6ba454875c0e6374f7b3e3c21a949b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692093", "to_ids": true, "type": "sha256", "uuid": "8c8fee91-71c3-4994-b32d-024fce23d79e", "value": "99ae607df167457518fef27d35ea72d1a3c250dcc451000e596ce327bc783195", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690799", "to_ids": true, "type": "ssdeep", "uuid": "adbce207-9b4f-4ac9-9592-9df8716e56e6", "value": "6144:7dVkgi360XIf+vwIoImydhCrcikuNThtnlRYsj4WLmNshYC4x5kR:3f+vwIomdhCxkuNYMVLmNsSjkR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690799", "to_ids": false, "type": "size-in-bytes", "uuid": "5f746ba5-9a89-4f73-ba5f-3c1be6af5547", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690799", "to_ids": true, "type": "vhash", "uuid": "311f829f-c8c1-44d2-8f6b-c2a374e11c1c", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690799", "to_ids": true, "type": "filename", "uuid": "e77d4fd7-378b-46c7-8faf-bce5ab5ba167", "value": "5wvv3dfb.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690799", "to_ids": false, "type": "text", "uuid": "4c7ee24f-35c7-40c5-9702-6acf4d2f5c80", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-02-08T10:57:47.000000+00:00\nLast Submission:2026-02-08T10:57:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695696", "uuid": "93742c25-6a71-4f71-861c-f86ea230a0f1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695696", "to_ids": true, "type": "md5", "uuid": "6e4a1793-2935-4949-826c-ec8b1800926d", "value": "ea7ce7d5e30a2b1c8ddd6494e09f2824", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692095", "to_ids": true, "type": "sha1", "uuid": "96412209-f49d-4e6d-b480-0dd49445d2dd", "value": "8d8a6f599149fa98e56a2f754fcbeb3659715c1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692095", "to_ids": true, "type": "sha256", "uuid": "b2490fd8-df1f-42c1-ae88-3b75dcdf7a0a", "value": "9bf43b3e6f2204d5dd9c49eefc956bedc200730072c5a1cb40a9b5805cfb5a5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690821", "to_ids": true, "type": "ssdeep", "uuid": "eb664204-78e7-4b81-9624-567f826de3a7", "value": "12288:5LIWPZ22F8oxLW0CYrHnozX72s2psJflOmz:pIWhHFW0CkozX72s2wVz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690821", "to_ids": false, "type": "size-in-bytes", "uuid": "76d5c8c3-0ec0-457e-a219-b778da8d94fe", "value": "490496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690821", "to_ids": true, "type": "vhash", "uuid": "7e858798-0e58-4cce-8cbe-cf49396fef22", "value": "0450a66d1565555c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690821", "to_ids": true, "type": "filename", "uuid": "b416630b-e654-4b07-a026-bdacba2da0c6", "value": "7cqeaje.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690821", "to_ids": false, "type": "text", "uuid": "757d1805-96e0-45df-ae95-7bcc0275819c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:48/72\nFirst Submission:2026-01-25T03:27:44.000000+00:00\nLast Submission:2026-01-25T03:27:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695717", "uuid": "201358ab-7dd4-4698-89a9-5e9fdd073a6b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695717", "to_ids": true, "type": "md5", "uuid": "43f9ca9f-c8ac-4c79-a9db-07723d8b3e04", "value": "eb3701596831a10e01d3c2320d4d293d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692096", "to_ids": true, "type": "sha1", "uuid": "4ebc733f-5dd9-40d3-aca8-af9e133ec10f", "value": "c80115f54f42f511f76e09f6013c53738a7022a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692096", "to_ids": true, "type": "sha256", "uuid": "7e8a2ce6-e32c-4893-b8b0-59e88b0021bb", "value": "9fcefc9e5b8e0da950d23383f26a51101569c5d7e8329a9f4d4d37e5f3fbcb24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690842", "to_ids": true, "type": "ssdeep", "uuid": "570ee42a-53f3-42bb-a857-9fcd64f65497", "value": "12288:0QPchJ1Z6rZsGQqY6YIwqvYGaJ+m+9j2wA:0ekJ1ZfGQqY6YsYZJJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690842", "to_ids": false, "type": "size-in-bytes", "uuid": "1dfc5cee-9575-401f-bec0-dd37079fa78c", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690842", "to_ids": true, "type": "vhash", "uuid": "09c5ae0d-ab05-4759-89a4-80e0cae4328c", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690842", "to_ids": true, "type": "filename", "uuid": "f815e372-db96-471f-a1d8-9d9380a934f8", "value": "2026-02-21_eb3701596831a10e01d3c2320d4d293d_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690842", "to_ids": false, "type": "text", "uuid": "ec169fe0-47b9-4b5f-ba9f-739700104c6f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-17T07:39:28.000000+00:00\nLast Submission:2026-02-21T04:19:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695739", "uuid": "0a9441dd-fa6c-49c2-9662-b360c3e5166b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695739", "to_ids": true, "type": "md5", "uuid": "71a90697-222e-40fb-a459-fa4336650063", "value": "f67074236bc2508c263930170cfa65a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692097", "to_ids": true, "type": "sha1", "uuid": "d0864ec8-4004-43e8-af14-2e5bef6fcf47", "value": "9c332add8b2ec6ff7ed43def52c379b02718cf04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692097", "to_ids": true, "type": "sha256", "uuid": "bb8601af-fcf8-411f-be18-7bb9801c7e00", "value": "a47f46cd612ad3545cd96ed54cf0f5e33e87721515c359298fdb337c1ce7bf71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690864", "to_ids": true, "type": "ssdeep", "uuid": "d5d7ed72-9991-40cc-b666-73f6b62508f7", "value": "6144:hphd/kbqNGv9Kn0NgCtpsskyDtE17sgpiRJzBlm9+rrtYiZsuYC4x6TT:DGVKn0gCbsskQE17MzBkYrrpZsJUTT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690864", "to_ids": false, "type": "size-in-bytes", "uuid": "f251560b-ff22-48d8-85c3-c02864cda0e7", "value": "484352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690864", "to_ids": true, "type": "vhash", "uuid": "a230815d-fe26-4d5d-b32a-68165ead59c7", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690864", "to_ids": true, "type": "filename", "uuid": "d7d379cf-1ebe-4511-8c74-a82ed5d7d814", "value": "bh8aaz.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690864", "to_ids": false, "type": "text", "uuid": "77f96047-46d3-499c-867d-60a36c961ce4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-01-09T23:45:04.000000+00:00\nLast Submission:2026-01-11T20:19:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695760", "uuid": "d1b5c070-6906-4a0f-95f6-cbc03234370c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695760", "to_ids": true, "type": "md5", "uuid": "a925492a-0cd5-4d08-b43f-156b898fe157", "value": "800aee79001a10e41f6dc1fec9caffed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692098", "to_ids": true, "type": "sha1", "uuid": "9caa6445-017c-4d89-a6f4-35a34ffac066", "value": "8018375e6d6a2864a5cb7f35b14856f61c9ab0e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692098", "to_ids": true, "type": "sha256", "uuid": "dbbfa949-9a69-461f-80ec-9affd3453a15", "value": "aa9797ee5cc8658dbf3b339e7fd0e63d1a2c2c4066aa10b271ca6f25b7d4403f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690886", "to_ids": true, "type": "ssdeep", "uuid": "cf432fc0-b9ea-4fe8-925f-30541236acc2", "value": "6144:dLjCR3J0Nd+Du9enydjbveOQ8+uN3kscZR+AxsQ6CM0dBqfb5u5s1YC4xtT:7enWjbGOQ8+8ksvQ6CRqFu5su/T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690886", "to_ids": false, "type": "size-in-bytes", "uuid": "50b60210-e93e-4ec4-ab22-b9772596176e", "value": "654336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690886", "to_ids": true, "type": "vhash", "uuid": "c3b5da06-928a-4af2-8600-2f348c0dd5a1", "value": "0650a66d1565551c055d0123z206004e52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690886", "to_ids": true, "type": "filename", "uuid": "9dfd8a50-8484-4c4c-8c44-efc2c109c663", "value": "topjm7h.