{ "Event": { "analysis": "1", "date": "2026-03-27", "extends_uuid": "", "info": "[Threat Intel] A cunning predator: How Silver Fox preys on Japanese firms this tax season", "protected": false, "publish_timestamp": "1775907143", "published": true, "threat_level_id": "3", "timestamp": "1775907142", "uuid": "30b50d42-a71e-4edb-bfb6-dd8d26f9d3bd", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#870443", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#a3aa59", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#3d1dab", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Spearphishing - T1534\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Void Arachne\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774868414", "to_ids": false, "type": "link", "uuid": "d937fbaf-dace-4568-8c20-9a3392ab5cc6", "value": "https://www.welivesecurity.com/en/business-security/cunning-predator-how-silver-fox-preys-japanese-firms-tax-season/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1774868414", "to_ids": false, "type": "text", "uuid": "236985fc-bd43-4575-b234-c53c6cde2fc7", "value": "Silver Fox, a threat actor, is exploiting Japan's tax filing and organizational change season with a targeted spearphishing campaign against Japanese businesses. The group sends convincing phishing emails related to tax compliance, salary adjustments, and HR matters, tricking recipients into opening malicious links or attachments. The campaign capitalizes on the high volume of legitimate financial and HR communications during this period, increasing the risk of compromise. Silver Fox has expanded its targets from Chinese-speaking entities to Southeast Asia, Japan, and potentially North America. The group uses ValleyRAT, a remote access trojan, to gain control of compromised machines and steal sensitive information. To protect against this threat, organizations should increase vigilance, reinforce awareness about phishing attempts, and verify the authenticity of tax- and HR-themed requests." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1774868414", "to_ids": false, "type": "text", "uuid": "afce7ac8-c3d5-462a-a2f9-e43395f96a6a", "value": "Name: A cunning predator: How Silver Fox preys on Japanese firms this tax season\nAuthor: AlienVault\nAdversary: Void Arachne\nTags: [\"targeted attacks\", \"valleyrat\", \"financial lures\", \"hr lures\", \"tax season\", \"spearphishing\", \"remote access trojan\", \"japan\"]\nTgtd countries: [\"Japan\"]\nMlwr families: [\"ValleyRAT\"]\nAttack_ids: [\"T1192\", \"T1566.002\", \"T1566.001\", \"T1071\", \"T1036\", \"T1193\", \"T1059\", \"T1204\", \"T1534\", \"T1566\", \"T1078\", \"T1571\", \"T1027\", \"T1573\", \"T1132\", \"T1105\"]\nIndustries: [\"Manufacturing\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1774868414", "to_ids": false, "type": "threat-actor", "uuid": "d4f3b6c8-479d-4a32-a322-7482b290734d", "value": "Void Arachne" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902671", "to_ids": true, "type": "ip-dst", "uuid": "922b5615-bf5b-4308-9d8c-04c844db288e", "value": "149.104.24.24", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902611", "to_ids": true, "type": "sha1", "uuid": "4c291557-510c-46ac-9a0c-b45ff93409c8", "value": "0a99da9359d4cc823f72853b7d9c974bd196305c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902611", "to_ids": true, "type": "sha1", "uuid": "8128dc22-c17c-4edc-bd0c-2f55980fdc10", "value": "10adbfaccff4ada35f37cf88a7f869b88429b93f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902612", "to_ids": true, "type": "sha1", "uuid": "a3a249ae-9dc4-4739-837e-d94c5d7a2a91", "value": "2fa212ee231819a2343b60966cf53e1a8f8df927", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902613", "to_ids": true, "type": "sha1", "uuid": "401b082f-2687-460e-af46-ff20aa35375a", "value": "6b00123ad0510bb5df667a05b518a3573ac90546", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902614", "to_ids": true, "type": "sha1", "uuid": "0dae2bec-aa3d-4a4f-ad4e-d298a159eeb6", "value": "7b772c2c24c5afda17d3aab2cb8c50f9099e0d65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902614", "to_ids": true, "type": "sha1", "uuid": "7ecef909-498a-481a-b787-325ad5c69f31", "value": "a4636d1c7d68b844748e68166f1985d2b594b4f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902615", "to_ids": true, "type": "sha1", "uuid": "ade1436c-3cb5-4e31-80b1-20dd8dc3af85", "value": "b1b9a016b3fda14e3537dd73d15dcff83b168895", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902616", "to_ids": true, "type": "sha1", "uuid": "32ab2ce7-13f0-43c1-8944-a725b61056db", "value": "c9559deb931b5ac9e1c491dd464ef331001a0851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902617", "to_ids": true, "type": "sha1", "uuid": "1ab07c82-a953-43a8-ac17-92898bed5de0", "value": "cbc31f3fbbadcd49122f1beac28f648f7d98cc50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:11/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775902617", "to_ids": true, "type": "sha1", "uuid": "c5272fc5-81c9-4fe4-82c5-e0871541d908", "value": "f46d3dab258eddfcb1a10d531d8ab7992357b2cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902692", "to_ids": true, "type": "ip-dst", "uuid": "beb187bb-f1fe-4b80-a9e0-d9e21cfff98e", "value": "103.210.238.29", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902714", "to_ids": true, "type": "ip-dst", "uuid": "dc0e7f1c-18c4-4bf6-b003-907816ad5558", "value": "103.236.63.138", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902735", "to_ids": true, "type": "ip-dst", "uuid": "7db96ea2-90ce-4b45-b27b-4a570fcf7613", "value": "154.36.152.151", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902756", "to_ids": true, "type": "ip-dst", "uuid": "aabda191-28d2-4395-b4ad-12e108bab89f", "value": "206.206.77.224", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902778", "to_ids": true, "type": "domain", "uuid": "e5ce92e3-b17a-48d3-b972-40709368cc0b", "value": "escaperoomhub.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902799", "to_ids": true, "type": "domain", "uuid": "9bb2b2b9-376d-4017-89eb-d1c8edb78bd1", "value": "govbr.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902820", "to_ids": true, "type": "domain", "uuid": "3d5e9c50-91e6-41aa-990e-b744f502fb3f", "value": "govbrk.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902842", "to_ids": true, "type": "domain", "uuid": "5ecb8253-0230-4a11-900b-e79ce70c3714", "value": "government1.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902863", "to_ids": true, "type": "domain", "uuid": "5250c821-8776-4464-b309-138f09a196ed", "value": "incometax.biz.id", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902884", "to_ids": true, "type": "domain", "uuid": "776159a9-6683-4cac-a859-d82d0b10c092", "value": "lolpartyanimals.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902905", "to_ids": true, "type": "domain", "uuid": "edf9a020-151e-41fe-ad73-e0cf5ef17728", "value": "sjxcrojzkn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902926", "to_ids": true, "type": "domain", "uuid": "87c322fb-2d7b-4d68-86d7-93be7ec83fe6", "value": "tyjmbeexa.cn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902948", "to_ids": true, "type": "domain", "uuid": "85046077-1616-4575-a8cc-3bbe02f3fdcf", "value": "ywdtwss.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902969", "to_ids": true, "type": "hostname", "uuid": "82765157-ef4d-438d-8b0b-b0f55817d642", "value": "incometax.biz.id", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775902990", "to_ids": true, "type": "ip-dst", "uuid": "59178c2f-0a53-4520-bfbc-674ddbff1f08", "value": "103.115.56.156", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775903011", "to_ids": true, "type": "ip-dst", "uuid": "8e02664e-861b-4c80-8cb5-e99c2f8859ea", "value": "47.238.232.44", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775903032", "to_ids": true, "type": "ip-dst", "uuid": "f6c9ef91-0251-47ed-83c4-6179ce793e88", "value": "8.210.242.115", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775903053", "to_ids": true, "type": "hostname", "uuid": "5c15b4bd-58ff-4aa4-971f-5a27dcfeca85", "value": "frehf.oss-cn-hongkong.aliyuncs.com", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 22011", "deleted": false, "disable_correlation": false, "timestamp": "1775884496", "to_ids": true, "type": "ip-dst|port", "uuid": "a8118d69-c6cc-4345-b772-a42be4c6ad24", "value": "43.160.214.122|22011" }, { "category": "Network activity", "comment": "On port 22011", "deleted": false, "disable_correlation": false, "timestamp": "1775884496", "to_ids": true, "type": "ip-dst|port", "uuid": "61209185-4a48-401f-b55a-9a95057dc15f", "value": "43.160.220.53|22011" }, { "category": "Network activity", "comment": "On port 23156", "deleted": false, "disable_correlation": false, "timestamp": "1775884496", "to_ids": true, "type": "ip-dst|port", "uuid": "c703b3e7-b88d-420e-91a8-d6e3edfd2ec6", "value": "47.76.86.151|23156" }, { "category": "Network activity", "comment": "On port 22011", "deleted": false, "disable_correlation": false, "timestamp": "1775884496", "to_ids": true, "type": "ip-dst|port", "uuid": "ff93c0f8-2ea7-4e74-8352-aa079535a478", "value": "103.210.238.29|22011" }, { "category": "Network