{ "Event": { "analysis": "1", "date": "2026-05-11", "extends_uuid": "", "info": "[Threat Intel] Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans", "protected": false, "publish_timestamp": "1779546968", "published": true, "threat_level_id": "2", "timestamp": "1779546968", "uuid": "2e1d4c8d-0459-4f69-be67-e0bc6a6633fd", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#edf46c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": "" }, { "colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#1997de", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shell History - T1552.003\"", "relationship_type": "" }, { "colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#83203e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Account - T1136.003\"", "relationship_type": "" }, { "colour": "#71ecdb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\"", "relationship_type": "" }, { "colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#a0cbec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Systemd Service - T1543.002\"", "relationship_type": "" }, { "colour": "#f055aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create Account - T1136\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"vulnerability\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#170057", "local": false, "name": "rectifyq:sub-category=\"critical-vuln\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778497218", "to_ids": false, "type": "link", "uuid": "0f717e40-89df-46ce-8cd7-26098c06aba0", "value": "https://blog.xlab.qianxin.com/mr_rot13-the-elusive-6-year-hacker-group-weaponizing-critical-cpanel-flaws-for-backdoor-deployment_cn/", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778497218", "to_ids": false, "type": "text", "uuid": "35a15afa-225b-4f5f-ba31-b219f15084b2", "value": "A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778497218", "to_ids": false, "type": "text", "uuid": "fe6567ad-c250-4ce4-bf78-3a8e7ac47052", "value": "Name: Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans\nAuthor: AlienVault\nAdversary: Mr_Rot13\nTags: [\"cve-2026-41940\", \"telegram exfiltration\", \"ssh backdoor\", \"filemanager\", \"cpanel-python\", \"cpanel exploitation\", \"southeast asia\", \"filemanager rat\", \"wordpress targeting\", \"credential theft\"]\nTgtd countries: []\nMlwr families: [\"Filemanager\", \"Cpanel-Python\"]\nAttack_ids: [\"T1059.007\", \"T1119\", \"T1005\", \"T1140\", \"T1190\", \"T1219\", \"T1070.006\", \"T1505.003\", \"T1083\", \"T1552.003\", \"T1552.001\", \"T1041\", \"T1136.003\", \"T1098\", \"T1059.004\", \"T1078\", \"T1027\", \"T1567.002\", \"T1071.001\", \"T1543.002\", \"T1136\"]\nIndustries: [\"Government\", \"Defense\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778497218", "to_ids": false, "type": "threat-actor", "uuid": "14def011-548b-4c25-91a2-05e4cffbe3a4", "value": "Mr_Rot13" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972358", "to_ids": true, "type": "domain", "uuid": "b35d17ea-d8b3-49d7-a0a4-b283a55c7ba9", "value": "wrned.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972379", "to_ids": true, "type": "domain", "uuid": "4c28db26-58d8-4102-92be-67768021e5d7", "value": "wpsock.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778497218", "to_ids": false, "type": "vulnerability", "uuid": "5e1da78a-5e23-4a49-a662-c52e03e5533c", "value": "CVE-2026-41940" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972400", "to_ids": true, "type": "hostname", "uuid": "17f09775-a9c0-474f-b5ae-9edbe74de957", "value": "cp.dene.de", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972422", "to_ids": true, "type": "url", "uuid": "1005008d-cd50-4b13-aeae-167052917e93", "value": "https://cp.dene.de.com/cpanel.py", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972443", "to_ids": true, "type": "url", "uuid": "d76b3707-5abe-43f7-92e1-74202a958802", "value": "https://cp.dene.de.com/login.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972464", "to_ids": true, "type": "url", "uuid": "76a2375b-a4bc-4b1f-9996-4e52a06f9ec4", "value": "https://cp.dene.de.com/adminer.