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690886", "to_ids": false, "type": "text", "uuid": "c5566065-9d6b-4590-8bd9-1a23745b758b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-01-31T20:48:03.000000+00:00\nLast Submission:2026-02-02T10:33:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695781", "uuid": "dbad731c-036e-4be3-b43b-3f1a192f4756", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695781", "to_ids": true, "type": "md5", "uuid": "f5054291-17d3-4693-ad5f-586268171cb6", "value": "e398af8f9dac6db01857bb024e64af02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692099", "to_ids": true, "type": "sha1", "uuid": "f00df51e-29b5-4245-b0f0-b9e2793659d6", "value": "49f9a822e8dda1633b160ac656d5599f2ecc3130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692099", "to_ids": true, "type": "sha256", "uuid": "c15f42a7-bebf-400b-b66a-9c09ab78dc16", "value": "adc770c676c9fa1136630f55f23d22e0aed4c1dba5d45f57023dbb22bfb67512", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690907", "to_ids": true, "type": "ssdeep", "uuid": "9d452f35-7305-42c3-a4b6-231d152fd6de", "value": "6144:RPX9GfQu3c8dgUL22O9x74iiyMRoU9liw5IwTzcEFU5iSc0sRs7YC4xZEE:QgULXO9l4iiXoU9zzcEYsRsE/EE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690907", "to_ids": false, "type": "size-in-bytes", "uuid": "fd9404d3-d3c5-43d3-a5c1-bcb98c8767fc", "value": "650752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690907", "to_ids": true, "type": "vhash", "uuid": "f44151f2-419b-416d-a428-4d273eb7b2ed", "value": "0650a66d1565551c051d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690907", "to_ids": true, "type": "filename", "uuid": "7c8ebded-839f-4a2a-b14e-cc3e9604acb7", "value": "2026-01-27_e398af8f9dac6db01857bb024e64af02_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690907", "to_ids": false, "type": "text", "uuid": "9e0256e3-3f82-45a8-96c3-b54b9ef8c7b9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-01-27T02:09:20.000000+00:00\nLast Submission:2026-01-28T05:33:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695802", "uuid": "78464e3e-1b91-4e79-a2ed-86b8ca42973b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695802", "to_ids": true, "type": "md5", "uuid": "68b8ef9d-5b45-4cf5-993b-05123ea6879c", "value": "dfd2ab92f2c1c12f39fedac858067273", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692100", "to_ids": true, "type": "sha1", "uuid": "c4944f5a-8afc-4be0-8fd8-bfb06b14c6d5", "value": "73a7d1c5edd2a24d8adde55a851babb5e565e778", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692100", "to_ids": true, "type": "sha256", "uuid": "65d4c944-a5cd-4a9a-8c4d-42ee5d83ee2f", "value": "b166b1dfe98c6cc4981b93689810269bb27e197156a865c8f12c3fb926cc9b13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690929", "to_ids": true, "type": "ssdeep", "uuid": "97b8bbdd-7fac-4055-8959-4c0bd91b5aa3", "value": "12288:k+qgjZPTKkzQNcvq+rthBWEy6lQ9YUKq2:jqgjpKkzQNc3pWEyOc2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690929", "to_ids": false, "type": "size-in-bytes", "uuid": "b0e37f53-dfde-4f05-8c04-b42329eb9774", "value": "693760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690929", "to_ids": true, "type": "vhash", "uuid": "824d1004-6e89-41b8-8396-05e0d021cc43", "value": "0650a66d1565551c051d0123z2060049511z11z37z33z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690929", "to_ids": true, "type": "filename", "uuid": "87dc4721-25dd-4176-92b6-9bdc1b9a49e5", "value": "2026-02-15_dfd2ab92f2c1c12f39fedac858067273_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690929", "to_ids": false, "type": "text", "uuid": "f5491af4-433a-42f4-8c42-04aca206101c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:48/72\nFirst Submission:2026-02-13T20:35:00.000000+00:00\nLast Submission:2026-02-15T20:22:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695823", "uuid": "2175eea8-aaeb-419e-ad50-88139e4cdb63", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695823", "to_ids": true, "type": "md5", "uuid": "b87f32a4-2015-489d-be29-17f3ba089dfa", "value": "559939128308802c6d2c056c5cfabfe4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692101", "to_ids": true, "type": "sha1", "uuid": "c6c675ad-8b4d-43cf-89ab-b1641a9e6a94", "value": "1ad7a4d381e5997bf7fd4453cf1d203e1fd00aca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692101", "to_ids": true, "type": "sha256", "uuid": "9b1926ab-a280-452b-9c1b-ec7e97b714de", "value": "b283772fc5a63036f58ad6362fd8ecbbf63f80d554779e198899c6a136c65b66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690951", "to_ids": true, "type": "ssdeep", "uuid": "8b7ce040-1d8f-4561-92df-fa13dc132e81", "value": "6144:buZuHx7J4ANZSvZYswVjlHm6VcpkPaMjSN1JYaYCpxSBsMtYC4x0dR:1ZSvZYswVRHm6wkPaYypxSBs7OR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690951", "to_ids": false, "type": "size-in-bytes", "uuid": "7696a548-da4a-41b5-be07-6e1908097217", "value": "659456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690951", "to_ids": true, "type": "vhash", "uuid": "0e9cdd16-a825-4dbc-a881-68e8117ccd92", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690951", "to_ids": true, "type": "filename", "uuid": "0ac88b1d-825b-4b2f-b0fc-0d18d79e1550", "value": "ojzdq.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690951", "to_ids": false, "type": "text", "uuid": "940f103d-6e92-4ac9-aff3-9078067f24c9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-02-05T18:27:29.000000+00:00\nLast Submission:2026-02-05T18:27:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695844", "uuid": "d03afb15-557d-4904-82c3-42db7ee17de8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695844", "to_ids": true, "type": "md5", "uuid": "140924b4-9c4e-4319-98e3-8b128f768d16", "value": "63ab11602bc021d016379539a4d11787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692103", "to_ids": true, "type": "sha1", "uuid": "6654bdcc-37c0-4312-94e6-3003eb4b4160", "value": "dc4fb6ac355bd54bde6ae286a76827accadca9ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692103", "to_ids": true, "type": "sha256", "uuid": "f64e8090-6fc7-4651-bac9-438361a03805", "value": "b37943923000b626797acc960d4f8d6ffd87d290f51f1d7e053d87ad1628f932", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690972", "to_ids": true, "type": "ssdeep", "uuid": "37a5096f-70c8-4bf0-a40f-8bfeaf67412e", "value": "6144:VvIkbjOc0dgO6AUHgZqKDpyjiLkeRBsIBYC4xIaU4:fOjCO6ALZq4RBsNeaU4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690972", "to_ids": false, "type": "size-in-bytes", "uuid": "c34c8ffc-5247-47f0-94db-0078d3076439", "value": "437248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690972", "to_ids": true, "type": "vhash", "uuid": "af34f704-e83b-4c63-982d-c6bf7a03e109", "value": "0450a66d1565551c055d014z206004e4d1z21z37z2021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690972", "to_ids": true, "type": "filename", "uuid": "265232b5-773d-41f9-ae09-d740c42bfe3f", "value": "2025-12-29_63ab11602bc021d016379539a4d11787_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690972", "to_ids": false, "type": "text", "uuid": "755250a8-0205-409a-8562-04e0448068eb", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:48/72\nFirst Submission:2025-12-29T11:28:22.000000+00:00\nLast Submission:2025-12-29T18:07:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695865", "uuid": "28badc3b-3571-423b-85db-04417a9376c1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695865", "to_ids": true, "type": "md5", "uuid": "3c8f1337-ac34-44ed-9ffd-146089472fe9", "value": "9a44b4b34a3052c8068c67aab6fc5157", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692104", "to_ids": true, "type": "sha1", "uuid": "ee403d8e-b32c-4564-a725-2c21221fee19", "value": "418b70baabb4f54031494b61ecf2a1b71f8b4528", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692104", "to_ids": true, "type": "sha256", "uuid": "a1cf8ba7-685c-4eaa-9035-0df8e4e557c6", "value": "b5dbeffaffbdb15995939a4b238bf8d42d076948eab8e7444a39387ed485d135", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776690994", "to_ids": true, "type": "ssdeep", "uuid": "697db3b6-cb8b-4b9e-8278-12209cb7d79e", "value": "6144:992PVojfPCPLBGgjp6+fZvs3g0wdstIsPCz116xFIsOYC4x90YU:TPCPLBGgN6+xkg0w5z11MFIspTJU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776690994", "to_ids": false, "type": "size-in-bytes", "uuid": "5f718aa1-de3d-4b0c-81f5-ac6d537d7336", "value": "649728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776690994", "to_ids": true, "type": "vhash", "uuid": "3bdf4f33-fbcf-4783-ad0a-0d2670f8e96d", "value": "0650a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776690994", "to_ids": true, "type": "filename", "uuid": "1dd4a6d2-9df8-4add-accf-3d79699431d1", "value": "2026-01-23_9a44b4b34a3052c8068c67aab6fc5157_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776690994", "to_ids": false, "type": "text", "uuid": "fa3dbe29-1669-47c5-a5dc-1fbf1d3dc553", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-23T08:01:59.000000+00:00\nLast