activity", "comment": "On port 6666", "deleted": false, "disable_correlation": false, "timestamp": "1775884496", "to_ids": true, "type": "ip-dst|port", "uuid": "b694e13b-f4c6-42e2-986c-a69e3103e3e3", "value": "103.236.63.138|6666" }, { "category": "Network activity", "comment": "On port 8888", "deleted": false, "disable_correlation": false, "timestamp": "1775884496", "to_ids": true, "type": "ip-dst|port", "uuid": "9f556f97-37c1-466e-8c71-feaf8ca35afc", "value": "154.36.152.151|8888" }, { "category": "Network activity", "comment": "On port 22151", "deleted": false, "disable_correlation": false, "timestamp": "1775884496", "to_ids": true, "type": "ip-dst|port", "uuid": "b2aea939-6273-403f-a30c-ec6acb2f58b7", "value": "206.206.77.224|22151" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903075", "uuid": "71b5ede8-5b94-46dd-9d04-722600ef81bb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903075", "to_ids": true, "type": "md5", "uuid": "0b6d08ff-219a-44b7-a1fe-6a3040667a2d", "value": "12a0d942652609bce7319be6bf0135bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902572", "to_ids": true, "type": "sha1", "uuid": "380e9be8-b6a4-46ea-b4ef-19dcd1d23a58", "value": "2328e572532f382e237e7a1b74cb0531308f5704", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902572", "to_ids": true, "type": "sha256", "uuid": "94327d3b-8678-4cd1-a93d-3d7d318946c8", "value": "a23640778b836420eecb5461938a98ad3588d2044359daf6b4b25ecaf35c996e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900456", "to_ids": true, "type": "ssdeep", "uuid": "369c393f-48d2-4e47-8bfb-7a196d31d55e", "value": "24576:CoDh+WoSdPnUS6DEUtKJJHHbgE5nwRiapRJIYDlvjwQUYrpJ:LDh+JShUrtKJNNnwHGypcQUSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900456", "to_ids": false, "type": "size-in-bytes", "uuid": "f786db20-7e92-451a-87f2-a7c1f64639fe", "value": "1931776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900456", "to_ids": true, "type": "vhash", "uuid": "c04d9e18-2bfa-4e66-a581-1a3c236b8cdb", "value": "116066655d1d05656038z593z11z5dz15za5zf4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900456", "to_ids": true, "type": "filename", "uuid": "5cd4af72-8dc7-4f75-a287-c8f46653a843", "value": "DLL.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900456", "to_ids": false, "type": "text", "uuid": "6fccf560-8af3-46ea-a3c9-271f9db87d3a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:49/72\nFirst Submission:2026-03-24T15:25:14.000000+00:00\nLast Submission:2026-03-24T19:49:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903096", "uuid": "813c59aa-e480-42c6-ae38-d6ff461ad3f8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903096", "to_ids": true, "type": "md5", "uuid": "ac68b258-b565-4b92-96cc-e6509f3846cb", "value": "1af5b25acd2df31f44a54fc8dcd85287", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902573", "to_ids": true, "type": "sha1", "uuid": "659783f6-db8f-4ca0-80a5-d6d1b83bac03", "value": "56cf8418fb7b599fe4df5e4b879ecb813132109a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902573", "to_ids": true, "type": "sha256", "uuid": "ba770b07-9713-47e2-9445-528e2a18dac3", "value": "8c4386cecc89f5f2dee323f2a1e0d9f42a28905be812de14173ca7ee9fc64e72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900478", "to_ids": true, "type": "ssdeep", "uuid": "f83b024f-b970-4fd4-ab7f-930e3c9270c6", "value": "24576:bI8TUR5HDHeWPP8cbzHNY5xHrFzNUS1La510/bFJZqJXG4wSyhFYyw1:bT5QP8cbzO5xhWgLfZqVBwS9yw1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900478", "to_ids": false, "type": "size-in-bytes", "uuid": "8996320b-dc02-4020-a7d3-eedb78b64cc8", "value": "1164315" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900478", "to_ids": true, "type": "vhash", "uuid": "99b43d32-5b7b-4980-b92d-e7bde8c128ae", "value": "b657db2d484d784ca20b7b9e1f5816d3" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900478", "to_ids": false, "type": "text", "uuid": "ddf352da-3253-4962-a633-7a3183799c1c", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:40/69\nFirst Submission:2026-03-04T01:23:22.000000+00:00\nLast Submission:2026-03-04T01:23:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903117", "uuid": "0c9b0738-f093-40c9-b1ec-77afe447f881", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903117", "to_ids": true, "type": "md5", "uuid": "1107ec5f-5d5f-4576-9092-696e2d578d87", "value": "21d9a30074d65babfef9e9e9684c6f5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902574", "to_ids": true, "type": "sha1", "uuid": "1f6225f9-caf8-4fec-af91-add64e33c3aa", "value": "11a1e60fc3d57ea652903239d46d245a512d2e53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902574", "to_ids": true, "type": "sha256", "uuid": "44b9f304-fa7b-43d4-805d-f7d3d4e02278", "value": "677e42b1d3d7bfc87e5dddd1c7aad2c7142afb26e7ac0ace53f2996c3005ff90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900499", "to_ids": true, "type": "ssdeep", "uuid": "6983ffe2-85ab-4ac9-bd37-05126ee0421f", "value": "24576:xiBE+vQR90TX7smzAk9ndTPnsN++lDDtOaJ8f+YpnOOFdBZ:M2HgLzf9dTfE++99JS+SOQdBZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900499", "to_ids": false, "type": "size-in-bytes", "uuid": "f3970230-e47c-4c96-8e32-880d3a9d5516", "value": "788480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900499", "to_ids": true, "type": "vhash", "uuid": "73063b47-2ed7-4df9-a813-2d738a3ccf46", "value": "17503e0f7d5019z33z11z1dz15z14z13f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900499", "to_ids": true, "type": "filename", "uuid": "e3462e40-1a7c-4335-a29e-e7f9f81602f0", "value": "libvlc.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900499", "to_ids": false, "type": "text", "uuid": "a14ac0df-30b1-49fc-a355-5d353d53ca7d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:47/72\nFirst Submission:2026-03-07T19:59:14.000000+00:00\nLast Submission:2026-03-07T19:59:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903139", "uuid": "cfcd3499-3a3d-4b97-892f-32acb218d482", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903139", "to_ids": true, "type": "md5", "uuid": "f615caa8-69fe-4a7d-963a-7770a168d3a6", "value": "4f481a449ad050fea9ca3900118e5676", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902575", "to_ids": true, "type": "sha1", "uuid": "195e607e-4eab-49f0-a0c2-39f538a5a23c", "value": "80c5d1ae1ee86f607fdefbbc5f88c5539f8582b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902575", "to_ids": true, "type": "sha256", "uuid": "28b32e8f-6884-436a-9e1b-a38f8d586bf3", "value": "55b99f0d438800cad8288d81d2808728ce1bec8c22c5346a38a513dc6728b4ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900521", "to_ids": true, "type": "ssdeep", "uuid": "e03820e8-1b57-4b11-86d8-08bffb03e54c", "value": "24576:K8drt5ZuO57IYKhhjSq/y50MN3nAlf3Y:rrcq6j/ABN3nqf3Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900521", "to_ids": false, "type": "size-in-bytes", "uuid": "6e26df93-95d8-4405-a4e7-d0ee02c6e76a", "value": "852480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900521", "to_ids": true, "type": "vhash", "uuid": "589bcb27-5f5e-4ad6-9107-5e737736c15e", "value": "185056655d15756038z163z11z5dz15za3a3zf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900521", "to_ids": true, "type": "filename", "uuid": "62e6309c-6a05-4e6a-9f63-5348080cb7b4", "value": "sqlite3.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900521", "to_ids": false, "type": "text", "uuid": "6ca3a2ea-590a-4f18-bf91-3fa5e58ed750", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Tedy.SXJ!MTB\nVT Total Detection:50/72\nFirst Submission:2026-03-11T01:33:53.000000+00:00\nLast Submission:2026-03-11T08:32:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903161", "uuid": "22bf1396-62fb-439c-ad57-d04b561f6450", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903161", "to_ids": true, "type": "md5", "uuid": "2c4d5fa9-979b-4f09-af59-d17a0e668482", "value": "5d29469672159fdb5d4aa4e02d36f60b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902576", "to_ids": true, "type": "sha1", "uuid": "71f9defb-f994-4a7d-a132-353e57f0c365", "value": "589a931024960b253a34e3fca58c89368822d8fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902576", "to_ids": true, "type": "sha256", "uuid": "6c81afca-b7ce-4665-9a16-e56ddd98c66a", "value": "9d7f8e321082b46dcf625d7b24dcb9c72710e87a1a66cccd265cdbe926e78813", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900544", "to_ids": true, "type": "ssdeep", "uuid": "8b5f6159-6445-4d6d-a422-4a419d760245", "value": "12288:qjoX5+zIhifmJ8smk6CCHKVlo1z587XHB/5TDRg811uk4WQn8JPEXJfDfZca2OCp:JXIzKpmtBHK7MKLHJ5fR911uhJ8J8XJU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900544", "to_ids": false, "type": "size-in-bytes", "uuid": "41e766c9-0b2e-47d6-92db-314535e2c9e3", "value": "781312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900544", "to_ids": true, "type": "vhash", "uuid": "c14e0bb4-4aeb-4e5d-a96d-d73019b16330", "value": "17503e0f7d1bz3nz15z16z7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900544", "to_ids": true, "type": "filename", "uuid": "299df126-b3b0-4ef5-8dfa-d029c7074fe5", "value": "D3D11InstallHelper.