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972485", "to_ids": true, "type": "url", "uuid": "084864f3-bf70-450e-a699-1a5fcd8373e6", "value": "https://cp.dene.de.com/Update", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972507", "to_ids": true, "type": "url", "uuid": "bf5df3fa-4581-486f-9785-2e4b9f532b04", "value": "https://wpsock.com/cpanel/install.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972528", "to_ids": true, "type": "url", "uuid": "6fa16ec8-d936-4eb8-b61c-b1de288d3d42", "value": "https://wpsock.com/cpanel/dist/filemanager-linux-386", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972549", "to_ids": true, "type": "url", "uuid": "294fe81d-cbf6-43f1-9f9b-e8fc769d979f", "value": "https://wpsock.com/cpanel/dist/filemanager-linux-amd64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972570", "to_ids": true, "type": "url", "uuid": "7c2b67db-3558-49c8-beac-dc26b4e9d518", "value": "https://wpsock.com/cpanel/dist/filemanager-linux-armv7", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972591", "to_ids": true, "type": "url", "uuid": "673358a2-fbdd-4118-844d-88734ba942c8", "value": "https://wpsock.com/cpanel/dist/filemanager-linux-arm64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972612", "to_ids": true, "type": "url", "uuid": "4d9d7ad6-f508-4309-afc1-70615cdf0882", "value": "https://wpsock.com/cpanel/dist/filemanager-windows-386.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972634", "to_ids": true, "type": "url", "uuid": "65970244-1e18-4738-b61e-e13fbc44a7db", "value": "https://wpsock.com/cpanel/dist/filemanager-windows-amd64.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972655", "to_ids": true, "type": "url", "uuid": "e5303859-4a26-4627-a781-8a23202c51df", "value": "https://wpsock.com/cpanel/dist/filemanager-darwin-arm64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972676", "to_ids": true, "type": "url", "uuid": "a53d4431-3f53-42be-b00b-ccb5cd20ce8f", "value": "https://wpsock.com/cpanel/dist/filemanager-darwin-amd64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972697", "to_ids": true, "type": "url", "uuid": "9a0a3c21-d105-4482-996b-fe7f9811062c", "value": "https://cp.dene.de.com/collect.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972718", "to_ids": true, "type": "url", "uuid": "f129a800-e37c-4fc1-8b22-8402ca100f05", "value": "https://wrned.com/log.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972739", "to_ids": true, "type": "ip-dst", "uuid": "e034b0f4-0a7a-488f-828f-de1db5daf2d5", "value": "178.249.209.182", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778972760", "to_ids": true, "type": "ip-dst", "uuid": "d9bdc715-fc8b-45d4-bbc8-72fc37cab9a8", "value": "149.102.229.146", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546936", "uuid": "cd0dc732-56c8-4678-818e-ef2105dc4aaa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546935", "to_ids": true, "type": "md5", "uuid": "cb1ee280-366b-4674-b9a2-bbce868f6669", "value": "02a5990b11293236e01f174f5999df20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546936", "to_ids": true, "type": "sha1", "uuid": "6be78500-838a-4a2d-9c28-2cb8a3474c26", "value": "4373d48e1474bd18ad77566c79a4288cd1b606a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546936", "to_ids": true, "type": "sha256", "uuid": "6c11e518-e5ba-4111-9f06-adef86038dee", "value": "a2d4440cfe334d78197111a3aef29a3d2ced65d7e0c9ed41509b7a4fa74f3d35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970247", "to_ids": true, "type": "ssdeep", "uuid": "82a8f424-e1c3-4c0c-ac6a-77a2e0b0f6f7", "value": "98304:GJtNlKT8EdKZLckx4aQiR7RyPkOF/i5lKFjE:GVa8OS9oZ/2Gw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970247", "to_ids": false, "type": "size-in-bytes", "uuid": "a1b5441a-3e8d-4b5a-a691-b86353bf1d1f", "value": "9159168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970247", "to_ids": true, "type": "vhash", "uuid": "60c7982e-3dcd-417f-92e7-d13e93372c33", "value": "096066655d6d15641az2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970247", "to_ids": true, "type": "filename", "uuid": "0bd1bfa7-c62c-4529-bc76-3a7a4888ace6", "value": "filemanager-windows-386.