{ "Event": { "analysis": "1", "date": "2026-03-03", "extends_uuid": "", "info": "[Threat Intel] Silver Dragon Targets Organizations in Southeast Asia and Europe", "protected": false, "publish_timestamp": "1772824077", "published": true, "threat_level_id": "2", "timestamp": "1772824077", "uuid": "2e319e49-6c2f-442b-ba50-ae7d2e43ddb4", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#5dfed4", "local": false, "name": "misp-galaxy:producer=\"Check Point\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#aad818", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SSH - T1021.004\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": "" }, { "colour": "#4494e4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol or Service Impersonation - T1001.003\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": "" }, { "colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": "" }, { "colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"4a9eade3-5de4-4a80-9c7a-ba3a7566e130\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772679611", "to_ids": false, "type": "link", "uuid": "fc0f28a2-ea85-40c5-9f9f-e6f7939d6b30", "value": "https://research.checkpoint.com/2026/silver-dragon-targets-organizations-in-southeast-asia-and-europe/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772679611", "to_ids": false, "type": "text", "uuid": "66ce9e47-3ff2-4dd7-bdaa-95e12c4028b4", "value": "Check Point Research has identified a Chinese-nexus advanced persistent threat group named Silver Dragon, targeting organizations in Southeast Asia and Europe since mid-2024. The group, likely operating under APT41, exploits public-facing servers and uses phishing emails for initial access. They deploy custom tools including GearDoor, a backdoor using Google Drive for command and control, SSHcmd for remote access, and SilverScreen for covert screen monitoring. Silver Dragon primarily focuses on government entities, utilizing Cobalt Strike beacons and DNS tunneling for communication. The group's sophisticated tactics and evolving toolkit demonstrate a well-resourced and adaptable threat actor." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772679611", "to_ids": false, "type": "text", "uuid": "52cfd4e2-b2aa-438a-b3e8-d2dd346bd376", "value": "Name: Silver Dragon Targets Organizations in Southeast Asia and Europe\nAuthor: AlienVault\nAdversary: Silver Dragon\nTags: [\"apt\", \"southeast asia\", \"chinese\", \"silverscreen\", \"geardoor\", \"dns tunneling\", \"cobalt strike\", \"government\", \"sshcmd\"]\nTgtd countries: []\nMlwr families: [\"GearDoor\", \"SilverScreen\", \"SSHcmd\", \"Cobalt Strike - S0154\"]\nAttack_ids: [\"T1113\", \"T1033\", \"T1132.001\", \"T1071.004\", \"T1036.005\", \"T1021.004\", \"T1082\", \"T1053\", \"T1055\", \"T1016\", \"T1083\", \"T1036.004\", \"T1049\", \"T1057\", \"T1059.001\", \"T1078\", \"T1102.002\", \"T1001.003\", \"T1059.003\", \"T1105\"]\nIndustries: [\"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1772679611", "to_ids": false, "type": "threat-actor", "uuid": "f62a959f-917e-4b18-afe6-61f73056b6f9", "value": "Silver Dragon" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809747", "to_ids": true, "type": "md5", "uuid": "3d3cb2ff-8e22-4b4e-a252-0bd8009b6fbd", "value": "9d3f61dcaba90db2ede1c1906a80ace2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809748", "to_ids": true, "type": "sha256", "uuid": "b3e5ecaa-010d-4fbb-8ac5-7f6f1460499d", "value": "16b9a7358be88632378ba20ba1430786f3b844694b1f876211ecdbecf5cccbc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809750", "to_ids": true, "type": "sha256", "uuid": "75dfea23-8209-479f-b3e0-cb0ad042910a", "value": "37b485ed8d150d022c41e5e307b8c54c34ef806625b44d0c940b18be7d5b29ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814232", "to_ids": true, "type": "domain", "uuid": "e6126946-22ec-4f54-b989-d18b80f5b385", "value": "ampolice.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814254", "to_ids": true, "type": "domain", "uuid": "05e6e60b-e5fa-4055-98ad-6491a935c451", "value": "bigflx.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814275", "to_ids": true, "type": "domain", "uuid": "773ec267-2afd-4cb0-96a6-5c3831525113", "value": "copilot-cloud.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814297", "to_ids": true, "type": "domain", "uuid": "9e2df97f-e765-4ee2-be31-bfdb0877f965", "value": "exchange4study.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814318", "to_ids": true, "type": "domain", "uuid": "2279470c-4e93-4d08-92fd-30911f8d0ecf", "value": "mindssurpass.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814340", "to_ids": true, "type": "domain", "uuid": "6c4e0c14-936d-44f8-8635-3e025a5714e6", "value": "oicm.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814361", "to_ids": true, "type": "domain", "uuid": "f82b4846-f555-4128-86d0-6e58f30e7370", "value": "onedriveconsole.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814383", "to_ids": true, "type": "domain", "uuid": "39dacb31-d94c-4847-8d3e-7f81de4c4e31", "value": "protacik.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814404", "to_ids": true, "type": "domain", "uuid": "78fdcba2-6338-4114-84bc-54a026ace69e", "value": "revitpourtous.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814426", "to_ids": true, "type": "domain", "uuid": "88b6eba9-5211-4f1f-a3c8-a39cf61a7d18", "value": "splunkds.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814448", "to_ids": true, "type": "domain", "uuid": "a488637f-e248-453c-a4ab-bbeb39a24e08", "value": "wikipedla.blog", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814469", "to_ids": true, "type": "domain", "uuid": "b3344e10-a395-422b-b1ac-be888d4982a0", "value": "zhydromet.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814491", "to_ids": true, "type": "hostname", "uuid": "b8b3a97f-14c6-46ed-ae47-8854849cbdf8", "value": "ns1.exchange4study.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814512", "to_ids": true, "type": "hostname", "uuid": "adb53906-ba91-48db-b990-8c084506950d", "value": "ns1.onedriveconsole.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814533", "to_ids": true, "type": "hostname", "uuid": "779982af-60e0-4d72-ad5b-4fd782d2c90f", "value": "ns2.onedriveconsole.