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900544", "to_ids": false, "type": "text", "uuid": "b360e4d8-7b8a-4bba-808a-f15ef8c71577", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:47/72\nFirst Submission:2026-03-04T03:12:17.000000+00:00\nLast Submission:2026-03-04T03:12:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903182", "uuid": "d5c2da62-c82f-4666-afd9-640339196cc0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903182", "to_ids": true, "type": "md5", "uuid": "c40b88fc-5dae-4531-9211-145d3944a04c", "value": "6533bcf04eb69e5119ceec156c41897f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902577", "to_ids": true, "type": "sha1", "uuid": "44df7f98-3744-4d13-b440-e027bc2c8d64", "value": "469e41dde5a31bc91af8aa5db807f9f29f85510d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902577", "to_ids": true, "type": "sha256", "uuid": "f26b5260-3eb4-454a-9d02-8e58b7394227", "value": "ca11ac11dc9dd8d2c6b95bc422a4c2f3d986f8dd5e508fb8d6e2b8aa7b4d5a31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900565", "to_ids": true, "type": "ssdeep", "uuid": "76b1df04-8bc1-47b8-87db-520cef3e24a5", "value": "24576:jkE0d4wK3FxkwcqZ8HYCFeIm0yDi7JdWQJuq0mJMzXqnnY:jkE0ip3Iwc084CFeIm0yeVdWQslmJMzJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900565", "to_ids": false, "type": "size-in-bytes", "uuid": "74a830b0-40d4-49f4-9cca-3a6330b16d7b", "value": "800824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900565", "to_ids": true, "type": "vhash", "uuid": "273240d6-900b-4b68-8b99-9c2fd1a56fd3", "value": "18503e0f7d5bz3nz15z14z13f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900565", "to_ids": true, "type": "filename", "uuid": "a41cc088-4634-4b44-8697-577b54f70ddb", "value": "libvlc.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900565", "to_ids": false, "type": "text", "uuid": "8094125a-1764-4ca9-8bc6-dc8b0dc58b4b", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:45/72\nFirst Submission:2026-03-04T01:25:02.000000+00:00\nLast Submission:2026-03-04T01:25:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903203", "uuid": "a4ba1d05-aa33-45d8-9d58-2002ef30ab24", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903203", "to_ids": true, "type": "md5", "uuid": "e498a804-7702-445f-ad54-1987214b0ad6", "value": "7a1c4ccea43f902d9c9f4a24f3524567", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902578", "to_ids": true, "type": "sha1", "uuid": "fa5e06bc-cd0b-42f8-b4b1-eef117385004", "value": "4e6755a713bc7192f075312c1c499ac4ee9d70c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902578", "to_ids": true, "type": "sha256", "uuid": "fdad5293-a727-4359-8368-b724eb608af4", "value": "b1398d15d45d439a2abd5f7341b870de0818df357ebc78e7410465b74409dfa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900587", "to_ids": true, "type": "ssdeep", "uuid": "58e00788-79d3-46ca-98c9-41e78e26565c", "value": "24576:zPCW6/AE0ngj8OnXHc+WA/BC64wnM84lcgFng3LF:zPd6IgPnXHcRze6lcgRg3LF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900587", "to_ids": false, "type": "size-in-bytes", "uuid": "30a11b35-fa4d-4c72-bc48-15bde9cd177f", "value": "832000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900587", "to_ids": true, "type": "vhash", "uuid": "4c53e17c-25b3-4ce9-8e33-3b3dd566dcb2", "value": "18503e0f7d5019z33z11z1dz15z14z13f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900587", "to_ids": true, "type": "filename", "uuid": "f91056ed-9748-4dce-a77f-d0a2fe9e0414", "value": "libvlc.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900587", "to_ids": false, "type": "text", "uuid": "6a9abb25-4627-4780-bca8-7ade2cdfe2dd", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:46/72\nFirst Submission:2026-03-06T10:24:27.000000+00:00\nLast Submission:2026-03-06T10:24:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903224", "uuid": "87ed7669-44c7-4d75-8e84-9c0a4373d3f5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903224", "to_ids": true, "type": "md5", "uuid": "b0b4ea6c-1d3a-4f82-a311-4f41ca308f0e", "value": "dfb07265ffe8a82a3d912c3a3fee5382", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902580", "to_ids": true, "type": "sha1", "uuid": "0913eb1a-6474-420d-8c6a-e28c4a6b42aa", "value": "93ffb9a59a3658dad9febc1221922832a5edf5b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902580", "to_ids": true, "type": "sha256", "uuid": "5ad08a8d-4b47-49dd-a224-e8f6e1a1ed29", "value": "516dd5f495d697b199a9e7cc71f686c992b65d14b57c55d91068c0909bcc7b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900609", "to_ids": true, "type": "ssdeep", "uuid": "d9678174-95bf-4872-968e-ac9c4e93b714", "value": "24576:SGxqtce4799j/XBrnIIyZFki3R/ahMXoRJIYDlvjwQUYrpJ:ZqtX43PB70ZZ0MXfypcQUSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900609", "to_ids": false, "type": "size-in-bytes", "uuid": "e7480b0f-d0cf-4393-abab-c2b826d3dae3", "value": "1955328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900609", "to_ids": true, "type": "vhash", "uuid": "57e395ca-260c-4407-8476-c676a68860a6", "value": "116076655d155d05655038z5d3z11z5dz15za6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900609", "to_ids": true, "type": "filename", "uuid": "3006d4a0-9cf7-4e05-9778-5c003aa7b344", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900609", "to_ids": false, "type": "text", "uuid": "cffbc5bb-02ee-4031-adfd-0795fb0216bb", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:48/72\nFirst Submission:2026-03-09T08:35:14.000000+00:00\nLast Submission:2026-03-09T10:34:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903245", "uuid": "60acc429-9959-4970-be31-71d8cb94b722", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903245", "to_ids": true, "type": "md5", "uuid": "68a12306-a455-4a02-91e7-b00023de4e5e", "value": "e65c67def0ae80c05200965934455a05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902581", "to_ids": true, "type": "sha1", "uuid": "d97fc463-fafa-49a0-94e3-aae15618add7", "value": "092d8e457cb9c54a757dad082740a45db67812ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902581", "to_ids": true, "type": "sha256", "uuid": "a81f0598-9c0d-415a-afd4-e9dfa9c62c12", "value": "244a2f4dc256f6d1c3710a2d27656a6bc21ffadca8f3236d63b327ff2f0b33db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900630", "to_ids": true, "type": "ssdeep", "uuid": "ec82a2df-733a-4c6d-b50a-68d9c25bdf06", "value": "12288:yuq4Ds99BuixpbPjU0RNVH4Y4bfQpjrVUnioHKa4obu7Qy6/4dKvdyLJa35:NqxZI0TVYYBj5UnJqYK7nC4dK1y4J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900630", "to_ids": false, "type": "size-in-bytes", "uuid": "369661b4-4ab7-4f07-b02c-5d3db32f6287", "value": "826615" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900630", "to_ids": true, "type": "vhash", "uuid": "0de17ff6-272f-4021-a42f-cea3dc2f038c", "value": "bd76b4af35bf50707ce04f4bcf7eebe9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900630", "to_ids": true, "type": "filename", "uuid": "e1849b92-c95a-4514-9864-b67a4fd46f26", "value": "34847758" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 04/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900630", "to_ids": false, "type": "text", "uuid": "42d13462-e71e-4fde-98de-4ea2a74cbca0", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:40/69\nFirst Submission:2026-03-04T03:11:23.000000+00:00\nLast Submission:2026-03-04T03:11:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903266", "uuid": "8e106d31-0a6a-4cf1-8301-fa40f6a2730d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903266", "to_ids": true, "type": "md5", "uuid": "09879e24-6784-4cdf-adc3-7e5d49d8350e", "value": "45828acc0fda6fb7a79c18f697cf634b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902582", "to_ids": true, "type": "sha1", "uuid": "3d897610-9015-4674-a8ab-68ced6ae3e5e", "value": "160f9241ff8183a18b0f1453622c9432b087bf41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902582", "to_ids": true, "type": "sha256", "uuid": "10ef53f8-2930-4987-8b80-a6c5c3647129", "value": "5adb91edb8a2c4a9a948a2dba85f787a179ec98b6432682df196c6356d50b23d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900694", "to_ids": true, "type": "ssdeep", "uuid": "64c08d76-a594-498e-bdb3-90086d899eba", "value": "24576:FB89Gu8tSJ6dUamySVmE2Fv2/0Iy/+zZoS0/bFJZqJXG4wSyhFYywR:3lu8IwUDVb2SzUZqVBwS9ywR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900694", "to_ids": false, "type": "size-in-bytes", "uuid": "3113f649-4406-4bc9-8fd5-a36aeedc97f6", "value": "1347766" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900694", "to_ids": true, "type": "vhash", "uuid": "3c41a405-dbbb-4f3f-92b5-b87344511d0c", "value": "b657db2d484d784ca20b7b9e1f5816d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900694", "to_ids": true, "type": "filename", "uuid": "25a0db47-4481-46e8-91ec-9cb73b56066d", "value": "E-lnvoiceD3D11Install.zip" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 05/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900694", "to_ids": false, "type": "text", "uuid": "506e6b20-005b-4ee9-b2e6-16e1e471769e", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Leonem!rfn\nVT Total Detection:47/69\nFirst Submission:2026-03-06T05:27:41.000000+00:00\nLast Submission:2026-03-06T05:27:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903287", "uuid": "c9151bef-1823-4dc6-a19e-3a968564e563", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903287", "to_ids": true, "type": "md5", "uuid": "ac972b9c-2433-43bd-a3da-28c69206e70e", "value": "82faa81f31ab74977ef8ca65157ae2fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902583", "to_ids": true, "type": "sha1", "uuid": "2207554c-27fb-45d7-b5fa-aa2aa52291c2", "value": "1eb13ad1f827e6ef72eb8a0023ef131c26f12e3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902583", "to_ids": true, "type": "sha256", "uuid": "3dc56e29-0ea4-4b07-aee4-54004e1aef71", "value": "71698b56c0c4d0cab0913a33a1683261f00a97d2b31553f840eb2e22608e07c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900716", "to_ids": true, "type": "ssdeep", "uuid": "cb000759-f950-4e25-b85b-8ce35fb093be", "value": "24576:/8dr/5nd1nBp5A2jAX3bjuAAKfIatmE35yoXDWlwCwb:Wrrp5xjevhnQawYyoTWulb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900716", "to_ids": false, "type": "size-in-bytes", "uuid": "031c8271-7fef-4e37-bacd-63cdf03c60d0", "value": "853504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900716", "to_ids": true, "type": "vhash", "uuid": "8cb4b7e7-298b-43b1-b24b-9f857bb178de", "value": "185056655d15756038z163z11z5dz15za3a3zf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900716", "to_ids": true, "type": "filename", "uuid": "308f8afd-7ed2-4280-ba88-af10e7219aa5", "value": "DLL.