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970247", "to_ids": false, "type": "text", "uuid": "8e61d361-9b24-4d27-91dc-493ce8365a66", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:31/71\nFirst Submission:2026-05-11T06:44:39.000000+00:00\nLast Submission:2026-05-14T17:05:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546938", "uuid": "9fe12faf-237a-4491-89b1-13dfdbae9492", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546937", "to_ids": true, "type": "md5", "uuid": "5c6b9f7e-53cd-40e7-8936-f13fb09e47ff", "value": "22613c952459e65ce09fb6b5c1c03d47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546938", "to_ids": true, "type": "sha1", "uuid": "f7f8fd23-2831-4ab9-847f-90655d774cf8", "value": "25882ad8f1bf3bb2972f694f7f5e9f1140a624e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546938", "to_ids": true, "type": "sha256", "uuid": "2a06f7d8-b877-450e-873c-8bd0886c28f5", "value": "937e252197407313a21e8aaa3f5aa521726223aa860f3edb850239faa46ccb6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970268", "to_ids": true, "type": "ssdeep", "uuid": "2972188d-00b4-42d8-b688-a6b9c40c7b1f", "value": "98304:xsG4K4Uo1d7Sb6YI6Qs8xT5ytpVRAVeQ/qoox3GHGvynQOJgT+n1ySHyxs821Eo:xD4LCb7hQDipJFwHvGo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970268", "to_ids": false, "type": "size-in-bytes", "uuid": "bda25a26-a55f-4e71-bdde-aec341b118ea", "value": "8843448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970268", "to_ids": true, "type": "vhash", "uuid": "22aa57a0-9105-4536-94d3-c005f9bd7734", "value": "bed0051c03c0b002224d3a09f64bb907" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970268", "to_ids": true, "type": "filename", "uuid": "62975c15-53b9-4630-b597-6ff0e0cbf027", "value": "filemanager-linux-386" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970268", "to_ids": false, "type": "text", "uuid": "1c455102-d7cc-4e64-b22b-2dbe45ffd582", "value": "Type Description: ELF\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:13/64\nFirst Submission:2026-05-13T09:43:42.000000+00:00\nLast Submission:2026-05-14T01:06:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546941", "uuid": "5fae03b1-f637-46ff-8324-94842609e3c6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546940", "to_ids": true, "type": "md5", "uuid": "e37a755c-81c7-49bc-b976-de1712bfa9d6", "value": "2286f126ab4740ccf2595ad1fa0c615c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546941", "to_ids": true, "type": "sha1", "uuid": "614f4c04-d3fe-4f2a-bfa2-db308f2e2883", "value": "da489a670e0a2b1fd7264984218fa7481e238f75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546941", "to_ids": true, "type": "sha256", "uuid": "96ca3621-fb0a-4e77-ad81-912c6b7b77e1", "value": "2d7d121dfcca6c17130ef605124869bf84ce77bee343ada78e0db2236174583a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970290", "to_ids": true, "type": "ssdeep", "uuid": "eecdfed3-ac34-46d4-8218-19eab042a69e", "value": "384:b/X94FXxLD3wGQB51oD++OibhPWZj99N1CD/GCsqEjLlQyiqkvzJSnR/:LNkxLbwGO51ophuL9E/GBq0p+qqUl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970290", "to_ids": false, "type": "size-in-bytes", "uuid": "410b6660-d5b3-48d0-b889-902c9060c092", "value": "23779" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970290", "to_ids": true, "type": "filename", "uuid": "37650222-e4a0-41c2-90e3-83092f1a1989", "value": "vw9uh0jqs.