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814555", "to_ids": true, "type": "hostname", "uuid": "904140e4-feed-4711-bc5e-673eb25f8145", "value": "drivefrontend.pa-clients.workers.dev", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1772823860", "to_ids": false, "type": "comment", "uuid": "eac03035-990c-4a64-afc0-59e392b5d38a", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2026/260307-SilverDragon/260307-SilverDragon.png" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814577", "uuid": "7eb94e63-a60c-4d1d-9c36-02d5004abce8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814577", "to_ids": true, "type": "md5", "uuid": "2495a143-f1d0-4dd8-b525-1cd37a711267", "value": "876e6bca4c322db479d00152a5c8231a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809682", "to_ids": true, "type": "sha1", "uuid": "3a188efd-7d14-43eb-aebe-f069cadf5c1b", "value": "c093b163f86d35c7cc3f2966d4a5ec5f8ce77980", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809683", "to_ids": true, "type": "sha256", "uuid": "d3c6281f-899e-4e72-89b1-749a86e58335", "value": "bcbe2f0a8134c0e7fce18d0394ababc1d910e6f7b77b8c07643434cd14f4c5d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808589", "to_ids": true, "type": "ssdeep", "uuid": "4dca493f-efe5-496b-836e-0322306b9bcc", "value": "12288:hUYieQL9QA09b716tgdelrCCqiznbsrv0QXIRHEl:6Yl6Girgizsv0wUkl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808589", "to_ids": false, "type": "size-in-bytes", "uuid": "da1154f1-55cf-4f56-a624-7fac59d5f51d", "value": "569408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808589", "to_ids": true, "type": "vhash", "uuid": "e34e4800-58e6-4ae4-9468-3c7d07e30334", "value": "25503675151120c5c21021" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808589", "to_ids": true, "type": "filename", "uuid": "2881c664-f5ff-4820-bf3d-4d97146d34e5", "value": "SshCmd.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808589", "to_ids": false, "type": "text", "uuid": "222664d5-cfd4-4720-bde0-d2b29ff0c929", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:25/71\nFirst Submission:2026-01-17T10:12:05.000000+00:00\nLast Submission:2026-01-17T10:12:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814598", "uuid": "1871457a-4687-494e-b62a-9cb5dc7d1e2f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814598", "to_ids": true, "type": "md5", "uuid": "9b48ee90-0cc4-4bbc-947e-a32b098baba2", "value": "00bd4de2bde0461accdd2e79279b08c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809685", "to_ids": true, "type": "sha1", "uuid": "c253ceda-869d-484e-8ad7-5f892b0b7935", "value": "30bf9d8012bfe749eb6a5bed61e1c28605f92c1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809685", "to_ids": true, "type": "sha256", "uuid": "5de2c37e-4f90-49fd-be58-e7d6121ab9df", "value": "166e777cb72a7c4e126f8ed97e0a82e7ca9e87df7793fea811daf34e1e7e47a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808634", "to_ids": true, "type": "ssdeep", "uuid": "55205d8d-9863-4f1c-840e-55a33acb18c0", "value": "24576:Pqmj5HPg1PkSq2+ApZe0YjQk+T/AFqhbFe:PNtHM6ApZOjQbAse" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808634", "to_ids": false, "type": "size-in-bytes", "uuid": "468ff70b-0d6e-4df3-9b8c-b31a0fc3f4b7", "value": "1413555" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808634", "to_ids": true, "type": "vhash", "uuid": "bbca830c-da3a-4338-a83f-86299725e73f", "value": "ec6e7b359486831463fd699c0fde91cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808634", "to_ids": true, "type": "filename", "uuid": "86cdab7a-240e-44f4-aa8a-912db144a972", "value": "\u041f\u0438\u0441\u044c\u043c\u043e\u041c\u0412\u0414.pdf.lnk" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808634", "to_ids": false, "type": "text", "uuid": "dee39adf-c22d-4c05-9f5f-be571d51d82c", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: None\nVT Total Detection:22/63\nFirst Submission:2025-11-12T12:29:53.000000+00:00\nLast Submission:2025-12-31T16:15:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814619", "uuid": "78f08a7f-a588-48b3-a171-4b60c778675d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814619", "to_ids": true, "type": "md5", "uuid": "b0ec9b49-8b6d-4f98-b745-1e739c1c38cf", "value": "2edd53b59f01931888d9d237871aa808", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809687", "to_ids": true, "type": "sha1", "uuid": "30a7a07b-0f54-411f-9b02-837eb607a76e", "value": "aac46d75d2f8fa09dd1d163cc47de944ff0438a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809687", "to_ids": true, "type": "sha256", "uuid": "156b3e12-0a2b-415c-ae70-76016d6cb8f2", "value": "19139a525ee9c22efd6a4842c4cd50ab2c5f9ee391e5531071df0bb4e685f55d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808679", "to_ids": true, "type": "ssdeep", "uuid": "2fe865ad-48ca-469f-a84f-bd2956ab7be9", "value": "96:HZGTy9uNSrPH77R9jIeh2GT/oSpIKAScdanayf/gYUfuBMWuYktPj:5GCr5VH0TdGnvgNfuWWtu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808679", "to_ids": false, "type": "size-in-bytes", "uuid": "c33e5a02-5639-433d-b9c8-8e53c0c7e081", "value": "7168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808679", "to_ids": true, "type": "filename", "uuid": "77309510-c734-40a8-babb-d9506f24e94c", "value": "ComponentModel.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808679", "to_ids": false, "type": "text", "uuid": "3037e38c-212d-452b-9938-b6d91e4cd0fc", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:1/61\nFirst Submission:2025-09-12T10:32:15.000000+00:00\nLast Submission:2025-12-18T16:11:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814641", "uuid": "a555f4e4-d725-4323-a4b4-20ee2559ceb7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814641", "to_ids": true, "type": "md5", "uuid": "eafa3414-5ce7-4ed6-98e8-de55f1e37af4", "value": "61bb113beecd0166ac2f2e8e027645fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809689", "to_ids": true, "type": "sha1", "uuid": "2c47ebce-f553-45ab-81ef-911b19241310", "value": "79c18cf8ec7c5ee74f4d8d72503bedc2421c431e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809690", "to_ids": true, "type": "sha256", "uuid": "14de9b99-aa9f-49fa-a04f-15c7601f837f", "value": "2f787c1454891b242ab221b8b8b420373c3eb1a0c1fdcb624dd800c50758bbb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808703", "to_ids": true, "type": "ssdeep", "uuid": "a1901045-1704-4b88-bfde-c92ade6dce2b", "value": "192:fvgt9Dm6zqGR1U8i9vT6yCPzkiosIIW2W5W:fvg/zXHliB6NDo6W2W5W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808703", "to_ids": false, "type": "size-in-bytes", "uuid": "83707f04-67f3-46b2-b50b-1fe8217cb503", "value": "8192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808703", "to_ids": true, "type": "vhash", "uuid": "bb046273-a4b3-48cf-bc45-fd06e6524e85", "value": "183026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808703", "to_ids": true, "type": "filename", "uuid": "e23aa0a1-6fca-45d9-b732-5335c81c44d8", "value": "ComponentModel.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808703", "to_ids": false, "type": "text", "uuid": "43dc726c-4fca-4a50-b51a-629a99d2a7c4", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Vigorf.A\nVT Total Detection:14/71\nFirst Submission:2025-12-24T05:53:33.000000+00:00\nLast Submission:2025-12-24T05:53:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814673", "uuid": "b33fb29c-be19-448f-9b92-08157e9cfe96", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814673", "to_ids": true, "type": "md5", "uuid": "ed74bdaf-c3ad-4bf5-9510-923caf6f0529", "value": "9fd54246d78eacdb02d8d830a27f95bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809692", "to_ids": true, "type": "sha1", "uuid": "46fefb6c-b977-47a5-b4d3-f6272830771f", "value": "5d8652119a6d99df52eda35924efa1d80f74de88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809692", "to_ids": true, "type": "sha256", "uuid": "0d65c6bd-e7b1-4356-926a-fbae20220856", "value": "3128bdb8efaaa04c0ba96337252f4cc2dc795021cbc410f74ace9dde958bac1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808726", "to_ids": true, "type": "ssdeep", "uuid": "2ac8bd9f-c75b-4b26-9bea-2abf49f0b4c7", "value": "3072:ZAAipoaZlBlc0M10pvpZAFzUSeQ1FIBD/RB6/9Ya8WN0EVj/9:afjlcF10pvpaiiSBjP6/9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808726", "to_ids": false, "type": "size-in-bytes", "uuid": "bd3ad028-d4c8-4d4e-aef8-e5afd477750e", "value": "194048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808726", "to_ids": true, "type": "vhash", "uuid": "fe10d853-38b3-4c4c-b78b-66145397b8de", "value": "115086655d15551515155az5c?