{ "Event": { "analysis": "1", "date": "2026-03-31", "extends_uuid": "", "info": "[Threat Intel] Unpacking Augmented Marauder\u2019s Multi-Pronged Casbaneiro Campaigns", "protected": false, "publish_timestamp": "1775970098", "published": true, "threat_level_id": "3", "timestamp": "1775970098", "uuid": "31569bf2-1690-4b65-b83c-c6699e0e6632", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#2f00b5", "local": false, "name": "rectifyq:workflow=\"add-ioc-context\"", "relationship_type": "" }, { "colour": "#3000b7", "local": false, "name": "rectifyq:workflow=\"check-key-indicator\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Financial Theft - T1657\"", "relationship_type": "" }, { "colour": "#3d1dab", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Spearphishing - T1534\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": "" }, { "colour": "#30f613", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Mshta - T1218.005\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#98f3da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Zebrocy (AutoIT)\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Metamorfo\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Unidentified 072 (Metamorfo Loader)\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"HAFNIUM\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775098822", "to_ids": false, "type": "link", "uuid": "a636a6f3-e3d3-4595-8e20-8f7b8bd786c3", "value": "https://www.bluevoyant.com/blog/augmented-marauders-multi-pronged-casbaneiro-campaigns", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1775098822", "to_ids": false, "type": "text", "uuid": "5fa9a63d-285d-4201-9649-a009d354196a", "value": "BlueVoyant researchers have uncovered a broad, multi-pronged phishing campaign targeting Spanish-speaking users in organizations across Latin America and now Europe as well. While recent industry intelligence heavily documented attacks utilizing WhatsApp to deliver banking trojans under the umbrella of the Brazil-based eCrime group Augmented Marauder (a.k.a. Water Saci)" }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1775098822", "to_ids": false, "type": "text", "uuid": "d42f6790-9dd8-4018-991a-f290b7b76b10", "value": "Name: Unpacking Augmented Marauder\u2019s Multi-Pronged Casbaneiro Campaigns\nAuthor: AlienVault\nAdversary: Augmented Marauder\nTags: [\"casbainero\", \"phishing\", \"augmented marauder\", \"banking trojan\"]\nTgtd countries: [\"Spain\"]\nMlwr families: [\"Casbaneiro\"]\nAttack_ids: []\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1775962119", "to_ids": false, "type": "threat-actor", "uuid": "aa98f4f0-c062-4c43-8120-855df911bf4e", "value": "Augmented Marauder", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"HAFNIUM\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966041", "to_ids": true, "type": "url", "uuid": "331e09b8-f7a3-4296-a4c9-685f2eb065e5", "value": "https://cgf.facturastbs.shop/a/08/150822/au", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966062", "to_ids": true, "type": "url", "uuid": "eb4c0d67-1b3a-473d-b1ef-109bc3240494", "value": "https://tt.grupobedfs.com/.../gera_pdf.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966083", "to_ids": true, "type": "domain", "uuid": "387b3584-b068-4ff7-95f3-72b59469fa29", "value": "facturastbs.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966104", "to_ids": true, "type": "domain", "uuid": "c15e6a83-45e7-4b7a-8c04-1e90f4c7e09b", "value": "grupobedfs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966125", "to_ids": true, "type": "hostname", "uuid": "9616d447-a6ae-4556-817d-11425f785d96", "value": "cgf.facturastbs.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966146", "to_ids": true, "type": "hostname", "uuid": "c739e8f4-ea89-4f87-923e-a315c8b67531", "value": "tt.grupobedfs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966168", "to_ids": true, "type": "url", "uuid": "acfff5fe-af2d-432e-9340-481eef887e73", "value": "https://ge.factu.it.com/GZSPEGIJ/YFSBNPQK", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966190", "to_ids": true, "type": "url", "uuid": "0af47de4-a9b7-4d15-bfec-ee8a4ecf45f1", "value": "https://104.21.19.50/GZSPEGIJ/YFSBNPQK", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966211", "to_ids": true, "type": "url", "uuid": "7ce37ba2-ea75-45e5-8480-fc6805f91013", "value": "https://ge.factu.it.com/g1/ld1/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966232", "to_ids": true, "type": "url", "uuid": "b1e28c61-db4c-48bc-aace-a2ae40b057b7", "value": "https://ge.factu.it.com/g1/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775966253", "to_ids": true, "type": "hostname", "uuid": "5bfcbffc-4ba1-4f35-b98c-6772087ffd81", "value": "factu.it.