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970290", "to_ids": false, "type": "text", "uuid": "442b61ed-c467-4ee6-86d6-f679bbd4db36", "value": "Type Description: PHP\nMicrosoft: None\nVT Total Detection:14/61\nFirst Submission:2022-04-06T09:41:38.000000+00:00\nLast Submission:2026-05-14T22:23:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546944", "uuid": "17160d73-b040-4efe-ac47-ef2d6d7ef14a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546943", "to_ids": true, "type": "md5", "uuid": "5f8b0722-7b40-48fc-aeb5-d295da5e937c", "value": "29222f5e73dd10088fcf1204aa21f87f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546944", "to_ids": true, "type": "sha1", "uuid": "65dd01e2-f95e-4b3e-bd1a-1495d9744f1f", "value": "9ce848c543b04f5f909b91390a19ef5784d4e614", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546944", "to_ids": true, "type": "sha256", "uuid": "3500958b-e009-470d-9e76-0052ccd94e38", "value": "cfaac437326ccd27a643359ea0be48c34f88d0b98e8309524f9341f6953a7b88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970311", "to_ids": true, "type": "ssdeep", "uuid": "1cad6dbb-f79b-4a29-ac65-b674e8ec3475", "value": "49152:QYYwI84+UlVKWLWzn8JW9MB4CdIREgPJRb8AvTWRqTkrAp5VNyubmHCBm/lOPKO9:QYDIdBLBhOz8EyH2tJ5iuEI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970311", "to_ids": false, "type": "size-in-bytes", "uuid": "7aa5ed9c-ac78-4645-b853-98388379ad32", "value": "6049976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970311", "to_ids": true, "type": "vhash", "uuid": "6e1aa8b8-9619-4ffb-a34e-398ff353845a", "value": "e840a106aec60742c59f25fa4dd95c2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970311", "to_ids": true, "type": "filename", "uuid": "b5298a97-890a-45ec-8bce-94465cf887d3", "value": "cfaac437326ccd27a643359ea0be48c34f88d0b98e8309524f9341f6953a7b88.elf" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 13/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970311", "to_ids": false, "type": "text", "uuid": "f17acf5c-7f88-4865-8629-ec7d14033cf6", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/GoPanel.DA!MTB\nVT Total Detection:24/64\nFirst Submission:2026-04-30T23:56:09.000000+00:00\nLast Submission:2026-05-13T15:29:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546947", "uuid": "70451cfa-b00d-4fc2-b718-635f023275a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546947", "to_ids": true, "type": "md5", "uuid": "153682f3-ed58-4f7f-a44e-16e71aadaece", "value": "2de27ca8d97124adaf604b18161a441e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546947", "to_ids": true, "type": "sha1", "uuid": "32914a33-e49b-44c5-bf8c-430f96d22df7", "value": "9ae91b2f03e0b465b18c56abcad3b2b9b7d4e9aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546947", "to_ids": true, "type": "sha256", "uuid": "a4201c42-36ad-4a55-ae5e-4e2c68b635e6", "value": "b750c4ac80dcc6e382f3e81fdba843704038a4106d610244d725c8b654e7fde2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970333", "to_ids": true, "type": "ssdeep", "uuid": "b1dc5d5b-b21c-4541-9ba7-db61e06889ed", "value": "49152:FhWwGAPxY2E7solowXCNObxH3t7XmJcc7TncDxbggEet06fvEW5VQeciWWPKOKDk:FhzFYVH3tfcTcdDR0CFS/E3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970333", "to_ids": false, "type": "size-in-bytes", "uuid": "af5d1063-3208-4dae-9428-13387f111c9a", "value": "6377656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970333", "to_ids": true, "type": "vhash", "uuid": "a35154eb-e20c-44af-a34b-a94445af354a", "value": "e840a106aec60742c59f25fa4dd95c2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970333", "to_ids": true, "type": "filename", "uuid": "9ae7b9f3-e7eb-4383-8d91-38d3c8e16929", "value": "b750c4ac80dcc6e382f3e81fdba843704038a4106d610244d725c8b654e7fde2.elf" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 13/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970333", "to_ids": false, "type": "text", "uuid": "cdec702e-d848-40b5-9fe3-5145a42f7f08", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/GoPanel.DA!MTB\nVT Total Detection:23/64\nFirst Submission:2026-05-02T17:24:57.000000+00:00\nLast