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900716", "to_ids": false, "type": "text", "uuid": "513735e2-f570-4533-adfd-ea37ed6d38de", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Tedy.SXJ!MTB\nVT Total Detection:56/71\nFirst Submission:2026-03-12T01:29:34.000000+00:00\nLast Submission:2026-03-12T01:29:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903308", "uuid": "75c55778-26bb-487c-bda7-06bb6bc6c8c6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903308", "to_ids": true, "type": "md5", "uuid": "564f7396-69b0-49fb-97dc-11f2bf39f299", "value": "83584cb8043edf2f8bdefddf0ce843b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902584", "to_ids": true, "type": "sha1", "uuid": "e428b723-e581-4ed8-a490-bee216b87541", "value": "25510d914499b6a746c0317c7081e3c0bf564aa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902584", "to_ids": true, "type": "sha256", "uuid": "de6876da-4540-4b37-8523-3d6767920266", "value": "6a66f0540fc7717e48bbec0235dd4128794b0cfee9d58e5907e9f39e65023c17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900738", "to_ids": true, "type": "ssdeep", "uuid": "335e3ecb-0a77-45d4-9bc7-09cb4bc71b4b", "value": "24576:5VhKDBPGUGAfI7EYIc+CoHa/jmvFHIHacKq5na8RJIYDlvjwQUYrpJ:hKD9Gkg7tIcVoHa/WFSDU7ypcQUSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900738", "to_ids": false, "type": "size-in-bytes", "uuid": "691eaa18-6907-4c02-bd6a-92c6c404a293", "value": "1997824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900738", "to_ids": true, "type": "vhash", "uuid": "b95b704f-dc09-4dcf-9c26-032ef9852301", "value": "116076655d155d05655038z5d3z11z5dz15za4z140" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900738", "to_ids": true, "type": "filename", "uuid": "bcb17224-b6ed-4fbd-af78-61a8ca5b0ff2", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900738", "to_ids": false, "type": "text", "uuid": "9966f518-8fe6-45db-a954-99549b93f364", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:51/71\nFirst Submission:2026-03-05T02:19:52.000000+00:00\nLast Submission:2026-03-05T02:19:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903330", "uuid": "ccefbc41-25e5-4d6b-8e24-6e984785e54e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903330", "to_ids": true, "type": "md5", "uuid": "24e29c8e-cb52-4b22-8dc0-71e354011959", "value": "a8b1f1fd03ea1c063e60ef840b5fe382", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902585", "to_ids": true, "type": "sha1", "uuid": "f3b18b66-0291-41fc-b213-97acf12bfcd9", "value": "3d1f8fef94c1b1ffa7829e030eba3bcfca737110", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902585", "to_ids": true, "type": "sha256", "uuid": "8ca37e69-c585-411c-89ad-38e538533459", "value": "a4f09289b1b9a7a698a7880a2d306de19a60ede45c2abb3cebe84fabda989a74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900781", "to_ids": true, "type": "ssdeep", "uuid": "235c7989-2ed8-4a93-81f3-17a07f499021", "value": "49152:BSFBKyVU51qm+GzXU6VIk/UncVtEAPLj32nIhCRv/qlEmQTfrDqgHw:mHVI1qm+UE65n2T1oQX2gQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900781", "to_ids": false, "type": "size-in-bytes", "uuid": "bcb00bf2-a729-44f0-83bf-fe30be81934e", "value": "3059775" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900781", "to_ids": true, "type": "vhash", "uuid": "60aa07b9-46e2-449f-86be-a17865dff962", "value": "714d7ff559ae320abc9bf5a8330b20ce" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900781", "to_ids": false, "type": "text", "uuid": "078a1a26-05f2-4924-8a3e-673c8a78e132", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:32/67\nFirst Submission:2026-03-16T06:46:18.000000+00:00\nLast Submission:2026-03-16T06:46:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903351", "uuid": "ea7daf50-1a2c-4c19-96ec-a36b0e4c37d8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903351", "to_ids": true, "type": "md5", "uuid": "b381b87b-5632-43df-ac66-e6b53e514492", "value": "65c2906d5afc04e4685eb41a84cb5205", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902586", "to_ids": true, "type": "sha1", "uuid": "4c0fb93a-850b-4193-b246-edb3a8d81a6c", "value": "51a0832fc378d08566427bf0510e1d7f922a8ae3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902586", "to_ids": true, "type": "sha256", "uuid": "cb9c314a-5683-4d98-b309-026a35989fce", "value": "53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900803", "to_ids": true, "type": "ssdeep", "uuid": "8156a784-c36e-410f-ad6d-5ab8ccdc60ee", "value": "49152:Wd0CQrI3LGNw5ZrxoAKAlnnJOlzaAzq68QnMonqBm6JNppxTTl:8JGOpKoOl46rMVBjFh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900803", "to_ids": false, "type": "size-in-bytes", "uuid": "f77b3a1e-570d-485a-b58b-d824d8388667", "value": "2700798" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900803", "to_ids": true, "type": "vhash", "uuid": "26e1ef43-ac2b-4b72-86f9-dd8bdce40e11", "value": "196da94e40f1f4dec4238d18819bdb05" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900803", "to_ids": true, "type": "filename", "uuid": "449901d5-e542-4007-a79b-152c81dc05fb", "value": "53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e.zip" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900803", "to_ids": false, "type": "text", "uuid": "87d37f0b-78b4-4d1e-a3bb-4db527d73989", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:50/69\nFirst Submission:2026-03-11T01:33:19.000000+00:00\nLast Submission:2026-03-11T09:10:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903372", "uuid": "5708bda4-2569-4b67-9329-c4a42c2973bd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903372", "to_ids": true, "type": "md5", "uuid": "721f0ee9-4612-43ca-aea8-caa9cd66ad20", "value": "b4247e276f9c0032957db9f28f84d88f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902588", "to_ids": true, "type": "sha1", "uuid": "aa1c0f27-8cdb-4fe4-ac30-a5715a0313d9", "value": "55358216844a60a5a0e895e858e3d75b8501fbb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902588", "to_ids": true, "type": "sha256", "uuid": "7cfbe963-9e55-41e9-ab2f-149aadf5b440", "value": "283971ee133699d518e88bf633b8164579e31ea5c00251eeebd9a39e0292ea35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900824", "to_ids": true, "type": "ssdeep", "uuid": "907f6e07-f120-426e-9f9f-50ade1039e80", "value": "24576:no8UIx1FtOUu7hBkruY9x7UdL5Rvuq2i9w8gOvqzAkQKL6qFVT:no8UI5AUwhByv9BgLHpRqckQEFJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900824", "to_ids": false, "type": "size-in-bytes", "uuid": "70ac14ae-aaaa-4813-b00e-3992b00a4720", "value": "1151312" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900824", "to_ids": false, "type": "text", "uuid": "8c343b50-2c0a-4257-b65f-3380cc4988fa", "value": "Type Description: RAR\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:39/66\nFirst Submission:2026-03-28T06:42:27.000000+00:00\nLast Submission:2026-03-28T06:42:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903393", "uuid": "33961a0c-ef58-4d9e-b9d2-01e52a861a85", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903393", "to_ids": true, "type": "md5", "uuid": "d7fb27a5-0cc1-4c2a-a0fd-be4d79f936d2", "value": "267f48e174bdbece4235cf200dfc2503", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902588", "to_ids": true, "type": "sha1", "uuid": "5ccdf306-91b2-4592-b169-3c78977dd21c", "value": "5bd82a88950e029312bcf55b1bb6528fe96a3046", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902588", "to_ids": true, "type": "sha256", "uuid": "0fdfb6f0-67b1-4ce0-bdfb-8959ec62385e", "value": "acca258713692d82ea4b9bdf72dfa6dadc65083b1d37828bac0d2e6af6ba1712", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900846", "to_ids": true, "type": "ssdeep", "uuid": "bc6fe8ef-57e0-42ce-827e-04b8f7d24471", "value": "24576:60/bFJZqJXG4wSyhFYyw6fSfKYa2pnfkT+oCm1wzdPsCKlCnQ+dJGeP:hZqVBwS9ywfKYD86oCmyzdPsNCn3n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900846", "to_ids": false, "type": "size-in-bytes", "uuid": "fdbe9147-586b-4992-a08d-5dc4cea0202f", "value": "1179680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900846", "to_ids": true, "type": "vhash", "uuid": "51a1ea4b-0259-4980-954f-c26d54d7c34e", "value": "b657db2d484d784ca20b7b9e1f5816d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900846", "to_ids": true, "type": "filename", "uuid": "2e79fe39-a126-4b8e-b580-b244de1200fa", "value": "\u3010\u7d66\u4e0e\u8abf\u6574\u306e\u304a\u77e5\u3089\u305b\u3011.zip" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 