Submission:2026-01-23T15:07:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695887", "uuid": "95b9644f-20a3-48f9-9b56-1670e7c294bb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695887", "to_ids": true, "type": "md5", "uuid": "576c2792-331e-4b3f-b2d9-ca4c717d4e24", "value": "8da9fd08d98ef0493145c7e4899b9d12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692105", "to_ids": true, "type": "sha1", "uuid": "ec467ed2-148f-4315-a519-28c53ddbb83b", "value": "7186fea9ff16d464da46dcfef5d1cdff548273da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692105", "to_ids": true, "type": "sha256", "uuid": "c155a8b8-0757-40fb-9fab-00da52f1bf84", "value": "b748160d6573bb2fa82bf629ff0e49ebe0748855344ad3a1faf20a9225143915", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691016", "to_ids": true, "type": "ssdeep", "uuid": "4d356885-5f24-435a-84d5-961f500dccf1", "value": "12288:cUHhCUBUn7NAr/9jJ7sTGQNCmpsynXSZe:jHhCUiNArdRsTGFmlSZe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691016", "to_ids": false, "type": "size-in-bytes", "uuid": "c4ae2b8e-3ac4-4622-aaf0-192221971ecc", "value": "483840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691016", "to_ids": true, "type": "vhash", "uuid": "5f5d7787-f038-4a8e-830b-074e8de24802", "value": "0450a66d1565551c055d014z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691016", "to_ids": true, "type": "filename", "uuid": "ce9164ec-7a91-4794-8f33-2a1aec2c2d5d", "value": "pw7xa3.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691016", "to_ids": false, "type": "text", "uuid": "17d3de85-c164-48d8-8d28-2f838a5c0345", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:45/72\nFirst Submission:2025-12-30T13:27:52.000000+00:00\nLast Submission:2025-12-30T20:33:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695908", "uuid": "32889f7b-59b5-4abc-93b9-0b04e3e94b48", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695908", "to_ids": true, "type": "md5", "uuid": "c2e1119c-d9ad-4c33-a530-66de40009fd4", "value": "21f6cfef57b337f9776c53f8d1dcc777", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692105", "to_ids": true, "type": "sha1", "uuid": "fea1000f-d132-42cf-bad8-736427a7ece6", "value": "fb535db4e201cc364944590095cfd678225f8002", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692106", "to_ids": true, "type": "sha256", "uuid": "c66f1523-b1ea-4b4b-a38c-0a7ffbd193ab", "value": "c4e43d6a9ff4580c4e299f33e39d59031327019acc9f3c31c64e67aed3cf7600", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691038", "to_ids": true, "type": "ssdeep", "uuid": "fa5ecc94-ea90-4082-b07e-f9baf24bec1d", "value": "6144:sJrh3KifzfQh1OgLdassbWS/uwMws1jYC4xdB3uu:gKifzoh1O+af7Mws23B3uu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691038", "to_ids": false, "type": "size-in-bytes", "uuid": "5b29487b-366f-44f1-bcff-5f279a8dc3d9", "value": "431104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691038", "to_ids": true, "type": "vhash", "uuid": "31a59acc-f9f5-4c2c-bdc2-12b7814ff0a4", "value": "0450a66d1565551c051d014z206004b4b1z21z37z2021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691038", "to_ids": true, "type": "filename", "uuid": "01aa2c1a-889a-4292-b0e2-e6f6bfaa8cd9", "value": "2025-12-27_21f6cfef57b337f9776c53f8d1dcc777_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691038", "to_ids": false, "type": "text", "uuid": "0fc3f518-3378-46d2-9f9b-6e88569c2f0a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:48/72\nFirst Submission:2025-12-25T21:03:06.000000+00:00\nLast Submission:2025-12-27T09:57:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695929", "uuid": "a1084dd9-156a-496f-b711-efcf32652a29", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695929", "to_ids": true, "type": "md5", "uuid": "10fb052c-9266-4cbe-a042-a5d24f02652a", "value": "5a380612071ea118f7c425e79aaab166", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692106", "to_ids": true, "type": "sha1", "uuid": "642a8ab1-3df5-4e41-a31b-41bff9b50f08", "value": "12ea3b436d4a10886b37512f094bf04deaae0ce1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692106", "to_ids": true, "type": "sha256", "uuid": "e02c95ed-8270-4ee2-bbe4-9b5449c3470e", "value": "c8c77a1b6de14b873aaa7842c9ad729bdc5f289c4ad765c49646cd66c0410b6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691059", "to_ids": true, "type": "ssdeep", "uuid": "6cc97f47-f6b5-4b29-a38e-12c812347b0a", "value": "6144:j9qIajXMDz2E9X2IMZsoJgLg9sNSx5baswKrUoFqqzvhlVGw/mJseYC4x0ke:k4Dz2qXmsIeg9sy5FzvYmmJs5ike" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691059", "to_ids": false, "type": "size-in-bytes", "uuid": "65920a9c-9b29-448f-a873-151bb693f2c9", "value": "488448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691059", "to_ids": true, "type": "vhash", "uuid": "a7e73886-75f7-424c-9194-61348c3fb7ad", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691059", "to_ids": true, "type": "filename", "uuid": "586a8bc0-4371-45c7-b328-2348ddd716c5", "value": "hdbywt.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691059", "to_ids": false, "type": "text", "uuid": "674d5f78-a757-415a-9853-e96851d766ed", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-02T06:36:14.000000+00:00\nLast Submission:2026-01-02T06:36:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695950", "uuid": "59266ea3-1240-4867-89cc-21550f25a8ff", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695950", "to_ids": true, "type": "md5", "uuid": "5eef9f05-65b1-444d-899d-996e66895282", "value": "813c32b8c71143984a415bd16b05b739", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692107", "to_ids": true, "type": "sha1", "uuid": "97d3ec5a-0dad-4aec-8747-f046103b183a", "value": "a91ae5314a84e7c094f9639d1b52db2d4e5c33bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692107", "to_ids": true, "type": "sha256", "uuid": "cc312968-65a8-4b1f-b0dd-3d12be4264e7", "value": "d14911adad0c62539d15043cf2deededaf964757d8538044189e19a4a3910c5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691102", "to_ids": true, "type": "ssdeep", "uuid": "4abd392d-04df-452d-960a-a23c8005a286", "value": "12288:aQPchJ136rZsGQqY6YIwqvY2Di+m+9j2wA:aekJ13fGQqY6YsY2DiJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691102", "to_ids": false, "type": "size-in-bytes", "uuid": "1d81ba56-e8d9-46df-8828-7bacbb1e0153", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691102", "to_ids": true, "type": "vhash", "uuid": "348a8228-b1aa-4e30-989a-3c489dd554c4", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691102", "to_ids": true, "type": "filename", "uuid": "9ad400b0-c6b0-4e89-92b9-e23e2a901a23", "value": "2026-02-14_813c32b8c71143984a415bd16b05b739_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691102", "to_ids": false, "type": "text", "uuid": "ab49e66f-80c2-4e9b-a70d-e5c48c64c5e9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-02-12T17:04:14.000000+00:00\nLast