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808726", "to_ids": true, "type": "filename", "uuid": "ce1bbb60-d063-4a96-a422-9881361287b7", "value": "WinSync.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808726", "to_ids": false, "type": "text", "uuid": "e3ed45fb-8cf6-43db-bd25-adabc586f15a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Vigorf.A\nVT Total Detection:15/71\nFirst Submission:2025-12-24T09:34:29.000000+00:00\nLast Submission:2025-12-24T09:34:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814694", "uuid": "14d5c8f1-7213-476d-8138-15060435dbb3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814694", "to_ids": true, "type": "md5", "uuid": "6964c95a-ebf0-4177-ad31-f05892e80f62", "value": "0d1f1d68ae32ee8d51f8ec8f2676bfeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809694", "to_ids": true, "type": "sha1", "uuid": "377700ea-e615-4ba2-a69c-78feac884e9f", "value": "69c9474d942e314d6f71be59cbd936e765a7938b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809694", "to_ids": true, "type": "sha256", "uuid": "fa49a53e-0909-42aa-ba5e-dca48c3108d2", "value": "3a2df7a2cfeca5ba315a29cf313268a53a22316c925e6b9760ead8f4df0d1f75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808770", "to_ids": true, "type": "ssdeep", "uuid": "3d093b90-2c0f-4235-86f8-f6e0ea60c5a1", "value": "48:6ao9kSyM+Wm1hyyIH3M8ifqyNM+Xz2mxgvPugNviHXtiOlkBqF:SCSydDIHcQwXXcPugFEi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808770", "to_ids": false, "type": "size-in-bytes", "uuid": "22ee9b07-3ba3-4589-976f-46128ece1936", "value": "4096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808770", "to_ids": true, "type": "vhash", "uuid": "14042ca0-c1d0-4b1e-b0ba-f282af31cf4f", "value": "143026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808770", "to_ids": true, "type": "filename", "uuid": "cb65b731-b646-4376-bbcd-0cc12aaa83f6", "value": "ServiceModel.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808770", "to_ids": false, "type": "text", "uuid": "1b688fed-0338-408e-a3cb-2d57625636f8", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Vigorf.A\nVT Total Detection:14/71\nFirst Submission:2025-12-22T07:09:43.000000+00:00\nLast Submission:2025-12-22T07:09:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814716", "uuid": "c516f9b6-f7ac-4b23-88e7-0c0fd5267e98", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814716", "to_ids": true, "type": "md5", "uuid": "d8c8357a-6593-4b4b-a7f1-2cd17ad4433e", "value": "e43f35f6cbb86a283bf2d8051d73b31c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809695", "to_ids": true, "type": "sha1", "uuid": "b4d2ec44-3123-4b17-bf5a-ad8b17afd9a5", "value": "62d2491ea2465f9d87afbc7ed1f5af8ca6601190", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809696", "to_ids": true, "type": "sha256", "uuid": "8e4dbbba-67c4-4598-a7fe-3ff128da6acd", "value": "3e2a0bafbd44e24b17fd7b17c9f2b2a3727349971d42612d55bbc1732082619a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808793", "to_ids": true, "type": "ssdeep", "uuid": "56e5aae3-f977-44b0-8c71-dc1f4b93c79d", "value": "48:bTTER879O2QEORGa+H9a+H/3+wO/Ek6znGq49NLKVZP:D2z2rdrPiH96" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808793", "to_ids": false, "type": "size-in-bytes", "uuid": "148e4951-0027-49db-a2f6-abc0ad517edd", "value": "1940" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808793", "to_ids": true, "type": "filename", "uuid": "eccb7f23-0c74-4c74-9697-2aa5ac2b4448", "value": "HSgaG.bat" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808793", "to_ids": false, "type": "text", "uuid": "4895dea4-1b85-4334-b22b-b6d5b998c992", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:3/61\nFirst Submission:2025-12-24T09:36:36.000000+00:00\nLast Submission:2025-12-24T09:36:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814737", "uuid": "9324e4e9-1713-4109-88b0-55073b28e41e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814737", "to_ids": true, "type": "md5", "uuid": "336e684e-6ffc-4c61-b6fa-365915eba26a", "value": "8ee654d826ca5243e2ed1bc4d07f86be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809698", "to_ids": true, "type": "sha1", "uuid": "bdab5b90-1cdc-4327-a0f5-19a28c89888b", "value": "52da3171aafb4c3dda874b3ef4426c4b9813d487", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809698", "to_ids": true, "type": "sha256", "uuid": "12e75505-86a9-42fd-8926-b3e200fb20e7", "value": "43f8f94ca5aa0af7bfb0cc1d2f664a46500a161b2d082b48b516d084ef485348", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808816", "to_ids": true, "type": "ssdeep", "uuid": "488e6d75-dd41-429f-9822-8570b03f2151", "value": "3072:XBsAInn3UfbrNIdHrgYXkGCXyzuXxOwv8ftvYH8w:X2barergLvCKXxPz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808816", "to_ids": false, "type": "size-in-bytes", "uuid": "d0eaac73-18e3-4c38-939f-977cb33f7918", "value": "209408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808816", "to_ids": true, "type": "vhash", "uuid": "57843b04-c96c-49ca-9436-4abaa96f3256", "value": "125086655d15551515155az5c7z304sz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808816", "to_ids": true, "type": "filename", "uuid": "53a0e271-01da-4636-b3d3-84b4eed9da71", "value": "43f8f94ca5aa0af7bfb0cc1d2f664a46500a161b2d082b48b516d084ef485348.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808816", "to_ids": false, "type": "text", "uuid": "28fdd07a-3573-4726-9fc5-94506c5afd45", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Vigorf.A\nVT Total Detection:39/71\nFirst Submission:2025-11-13T09:46:40.000000+00:00\nLast Submission:2025-12-14T11:56:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814759", "uuid": "20b3a884-7c7c-4c58-9b8b-7526f0cbcf8d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814759", "to_ids": true, "type": "md5", "uuid": "361b5180-c3ce-4801-a61e-e9a010e4d6c8", "value": "ae72b2c870eb5cb9e01183c3cd301c7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809699", "to_ids": true, "type": "sha1", "uuid": "2a5d2973-aec8-41ad-a5e8-6356255672c6", "value": "d501f2ae86465f97470f2456b3e0c7b4cf7c4503", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809700", "to_ids": true, "type": "sha256", "uuid": "2d053196-d353-4d14-8220-1e3a25e2098a", "value": "44e769efed3e4f9f04c52dcd13f15cead251a1a08827a2cb6ea68427522c7fbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808839", "to_ids": true, "type": "ssdeep", "uuid": "5b675cc1-42e0-4adc-9c1f-75ca77f79b44", "value": "768:OKHc0udyEnOWrjk4L3QcEXtfGiCyyp/3x0BzvFhJfpJ++5tdUp+JUi9:OK8jwEHmey0x0HTpJ++5tIA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808839", "to_ids": false, "type": "size-in-bytes", "uuid": "bd98fd23-9276-4e3d-8faa-5c435149191a", "value": "43008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808839", "to_ids": true, "type": "vhash", "uuid": "8bdef7b8-84b9-499f-bda2-be4a5ced85b1", "value": "144026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808839", "to_ids": true, "type": "filename", "uuid": "e0b56b79-7b63-441b-9a01-a73bbd5def18", "value": "ComponentModel.