04/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900846", "to_ids": false, "type": "text", "uuid": "02a351f3-eab6-4a5d-9bf6-0e18f2e7c201", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:37/69\nFirst Submission:2026-03-04T00:35:38.000000+00:00\nLast Submission:2026-03-04T08:13:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903414", "uuid": "2502a3f8-31b8-450e-a4fb-feedabdc0e8a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903414", "to_ids": true, "type": "md5", "uuid": "6825f115-07b4-425d-ac1a-6876e8c35cf8", "value": "d1f691ef37c839d17567057a21b75bdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902590", "to_ids": true, "type": "sha1", "uuid": "d0c40409-611a-4d68-a76f-b57a20fdb8f4", "value": "62b5a6c1a45868b2454544888aef9ce18b4367d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902590", "to_ids": true, "type": "sha256", "uuid": "245768c9-e5b0-4aa9-b64e-6582dbc412d6", "value": "354fcbc4a16a8b47424bed435da1c040218b13ed9fa5392a5917a411b6947f4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900868", "to_ids": true, "type": "ssdeep", "uuid": "5efd8083-dec7-4549-ae63-c205345935e4", "value": "24576:1LDxv2rSAf7zp/rT7grrq0smM3aGzgonU:1L9v22kzp/X7g3lsmMqGzgF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900868", "to_ids": false, "type": "size-in-bytes", "uuid": "db246b1b-3643-4b10-bffc-fb14792ac08a", "value": "815648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900868", "to_ids": true, "type": "vhash", "uuid": "01abc889-6fd6-4fd6-8542-e0d3bf4d69d8", "value": "18503e0f7d5bz3nz15z14z13f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900868", "to_ids": true, "type": "filename", "uuid": "a26368c3-3e8b-4f8c-81e6-a8a187de929e", "value": "libvlc.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900868", "to_ids": false, "type": "text", "uuid": "9e9d7230-ab8c-4fe5-9999-6a62a168d379", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:46/72\nFirst Submission:2026-03-04T00:36:28.000000+00:00\nLast Submission:2026-03-04T00:36:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903435", "uuid": "e13e92da-0bfd-4555-9387-ce72da2a49f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903435", "to_ids": true, "type": "md5", "uuid": "a9708ad0-7114-4aa3-bda1-5dd5ed6e86e6", "value": "8f8d4f67ebc47521f5e69b63636c0498", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902591", "to_ids": true, "type": "sha1", "uuid": "4fbd01e0-9804-4feb-a29b-4f0b859573b0", "value": "6f93afebb90913e4410fd24580bae44a9ef852cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902591", "to_ids": true, "type": "sha256", "uuid": "73e314cb-afc0-41e9-8802-5ec054f0895a", "value": "f5b4cb8dbec6da40f54025b8cdb298110af2c9f118862db968a9e1e58f7af2d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900910", "to_ids": true, "type": "ssdeep", "uuid": "5f4169e1-fae9-4bc7-947c-ad2a63756ad4", "value": "24576:jk8aSZfcd9+4+/+Rmchc9Pnlz34yBwRU6XlTjwdGi2n4yBDqRb5mGLcIZ14sVjpS:jRaIlbQmcit3zKJcAi0DqR0G714sVjpS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900910", "to_ids": false, "type": "size-in-bytes", "uuid": "122f0a5f-7f71-44e0-95ae-df8d7bb8bc44", "value": "1506914" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900910", "to_ids": true, "type": "vhash", "uuid": "a56dd910-4e60-4b65-a50c-5282d6dd65c4", "value": "b0a05e9acf307efce084ecd596c980e7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900910", "to_ids": true, "type": "filename", "uuid": "70400ce0-2d94-4f70-ad92-4d288c74ff42", "value": "20260309-1535_64738d1243fe1e420a63a9028547110c.zip" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900910", "to_ids": false, "type": "text", "uuid": "3f871815-8ee5-4421-a2a0-7954d82e9a97", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:40/69\nFirst Submission:2026-03-09T11:53:37.000000+00:00\nLast Submission:2026-03-09T11:53:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903457", "uuid": "855bdaa3-748f-4696-a158-4d3c0a3439c1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903457", "to_ids": true, "type": "md5", "uuid": "0e3902c4-fd78-4991-a30f-a9506b114a48", "value": "6c870da5e21b65a7436adcd446ca1f41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902591", "to_ids": true, "type": "sha1", "uuid": "3f0ef653-ed86-403d-ad5f-d4b1a7a54528", "value": "7974bad0b55d681bd269d0367d38f3a49f99aacd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902592", "to_ids": true, "type": "sha256", "uuid": "9217d290-102c-4d5b-aebb-7e52be519ea9", "value": "7a3fb43f828f046c64c94c86533c324f2c2f4e16da2adee90e2e363b8771f990", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900933", "to_ids": true, "type": "ssdeep", "uuid": "3c6842c2-8586-4aa7-a92b-92c2f8c41969", "value": "24576:yvLw8Kku1LRuzfjRAT1vnnlCHFrjeKRcA4hqr4Pb:Uw/k8VuH+vnnlCH1T2A4hwm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900933", "to_ids": false, "type": "size-in-bytes", "uuid": "e3f783b1-3b6e-4f11-8ae4-6af799081b2d", "value": "1225651" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900933", "to_ids": false, "type": "text", "uuid": "c0769a63-e9aa-47f5-befa-d5a432d376d4", "value": "Type Description: RAR\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:32/65\nFirst Submission:2026-03-17T04:10:56.000000+00:00\nLast Submission:2026-03-17T04:10:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903478", "uuid": "ab786fea-9db9-47b9-a70a-e304d6f050c3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903478", "to_ids": true, "type": "md5", "uuid": "f3f63e37-0fbe-47e9-96e9-bd07be4ea0b2", "value": "5661f72a6ba1598ba49e63fa121ef015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902592", "to_ids": true, "type": "sha1", "uuid": "089c83ab-8e24-412c-ae0b-8728cdfb45f4", "value": "7b1bf4df1c8fc077d381fdb30962dfdeb6ccbaa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902592", "to_ids": true, "type": "sha256", "uuid": "ae617300-d1bd-45ff-8cc7-c5c2ba5d3a97", "value": "a83eca305b9b682f2f3eb7d130b8c8e68743cf5eaa8704ff136fb3659a086822", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900954", "to_ids": true, "type": "ssdeep", "uuid": "1cbb8993-c315-4b48-8c51-304fda14e606", "value": "24576:PS486MMIilFSkwJAEDD4ph47ghzsRIVl+6a7R+m0lxyJqfRJIYDlvjwQUYrpJLnY:+6RLlAB8hQOL+6a7RBqgypcQUSJ0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900954", "to_ids": false, "type": "size-in-bytes", "uuid": "4b2c9060-aec8-474d-a326-7a5ea0369601", "value": "1785912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900954", "to_ids": true, "type": "vhash", "uuid": "ec9496f6-4fa4-457f-8405-7fc10e26e603", "value": "116076655d155d05655az5dnz15za4z13f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900954", "to_ids": true, "type": "filename", "uuid": "32898094-4b07-4b78-8b8b-f708ed2eaf73", "value": "libvlc.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900954", "to_ids": false, "type": "text", "uuid": "ca521073-e47b-4a19-8184-bf712c28d10e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:51/72\nFirst Submission:2026-03-03T04:17:15.000000+00:00\nLast Submission:2026-03-03T04:32:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903499", "uuid": "5a22db4f-d61a-4446-975f-4fc3c14be089", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903499", "to_ids": true, "type": "md5", "uuid": "4dd44ad1-17fa-442d-b531-7d4550d24f97", "value": "2dd81ae480816ae59982ef0b28308ec7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902594", "to_ids": true, "type": "sha1", "uuid": "831c1304-d4dd-4578-b888-68dd79889c67", "value": "8a5907b4b4ab7b39aa3390249abcaa14e1618139", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902594", "to_ids": true, "type": "sha256", "uuid": "52ea08ae-c05b-45ea-823b-79f493a5b94d", "value": "35b9acf7f217534c178f2b2afbe6d9ae9cfc431829aa11157aecb2d084ca83cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775900997", "to_ids": true, "type": "ssdeep", "uuid": "f7f2ab43-7c1b-4852-a9be-24f6ce1bc3d9", "value": "24576:tNizuxgvMvzAum1HYC5L0JijzDdPk9DeWt2NE2PlzQHEXkgnKNrHQlQPr:/fxkMvI6C5wijzD0pEZQkdKNslQT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775900997", "to_ids": false, "type": "size-in-bytes", "uuid": "5382acc0-2817-420b-9834-c0792bc5d510", "value": "1539770" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775900997", "to_ids": true, "type": "vhash", "uuid": "e777b834-a090-48d0-b657-2849830fa8f5", "value": "b657db2d484d784ca20b7b9e1f5816d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775900997", "to_ids": true, "type": "filename", "uuid": "0dd790e4-0990-4b08-86fa-b2cb8ad87f09", "value": "35b9acf7f217534c178f2b2afbe6d9ae9cfc431829aa11157aecb2d084ca83cb.zip" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775900997", "to_ids": false, "type": "text", "uuid": "b2bcc9ba-98f0-4444-ae0e-9ed391536475", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:46/69\nFirst