Submission:2026-02-16T00:49:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695971", "uuid": "bbd0cece-661e-423d-9d25-8795e991d9ad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695971", "to_ids": true, "type": "md5", "uuid": "bf67a395-f555-460d-9e7f-c52d62c24b5a", "value": "d62f09d3dca903dfe25a871d26d17150", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692108", "to_ids": true, "type": "sha1", "uuid": "eb4033f0-a111-4b34-88f1-67bf3e1aa2d9", "value": "f62bbb5ac0b65d01e5de90707b31c70b4b67f19b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692108", "to_ids": true, "type": "sha256", "uuid": "f835cc2d-6123-4401-8826-6ff815c30916", "value": "d7ba4952f1e477b63259528e96bb106e9cf57fbb6b17f5d27346efdccfa4e35a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691124", "to_ids": true, "type": "ssdeep", "uuid": "fabccab7-7136-4195-895b-962d7583fe18", "value": "6144:CdVkgi360XIf+9wIoImydhCrcikuNThtnl4Y4RqmNshYC4x5kR:2f+9wIomdhCxkukY4gmNsSjkR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691124", "to_ids": false, "type": "size-in-bytes", "uuid": "9dcd895b-ea52-49d8-a74b-7fa2a467a367", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691124", "to_ids": true, "type": "vhash", "uuid": "7e1c77b1-1beb-4086-ab74-598c8f6b96db", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691124", "to_ids": true, "type": "filename", "uuid": "dd5c4fac-3561-4213-b48c-a8e723667653", "value": "2026-02-15_d62f09d3dca903dfe25a871d26d17150_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691124", "to_ids": false, "type": "text", "uuid": "4762b3b7-b9fa-472e-94f9-a658fc50c03f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-02-06T22:05:26.000000+00:00\nLast Submission:2026-02-15T02:29:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776695992", "uuid": "12443775-e937-4ca7-a74e-3172b3e6721a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776695992", "to_ids": true, "type": "md5", "uuid": "cca6f6d2-897e-4a4a-bdf6-eb8fa84f5ec0", "value": "ddc4e17ed9219c6489706ca1b6573f99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692110", "to_ids": true, "type": "sha1", "uuid": "b25db522-f683-41e1-ad99-fa267ffe12bc", "value": "5b9e88d85adb9e9723c22e5d59aeb46a40feed5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692110", "to_ids": true, "type": "sha256", "uuid": "ff9a1cbe-ddbb-423c-a4fc-7c62592a3ae5", "value": "d99617c9b23e96103d147bcc9c0b490daac7679ee8fad236c4cf7f7f2cd86456", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691145", "to_ids": true, "type": "ssdeep", "uuid": "ae1d7e64-2518-4a0c-bbb2-a82ac458d0c8", "value": "6144:a1WK/Vfaa1XX0fso5VKmxHsSC/4S9Hd/xIiCJJzaTPCXZ5snYC4xPts:iufso3KmJsSCl9HxCDzaTKXZ5sYRts" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691145", "to_ids": false, "type": "size-in-bytes", "uuid": "48ba00dd-3dfc-483b-9b83-992ae73d2da1", "value": "653312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691145", "to_ids": true, "type": "vhash", "uuid": "f2b69e1e-502e-4bab-83eb-0a3d5af0399a", "value": "0650a66d1565551c055d0123z206004e52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691145", "to_ids": true, "type": "filename", "uuid": "5ffcee90-91fc-45ff-8bbc-0b04b84f0bb5", "value": "f6zo1c.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691145", "to_ids": false, "type": "text", "uuid": "a20769d9-89ec-4ae9-8fee-da5af7a7d72d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-01-29T23:16:52.000000+00:00\nLast Submission:2026-01-29T23:16:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696014", "uuid": "09cc52ef-56df-47f6-8510-237fa878709b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696014", "to_ids": true, "type": "md5", "uuid": "c0dc5acf-4a36-4695-9b9e-c0d568df2952", "value": "e66e79dac777f38f2eb169ed5ed279e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692110", "to_ids": true, "type": "sha1", "uuid": "16e822c0-c824-4354-8626-4a138644237a", "value": "810b5618db6a57db5e6305e356949fd570a45a9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692111", "to_ids": true, "type": "sha256", "uuid": "f2c4c5c9-1ea8-4d52-9f26-8b8d88c84607", "value": "da2e3f245cc6a14e398a4a4bca4789b4aaf53f5a01b19ead4cb15876b3f9fccb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691167", "to_ids": true, "type": "ssdeep", "uuid": "627eaa16-e630-4c54-ab20-800e8a1a6a22", "value": "12288:sjj/fQedRSDDFgAP9bKBqqMzyI76umb5swPX+:sjj/fQedUFgAVkMzyfbrX+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691167", "to_ids": false, "type": "size-in-bytes", "uuid": "8d9eed5e-e735-4b62-aeb0-8bbcc0cfe7f4", "value": "486400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691167", "to_ids": true, "type": "vhash", "uuid": "697f17b0-b420-465c-89f4-1adf83303e6a", "value": "0450a66d1565551c055d014z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691167", "to_ids": true, "type": "filename", "uuid": "dcbef7c8-7cda-4bf7-9c0e-c8703565d426", "value": "8huh4s2q.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691167", "to_ids": false, "type": "text", "uuid": "e6587b60-1100-4e42-8476-10bf64688b06", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:49/72\nFirst Submission:2025-12-30T21:58:59.000000+00:00\nLast Submission:2025-12-31T05:29:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696035", "uuid": "29ccda64-9275-41ea-b826-6601a25b38d0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696035", "to_ids": true, "type": "md5", "uuid": "72df7fd2-0ffb-4ad5-9bb2-02bee5d64abb", "value": "151f5cb6ab9941a2eaabfa1f89f42295", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692112", "to_ids": true, "type": "sha1", "uuid": "f8d0bc54-3cf7-4075-9f25-f9aac2cf23c0", "value": "9f3df8b3b4bad1307a2077221290d6cff8edeb7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692112", "to_ids": true, "type": "sha256", "uuid": "5df15c6a-5efa-41ce-96b4-82af88174ade", "value": "dd0016560f968f9b364f34fe0ece3e0a61763caace1215e82f2b3d0ed66aa808", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691189", "to_ids": true, "type": "ssdeep", "uuid": "d7b749e4-e35c-4dd3-a637-08efcab24e19", "value": "6144:JkX92HQu3c8dgUz22O9x74iCyMRoUdliwmIVhzceCEsRsbYC4xZEE:3gUzXO9l4iCXoUdJzcezsRsk/EE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691189", "to_ids": false, "type": "size-in-bytes", "uuid": "feb58d71-a2be-472a-908e-8408153d6c49", "value": "650752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691189", "to_ids": true, "type": "vhash", "uuid": "ce929461-23b3-420e-bc88-f6859a1774a6", "value": "0650a66d1565551c051d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691189", "to_ids": true, "type": "filename", "uuid": "e9fda7f9-8ddd-45e7-a662-9f2b6025128d", "value": "e3nt2y1ft.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691189", "to_ids": false, "type": "text", "uuid": "9b23611b-0388-4312-89a2-d8d4fa823522", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-28T11:57:14.000000+00:00\nLast Submission:2026-01-28T11:57:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696056", "uuid": "aafc537e-bc30-4edf-90e2-d53ad079302e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696056", "to_ids": true, "type": "md5", "uuid": "eb4fa55a-a81a-4bb4-a022-f409e979ddf7", "value": "d0c79b1eb8c7b145ea93e15f3d3eeb7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692113", "to_ids": true, "type": "sha1", "uuid": "dae3f4ed-480f-4465-ba32-59d003e66e2f", "value": "15bd1cd5b6188ef8868661bb138192d27c13f13d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692113", "to_ids": true, "type": "sha256", "uuid": "0cdfc517-8b4a-4012-90a4-fca1509644da", "value": "de637d9fa83666dd1770306418383cd6109ed701c2ec4510c943a35540b51b9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691210", "to_ids": true, "type": "ssdeep", "uuid": "963dc9bc-7880-4b62-8813-5a72f6e61e5e", "value": "12288:kQPchJ1j6r3sGQqY6YIwqvYZO+m+9j2wA:kekJ1jRGQqY6YsYYJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691210", "to_ids": false, "type": "size-in-bytes", "uuid": "622d85ab-9d65-42ca-a631-a26542e4c474", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691210", "to_ids": true, "type": "vhash", "uuid": "a08738ef-1acc-4f63-b8ab-935e65c029f2", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691210", "to_ids": true, "type": "filename", "uuid": "3b21a34b-a88d-46f5-90c8-463be71535c7", "value": "wm7nhpz.