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808839", "to_ids": false, "type": "text", "uuid": "93704f5b-cade-44d4-b7de-c0cf5bb726ba", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:13/71\nFirst Submission:2026-01-17T09:32:02.000000+00:00\nLast Submission:2026-01-17T09:32:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814781", "uuid": "3b6f0949-4e04-475c-a5ce-30ec8f5473c3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814781", "to_ids": true, "type": "md5", "uuid": "3eaa3d91-481d-4508-8f31-62dff33f1a99", "value": "5f1928e8a644dab9fb294374362b045e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809702", "to_ids": true, "type": "sha1", "uuid": "e7452d5f-ba85-42ed-8452-b3ee1e5b95b3", "value": "e0eb70574201880708664ff8db11dae75e6cf9d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809702", "to_ids": true, "type": "sha256", "uuid": "7fe2ff05-38a2-42ab-b4ad-b10eef51820f", "value": "4f93be0c46a53701b1777ab8df874c837df3d8256e026f138d60fc2932e569a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808863", "to_ids": true, "type": "ssdeep", "uuid": "d286b116-a9c7-48c8-9c94-d73339e79dd7", "value": "49152:1IxMGpY0TG1W6IGN33rg4hXEvNWM66IFURtjmVBWZUT:1IV+W6IuMmXgNWM6OfS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808863", "to_ids": false, "type": "size-in-bytes", "uuid": "4b419814-ab70-4e23-afd1-e450228ff5e4", "value": "8623616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808863", "to_ids": true, "type": "vhash", "uuid": "fead0525-c26a-4e04-97d0-e14c3aadea5c", "value": "086026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808863", "to_ids": true, "type": "filename", "uuid": "b183b41b-7b33-477a-b620-6671d6754cd8", "value": "dfsvc.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808863", "to_ids": false, "type": "text", "uuid": "1c1cef65-50f3-4436-88f0-aee8dfdaba13", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Vigorf.A\nVT Total Detection:23/71\nFirst Submission:2025-12-22T07:00:12.000000+00:00\nLast Submission:2025-12-22T07:00:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814803", "uuid": "c7c61d4f-acb9-44e0-8618-d53adaf1c2f4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814803", "to_ids": true, "type": "md5", "uuid": "f24fcfec-537c-4d7a-b4d3-281d4631f4ae", "value": "791de86ffaf47666e3dcf26c8f943f25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809704", "to_ids": true, "type": "sha1", "uuid": "50bb01b0-8001-401b-9b73-890dfb44458d", "value": "de50ee5a264d9b96028ab8c6a263ac302e3443d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809704", "to_ids": true, "type": "sha256", "uuid": "943dc882-0340-4a9d-a9b3-a1a00fab2ffd", "value": "51684a0e356513486489986f5832c948107ff687c8501d64846cdc4307429413", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808886", "to_ids": true, "type": "ssdeep", "uuid": "93ecbcc3-970f-4705-8618-29de173c57f7", "value": "12288:5PBdlCRgz0zI4m12barepKXhugdvLua1mborQ+ecTtWLDchot2n4Po70duh68jdr:++ApkhhQuBAghoe0YjQk+T/AFqhbFe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808886", "to_ids": false, "type": "size-in-bytes", "uuid": "83796784-4271-4aee-8b6b-37f492ea3bbc", "value": "1128622" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808886", "to_ids": true, "type": "vhash", "uuid": "d9aaf5e1-e981-4e22-8729-43b955680dc3", "value": "d98115b16803715ae6149b46db30f91b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808886", "to_ids": true, "type": "filename", "uuid": "d994fec3-7922-443f-8854-8079b1113753", "value": "51684a0e356513486489986f5832c948107ff687c8501d64846cdc4307429413.lnk" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808886", "to_ids": false, "type": "text", "uuid": "858dd79e-79ac-4346-a2be-cba3a9c863d9", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: None\nVT Total Detection:31/62\nFirst Submission:2025-11-13T09:38:17.000000+00:00\nLast Submission:2025-12-31T17:02:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814825", "uuid": "35c5dc25-88ae-4703-a599-af5a48467f8c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814825", "to_ids": true, "type": "md5", "uuid": "2b8793a2-f14a-4ee6-bfbb-74f45ed8d65f", "value": "ccc1631e700763c4c31cd7540f2bf608", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809706", "to_ids": true, "type": "sha1", "uuid": "302e7671-76d6-429c-8ecc-9c34f83b68bd", "value": "12e6dae26e015e5b50c8da16e63351cf2eb6b7a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809706", "to_ids": true, "type": "sha256", "uuid": "91709c5d-e590-49d2-861d-541dc3798f45", "value": "5341c7256542405abdd01ee288b08e49dcb6d1782be6b7bea63b459d80f9a8f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808909", "to_ids": true, "type": "ssdeep", "uuid": "e769be18-dccc-40c5-9e5e-8fdf857d52a8", "value": "768:9HXwJ3Xvnin+bOqbbTX5geTdtZ4HeLy9J+nDwulmSU:9gxfmczCT9J+nDwr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808909", "to_ids": false, "type": "size-in-bytes", "uuid": "c230da31-b48b-4801-a846-dcfda294f0a3", "value": "46592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808909", "to_ids": true, "type": "vhash", "uuid": "f073f0e6-26be-44e2-938d-0137ced9500d", "value": "144026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808909", "to_ids": true, "type": "filename", "uuid": "99935243-b05a-4490-82ef-ad7ca6d8d909", "value": "ServiceMoniker.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808909", "to_ids": false, "type": "text", "uuid": "87ae6d3b-88f6-4c9f-bc37-35f47ff859d9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Vigorf.A\nVT Total Detection:11/71\nFirst Submission:2025-12-22T01:49:56.000000+00:00\nLast Submission:2025-12-22T01:49:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814846", "uuid": "05aa0009-ebb9-4bc5-9abf-4634fdc6cbd6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814846", "to_ids": true, "type": "md5", "uuid": "f157fff2-c032-4d12-998a-7cb27c5a88ef", "value": "b0bae77341da2871b8354cbe22b39cf6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809709", "to_ids": true, "type": "sha1", "uuid": "169a755a-02ad-4899-babb-ba0689ff2628", "value": "ffd50936f8c0daf4531e0d12e93a81e917f7d747", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809709", "to_ids": true, "type": "sha256", "uuid": "db6a6435-110b-429d-9c4d-96175ad0cf57", "value": "568c67564d62b09d1a1bc29a494cf4bf31afddcafcf78592b178c63f23ccfcae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808932", "to_ids": true, "type": "ssdeep", "uuid": "4491d0e7-9dd6-431c-b1e7-125944b761df", "value": "96:FI9MEAOBXBgRpuAkn0GKrbvwPhlg2kDHAJOiw20lnt9UmevaVmc9k:FCMElBiFk07bv0hUToOiwTZt98a8D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808933", "to_ids": false, "type": "size-in-bytes", "uuid": "069a9772-e057-4da1-a4cb-bb424e4df9f6", "value": "7168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808933", "to_ids": true, "type": "vhash", "uuid": "0d21140c-8cbe-41e3-a4ed-c49e858ff314", "value": "173026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808933", "to_ids": true, "type": "filename", "uuid": "98e148b9-3d9a-42d8-9c0e-52b375fe4383", "value": "ComponentModel.