Submission:2026-03-10T08:54:13.000000+00:00\nLast Submission:2026-03-10T16:17:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903520", "uuid": "4a1cf1c6-8f71-4896-86da-c42775d84144", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903520", "to_ids": true, "type": "md5", "uuid": "5150cb74-d478-45e6-8222-1f4deb537d65", "value": "30b7014370b42268d9f2f234ede3c473", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902595", "to_ids": true, "type": "sha1", "uuid": "639ddb10-58d8-4abb-b2f5-a1a574d4baa2", "value": "8aaac65ccfb4670650c090fdc8d140713fa45bf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902595", "to_ids": true, "type": "sha256", "uuid": "de71bd06-71c0-40bc-ae23-35482ce875a8", "value": "012a7d8b63e6dec27ab39e6296584f03457e7a2997cecca69211124dfc06e55d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901019", "to_ids": true, "type": "ssdeep", "uuid": "c09df587-30fe-4377-b252-9922c8fa9354", "value": "24576:GpV85H8Xn7IhKjic3LHAExxytHUG/5wd9H5EUqOHoH:G385H8Xn7IMAExwHbudcMoH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901019", "to_ids": false, "type": "size-in-bytes", "uuid": "30e3ba4b-731f-4b78-88b7-a264089794f2", "value": "1030634" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901019", "to_ids": true, "type": "vhash", "uuid": "1ece3593-6ebb-458f-aaa8-7676fa53be2a", "value": "3da86427b7a524c88b82a74298e2675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901019", "to_ids": true, "type": "filename", "uuid": "792302c5-82dd-4158-aa53-82fef72f3445", "value": "Vlectron103710309setup.zip" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901019", "to_ids": false, "type": "text", "uuid": "1aaeac5f-7dd6-4513-af55-d26c39bab713", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:40/69\nFirst Submission:2026-03-09T06:14:16.000000+00:00\nLast Submission:2026-03-09T06:14:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903541", "uuid": "ee9b8627-1bad-4f71-9c18-258fe7c8e1f2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903541", "to_ids": true, "type": "md5", "uuid": "66059981-e9f8-4762-8f6b-802f4fc8a4f3", "value": "ecc2413899119db053dea97fce09b7f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902596", "to_ids": true, "type": "sha1", "uuid": "b6b67ece-da68-435e-8522-a6b81d31162f", "value": "8abe494fd4143e77e1745b2576fc75d0d5ffe05c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902596", "to_ids": true, "type": "sha256", "uuid": "83aefd02-691a-4f75-a256-ef8e3bc2440d", "value": "167d317883b647fd7d91c8e4a2ac09f821049037b1998b3d67c6852aff2284af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901041", "to_ids": true, "type": "ssdeep", "uuid": "af1a24d3-3c21-46c9-98b8-fd8415ba5190", "value": "24576:YauKSdE5vc9rJGpwHXwszgymfQmQdBF/eFJaJno:YayDPXfzg9/QdXWHa+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901041", "to_ids": false, "type": "size-in-bytes", "uuid": "e917eef0-87c1-412b-b207-384b444b56dd", "value": "837696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901041", "to_ids": true, "type": "vhash", "uuid": "c25a7da8-2c7a-4434-ac41-55b3265cffae", "value": "18503e0f7d1019z33z11z1dz15z16z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901041", "to_ids": true, "type": "filename", "uuid": "23585cd6-9acb-4a60-a2a5-f7da8b271ee2", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901041", "to_ids": false, "type": "text", "uuid": "a459eb15-f343-4da8-a88b-eb8358435747", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:48/72\nFirst Submission:2026-03-17T04:11:16.000000+00:00\nLast Submission:2026-03-17T04:11:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903562", "uuid": "a1ebf1a6-a031-4288-a52d-ffc898b48060", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903562", "to_ids": true, "type": "md5", "uuid": "949ace9d-ec35-4e31-9b31-8da7da825327", "value": "5c1239a2612987393a706b33eb9ea27c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902597", "to_ids": true, "type": "sha1", "uuid": "27cee5b0-72ae-40ae-8fbb-d95d09b6bf97", "value": "8e32b303226f6016726315be2b7dda39aadd984e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902597", "to_ids": true, "type": "sha256", "uuid": "2b451c3a-ce6a-4c01-ba53-9853cc7d6883", "value": "f8a32e98f1f7be4b2b301ad0e0fa7eef819aa1916d33480c61964ee1ca8cf9a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901062", "to_ids": true, "type": "ssdeep", "uuid": "8cfa9895-72d4-4ee5-929f-b8b65c894d2e", "value": "24576:eaguDv060H9tV8v6WiJxzn9Po90+b0Zoh23BvtAG:eagA068EWjz9PoeZo+9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901062", "to_ids": false, "type": "size-in-bytes", "uuid": "2760ca03-b7b3-41fd-b431-100f89cfca90", "value": "1126236" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901062", "to_ids": false, "type": "text", "uuid": "ae841fb1-6cbf-4c16-8e16-8a6c2ada15b5", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:36/65\nFirst Submission:2026-03-28T06:42:36.000000+00:00\nLast Submission:2026-03-28T06:42:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775903583", "uuid": "85f1ee9b-b96f-4bb2-a672-0c5f8f8ef515", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775903583", "to_ids": true, "type": "md5", "uuid": "bcdd6d42-eb0e-47c4-81e9-96ddf36e070d", "value": "36f265dabe69ae16e7baf0c15aa86dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902598", "to_ids": true, "type": "sha1", "uuid": "fe098b47-9005-415b-bd8a-f84a812a7fe5", "value": "8e65b41dc6b1c03ce3f9c9dd6c3f2dc44af53a43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902598", "to_ids": true, "type": "sha256", "uuid": "b5ef81ab-6cf4-4b5e-8e28-ec93ce0a918c", "value": "1ee51eb5fc850655dd25f92ef43bb619684b266a7b5782aeac7759e289615d01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901084", "to_ids": true, "type": "ssdeep", "uuid": "876037b3-8385-4c28-b899-a8f66dda2982", "value": "24576:RGxqtce4fGAfI7EYkDEUtKJJHHmgE5VwRiapRJIYDlvjwQUYrpJ:EqtX4Vg7tMtKJNWVwHGypcQUSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901084", "to_ids": false, "type": "size-in-bytes", "uuid": "e57cd7f1-4211-435b-872d-c0fecd32987d", "value": "2068480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901084", "to_ids": true, "type": "vhash", "uuid": "83de79d4-7e21-43ef-addb-cbedfc42feed", "value": "126076655d155d05655038z5d3z11z5dz15za6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901084", "to_ids": true, "type": "filename", "uuid": "1991897c-0702-410e-9aef-74fe336120a5", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901084", "to_ids": false, "type": "text", "uuid": "617dd884-1e2a-4585-8744-91d0bcf7446e", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:52/72\nFirst Submission:2026-03-10T08:54:47.000000+00:00\nLast Submission:2026-03-17T13:39:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902599", "uuid": "b3a13f45-2d8c-4e40-8b40-083b02b9427b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902598", "to_ids": true, "type": "md5", "uuid": "1192ae74-9673-4369-a189-7fb3649367e2", "value": "52638a930b4c3ff5603978d674bb9415", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902598", "to_ids": true, "type": "sha1", "uuid": "f9f33984-aea8-4267-beaa-28b6985c1cd6", "value": "a0233e66704b087c356dc5f30bd292ce4839be1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902599", "to_ids": true, "type": "sha256", "uuid": "ade43b94-ab1f-4f77-85a3-9efbe4d64144", "value": "521b4fd2a98630b782b897793da025845029d80696b871620f731eeaf4ff950a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901106", "to_ids": true, "type": "ssdeep", "uuid": "fd251da8-1b4d-4f8e-a6ce-0e50fef91c6e", "value": "24576:pGxqtce4fm9j/XBrnLL7y6oNI2aPSlRGLRJIYDlvjwQUYrpJ:sqtX4EPB7TiWSlQkypcQUSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901106", "to_ids": false, "type": "size-in-bytes", "uuid": "4f4db6b2-b998-4fc8-a4a8-5f8c4ec67b28", "value": "2062336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901106", "to_ids": true, "type": "vhash", "uuid": "cb088dcf-0fa0-45d4-bdf5-9d841ab778a8", "value": "126076655d155d05655038z5d3z11z5dz15za6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901106", "to_ids": true, "type": "filename", "uuid": "d4fb84e4-863f-4bd1-804c-040f06461387", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901106", "to_ids": false, "type": "text", "uuid": "4e77a677-f20a-4875-a019-9e27f6cd1651", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:49/72\nFirst Submission:2026-03-09T11:45:53.000000+00:00\nLast