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691210", "to_ids": false, "type": "text", "uuid": "b0558375-1c71-49e0-9933-d51c7aa6c808", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-17T04:52:10.000000+00:00\nLast Submission:2026-02-17T04:52:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696077", "uuid": "aece3e7a-0539-4442-82fc-cab3803c36e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696077", "to_ids": true, "type": "md5", "uuid": "c955b52a-a761-4cc2-9673-3014eacea3a8", "value": "13a0be84dab5f923dfcc534a12ff678e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692114", "to_ids": true, "type": "sha1", "uuid": "c3a25b1c-d038-47a0-8c7e-2531c036ab4b", "value": "48a8577f44e332d316fd69198415dfc7980f58ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692114", "to_ids": true, "type": "sha256", "uuid": "aa2c7871-3b39-4fc1-af58-098904ffbd4e", "value": "deccb0c8f5715f2c31a0440a13761d18d7104663b3a69ce905332124703ade53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691232", "to_ids": true, "type": "ssdeep", "uuid": "2b3e18df-e3af-41f3-b10c-4b5296a801da", "value": "6144:ouZuHx7J4ANZSvUYswVjlHm6VcpkPaMjSN1JYSjtSBsMtYC4x0dR:sZSvUYswVRHm6wkPaYSjtSBs7OR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691232", "to_ids": false, "type": "size-in-bytes", "uuid": "a35ef5d5-87f6-4357-83b0-e7e3ce4edd8a", "value": "659456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691232", "to_ids": true, "type": "vhash", "uuid": "1ed9e620-24b0-4ebf-a9a9-a6dc09d97205", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691232", "to_ids": true, "type": "filename", "uuid": "6793a268-68b6-4e00-a8d0-731bbfb7ecf5", "value": "f1xt8.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691232", "to_ids": false, "type": "text", "uuid": "239b8434-25ce-42df-87e0-eee98d027a5d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-02-03T16:15:08.000000+00:00\nLast Submission:2026-02-04T13:27:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696099", "uuid": "97a4ab1f-2f63-4df4-8dec-9b1c2eedaf1f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696099", "to_ids": true, "type": "md5", "uuid": "67657cf1-f49f-4940-aefc-f6428eeb921c", "value": "60e4ba17dab7d20764f26954f2c87df7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692114", "to_ids": true, "type": "sha1", "uuid": "78ccbcce-eb55-4852-9bf9-a7aa6f65845e", "value": "5d318240a9d8489ecbdf319e08b23c5fb3137a6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692115", "to_ids": true, "type": "sha256", "uuid": "194d6bf5-f015-47ae-b45b-235f905c0189", "value": "e042fbd39fc77ffa182797feb90b35fa0f92afd5f6ba948f6091aa716a98468d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691254", "to_ids": true, "type": "ssdeep", "uuid": "80bcd178-4afc-4922-9272-2fea83b899c1", "value": "6144:VCe3BR+U7gy90c0QOu49b7yDEbiYmsEKxyP+zFsMYC4xrySZe:37gg0rQR49beEdxymzFs/pySZe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691254", "to_ids": false, "type": "size-in-bytes", "uuid": "65340cd5-6d13-4d9c-8b39-2cd17249d6f1", "value": "481280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691254", "to_ids": true, "type": "vhash", "uuid": "6207245f-70a9-46f6-b6ab-6ee884ce5f41", "value": "0450a66d1565551c055d014z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691254", "to_ids": true, "type": "filename", "uuid": "6085fca9-2595-4cae-82a7-2bb492eee926", "value": "2025-12-30_60e4ba17dab7d20764f26954f2c87df7_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691254", "to_ids": false, "type": "text", "uuid": "789494a0-10d6-41be-bb98-74080a4aeb50", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2025-12-29T21:40:37.000000+00:00\nLast Submission:2025-12-30T04:09:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696120", "uuid": "503e9bb4-51fa-4864-93c2-ea64a078bd6e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696120", "to_ids": true, "type": "md5", "uuid": "79785a1d-e9e4-43d7-9b17-fdd392049ef9", "value": "5b3aee2526e2c12a405919bbbe85104d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692115", "to_ids": true, "type": "sha1", "uuid": "8b73a906-f94b-46ab-bab6-1702e85f730e", "value": "10e1e0130f752af2c075ad99df7185aee47e3779", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692115", "to_ids": true, "type": "sha256", "uuid": "ac3f1141-5f2a-42d8-b9cd-b6397b428d2e", "value": "e043c8e1a0d980fcc6d6db7ec3154553099a2b4e84b72807334df932ffb10225", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691275", "to_ids": true, "type": "ssdeep", "uuid": "01b71015-e1d6-4884-af7b-72f8779a627c", "value": "6144:PdVkgi360XIf+gwIoImydhCrcikuNThtnl4YGr5jmNshYC4x5kR:Lf+gwIomdhCxkukYm5jmNsSjkR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691275", "to_ids": false, "type": "size-in-bytes", "uuid": "fbc199fb-8ea6-4939-937e-ed6b857c46b3", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691275", "to_ids": true, "type": "vhash", "uuid": "1ce5d08e-b9dc-4e39-8598-f1ebd3bb959b", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691275", "to_ids": true, "type": "filename", "uuid": "0b441113-357a-494b-99c9-c2326e2cd131", "value": "gozny885.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691275", "to_ids": false, "type": "text", "uuid": "abaaa36b-3e00-42ce-bf9a-ad353725facf", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-02-10T19:38:15.000000+00:00\nLast Submission:2026-02-10T19:38:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696141", "uuid": "75192813-d0b5-486c-84ce-23c8371affd3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696141", "to_ids": true, "type": "md5", "uuid": "21030efa-4619-4e02-b943-d10f48ee0071", "value": "6d6795cd263cee972fc25dd28deced0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692116", "to_ids": true, "type": "sha1", "uuid": "fbf59974-b53a-470c-a3d1-e963007fb9b7", "value": "c4ddc1adf5b0f6267f7aba32f177dde47c47afbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692116", "to_ids": true, "type": "sha256", "uuid": "4e61f769-0832-4cc4-acba-7fe94417fc1f", "value": "e1948cd1e96653464062e33fec9cd314a1208eee09e4c3f763ea22d9e69b506f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691297", "to_ids": true, "type": "ssdeep", "uuid": "7730ab1f-24b9-4145-ae32-8dcccc71df91", "value": "12288:GAPcyJ1pardU2fRhF0IwqeYmZm+9q9L0A:GOHJ1pr2fRhF05YmIqA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691297", "to_ids": false, "type": "size-in-bytes", "uuid": "a7d826c5-9d41-4fae-8e31-19988aa2e835", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691297", "to_ids": true, "type": "vhash", "uuid": "330838a0-efaf-4df7-a2b6-833c493a232b", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691297", "to_ids": true, "type": "filename", "uuid": "56dfe14b-cf16-4c7a-a149-073acdeb9717", "value": "tmf3rr232.