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808933", "to_ids": false, "type": "text", "uuid": "8bd17157-7485-4be3-a962-05f0494bd8ab", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Vigorf.A\nVT Total Detection:16/71\nFirst Submission:2025-12-24T06:02:11.000000+00:00\nLast Submission:2025-12-24T06:02:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814867", "uuid": "eb7c3c4d-1fd1-4d8a-9ec5-2f7968c38a87", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814867", "to_ids": true, "type": "md5", "uuid": "98eaeb8b-3fc6-4f44-ba4e-fc6beb8ede12", "value": "7728646e661df092f1e71735a711f05a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809711", "to_ids": true, "type": "sha1", "uuid": "bd23d37e-649f-4d5f-8cda-0ceec89bd68d", "value": "8e5a5d99bba0d65d0e9fccfab06a052c85f2c912", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809711", "to_ids": true, "type": "sha256", "uuid": "89589bef-c412-4152-b0e3-d481f2e4c811", "value": "5ad857df8976523cb3ad2fdf30e87c0e7daa64135716b139ffdcd209b98e1654", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808956", "to_ids": true, "type": "ssdeep", "uuid": "06688d19-8e9d-4bc0-9061-9a5bd1f2c6fc", "value": "192:ivgt9DlnS+4YR1U8i9jT6yCRzkiosI4W2YjW:ivgvn34eliV6fDo6W2YjW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808956", "to_ids": false, "type": "size-in-bytes", "uuid": "e1c7551f-aac1-436b-a09c-b0e0e4137c54", "value": "8192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808956", "to_ids": true, "type": "vhash", "uuid": "506790b2-68f5-497c-9316-cfa26f2f4846", "value": "183026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808956", "to_ids": true, "type": "filename", "uuid": "26eb7d5e-6336-4b36-a4e1-323ca4788a76", "value": "ServiceModel.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808956", "to_ids": false, "type": "text", "uuid": "0ce6a442-bc63-4b7c-bb75-f014bbc8d6ec", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Vigorf.A\nVT Total Detection:14/71\nFirst Submission:2025-04-29T19:06:57.000000+00:00\nLast Submission:2025-12-24T05:52:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814889", "uuid": "906ebbc8-85d2-4448-8d0c-b9615dac5f26", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814889", "to_ids": true, "type": "md5", "uuid": "665d4b0e-998c-436a-bf48-c6d144f881b3", "value": "2a7042102cae68fce699e33cd78d847d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809713", "to_ids": true, "type": "sha1", "uuid": "7baf3ff6-2e7b-4cb7-8bce-d00223311b69", "value": "8d543c5d1d1b8fa56c3fad1183e189880e934ec6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809713", "to_ids": true, "type": "sha256", "uuid": "604c17a9-90ef-4769-bde1-298f468dbfa9", "value": "72e4b6540e32b8b7aac850055609bc5afc19e29834e9aa6be29a8ea59a2c9785", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808979", "to_ids": true, "type": "ssdeep", "uuid": "d1566a7e-d9b7-479a-bef0-72725463208d", "value": "192:H7wTe2B7Y5eYL7m7bf0hUTEbDwTZaCOay:Ue5hmntDQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808979", "to_ids": false, "type": "size-in-bytes", "uuid": "c6e5314b-6178-4524-b29d-95bd57056bcf", "value": "9728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808979", "to_ids": true, "type": "vhash", "uuid": "1aa227e1-f230-4755-8c34-46d027933f07", "value": "193026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808979", "to_ids": true, "type": "filename", "uuid": "09dbf4b6-0165-44c1-90eb-2e8403f0ffae", "value": "ComponentModel.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808979", "to_ids": false, "type": "text", "uuid": "f9ffafc1-2404-4c7f-9f17-b24b59950d50", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.C!ml\nVT Total Detection:23/71\nFirst Submission:2025-12-22T05:00:41.000000+00:00\nLast Submission:2025-12-24T06:01:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814911", "uuid": "42186d47-8f59-46cd-913b-c95b990573e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814911", "to_ids": true, "type": "md5", "uuid": "4ec1b77c-0fbb-4d54-a39c-062bfc5d06e6", "value": "2524f644a0d731c252079870ec7c882e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809716", "to_ids": true, "type": "sha1", "uuid": "a62b3ec0-4c9c-4921-b4db-7196129d5435", "value": "e963bebc16649ab219db780247505bc4cfa58e8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809716", "to_ids": true, "type": "sha256", "uuid": "892e84e2-82b4-4f8b-b455-9221e38e100f", "value": "7384462d420bdc9683a4cac2a8ad19353a2aa7d2244c91e9182345777e811e33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809002", "to_ids": true, "type": "ssdeep", "uuid": "9ba8d2bf-fd67-4082-ac64-b91e255a0559", "value": "3072:ZTE8Kgwug8B0x3SsfXMzGbMJoBJcAAYd2hy+Ogs/dOGgnC/FUZFB:Z7KbxJXGIRBqb6f+LsZ0D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809002", "to_ids": false, "type": "size-in-bytes", "uuid": "ff35a0b8-4472-4d5b-b774-12a409fbdd51", "value": "181248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809002", "to_ids": true, "type": "vhash", "uuid": "cd4f3136-1b35-4f19-8167-e6dd1789521f", "value": "115086655d15551515155az5d?z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809002", "to_ids": true, "type": "filename", "uuid": "e65457db-9f6e-4113-b52a-26b6c43e5f23", "value": "rasdiag.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809002", "to_ids": false, "type": "text", "uuid": "9dfcd1a3-4fa2-403f-85db-85e5499761cb", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Vigorf.A\nVT Total Detection:15/71\nFirst Submission:2025-12-22T07:57:16.000000+00:00\nLast Submission:2025-12-24T06:12:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814932", "uuid": "5de413c3-e347-4b3d-9c22-f6f09105589c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814932", "to_ids": true, "type": "md5", "uuid": "79c8fff1-1899-4e83-8a9b-eb59a2cf0058", "value": "cbdd29728b03f1da10e3dafd1bc5df30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809718", "to_ids": true, "type": "sha1", "uuid": "e799cae8-1ff5-4152-9886-1f231177de57", "value": "9e2929816b418ff2eadae689bfde146d54e6f81a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809718", "to_ids": true, "type": "sha256", "uuid": "fc700613-45f0-48b7-8fb5-72310ca80977", "value": "740a09fcdefa5a5f79355b720f54ff09efa64062229fb388adbccd9c829e9ff0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809025", "to_ids": true, "type": "ssdeep", "uuid": "cb7b37d7-b5ca-49ec-9603-3010171f7a25", "value": "768:qQvOE7OfZGxBk8QQfRoxa93svzWCdlgLy9J+nDwoa1RWQ:rW1fZGxB98vzWCn99J+nDwV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809025", "to_ids": false, "type": "size-in-bytes", "uuid": "f09129d9-65bf-4ed1-a85a-8fa673e8a5cc", "value": "35840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809025", "to_ids": true, "type": "vhash", "uuid": "d7ff5c77-a61e-4155-a822-bd7943ba57c3", "value": "134026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809025", "to_ids": true, "type": "filename", "uuid": "82461fab-281f-47a8-bc2a-bb81550ccb8b", "value": "ServiceMoniker.