Submission:2026-03-09T11:45:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902599", "uuid": "172f119f-d499-4b5a-aaa9-38359e40d278", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902599", "to_ids": true, "type": "md5", "uuid": "54b474d6-b1bb-4c5e-9d17-df7397d5d1cd", "value": "0d46afcac922062342e351601a05ba97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902599", "to_ids": true, "type": "sha1", "uuid": "fc8a8c53-7b2b-4805-8a4d-4e194d7c88f3", "value": "a3973e372f847d3ded1c877ad097c036c4cf43b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902599", "to_ids": true, "type": "sha256", "uuid": "8940dad6-82e8-4405-b58f-b65f40176099", "value": "02b9ce681a92c9f64ebe30f6dc3637a90fd4d1d1a182c0be3708525939fb75e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901128", "to_ids": true, "type": "ssdeep", "uuid": "a67a292c-1727-4c3f-bbd1-7a283fff6e04", "value": "24576:pMqfqy6ZFUzHn2wyeCQErL3+rqxfl34OUKYf7kkwg38QWMKK4pX3UXOSPyMApd:DfqhUDOnloNPX8QWRKs0XeTpd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901128", "to_ids": false, "type": "size-in-bytes", "uuid": "c375d330-55d3-49d5-9e1f-1eecccebc448", "value": "1536349" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901128", "to_ids": true, "type": "vhash", "uuid": "098e035c-bef5-43e2-a41b-0dc32859076e", "value": "343fe9c845280d986c975b8c3bcc7815" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901128", "to_ids": false, "type": "text", "uuid": "47450ccd-6263-485b-af54-430525cc8920", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:43/69\nFirst Submission:2026-03-05T03:34:58.000000+00:00\nLast Submission:2026-03-05T03:34:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902600", "uuid": "ddf9eef3-5252-46ff-adb0-966b0212c7bc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902600", "to_ids": true, "type": "md5", "uuid": "4db9df3b-962e-430d-af83-9e1b529d8da3", "value": "d83f279a67a3374514c8b08d9e1f4df9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902600", "to_ids": true, "type": "sha1", "uuid": "38146d19-092c-4757-a397-fcdd6c6c1788", "value": "a74c078f662a78cd11d38c032689a0f5e9e53962", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902600", "to_ids": true, "type": "sha256", "uuid": "92c31e47-04d7-48f6-8fd9-ea9fa5b64cd0", "value": "ad05eeb70dc7ab34926e31da2be97d3503ce4ef96084df74db9e9c102923d3ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901170", "to_ids": true, "type": "ssdeep", "uuid": "b5b421e8-5192-44bc-a5b8-efdd13bfc493", "value": "12288:2k9KjfvDZKXidUkNwZ1+URCoKlcdNLLvuVSFZ05LKWmz1sdkPs+7RI2SDCVIwBIn:hsQXi7wZrFeVnt6Ha61uRD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901170", "to_ids": false, "type": "size-in-bytes", "uuid": "fe3efc68-ea45-4fbd-bd5b-df1f4b44e560", "value": "1821696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901170", "to_ids": true, "type": "vhash", "uuid": "08d173cc-b6d5-4fbc-9021-4cf67b7bc295", "value": "016086655d15551d05555078z6d3z31z7021z91z1bza6z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901170", "to_ids": true, "type": "filename", "uuid": "bdd12583-6d5a-45c7-a95e-94e2d308b71e", "value": "Setup.exe" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901170", "to_ids": false, "type": "text", "uuid": "22ceb530-0fb3-44e5-b4e7-e8d013d46a7a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:47/72\nFirst Submission:2026-03-19T02:09:30.000000+00:00\nLast Submission:2026-03-19T02:09:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902601", "uuid": "03df07a1-6693-4e42-b638-eadb52807d13", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902601", "to_ids": true, "type": "md5", "uuid": "01d8a58d-8eee-4712-a8b9-c623a0d946a7", "value": "a5b0f1fba15e570655d3bedee0d2cdca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902601", "to_ids": true, "type": "sha1", "uuid": "703c2c71-5909-414f-b205-74edc3c1b068", "value": "c176ea706e8f0d5cc22b226634d3853e2509279b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902601", "to_ids": true, "type": "sha256", "uuid": "8e6ce48a-795c-4d9e-8e96-55bff647baf3", "value": "46d7cc620fd3650ad70b0ba964e3837d38a2f48fcef8d3e177bfb89f5d547b29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901213", "to_ids": true, "type": "ssdeep", "uuid": "38bea492-492e-47b0-8875-22f84d87f14e", "value": "24576:+Yv8rZFZ5hObQhivlqupb6oTK+OSJTcFbgpSFTalaNIw8gOvqzAkQKL6qFVB:U/hCquo9+nTFUpNGqckQEFj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901213", "to_ids": false, "type": "size-in-bytes", "uuid": "cabf463c-43f4-496d-b82d-591b1bcdbdec", "value": "1210697" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901213", "to_ids": true, "type": "filename", "uuid": "c23f8ac3-0a51-4f5a-afa5-c595d9af0678", "value": "Vlectron107710306setup.rar" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901213", "to_ids": false, "type": "text", "uuid": "14015727-6854-4e2e-ac2e-ce60a4c59298", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:34/65\nFirst Submission:2026-03-06T07:50:27.000000+00:00\nLast Submission:2026-03-06T07:50:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902602", "uuid": "0d7294bd-b3b8-4f5c-b409-7b2e4e9154ab", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902602", "to_ids": true, "type": "md5", "uuid": "e7710718-95b2-4449-adb0-3db9d9f18556", "value": "547054bcbf78f8e07964e82b642e60b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902602", "to_ids": true, "type": "sha1", "uuid": "bc04c869-6369-4c94-b551-49fd9fd28de0", "value": "c8a3223bb0991c81d774a94316bccc64fb25b2a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902602", "to_ids": true, "type": "sha256", "uuid": "82939c04-a73f-4e8f-94d1-907c6581f442", "value": "4ac19c722ebaf1fd8ec091bc288d2c587a71bbc3c8801a071a9aa4057c69ec8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901235", "to_ids": true, "type": "ssdeep", "uuid": "cd116ccd-bfba-48c0-af05-5a1ab1e9d1ad", "value": "24576:45Pneq4p8GE4Ai+gxyX6ZS3qnYxF2bvnHIGO68MUBmZv/hYQDH3NizuxgvMvzAui:+4p83gxyX6ZS6YxF2bvot68fKhYQD9f4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901235", "to_ids": false, "type": "size-in-bytes", "uuid": "4dbda9bf-6ce0-4325-abf0-d748cbc84e50", "value": "1538878" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901235", "to_ids": true, "type": "vhash", "uuid": "1fd90112-62ee-4d09-bed6-177db505c622", "value": "343fe9c845280d986c975b8c3bcc7815" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901235", "to_ids": true, "type": "filename", "uuid": "90aabad1-c709-4bcb-b339-60a7c1e1a567", "value": "%E3%80%90%E4%BA%BA%E4%BA%8B%E7%95%B0%E5%8B%95%E3%83%BB%E7%B5%A6%E4%B8%8E%E6%94%B9%E5%AE%9A%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6%E3%80%91.zip" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901235", "to_ids": false, "type": "text", "uuid": "c8a8cba9-1d48-474f-b6d9-cfcdcb64ac0e", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:30/69\nFirst Submission:2026-03-05T02:05:52.000000+00:00\nLast Submission:2026-03-05T02:05:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902603", "uuid": "1551a672-0fc5-42d9-8ea6-95553c4135f0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902603", "to_ids": true, "type": "md5", "uuid": "6c53d308-2f4d-47eb-bb22-6aac2c7aceb0", "value": "b46f6df63070ceaf93418a666c685a0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902603", "to_ids": true, "type": "sha1", "uuid": "b2cbeba6-84a0-44a0-9bf5-0af343a508a3", "value": "d5e18be55d01e3c7b301bcdefe44dade963bad44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902603", "to_ids": true, "type": "sha256", "uuid": "b0e748c3-6574-4c6f-b109-142808d04ed9", "value": "647ee8eeb990daab642a2179583217b95fc80ee57e03c699555605704f2e1769", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901299", "to_ids": true, "type": "ssdeep", "uuid": "8086dd0e-bdbc-4bf6-9d79-8198888adeb5", "value": "24576:8auKSdE5vc9rJGpwHXwszgymfQmQdBF/eFJa:8ayDPXfzg9/QdXWHa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901299", "to_ids": false, "type": "size-in-bytes", "uuid": "e3c8a180-044d-45a1-b1c7-4bc9c6355ce0", "value": "830464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901299", "to_ids": true, "type": "vhash", "uuid": "f1a0c285-cd8b-4984-96f8-26f814a4d1b1", "value": "18503e0f7d1019z33z11z1dz15z16z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901299", "to_ids": true, "type": "filename", "uuid": "6f1d5002-ddc4-4b91-bf12-c175b5f5ae64", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901299", "to_ids": false, "type": "text", "uuid": "a744809b-9612-4f23-8af9-2f5b250f7b77", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:48/72\nFirst Submission:2026-03-06T03:04:29.000000+00:00\nLast Submission:2026-03-06T04:56:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902604", "uuid": "28649c97-9fdd-4c6f-bca5-5b442ac573e2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902604", "to_ids": true, "type": "md5", "uuid": "961703c5-1dfa-44dc-97fc-d0bb1d378bf0", "value": "d72a7a69fbabb6c684b72ac3c9857c0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902604", "to_ids": true, "type": "sha1", "uuid": "cf5f71bf-12f2-4299-87a2-4f46861347f6", "value": "d9cd907d51cfd082796eb636abe2e43f32bd0247", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902604", "to_ids": true, "type": "sha256", "uuid": "03ad8851-7e37-4c05-a9a3-0a5e208a688d", "value": "a13fa1073ad96cf8a9d4a09ea1730ca7927df4e8b03ee3dd080be46d342efb6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901320", "to_ids": true, "type": "ssdeep", "uuid": "e8c0834f-4f22-43cf-b10b-a6e0d44e22fa", "value": "24576:iGxqtce4LoAfI7EYgc+CoHa/jmvFHIHacKU5na8RJIYDlvjwQUYrpJ:JqtX4Lg7tgcVoHa/WFStU7ypcQUSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901320", "to_ids": false, "type": "size-in-bytes", "uuid": "696f7019-4ab8-434c-ac35-95b94a6265c6", "value": "1986048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901320", "to_ids": true, "type": "vhash", "uuid": "5365f8f6-0b0d-4756-9ff1-18d28affd240", "value": "116076655d155d05655038z5d3z11z5dz15za6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901320", "to_ids": true, "type": "filename", "uuid": "9aa4123e-b3e1-4cd1-9009-55c948855882", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901320", "to_ids": false, "type": "text", "uuid": "6e0a4429-2b2e-41a6-a601-849daece3cef", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:51/71\nFirst