Submission:2026-05-11T14:50:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546950", "uuid": "f80d7c5d-1f7f-46c9-90f8-ebc6e76cb6f6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546949", "to_ids": true, "type": "md5", "uuid": "58f60c11-1011-4baf-ad6a-1255319ad7e0", "value": "45fc93426cf08f91c9f9de5f04a12263", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546950", "to_ids": true, "type": "sha1", "uuid": "85adeac7-0771-480a-aea1-13406a4694d4", "value": "5b5d14096b2301d99e84e440a0ef9108de347d61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546950", "to_ids": true, "type": "sha256", "uuid": "b7a3a9b2-1134-4e81-a388-ee1ab9db3824", "value": "2fe08e3a49cadf7be7933740bbdf10861d408148b118f5e0fd782d9ce6c78d52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970355", "to_ids": true, "type": "ssdeep", "uuid": "be8e452a-b108-4729-aca0-20bb912aaeca", "value": "98304:5CCzOR9OwjZgdn21IR2VY5F/STIIX/inKrQgOvCtn9QDEGkGvpf:5XQgdnt2qF/STI6iOO9QGkY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970355", "to_ids": false, "type": "size-in-bytes", "uuid": "36f6b1b1-9150-46be-8a38-ac4884ec0d19", "value": "9412736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970355", "to_ids": true, "type": "vhash", "uuid": "124b9b1b-31a6-4ee7-8ae7-b1face940a88", "value": "9867bdb55fb272eb43d498fd977819a9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970355", "to_ids": true, "type": "filename", "uuid": "3b052de6-f4b5-4411-92b0-05b07052e90b", "value": "filemanager-darwin-amd64" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970355", "to_ids": false, "type": "text", "uuid": "81c24538-1f41-47d8-bf1c-589dc02fe8a1", "value": "Type Description: Mach-O\nMicrosoft: None\nVT Total Detection:2/63\nFirst Submission:2026-05-13T09:44:39.000000+00:00\nLast Submission:2026-05-14T17:03:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546953", "uuid": "1308df8d-2eaa-42af-8e33-9e50ecd11512", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546952", "to_ids": true, "type": "md5", "uuid": "5b420741-3fda-47ff-914e-81f0d17c650f", "value": "711afb014f64c97d7b31685709c34ce7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546952", "to_ids": true, "type": "sha1", "uuid": "cb82d1a4-4931-4aeb-8c9e-d6f99b1d1455", "value": "e2967dd73d423e568c68f48d238da37a2bfe2b5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546953", "to_ids": true, "type": "sha256", "uuid": "655462c9-b811-4644-bc84-cfe6e62e7db3", "value": "d508889262ec535e55328f36816d832ac97ba8f2b5a1529344e31d15b3c6b050", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970376", "to_ids": true, "type": "ssdeep", "uuid": "4edbf6f3-9e77-4a0e-bef9-138ae76d8c79", "value": "98304:PHkOOQ8ZsSyKPk1+HjfMXkn1a9+UOVql6pZ3CNfSEGoCjg:PEO/8ZsSbkwHj6k8GoF5/GQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970376", "to_ids": false, "type": "size-in-bytes", "uuid": "5842637a-aeb9-44ce-899c-f20935881fe5", "value": "8842178" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970376", "to_ids": true, "type": "vhash", "uuid": "839f5045-b5f3-479f-825a-fec57d6da2ee", "value": "5ec1315c81eda7419ee2cdd7ac6193aa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970377", "to_ids": true, "type": "filename", "uuid": "f63c93a2-f5af-412a-b67d-25e155a8691b", "value": "filemanager-darwin-arm64" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970377", "to_ids": false, "type": "text", "uuid": "de3b36bd-ab13-4fb2-a13b-af9a443566eb", "value": "Type Description: Mach-O\nMicrosoft: None\nVT Total Detection:1/62\nFirst Submission:2026-05-13T09:44:01.000000+00:00\nLast Submission:2026-05-14T17:04:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546955", "uuid": "613c9dab-1269-499e-b3a9-fc19fe60f2b5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546955", "to_ids": true, "type": "md5", "uuid": "22411cda-8ce8-4241-801b-3aad80c604f7", "value": "9305b4ebbb4d39907cf36b62989a6af3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546955", "to_ids": true, "type": "sha1", "uuid": "d7b14d2a-4064-4d8a-a929-10017d80415b", "value": "a7b3f06ce20aa6bc8a5c6aaf0918ac166140f95f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546955", "to_ids": true, "type": "sha256", "uuid": "9796abbb-8501-47db-b8c9-c5c57eabbbd5", "value": "d4d914d4309922161ac8635a2c03e3a700becbffcbf0f1b6b9bfa06bbbc9e1f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970398", "to_ids": true, "type": "ssdeep", "uuid": "538ca93c-f4cc-4509-879e-bfa90