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809025", "to_ids": false, "type": "text", "uuid": "a26bb287-0f58-48a1-b438-c9decadbde5b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Vigorf.A\nVT Total Detection:21/71\nFirst Submission:2025-09-12T10:28:31.000000+00:00\nLast Submission:2025-12-24T05:59:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814954", "uuid": "55b4d488-470e-41f3-9c0e-07fe9a73e84a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814954", "to_ids": true, "type": "md5", "uuid": "67879e21-1a66-4f11-a0e0-4bbe497e5f40", "value": "1c66d075c3df801f92a24d99b3f69de3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809720", "to_ids": true, "type": "sha1", "uuid": "127bf426-47a6-4bcb-94a2-45be3dae360e", "value": "64a94ff99d6569aaf7f78fb9aaab9c390fc6b1ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809720", "to_ids": true, "type": "sha256", "uuid": "9d62b2c2-18cb-45f8-bab4-032c44d7b607", "value": "74a11a07d167f8f5c0baa724d1f7708985c81d0ac3d0e4d7ef3f3220c335e009", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809048", "to_ids": true, "type": "ssdeep", "uuid": "e893ef3e-ec94-4dfe-b454-a65d22fe2f16", "value": "3072:FHNBQTyTyLmguG3ilhhiO6NbWiW3Ioft1ha0TCps:FcTyTmu+usbNXWzO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809048", "to_ids": false, "type": "size-in-bytes", "uuid": "5a30a0fe-5037-4d6c-9e6a-333ce0bdfce1", "value": "163840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809048", "to_ids": true, "type": "vhash", "uuid": "9f409610-4506-4271-97e5-a70eeb93128c", "value": "115086655d15551515155az5d7z304sz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809048", "to_ids": true, "type": "filename", "uuid": "e4db1db6-6ec9-4f8a-a18e-83fc825692bf", "value": "zjpzb1qs.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809048", "to_ids": false, "type": "text", "uuid": "478b990e-19d9-4c1d-927a-4974febb2291", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Vigorf.A\nVT Total Detection:11/71\nFirst Submission:2025-12-22T06:40:32.000000+00:00\nLast Submission:2025-12-22T06:40:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814975", "uuid": "f187fc2a-48ac-417c-b290-e4c89be6c333", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814975", "to_ids": true, "type": "md5", "uuid": "aa344b37-059b-4702-874a-518c61fa873e", "value": "a5c9a0a0f09683ccdcc56b9ff284162a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809722", "to_ids": true, "type": "sha1", "uuid": "1d1f0ddf-5c3d-47d8-a230-684966098ade", "value": "8dbff1ef04ab461be37cdc8d9c947aff28b897fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809722", "to_ids": true, "type": "sha256", "uuid": "abf8f2ff-e1fe-446d-a214-f43001f07ae4", "value": "7f89a4d5af47bc00a9ad58f0bcbe8a7be2662953dcd03f0e881cc5cbf6b7bca8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809071", "to_ids": true, "type": "ssdeep", "uuid": "3d0ad2a5-9f3f-4619-ab9a-b95ae31f74d6", "value": "49152:yIxTs+blXAIh5obHbllOaSlZ1c/jpBhBK:yIBJ5a7llOaSlky" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809071", "to_ids": false, "type": "size-in-bytes", "uuid": "846a7cbf-752d-4c5b-ae89-bb3eefb7688f", "value": "8610304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809071", "to_ids": true, "type": "vhash", "uuid": "b95e6690-d716-4f42-8533-8525970e7ff0", "value": "086026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809071", "to_ids": true, "type": "filename", "uuid": "7a8a187b-8fe2-4422-9acc-6788b3f95df7", "value": "dfsvc.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809071", "to_ids": false, "type": "text", "uuid": "a6eb5c6c-9f4c-4acf-9c75-dde93381c0bf", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Vigorf.A\nVT Total Detection:22/71\nFirst Submission:2025-12-23T02:41:38.000000+00:00\nLast Submission:2025-12-23T02:41:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814996", "uuid": "988dd1db-85a7-4983-be47-e7f98c395845", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814996", "to_ids": true, "type": "md5", "uuid": "d9bcc035-efde-4b2a-8128-38450b5cec67", "value": "ae98807d74d87edfc35140d507420874", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809724", "to_ids": true, "type": "sha1", "uuid": "18da888c-4168-4bac-bd5a-7f3ab25997a8", "value": "838b34d83e147c894fc56581b8fa2e74b3bf74fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809724", "to_ids": true, "type": "sha256", "uuid": "c0f91797-9c48-4e6a-ba54-114585239331", "value": "85a03d2e74ae84093a74699057693d11e5c61f85b62e741778cbc5fc9f89022f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809094", "to_ids": true, "type": "ssdeep", "uuid": "fa9554d6-9710-4cdb-9823-8df0372bf57c", "value": "768:HKHc0udyEnOWrjk4L3QcEXtfGiCyyp/3x0BzvFhJfpJ++5tdUp+JUi9:HK8jwEHmey0x0HTpJ++5tIA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809094", "to_ids": false, "type": "size-in-bytes", "uuid": "d3eb9f50-298a-4507-91e5-1f1eb8cf2cb0", "value": "43008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809094", "to_ids": true, "type": "vhash", "uuid": "0ced59ea-9865-4e05-a9e3-4faa244636f6", "value": "144026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809094", "to_ids": true, "type": "filename", "uuid": "4a1a2d0f-d92e-4fb2-b846-07b76cb7434e", "value": "ComponentModel.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809094", "to_ids": false, "type": "text", "uuid": "54d8761b-9b67-4d1d-93d2-5b3309dbdf39", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:15/71\nFirst Submission:2026-01-17T15:28:17.000000+00:00\nLast Submission:2026-01-17T15:28:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815018", "uuid": "34f6ae17-5603-4ea2-bd1f-6f98d1aef352", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815018", "to_ids": true, "type": "md5", "uuid": "c054e92f-c3c2-4cfa-8467-31649d9b60d5", "value": "14e9ef06501f14449e56fcb3471273ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809726", "to_ids": true, "type": "sha1", "uuid": "09fd0c7d-aa17-4a8e-9914-dadba3fcbfc6", "value": "42598b390f4229710c2eac73b3f926c0c4f485c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809726", "to_ids": true, "type": "sha256", "uuid": "15c05fbb-40e5-4d23-acd1-0b6a2d52cc2b", "value": "8c29f9189a9ad75a959024f59e68c62d42a6fd42f9eacf847128c7efe4ef7578", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809118", "to_ids": true, "type": "ssdeep", "uuid": "2ff177e8-c463-4de6-9c34-eb1f03703980", "value": "24:bsU6uSseKxQZjYlxs6zg6s6EVOI7aR7a5OdAxERzg6J7e3j5V2F+PcxV2F+g3pAh:bdTE9eM6e3Na+Ea+g35EEq02GPNBry" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809118", "to_ids": false, "type": "size-in-bytes", "uuid": "f692ba63-402d-4e37-89f5-beb15c221119", "value": "1630" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809118", "to_ids": true, "type": "filename", "uuid": "67f86139-d69a-4667-bd87-8953f40621b4", "value": "PFZAe.bat" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809118", "to_ids": false, "type": "text", "uuid": "279b7913-1382-492f-a583-10a9251ecb7b", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:2/61\nFirst