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691297", "to_ids": false, "type": "text", "uuid": "d180c19a-9717-498b-9f0c-46aa33a178fb", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-02-11T19:31:40.000000+00:00\nLast Submission:2026-02-12T03:01:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696162", "uuid": "6d412101-e069-4f51-8d11-1407157a66d2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696162", "to_ids": true, "type": "md5", "uuid": "c0942120-da1b-4dc0-b686-01559552ad29", "value": "9b9e52a9c9b520bc65cdce60d7c99d44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692117", "to_ids": true, "type": "sha1", "uuid": "7394f441-4f28-476e-b4ba-1fe79d730bf5", "value": "b83ec4d1a7d56fa4509a048cfaabc6dc74e7b5f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692117", "to_ids": true, "type": "sha256", "uuid": "1fed5624-77e2-4d9b-8fa5-11c7a6597f48", "value": "e81d86991c49c626f0b28eb9b0bd93b4c12f810984514a92dcf7d7de305bad83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691319", "to_ids": true, "type": "ssdeep", "uuid": "86831f4d-9b64-49a8-9057-db8bb743a098", "value": "12288:KQPchJ1j6rZsGQqY6YIwqvYwvs+m+9j2wA:KekJ1jfGQqY6YsYwvsJsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691319", "to_ids": false, "type": "size-in-bytes", "uuid": "e74d9875-086a-4cb6-a980-251259d54b38", "value": "692736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691319", "to_ids": true, "type": "vhash", "uuid": "4a048dce-b216-4d79-8e40-a090f9d79d54", "value": "0650a66d1565551c051d0123z206005452z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691319", "to_ids": true, "type": "filename", "uuid": "95b0fe14-417a-4ea0-b8b4-0b92af1c655f", "value": "2026-02-19_9b9e52a9c9b520bc65cdce60d7c99d44_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691319", "to_ids": false, "type": "text", "uuid": "1e498755-8272-4fe0-b71b-a68cb9381be8", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-02-16T01:32:36.000000+00:00\nLast Submission:2026-02-19T01:44:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696183", "uuid": "4cd7ead6-b0bd-4dee-ad7f-c55923204aa6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696183", "to_ids": true, "type": "md5", "uuid": "bb6adaf5-2e9e-4761-aac5-734df4d512ba", "value": "152622a674490c46cc2eda6165b47fc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692118", "to_ids": true, "type": "sha1", "uuid": "8168a7fa-a063-47cf-9253-e9a5bdf16fcd", "value": "ed2c2edfc30bce0f47eaa194e517f5f11d384c9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692119", "to_ids": true, "type": "sha256", "uuid": "d4b6eeb5-5712-4b1f-9e78-b57f7845b85c", "value": "f15551c03d74e4b532a45588e960791875161254b392fb2b607f1652f28b71b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691341", "to_ids": true, "type": "ssdeep", "uuid": "4f67896e-652a-4f7e-b083-c87963aec1d2", "value": "6144:CdVkgi360XIf+rwIoImydhCrcikuNThtnlRYfH2mNshYC4x5kR:2f+rwIomdhCxkuNY+mNsSjkR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691341", "to_ids": false, "type": "size-in-bytes", "uuid": "18b0ebde-71ae-4ae5-baf6-2e4174745c8d", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691341", "to_ids": true, "type": "vhash", "uuid": "d7a7315e-ecfa-4e83-8e17-447b2def7d07", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691341", "to_ids": true, "type": "filename", "uuid": "d1aec9be-4e75-4358-8f50-87f34cca9f87", "value": "3vb9cn.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691341", "to_ids": false, "type": "text", "uuid": "8c66dcb8-a885-4abf-887c-e418d840600b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:51/72\nFirst Submission:2026-02-11T05:32:19.000000+00:00\nLast Submission:2026-02-11T05:32:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696204", "uuid": "b2150ddd-26aa-4f52-bf6b-b851f42fea6d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696204", "to_ids": true, "type": "md5", "uuid": "9635508b-2cd9-41e6-b403-e3d532de4ace", "value": "d7ab24bad6ae75a9555bf27de8e759de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692119", "to_ids": true, "type": "sha1", "uuid": "ac118512-c2e1-4333-9e6b-daf79b8ace21", "value": "af3d6681bedd0473b6ecdf5cb1643795d23130b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692119", "to_ids": true, "type": "sha256", "uuid": "e1b6b202-8ffd-4cbc-af06-9a9c8ae58f0c", "value": "f56d0c5ffb9795209afbbdfe34067140c0a924745e4bbad14a56476581779f60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691362", "to_ids": true, "type": "ssdeep", "uuid": "f5069a38-e76e-4074-a188-476af85e2d25", "value": "6144:q/X92HQu3c8dgU922O9x74iiyMRoU9liw5I5bzc1F3sRs7YC4xZEE:LgU9XO9l4iiXoU90zc1F3sRsE/EE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691362", "to_ids": false, "type": "size-in-bytes", "uuid": "adfbe3cf-e6ea-4508-945f-1fac7350c957", "value": "650752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691362", "to_ids": true, "type": "vhash", "uuid": "04b03620-09ce-4356-aa46-2823c8ffc84a", "value": "0650a66d1565551c051d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691362", "to_ids": true, "type": "filename", "uuid": "5f9f0d71-182f-40ba-98ad-a70846dd5725", "value": "2026-03-13_d7ab24bad6ae75a9555bf27de8e759de_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691362", "to_ids": false, "type": "text", "uuid": "e803a791-f1f0-4968-934c-d4927f3e5ba7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2026-02-27T13:54:52.000000+00:00\nLast Submission:2026-03-13T21:06:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696225", "uuid": "e8b9d0aa-0f4b-4a24-893f-4d20d8176db5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696225", "to_ids": true, "type": "md5", "uuid": "480bfbe3-4ddd-493c-9dc1-fda172898b98", "value": "a2484d5700c271c660f0ef20c9ac923d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692120", "to_ids": true, "type": "sha1", "uuid": "bf471652-fcbc-42d1-be3d-84eaccb498d1", "value": "77587ffe5c0ebc4f334bea73f945ee3b90f5a82f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692120", "to_ids": true, "type": "sha256", "uuid": "5058339f-9115-4edb-8356-cc3c94a608e2", "value": "f83e67611091d3a66803dc7f79df6486d42b8a363e9cd3c331656df48385b0d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691384", "to_ids": true, "type": "ssdeep", "uuid": "6fc9decf-2d14-4e42-8249-a70cf7d688cb", "value": "6144:CdVkgi360XIf+kwIoImydhCrcikuNThtnl4YYmNshYC4x5kR:2f+kwIomdhCxkukYYmNsSjkR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691384", "to_ids": false, "type": "size-in-bytes", "uuid": "30e1c84a-1fb6-4b88-bb25-d67c8237be2c", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691384", "to_ids": true, "type": "vhash", "uuid": "66bbba6b-5409-46c2-a540-71c505254365", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691384", "to_ids": true, "type": "filename", "uuid": "2a152550-b339-4bb1-b15b-db0ba59a70b4", "value": "2026-02-08_a2484d5700c271c660f0ef20c9ac923d_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691384", "to_ids": false, "type": "text", "uuid": "45d835d7-8dbc-4f56-9c9c-f7a1d9f9d384", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-06T00:51:22.000000+00:00\nLast Submission:2026-02-08T19:42:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696246", "uuid": "e14b48b9-70b9-4e39-bbf1-f90eeec945f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696246", "to_ids": true, "type": "md5", "uuid": "73518f29-a3b4-4434-b365-8026c16c15a5", "value": "5c59a8bf50c85873f992419b340a4a63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692121", "to_ids": true, "type": "sha1", "uuid": "59578b20-b5f1-46c2-a3f1-b858b0bf6877", "value": "a7514b967385b31fd29040566773fe0d8e9955ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692121", "to_ids": true, "type": "sha256", "uuid": "06cff44a-c8fc-4250-ad53-7741b1b6c1e4", "value": "ff41b103830786d8553c69c8f82b8000601e7218cbe92b06431f45cefd61de3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691406", "to_ids": true, "type": "ssdeep", "uuid": "ef893de0-d2eb-4816-a71b-a0ab8312726f", "value": "6144:7dVkgi360XIf+ZwIoImydhCrcikuNThtnl4YbfkmNshYC4x5kR:3f+ZwIomdhCxkukYbfkmNsSjkR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691406", "to_ids": false, "type": "size-in-bytes", "uuid": "f9edf9f7-97c9-4ea5-a431-9159f4f0fa46", "value": "659968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691406", "to_ids": true, "type": "vhash", "uuid": "c2ee99f7-bc4a-457f-a755-0ff15c348364", "value": "0650a66d1565555c051d0123z206004f52z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691406", "to_ids": true, "type": "filename", "uuid": "367f18ad-ffa3-4328-ac7c-693c64c397da", "value": "ypd8wdx.