b1cc033", "value": "98304:HKcIHHVheaECHe04sygQt0zC4cTYpxcMhhrv5T1HgTliIKh9j6Qn7xxTO23NkLBQ:HW9HedsHQt0Nc8pICh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970398", "to_ids": false, "type": "size-in-bytes", "uuid": "9857ab82-ddf9-418e-b02e-af71c7e34bd0", "value": "9212088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970398", "to_ids": true, "type": "vhash", "uuid": "c7aa61d4-95b8-4f09-b0c6-c3031b536ec9", "value": "e840a106aec60742c59f25fa4dd95c2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970398", "to_ids": true, "type": "filename", "uuid": "d741f395-8b4c-446b-81ed-a276a6824654", "value": "filemanager-linux-amd64" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970398", "to_ids": false, "type": "text", "uuid": "3553e10d-bdf8-422c-9f65-0969978335d0", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:26/64\nFirst Submission:2026-05-02T17:29:18.000000+00:00\nLast Submission:2026-05-02T17:29:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546959", "uuid": "365cdacc-ccc0-4a4c-81ac-b1cd17a2df9f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546958", "to_ids": true, "type": "md5", "uuid": "d7b91fa0-5142-4101-81c5-c5e283523c2f", "value": "bae1f1bce7c82fa86f05b12e2e254cfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546958", "to_ids": true, "type": "sha1", "uuid": "9697d7e3-f540-448a-a562-9ea14f340866", "value": "a8b8562ec2b9d954caf7757084e4fc0bfc4006f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546959", "to_ids": true, "type": "sha256", "uuid": "ee8c9883-d389-4105-bf3b-67151dd450db", "value": "6c0a3db90096bffa52cbf73445378037d34368a6c257519f7b93733823d83fe5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970420", "to_ids": true, "type": "ssdeep", "uuid": "5e4d7c0d-b4f8-4b27-b72d-577d724f645b", "value": "196608:Lu6h0EjxP+S8y7hrfsyk2FsMlQ6R4UgsV:Lud0Pwy75fJL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970420", "to_ids": false, "type": "size-in-bytes", "uuid": "2cf55881-4f37-4fca-8cfc-d5d991ee5713", "value": "9582592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970420", "to_ids": true, "type": "vhash", "uuid": "d1b3cfbf-9921-4901-b2b7-345c150b2899", "value": "096086655d55551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970420", "to_ids": true, "type": "filename", "uuid": "358dfc74-d285-47ab-9a6b-3fcd7dfc5495", "value": "filemanager-windows-amd64.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970420", "to_ids": false, "type": "text", "uuid": "3a481f72-53eb-496a-a5f6-5f4d48e703e1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:32/71\nFirst Submission:2026-05-11T06:44:35.000000+00:00\nLast Submission:2026-05-15T18:13:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546962", "uuid": "7a07b261-4b47-49e9-bc2f-feac0a4bbc33", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546960", "to_ids": true, "type": "md5", "uuid": "17580174-3799-4ae8-9377-ed5c7449a7ae", "value": "e1ec6ebb96cf87c785ee6a7da677c059", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546961", "to_ids": true, "type": "sha1", "uuid": "7789865a-d506-4f35-ba34-e5835bfabea9", "value": "2b7c00ca40bd3dc45559b48a641bfd857dfb7e2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546962", "to_ids": true, "type": "sha256", "uuid": "9abd6078-0988-47f6-b260-9a1496a16590", "value": "f7f8dacebcafc1cba3e4807212360379013be659f0ae911bbc17303c7bb1ce15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970442", "to_ids": true, "type": "ssdeep", "uuid": "19b68db9-fa51-4c31-baac-7378af0cf9b2", "value": "49152:ctme8hhJjzbP7FtdhWmX9Bv6wRHSfV4AZ3+jClVNNG91JILY1KaQ6G6EH5E0:ctL8v5jTdcmX9Ofu991JkaQLXE0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970442", "to_ids": false, "type": "size-in-bytes", "uuid": "6db8531a-4589-44d4-933b-54d3e2050115", "value": "8978616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970442", "to_ids": true, "type": "vhash", "uuid": "4c9b5bf4-dc96-4192-9306-7fe3524fc6b6", "value": "218621da7e1a5374644f320da7fd8c3f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970442", "to_ids": true, "type": "filename", "uuid": "bedbd59d-768f-464c-a578-168be094e48f", "value": "filemanager-linux-armv7" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970442", "to_ids": false, "type": "text", "uuid": "30c573a7-842c-41f2-a53a-e04b8b812635", "value": "Type