Submission:2025-07-04T05:15:32.000000+00:00\nLast Submission:2025-07-04T05:15:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815039", "uuid": "f3165a6c-2e36-4527-a8e5-e409e11a4d33", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815039", "to_ids": true, "type": "md5", "uuid": "86e3c4a4-ee9b-4038-ae58-ca476d2f1bc5", "value": "658a1cb18ad9a3450093ade1ef29f94e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809728", "to_ids": true, "type": "sha1", "uuid": "54fd7dd1-173d-44fa-8a52-d576857c6a5b", "value": "441ca1c9471c4de7417fe89e69bf120325c3a0f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809728", "to_ids": true, "type": "sha256", "uuid": "a38f5f10-1f40-4506-ad32-5010d83076c4", "value": "948468aba5c851952ebe56a5bf37904ed83a6c8cb520304db6938d79892f0a1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809141", "to_ids": true, "type": "ssdeep", "uuid": "158a836b-f301-4edf-8688-edc3bd0df5bc", "value": "49152:GptgSRizLqo0sNz+8aDlBufnhhsfUJBu5IFOUozf3BUf5KXOyN:2gLfaDSfnwf2wjU2f48XJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809141", "to_ids": false, "type": "size-in-bytes", "uuid": "04fce940-ab8e-42b7-8acb-13697e3de479", "value": "2008787" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809141", "to_ids": true, "type": "vhash", "uuid": "8b3b89f7-2995-44ce-9cc8-a1cc757c02a2", "value": "2a8634a7de2ec4cfed32b1a3b6d84acb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809141", "to_ids": true, "type": "filename", "uuid": "2f3eda3e-f8ae-446f-8fa2-71dacccbf7b5", "value": "948468aba5c851952ebe56a5bf37904ed83a6c8cb520304db6938d79892f0a1b.lnk" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809141", "to_ids": false, "type": "text", "uuid": "91d453fb-d0ea-40ec-90f7-aa95dfa4c46f", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: None\nVT Total Detection:20/62\nFirst Submission:2025-11-11T08:09:36.000000+00:00\nLast Submission:2025-12-31T16:30:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815060", "uuid": "c07abaf5-a34c-4186-bbd4-0cd5ac7e5b9f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815060", "to_ids": true, "type": "md5", "uuid": "4d4aa341-3a3e-45bc-b8a9-b66aca370dae", "value": "e4b79d14ebbca9240e9d763ce90fe0e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809731", "to_ids": true, "type": "sha1", "uuid": "ddca4deb-3a86-4da7-9547-6b33aaf83a97", "value": "a294c76a2da9548c51fb662b42c0ab24126162d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809731", "to_ids": true, "type": "sha256", "uuid": "faf0f6a9-1fb0-4d8c-b983-851b2b6b0053", "value": "967b5c611d304385807ea2d865fa561c15cde0473dd63e768679a4f29f0e4563", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809165", "to_ids": true, "type": "ssdeep", "uuid": "58b678f2-10df-4632-bebd-1e3c3c51fd61", "value": "3072:LXBpiMkDUXbdLVpgAsrJiWrFEGSonRyCRvRE8UDh5OkUftahTUMmp:Le4XbJVpgbJiqEGrT3RULOq74" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809165", "to_ids": false, "type": "size-in-bytes", "uuid": "721fb529-4908-4054-b6e2-8a815c1feaa5", "value": "180736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809165", "to_ids": true, "type": "vhash", "uuid": "8dec35e9-a9b1-45d2-bbfb-2449681ed9bf", "value": "115086655d15551515155az5f7z304sz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809165", "to_ids": true, "type": "filename", "uuid": "d27d7d53-7879-4c9a-bb25-d3e2ca1b0978", "value": "graphics-hook-filter64.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809165", "to_ids": false, "type": "text", "uuid": "4d478732-adce-4f59-941f-2fc4dea9d9a5", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Vigorf.A\nVT Total Detection:40/71\nFirst Submission:2025-11-11T08:18:29.000000+00:00\nLast Submission:2026-01-04T03:46:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815082", "uuid": "a3d2aaad-4571-4ae0-b55d-241cf64c23e6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815082", "to_ids": true, "type": "md5", "uuid": "9e2333e2-6749-4efe-b53e-c169195e0426", "value": "e3dcb68059e854af3b99bd4d1dc02e53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809732", "to_ids": true, "type": "sha1", "uuid": "a695beac-0662-428e-8c44-b6f7e04b8a46", "value": "2885ad69943a957d3cefed7e4aa5b8ba704f8aec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809732", "to_ids": true, "type": "sha256", "uuid": "a29dd412-a83a-4e7f-9ab3-66146c4ec566", "value": "a6b5448ba45f3f352f5f4c5376024891adda1ef8ebf62a8fe63424fa230c691d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809188", "to_ids": true, "type": "ssdeep", "uuid": "3ca1067b-9252-4251-9f49-625b584b4abf", "value": "12:m9OZduOWW5mA2DWtB4Aph/VgFV/CazSpFtF30JZ:m9OZdQwmt8Rxg3/9zSpFtF34Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809188", "to_ids": false, "type": "size-in-bytes", "uuid": "7278d814-e210-461e-9d2d-7dbcf99a83ac", "value": "589" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809188", "to_ids": true, "type": "filename", "uuid": "f90b8834-fdc8-4669-99c3-58ced6213c02", "value": "install_dfsvc.bat" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809188", "to_ids": false, "type": "text", "uuid": "3359ae10-0c99-4df2-a67d-1a01abe3e881", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:2/61\nFirst Submission:2025-12-25T08:20:35.000000+00:00\nLast Submission:2025-12-25T08:20:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815103", "uuid": "8ea47ea1-f577-4f63-88e2-37566b751bfd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815103", "to_ids": true, "type": "md5", "uuid": "3dd49f03-bf44-485f-a136-3cc72f83c4aa", "value": "a53331b3562f12c84cb59c24d7641251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809735", "to_ids": true, "type": "sha1", "uuid": "b7955d76-c38b-4f1a-ad32-d328501bdd47", "value": "49f4656ec33284e9d5d787c252f9b31cbc1d9e13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809735", "to_ids": true, "type": "sha256", "uuid": "299f68bd-4c19-4357-bd45-82b801c9a444", "value": "b93560c4d18120e113fb8b04a8aa05f66a12116d1fbf18a93186f6314381e97e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809212", "to_ids": true, "type": "ssdeep", "uuid": "277cdca1-9668-402f-a163-99ea14d2e94a", "value": "6144:4rSikHklcI7z4QQkpobIWgDiLfohcV3p:42XkHHgIXafoG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809212", "to_ids": false, "type": "size-in-bytes", "uuid": "2183e0d8-0e9e-4ea2-abce-339998abcf6f", "value": "243200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809212", "to_ids": true, "type": "vhash", "uuid": "195e673e-3801-4f4a-84fe-781116241375", "value": "125056655d15555az5d?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809212", "to_ids": true, "type": "filename", "uuid": "c90c5179-3b81-46a6-99ac-eb5cba1713fb", "value": "http_dll.