Submission:2026-03-05T03:35:18.000000+00:00\nLast Submission:2026-03-05T06:44:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902606", "uuid": "74dfd4fb-836a-40cc-883a-f2573ddd0c63", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902605", "to_ids": true, "type": "md5", "uuid": "2f101ce5-e945-4e25-afb0-509cbb29cd9f", "value": "a4489b07cb56be156e340272df8c79a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902605", "to_ids": true, "type": "sha1", "uuid": "5d4ebe88-861a-4919-b225-b31605fe241f", "value": "dae74b42e4a6f123f0c2329f772c70af8dec2d71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902606", "to_ids": true, "type": "sha256", "uuid": "3aef2d24-4639-4f30-a269-36f2ec39a10e", "value": "1a38c444240870c5641cc45b510c08dd52f35483c74690db6f0e767ec1b7cb9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901342", "to_ids": true, "type": "ssdeep", "uuid": "53e83722-3cec-4c7a-abbe-baa1ba021bb1", "value": "24576:8Gxqtce4HVAfI7EYOc+joHa/jmvFH8HacKpLna8RJIYDlvjwQUYrpJ:jqtX4ug7tOcwoHa/WF+oW7ypcQUSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901342", "to_ids": false, "type": "size-in-bytes", "uuid": "0bd18575-8c2e-489d-bffc-798931eff292", "value": "1986048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901342", "to_ids": true, "type": "vhash", "uuid": "0d66f12a-83b2-4a3a-8e5d-2ad522dd7cc0", "value": "116076655d155d05655038z5d3z11z5dz15za6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901342", "to_ids": true, "type": "filename", "uuid": "cad887f2-a115-432b-8213-f809c5ed7c51", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901342", "to_ids": false, "type": "text", "uuid": "c515be4b-eb33-4818-be87-915c21f2c6a8", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:52/72\nFirst Submission:2026-03-28T10:55:17.000000+00:00\nLast Submission:2026-03-28T10:55:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902607", "uuid": "341bec6f-8f99-4aae-bb74-6ffcf4e0fdef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902607", "to_ids": true, "type": "md5", "uuid": "53719042-e00f-4454-b0b7-dd6f8160d7fd", "value": "f64c9e981ee29a4c1812327ea61bb5ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902607", "to_ids": true, "type": "sha1", "uuid": "cf0e1e92-cf5f-4f16-948e-3bb94c2afb3f", "value": "e5c8f43fb31d1d627b42273d03ec15723f80733a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902607", "to_ids": true, "type": "sha256", "uuid": "6a1e1a44-1e05-4413-af4f-54f43156958c", "value": "7c186e7e55b9eee9bc5a0b68310dadd1e06681983cb0efa27542a3a22964f5bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901364", "to_ids": true, "type": "ssdeep", "uuid": "e2f82a76-ea8e-4d30-9e2f-7da1163778a2", "value": "24576:bGxqtceFYP9j/XBrnULky6oNA2aPjnRGLRJIYDlvjwQUYrpJ:uqtXFAPB7piOjnQkypcQUSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901364", "to_ids": false, "type": "size-in-bytes", "uuid": "07b646e1-1f8c-41f8-bfd8-f965c31634db", "value": "2062336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901364", "to_ids": true, "type": "vhash", "uuid": "8be76850-92f1-4ca2-8a33-7260b31f19f9", "value": "126076655d155d05655038z5d3z11z5dz15za6z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901364", "to_ids": true, "type": "filename", "uuid": "c95a6d04-fe01-4b28-a897-b8e34b15ae65", "value": "desk_compositor_x64.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901364", "to_ids": false, "type": "text", "uuid": "aef31b68-1f0e-403c-9589-8fe393b7e6d3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:49/72\nFirst Submission:2026-03-09T06:14:57.000000+00:00\nLast Submission:2026-03-09T06:14:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902608", "uuid": "61997d84-69df-4ec4-9540-28feb024f8d1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902608", "to_ids": true, "type": "md5", "uuid": "2e306635-e39c-4288-a4a7-fdbec49c115e", "value": "263282a6d3169db2b5288fae4ca1628b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902608", "to_ids": true, "type": "sha1", "uuid": "5e21cbf8-c698-4d35-a33e-582dc247829c", "value": "f95cd0d3244a09b61d39a827505ef061a9f04a38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902608", "to_ids": true, "type": "sha256", "uuid": "41a36071-64c1-4f4f-bab1-621f7cb4b8f7", "value": "31557fdfc5a091fae4e366cb826f33927f671b0fedef71bb4b381d33a111586d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901406", "to_ids": true, "type": "ssdeep", "uuid": "6f73dc11-7218-448c-9f1f-6b017e901aed", "value": "98304:7fiBMTSEViDPBxfufdEsFN30w0aK1T11pMs4W:7fQk+5xAE91msH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901406", "to_ids": false, "type": "size-in-bytes", "uuid": "6b89c931-061c-43a4-92a6-e9c0b02961c1", "value": "3548941" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901406", "to_ids": true, "type": "filename", "uuid": "991ddf25-67f1-4ee0-b28d-57e74861f574", "value": "Vlectron107210305.rar" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901406", "to_ids": false, "type": "text", "uuid": "98a8a494-d5ab-45da-ba58-f6c3b07d8697", "value": "Type Description: RAR\nMicrosoft: Trojan:Win32/Suschil!rfn\nVT Total Detection:36/65\nFirst Submission:2026-03-07T19:56:36.000000+00:00\nLast Submission:2026-03-07T19:56:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902609", "uuid": "c2ddf87f-0ece-4af3-9406-f4e9b466f7a9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902608", "to_ids": true, "type": "md5", "uuid": "a8822028-323a-43da-9ba7-25dbbdba4e6b", "value": "16889dfe3c5507bd6c55346276380ea5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902609", "to_ids": true, "type": "sha1", "uuid": "14182679-2093-4fd1-bf45-f14f770bc72a", "value": "fc5d4b1fb2bbc690016ff51567162865f3a0485b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902609", "to_ids": true, "type": "sha256", "uuid": "f2f27a37-9a41-4746-b623-bfe00e983f62", "value": "49afd1ff926b1ea8ff1d7316ea9aba50c4e4e771030f03fbfcb465b78efaee48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901428", "to_ids": true, "type": "ssdeep", "uuid": "53a51510-11ae-4474-88c0-7e780f7305bd", "value": "24576:0BVF7epc2lZ6MXk8YKSMP0Qtpq81zadyaV+kw22ShHNizuxgvMvzAum1HYC59:+92lZjrYKSo1pqga/v/vfxkMvI6C59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901428", "to_ids": false, "type": "size-in-bytes", "uuid": "9da72adb-6f74-4d37-8e5e-fccb8fa76550", "value": "1520415" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901428", "to_ids": true, "type": "vhash", "uuid": "7069cf7c-ced0-4a1e-b2bd-bd3f2211583f", "value": "b657db2d484d784ca20b7b9e1f5816d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901428", "to_ids": true, "type": "filename", "uuid": "efcab835-1996-4266-b45c-210f2e8575a9", "value": "Vlectron101710309setup.zip" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901428", "to_ids": false, "type": "text", "uuid": "c066e755-4e8b-4d87-b695-cac588547465", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:40/69\nFirst Submission:2026-03-09T08:34:38.000000+00:00\nLast Submission:2026-03-09T08:57:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775902610", "uuid": "a36fbd71-5134-4c9c-9e35-1cbaaf33d316", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775902610", "to_ids": true, "type": "md5", "uuid": "d7e2ed6c-3b6f-44b0-b91b-1bb1be765db2", "value": "6a55f2125228850d7ed7318d8110dfe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775902610", "to_ids": true, "type": "sha1", "uuid": "6197b1b3-1a11-40b0-a2ad-bffef4eb9fee", "value": "ff848dacc5062ed4c2eb51614c47a5d851dab6a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775902610", "to_ids": true, "type": "sha256", "uuid": "ee95d691-187f-451f-94b5-edab611265f6", "value": "6bd4cce1b7e4d305d4667850f1d071ee1f2785ecf52e1bc1032087a35dd4791b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775901450", "to_ids": true, "type": "ssdeep", "uuid": "c632a066-7c12-430e-90d7-5f0bfe08afe3", "value": "24576:HZ4FRGseUx/eXerd+x/G/SjzzGC+ByzVH/c87b3:H+isJ/euSucPG4VH/933" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775901450", "to_ids": false, "type": "size-in-bytes", "uuid": "04c97d36-0108-4117-a6e6-9b3a3492bc83", "value": "819200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775901450", "to_ids": true, "type": "vhash", "uuid": "76974f07-e273-41ce-ae93-426d76820efd", "value": "18503e0f7d1019z33z11z1dz15z16z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775901450", "to_ids": true, "type": "filename", "uuid": "9f9bb54a-ccb1-4110-b265-18e5275e540f", "value": "vulkan-1.dll" }, { "category": "Other", "comment": "Checked: 11/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775901450", "to_ids": false, "type": "text", "uuid": "b3d7d5ea-1c17-45ef-841c-27fd417a5b40", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:48/72\nFirst Submission:2026-03-06T07:50:45.000000+00:00\nLast Submission:2026-03-06T07:50:45.000000+00:00" } ] } ] } }