Description: ELF\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:12/63\nFirst Submission:2026-05-13T09:42:54.000000+00:00\nLast Submission:2026-05-14T01:06:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546965", "uuid": "4e0db6d3-f709-4631-a91d-2a8e4378355e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546964", "to_ids": true, "type": "md5", "uuid": "6cc679f3-1553-42ac-bf2b-252d61e21f63", "value": "e49f68a363c867608972680799389daf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546964", "to_ids": true, "type": "sha1", "uuid": "b90fc972-f30b-4c86-b067-99e0f369018b", "value": "55abb3e0be104f935a2e80eac450b43bc1543ee5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546965", "to_ids": true, "type": "sha256", "uuid": "b7a9fbab-8de5-46e2-8502-30de79b24ce1", "value": "860461c241f1a94e705fb116900a26324f7d97bee4b4d89a934f1555b8438fa8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970464", "to_ids": true, "type": "ssdeep", "uuid": "ec058488-fddd-4b24-84ff-d4fe598dfb51", "value": "98304:+jOUZjgLhy5QLbwtVZZsHp7Bv+iC+DDQwgEU:+6wKhyyLktVoHplq+DDQwZU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970464", "to_ids": false, "type": "size-in-bytes", "uuid": "97ea0a2c-e685-48be-8249-539bc5a007e5", "value": "8650936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970464", "to_ids": true, "type": "vhash", "uuid": "2e67b2eb-01d0-4539-991a-f177d639ce9a", "value": "8ca932477f3df2975bc92944440b2676" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970464", "to_ids": true, "type": "filename", "uuid": "9ed107ed-32de-4087-a9cc-f37f967b436c", "value": "filemanager-linux-arm64" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970464", "to_ids": false, "type": "text", "uuid": "2f325065-97c0-41e3-a804-ae9ba820936c", "value": "Type Description: ELF\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:9/63\nFirst Submission:2026-05-13T09:42:28.000000+00:00\nLast Submission:2026-05-13T15:05:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546967", "uuid": "353d4745-1114-4073-9348-7b73c9401b7f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546967", "to_ids": true, "type": "md5", "uuid": "839bde9b-f28a-4633-b71d-7f337fc8d604", "value": "fb1bc3f935fdeb3555465070ba2db33c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546967", "to_ids": true, "type": "sha1", "uuid": "91aa8a6e-f6a5-4b87-80fe-d173ed041f94", "value": "87417ec71e12db2f9e98db9bbe8f1e4c942530fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546967", "to_ids": true, "type": "sha256", "uuid": "720f4459-0a95-41e8-9a62-5af4ced9fc17", "value": "e9d453f754b1977bed529b97f481101a5bc6a7948e776cc8780725c9480f5b04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970485", "to_ids": true, "type": "ssdeep", "uuid": "8bd80d7c-a07e-4653-806c-0a22bf742118", "value": "49152:Bn+gTrGFzWfrhynJIkdT03Td8qCN8xDFtWjYw/IlTAk09IYQ/ciWMPKOKDKM1juq:Bn/fuHdOdw2D2jalTRVS1wrER" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970485", "to_ids": false, "type": "size-in-bytes", "uuid": "7ede8f7e-1591-4042-8409-008df54b5083", "value": "6381752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970485", "to_ids": true, "type": "vhash", "uuid": "5be95b4a-17e0-4f26-811a-241c77de33b6", "value": "e840a106aec60742c59f25fa4dd95c2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970485", "to_ids": true, "type": "filename", "uuid": "ad70d8ca-5c1e-419d-a04f-f533bd254ca9", "value": "Update" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970485", "to_ids": false, "type": "text", "uuid": "27abf508-3d2f-4dcf-839e-d9729c59cd81", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/GoPanel.DA!MTB\nVT Total Detection:28/64\nFirst Submission:2026-05-12T14:25:42.000000+00:00\nLast Submission:2026-05-15T06:01:07.000000+00:00" } ] } ] } }