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809212", "to_ids": false, "type": "text", "uuid": "148d76ea-d232-404b-a2f4-638574ca7cd7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Vigorf.A\nVT Total Detection:14/71\nFirst Submission:2025-05-04T12:27:49.000000+00:00\nLast Submission:2025-05-04T12:27:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815125", "uuid": "fd2b895b-0785-4de7-bc5a-2bc7a99265a9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815125", "to_ids": true, "type": "md5", "uuid": "9be7b9e4-c731-440e-8b1d-03e9c223b201", "value": "b2f9bf291261499f60fbaaaa2b50a4ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809737", "to_ids": true, "type": "sha1", "uuid": "ffb421a1-1377-4cba-aa5e-bd136d4f888b", "value": "431bf1320725857a786895ded08837053ddf6967", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809737", "to_ids": true, "type": "sha256", "uuid": "7a69a6b8-3026-4588-adb2-6f15575925d2", "value": "bd699ed720e2bd7085b3444cb8f4d36870b5b48df1055ec6cc1553db3eef7faf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809235", "to_ids": true, "type": "ssdeep", "uuid": "f3048ec9-06da-4ec7-a248-12f846d1ba3a", "value": "48:bPITE/fyUzozUwwzyEPsJUJWozqwwWyxnsyIdwbIj0KR9b4IOzMfONOMb4MUcM38:jYmflzozUwwzyE0aJWozqwwWyyyIdwbF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809235", "to_ids": false, "type": "size-in-bytes", "uuid": "faacce5a-52c2-4682-9c6a-2b5d8be27b56", "value": "2291" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809235", "to_ids": true, "type": "filename", "uuid": "15582826-efe1-42b3-aea1-1c77285e84d5", "value": "CZqas.bat" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809235", "to_ids": false, "type": "text", "uuid": "d4ea6cda-6f59-4dee-8f76-a5987c4da374", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:14/61\nFirst Submission:2025-05-23T07:35:38.000000+00:00\nLast Submission:2025-05-23T07:35:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815146", "uuid": "0b50e42c-85a6-465e-b9f1-96c89577c43b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815146", "to_ids": true, "type": "md5", "uuid": "af6d1289-a4a6-4110-8b26-41e5b566cb61", "value": "5a654a8a336156d637abd8cedc2bb977", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809739", "to_ids": true, "type": "sha1", "uuid": "398031bb-ef99-486e-97ce-0b9fc43b8190", "value": "02aff0938ab03440abc5c6a0b4a3fced24bbd019", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809739", "to_ids": true, "type": "sha256", "uuid": "2c024640-4336-4407-81fc-47e615d6b074", "value": "c4de1f1a8cb3b0392802ee56096ddb25b6f51c51350ce7c45e14d8c285765300", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809258", "to_ids": true, "type": "ssdeep", "uuid": "328c34dd-0ed6-4354-9955-b25c040e8da7", "value": "3072:2rRzIRxRWxrr23OZ6W4UZtROjjkrkbpbsPAhthKdFsMwf3ifTQIT:sRcPRer6OMAtOHk4bp4SKrsC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809258", "to_ids": false, "type": "size-in-bytes", "uuid": "2ef1b77b-66ed-49e1-82ca-85b247093f07", "value": "169984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809258", "to_ids": true, "type": "vhash", "uuid": "396f44d9-a004-4633-8c9c-63e2b5fe8045", "value": "115086655d15551515155az67=z7b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809258", "to_ids": true, "type": "filename", "uuid": "4f5919ad-0d93-44e3-9477-c3c9c45067fb", "value": "znsivz1.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809258", "to_ids": false, "type": "text", "uuid": "5c6bb7a1-0e51-43b9-b11a-7c8c7905d2ae", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Vigorf.A\nVT Total Detection:21/71\nFirst Submission:2025-12-24T09:39:01.000000+00:00\nLast Submission:2025-12-24T09:39:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815167", "uuid": "4ee61ced-22a7-4b18-b9bb-ce69469a4b9b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815167", "to_ids": true, "type": "md5", "uuid": "2730d48b-0b15-472b-a328-aaa34b417e42", "value": "da1ac5b2ee326a66bfb233c89c1f1aac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809743", "to_ids": true, "type": "sha1", "uuid": "279ab98c-bc0e-4248-92de-d0c6b622dab9", "value": "ebb415e0d98e1367e66c964df5b0c0b766604b98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809743", "to_ids": true, "type": "sha256", "uuid": "6139a887-8157-4656-9513-5c0fbdc2eec4", "value": "ddaca57f3d5f4986da052ca172631b351410d6f5831f6af351699c6201cc011b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809281", "to_ids": true, "type": "ssdeep", "uuid": "b949e9de-df28-4791-af32-3b48f5f797c1", "value": "3072:hVGPhzc8K0HMhwB+dYpLF8UoXshWI+7Eg551xMGtCg:GHOwIdG8vI6EgK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809281", "to_ids": false, "type": "size-in-bytes", "uuid": "ef1c7566-49cc-4eed-820d-225da62a0b50", "value": "114688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809281", "to_ids": true, "type": "vhash", "uuid": "85040840-4a48-4489-9878-f6044509cd33", "value": "115066655d1555155az5d?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809281", "to_ids": true, "type": "filename", "uuid": "cf4573dd-3aa4-4069-853b-2b1f1c685e3f", "value": "yuh5equ.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809281", "to_ids": false, "type": "text", "uuid": "4bd7509b-9ce5-4e76-8141-a0f0783d9dcf", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Vigorf.A\nVT Total Detection:14/71\nFirst Submission:2025-12-24T09:28:35.000000+00:00\nLast Submission:2025-12-24T09:28:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772815189", "uuid": "46ba5013-9822-48d1-82fb-e87c1e4e1928", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772815189", "to_ids": true, "type": "md5", "uuid": "21a05255-3b53-4125-84f8-cb90181f18e7", "value": "0012f9f7bc6db810618fb914bfa87171", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809745", "to_ids": true, "type": "sha1", "uuid": "726c4f48-8533-4174-a76c-24cf8ef26fbe", "value": "9160cda21fce14b188c0d33395ff7fb7170725a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809745", "to_ids": true, "type": "sha256", "uuid": "bec50b17-0aab-45b1-ba97-ab63dbd85f94", "value": "e3b016f2fc865d0f53f635f740eb0203626517425ed9a2908058f96a3bcf470d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772809304", "to_ids": true, "type": "ssdeep", "uuid": "b281747e-4cef-4f60-97ac-74445f0caf9d", "value": "3072:ub/Q83nN8PEQM/EC5II53SgWUeId0iDnYoK5vqmu/PJ8o3YZlVdCx76Ow:HEQM/EwII53SgWMDHOvJu3Jt63" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772809304", "to_ids": false, "type": "size-in-bytes", "uuid": "a487a273-c08b-4516-9093-dd5bfb97da92", "value": "166440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772809304", "to_ids": true, "type": "vhash", "uuid": "7ce7877c-4058-470d-9029-fc349e0a6191", "value": "115056655d15555az5a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772809304", "to_ids": true, "type": "filename", "uuid": "1b7bcfc5-4d43-49de-9ba6-7a2e07cc6026", "value": "kdstub.dll" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772809304", "to_ids": false, "type": "text", "uuid": "d53ff995-a3dd-42ca-87be-6e94d41d3fe9", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:9/71\nFirst Submission:2025-07-04T05:11:29.000000+00:00\nLast Submission:2025-07-04T05:11:29.000000+00:00" } ] } ] } }