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691406", "to_ids": false, "type": "text", "uuid": "9d4da1c0-5a98-426c-8c1a-0a5e4ff4f7eb", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-07T19:41:01.000000+00:00\nLast Submission:2026-02-07T19:41:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696268", "uuid": "2fdf51d7-be5b-41f5-a0da-697edef9fe3c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696268", "to_ids": true, "type": "md5", "uuid": "b8e8cbcf-67b4-447b-8787-45d9bd530115", "value": "26221413ef2fcdb734e56d67e32e2088", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692122", "to_ids": true, "type": "sha1", "uuid": "2876967f-0ab2-4292-a54c-1883859be650", "value": "e3a81126c6a762dc5f6590a7a9f0b8a8a04ade17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692122", "to_ids": true, "type": "sha256", "uuid": "b4d2701a-063f-4d40-b9c5-2df366e41299", "value": "fff4a97fdc67df84479c8a40b7efbfb0e12c97dca1385cca9529b4aff86ca193", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691427", "to_ids": true, "type": "ssdeep", "uuid": "d1315811-d84c-4fcc-b3e4-747d308f5a01", "value": "6144:jYB1K1PnJQ3p9UtIMMtFOHWqYV2YdW9Vh9vRmqLHhNf2BS9zv0CJZ//dJshYC4xj:JxQ3/UeI2qk2YdWJ9vR9zv0gdJsSae" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691427", "to_ids": false, "type": "size-in-bytes", "uuid": "fcdde9d1-51e0-46a3-bfef-3aa2b319a7d2", "value": "488448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691427", "to_ids": true, "type": "vhash", "uuid": "c40c6811-a4dc-44ed-b077-4066f1c1020a", "value": "0450a66d1565551c055d0123z206004e4e1z21z37z3021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691427", "to_ids": true, "type": "filename", "uuid": "d49bdbec-8684-4789-b582-59b34a48475e", "value": "1v83v2d6.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691427", "to_ids": false, "type": "text", "uuid": "b4e82950-164d-4ddc-a4a8-cd74c1973f62", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:52/72\nFirst Submission:2025-12-31T20:57:15.000000+00:00\nLast Submission:2026-01-01T04:05:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696289", "uuid": "610cc5e2-89f1-460d-8dc8-6a6edbdba1ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696289", "to_ids": true, "type": "md5", "uuid": "f3693c60-fb85-4ba6-890a-310ce4c5f9de", "value": "ed770654eb36947eec999ea1492452c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692123", "to_ids": true, "type": "sha1", "uuid": "40be9b8c-a3f6-4e20-9c76-c6d362fd48de", "value": "8f4634f89b0aa1d417582a1cb8c2e882e02691e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692123", "to_ids": true, "type": "sha256", "uuid": "59bfa0ca-77ec-4550-b5ad-91cc282f5b39", "value": "f6dfc06fb7fa8e733ae7b2541d7b1771cd1b6d11984b97f636a9ac47e23ad811", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691449", "to_ids": true, "type": "ssdeep", "uuid": "590b83ff-4f6a-436a-9182-d81ae3edb50a", "value": "12288:z0Z+RuaJTzNLcDpDmEMIAWhnm1pgIYJBdZh6fQBkeV:z0Z+RuaJzNLcDpaEBxhnm1pgIQBdZh6G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691449", "to_ids": false, "type": "size-in-bytes", "uuid": "9178e3db-7c39-41ba-859f-d3f2b39736ba", "value": "394440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691449", "to_ids": true, "type": "vhash", "uuid": "990843df-a464-41a3-abd3-cf668835174c", "value": "0350a66d151515551c051bz1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691449", "to_ids": true, "type": "filename", "uuid": "8e8b7c5b-5d35-4745-a7e5-0c6bfda4e806", "value": "Launcher_x64.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691449", "to_ids": false, "type": "text", "uuid": "ea0cc9ae-d888-40f1-ac54-aac1f103d8fb", "value": "Type Description: Win32 EXE\nFile distributed by: ['Microsoft']\nData sources: ['Microsoft Corporation']\nVerdict filename: ['usr_bin_ssh-agent.exe']\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2025-08-07T22:18:13.000000+00:00\nLast Submission:2026-04-13T21:04:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696310", "uuid": "376fb487-430a-4737-addf-c68ed564596b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696310", "to_ids": true, "type": "md5", "uuid": "db1d0cb3-3886-4182-b62f-f64e95e7b77b", "value": "306de79c0b77c97da466d8c60cbb2315", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692124", "to_ids": true, "type": "sha1", "uuid": "7745c0e0-4ae4-4e0e-9ddc-404d7ca39e96", "value": "f5b0bbe02e30b6087bc4bd4aea86b897d9410be8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692124", "to_ids": true, "type": "sha256", "uuid": "f949d6da-473b-4a27-9536-04b0662617f5", "value": "3f87a2a56e7a3a78405e6a02d74f10884efb60608794a181cefccf739526aa81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691471", "to_ids": true, "type": "ssdeep", "uuid": "e7a5e040-5802-4d8a-8a8f-e3dfa60059ae", "value": "6144:Bav57dM1T/hg4F6Nf90qcAT9txnz+FsTYC4xd6p:qq1Fg4Fg9V1nz+Fscb6p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691471", "to_ids": false, "type": "size-in-bytes", "uuid": "ab88afbd-cf95-437a-8abf-037ccec28505", "value": "426496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691471", "to_ids": true, "type": "vhash", "uuid": "1ad08689-d767-4065-8b2e-ce737e912011", "value": "0450a66d1565555c051d014z20600494b1z21z37z2021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691471", "to_ids": true, "type": "filename", "uuid": "347607a4-3a54-4556-bfd1-701694e9cb75", "value": "pccyarv.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691471", "to_ids": false, "type": "text", "uuid": "d48367ac-ffb1-4e7f-969b-36330d2b4d48", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:47/72\nFirst Submission:2025-12-23T22:31:42.000000+00:00\nLast Submission:2025-12-23T22:31:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696331", "uuid": "e993e256-4f1e-4cb9-bfc4-c49a4f0d41b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696331", "to_ids": true, "type": "md5", "uuid": "4ad8fbe6-0071-4635-9ff0-a6d46258611b", "value": "3230fd4cffa9905d5bf536ca79de2b48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692125", "to_ids": true, "type": "sha1", "uuid": "add59b57-53fd-4454-b0fd-61983c105abc", "value": "6d3cfcbea2b2c1669ad83989c7c03a54219caa21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692125", "to_ids": true, "type": "sha256", "uuid": "6f6d237d-bb44-4ea7-a828-ccb984356225", "value": "6e5e8cb861ed0bb7193280d6e9fea8e4cc08bc0cd94d507818dee46f0316e194", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691514", "to_ids": true, "type": "ssdeep", "uuid": "4029a3f7-6104-49c3-bb82-0aceb0f9448c", "value": "24576:bTmgoCOy0VhmF2SNJD+p8UuMpFbXLFz3/w+PF:G/PF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691514", "to_ids": false, "type": "size-in-bytes", "uuid": "52f3babf-422a-48b6-8d41-b3278a486fe1", "value": "908288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691514", "to_ids": true, "type": "vhash", "uuid": "7e33b30e-ba95-4a9f-9fb5-b731114c15e5", "value": "1950b65d1515551c05551az1515lz1dz92" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691514", "to_ids": true, "type": "filename", "uuid": "f63b348e-3c8e-45a6-9498-2a9188246eef", "value": "web_mega_machine.dll" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691514", "to_ids": false, "type": "text", "uuid": "92b623ff-fcbc-48e6-8648-6b9b0e3ef844", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Aotera.GVA!MTB\nVT Total Detection:44/72\nFirst Submission:2025-12-30T01:57:17.000000+00:00\nLast Submission:2025-12-30T01:57:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696353", "uuid": "c4825f6c-95eb-4048-aa80-9c4b1d131e61", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696353", "to_ids": true, "type": "md5", "uuid": "e48d512b-8b1e-4ace-ba19-29bf15dbd9e6", "value": "c051e83387f04896e4a77e06839f47c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692126", "to_ids": true, "type": "sha1", "uuid": "b5a888d4-6237-4538-b9cf-ca6141c7a6ee", "value": "7e829d21c2af2040179ef88956dbcf4f5e2e476f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692126", "to_ids": true, "type": "sha256", "uuid": "af45ae7a-a393-440c-bd0a-77f12525b444", "value": "bacddaa7168afc28ae53a3cabb93becef60051b1250482ecd0c804e7d110c32b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691536", "to_ids": true, "type": "ssdeep", "uuid": "881fb9bd-cf70-4397-bc0f-d5d6b7344740", "value": "6144:xzLZUtY21xDiRPElOwu9ngws9eCR8t7psw7NYC4xOtb7:UW2HDiRrwcD17psCmEtb7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691536", "to_ids": false, "type": "size-in-bytes", "uuid": "4e975e7a-691b-4ba9-8217-e18c8a5e610d", "value": "420864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691536", "to_ids": true, "type": "vhash", "uuid": "38d56630-4bd1-426f-a646-7bd71d82a62e", "value": "0450a66d1565551c051d014z20600484b1z21z37z2021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691536", "to_ids": true, "type": "filename", "uuid": "66907560-99aa-4202-82b6-d8206d1e39e8", "value": "2025-12-22_c051e83387f04896e4a77e06839f47c7_conti_glassworm" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691536", "to_ids": false, "type": "text", "uuid": "a809697b-8930-4e7a-bc7b-ecc763749ab6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:49/72\nFirst Submission:2025-12-22T10:33:09.000000+00:00\nLast Submission:2025-12-22T16:59:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696374", "uuid": "d84b62d1-a1ec-4a13-ae08-9c1d53b841ab", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696374", "to_ids": true, "type": "md5", "uuid": "856a9716-4953-43e8-9381-b49074f3800f", "value": "f2fd6defc657e9167ce6050145904182", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692127", "to_ids": true, "type": "sha1", "uuid": "a32df98e-38f7-4a9f-b7e5-86f4a5802b5b", "value": "25c9b4fd60374327d342fe1e42c2a361de4b8fd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692128", "to_ids": true, "type": "sha256", "uuid": "99c62cc0-b9fb-4aa2-8011-f166dc1b3026", "value": "c40a9109f8c07f41e75d53bc598508321a5f7e8feeaf6ae379be29ec5cfb9c7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691557", "to_ids": true, "type": "ssdeep", "uuid": "fe5e8506-a96e-4221-9f6e-c9b44bfb6471", "value": "12288:9SqzmrfJuf9Fs8Mcs8Mcs8Mcs8MFxkuseCa7:HOfJu4kFa7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691557", "to_ids": false, "type": "size-in-bytes", "uuid": "66cd0941-6c43-4084-8d7d-00c4d3922591", "value": "421888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691557", "to_ids": true, "type": "vhash", "uuid": "8bfe9f75-d6e4-455f-ae67-fe47e0b382f2", "value": "0450a66d1565551c051d014z20600484b1z21z37z2021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691557", "to_ids": true, "type": "filename", "uuid": "863ecd9f-bd74-4b0e-94ef-71d25d5650b3", "value": "kes76nkh.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691557", "to_ids": false, "type": "text", "uuid": "acf60224-0145-4294-95f7-7e7f3df1acba", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:41/72\nFirst Submission:2025-12-23T20:00:33.000000+00:00\nLast Submission:2025-12-23T20:00:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696395", "uuid": "ff071247-f1ab-4bad-a780-cfac8d1fbbec", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696395", "to_ids": true, "type": "md5", "uuid": "523f173f-d216-45fa-9ab6-88efd7f51655", "value": "dd9a692255ae0cae610d83bcc0d0efed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692128", "to_ids": true, "type": "sha1", "uuid": "a8b7ac8a-4263-443a-9631-e724176448f4", "value": "10ac55dd25fb092fa7349bab5a1966f197a4086f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692128", "to_ids": true, "type": "sha256", "uuid": "db34624a-d382-45e7-a25c-e4313522ad48", "value": "d4afa13cc31da34c8f0741336276baff53b3206b14ce7747ab129d9a9a1bd428", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691579", "to_ids": true, "type": "ssdeep", "uuid": "d2f00677-9dc6-4294-bd62-67fb7d031671", "value": "6144:3MME3f2NoLMCIvi7Ax6kuhu4zL5KD8wJsHYC4xSN4:y2NoLMTvi7nkyKD8wJs404" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691579", "to_ids": false, "type": "size-in-bytes", "uuid": "6096f5d5-34ca-4ed4-8eef-d778effac24b", "value": "428544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691579", "to_ids": true, "type": "vhash", "uuid": "9a8b69c7-533e-42c4-bd38-21394170aeab", "value": "0450a66d1565555c051d014z206004a4b1z21z37z2021z7fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691579", "to_ids": true, "type": "filename", "uuid": "a0979932-b832-4ded-93e6-c76306913a60", "value": "6h4sx.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691579", "to_ids": false, "type": "text", "uuid": "b1d4ecc2-88db-4f9d-833a-b24fc7f74c82", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Vidar.EB!MTB\nVT Total Detection:46/72\nFirst Submission:2025-12-24T13:41:54.000000+00:00\nLast Submission:2025-12-24T13:41:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696416", "uuid": "8712e71d-1197-417d-b8e7-591835f51656", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696416", "to_ids": true, "type": "md5", "uuid": "5dca6e34-96cd-46d0-ab38-99cafaf8439d", "value": "56e64736b9633e712432408ddc9db0d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692129", "to_ids": true, "type": "sha1", "uuid": "0d27dcdf-379f-4d93-9c41-7f9fc2fd4397", "value": "d7793cce3d6f5d8ec51a8cf3d2f965995df0d5f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692129", "to_ids": true, "type": "sha256", "uuid": "115dcaaf-da0d-4d4b-b826-b60d458761e8", "value": "f464a4155526fa22c45a82d3aa75a13970189aad8cc3fa6050cf803a54d8baed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691601", "to_ids": true, "type": "ssdeep", "uuid": "b06b5bc0-6493-41a4-95e0-e68614629b41", "value": "3145728:OQELrn8ZquG8SvvfYg9WNvkJzuVb6Ecb7GO68PA+JvK7oqMyfd:OQUrqqU9IUvkJgFcb7oav4oqffd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691601", "to_ids": false, "type": "size-in-bytes", "uuid": "5e25f8e7-d388-494b-af58-e57965d9d0ef", "value": "106238749" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691601", "to_ids": true, "type": "vhash", "uuid": "301e6980-65b5-4114-bae4-4359db6063fe", "value": "8479c251210afbf6da30acf31271686a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691601", "to_ids": true, "type": "filename", "uuid": "8a099e87-0365-4558-a8d3-2ed68d0aaa31", "value": "Eclipsyn.zip" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691601", "to_ids": false, "type": "text", "uuid": "48abf0e9-8596-482d-a64e-723bd060a8ae", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:34/67\nFirst Submission:2025-12-30T09:01:33.000000+00:00\nLast Submission:2025-12-30T09:01:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776696437", "uuid": "d3a6b011-7aca-4a19-8bc5-0cf6e6aed32e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776696437", "to_ids": true, "type": "md5", "uuid": "8519b43e-e022-4aae-bd44-ec2d0bc2f404", "value": "ca4ca0e8b7bcbe18ee0b473f9a33f3f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776692130", "to_ids": true, "type": "sha1", "uuid": "3f4604e0-ceda-4ce8-a286-e5985ebd3a66", "value": "4e61832dc86ef384582065d834a77e3c75ff691e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776692130", "to_ids": true, "type": "sha256", "uuid": "0fcd3f7a-6170-422c-a0b8-c05f2d183047", "value": "fd8bba8b570050cbe0a82f21209eafe1ddaf007f4f5aec100b8b29cae9a76d49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776691622", "to_ids": true, "type": "ssdeep", "uuid": "b4b3cd4d-5145-44dd-9cab-458fa8061a5a", "value": "6144:3fomsvKHP0Y1yDbre/uxKX6lloPZNTCKn+vmmxeTnZMu6m8alDGSZ2d/R2:vDsvduuxKX6luNC7vtC2u6m8azeR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776691622", "to_ids": false, "type": "size-in-bytes", "uuid": "53b20db6-113f-4a47-baf5-2adce02233dd", "value": "340992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776691622", "to_ids": true, "type": "vhash", "uuid": "fc26c618-964e-4af5-bdd1-1e5574aca5ff", "value": "0350a66d1575151c051dbz191elz2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776691622", "to_ids": true, "type": "filename", "uuid": "096e78bd-5b0a-4b0c-80a5-4cea891aaba6", "value": "pro_framework_web.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776691622", "to_ids": false, "type": "text", "uuid": "f3fab2f1-b364-4c26-952c-479f8451d24f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/Tedy.PGT!MTB\nVT Total Detection:46/72\nFirst Submission:2025-12-30T02:07:15.000000+00:00\nLast Submission:2025-12-30T02:07:15.000000+00:00" } ] } ] } }