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775966274", "uuid": "8adcddeb-1803-41c0-88b5-1e0a3d3fe97f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775966274", "to_ids": true, "type": "md5", "uuid": "09cbe0a4-46ad-4506-b885-02f7e84e031c", "value": "aec9ed01b85713acc6a7f1da4d94ee1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964171", "to_ids": true, "type": "sha1", "uuid": "6e2887b4-eead-4533-b9ed-748139177d19", "value": "a5eacd9028639a7b148b66de168037c3cea78ecf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964171", "to_ids": true, "type": "sha256", "uuid": "064a3642-8518-4735-be63-27f86aedae52", "value": "1af69a3283e28a8cc9a11819ecc2f2cff46dcabbfa78cefc71a02b881a064593", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775963709", "to_ids": true, "type": "ssdeep", "uuid": "258c91f8-0fae-4201-8998-f7ef7688e2fb", "value": "384:b1hL2gQOxvSVNDa/0jXPyZUHG370HGpC+Njqh82To8HCN3g3Gm/bClML3VyJLod4:b1hLLQKbZZE6ptqhdHkJH9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775963709", "to_ids": false, "type": "size-in-bytes", "uuid": "e31b8df8-81c0-4e37-846c-d6e87b0c6050", "value": "44101" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775963709", "to_ids": true, "type": "vhash", "uuid": "a1da5383-fbff-47d2-9166-804428ead5f9", "value": "3c1b437dfe02fb52ca99d90e59ba0a50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775963709", "to_ids": true, "type": "filename", "uuid": "2ed2a98a-a15a-4f75-a6bd-0b54477b085c", "value": "c6a4d1b9-7e3c-4a52-9d1f-6b8a2f0e9c47NDBSHNUO.hta" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775963709", "to_ids": false, "type": "text", "uuid": "10b2448f-a8ec-4ed3-87d3-415655612330", "value": "Type Description: HTML\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:11/61\nFirst Submission:2026-03-12T09:39:41.000000+00:00\nLast Submission:2026-03-12T09:39:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775966295", "uuid": "cc5585f7-6cfb-4aa6-8d99-d53f4246fc5c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775966295", "to_ids": true, "type": "md5", "uuid": "21c2f2f3-bcb1-4b47-bc0a-51805b9e6408", "value": "a112765dd04547072d649afe7deeb3b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964173", "to_ids": true, "type": "sha1", "uuid": "91803b7f-9199-4897-ac12-a7e35997d984", "value": "3d93f46449d76aebd41cf77144839e83ab1d42a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964173", "to_ids": true, "type": "sha256", "uuid": "acf48645-b4fe-4511-9e86-23d77fec9be1", "value": "1693448804bf1c90ad7317af250bcd6ea021256e33e983b224aea81d4ecc2e20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775963731", "to_ids": true, "type": "ssdeep", "uuid": "829f104c-b279-4687-ba3c-37ded816a01a", "value": "393216:tXPuTXgI2o47JnfO93q43cFezmX7sMv6WNjaGixiHcumCNl+/gWti:TffQU7sMiWNjOihmQl5Wt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775963731", "to_ids": false, "type": "size-in-bytes", "uuid": "f9a5d909-2307-47fc-b1a3-804346d970f1", "value": "22836224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775963731", "to_ids": true, "type": "vhash", "uuid": "3fedb524-067f-46ce-9845-b1c374bb4a48", "value": "1270a6666d1c0d5d151510322z166002d12013zb035z23z2031z18z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775963731", "to_ids": true, "type": "filename", "uuid": "07e799fe-947e-4e32-a4f4-2f3ffe9f51e1", "value": "1693448804bf1c90ad7317af250bcd6ea021256e33e983b224aea81d4ecc2e20.dll" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775963731", "to_ids": false, "type": "text", "uuid": "afc476fb-d545-48c7-9059-27dfe6fe53b9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Banker.LPB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-02-24T09:34:49.000000+00:00\nLast Submission:2026-04-01T15:33:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775966316", "uuid": "6dfe60dd-5025-4e4c-9c33-d2a2a5a37d35", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775966316", "to_ids": true, "type": "md5", "uuid": "410b94a6-7f71-4436-ad24-7910418e099a", "value": "3fa402a093ebb26277e4c940f6632340", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964174", "to_ids": true, "type": "sha1", "uuid": "9b50d6f3-f999-4595-883b-248ea7d6f8aa", "value": "9db6d43b581da49f68b385a5acc24d89ba71dd08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964174", "to_ids": true, "type": "sha256", "uuid": "ae516235-8111-40cc-aeac-5d75507795d4", "value": "239cb9232fe01c8b82eb627f66acc6848cb223dfea46d4923844c1fe20f1de49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775963752", "to_ids": true, "type": "ssdeep", "uuid": "d6062295-d34d-4856-a4cf-ea7eef77cdc3", "value": "6144:2kkkkkkkkkkkkkkkkkkkkkkkpEnWYJsR7Ch5vCQ:2kkkkkkkkkkkkkkkkkkkkkkkpnYl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775963752", "to_ids": false, "type": "size-in-bytes", "uuid": "24f7690d-32a1-475a-88a6-05fcce71962d", "value": "197887" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775963752", "to_ids": true, "type": "vhash", "uuid": "f1f2ae39-6cf9-4099-91f4-f5430d2416c3", "value": "9712df180e5e08940d1185a7ea7422fe2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775963752", "to_ids": true, "type": "filename", "uuid": "b5b8d3b2-e541-4ce4-b2e6-424ae6010eb7", "value": "File-cobranza@afsforwarding.com.pdf" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775963752", "to_ids": false, "type": "text", "uuid": "0c7f4919-cfb4-401e-8fc3-ef5e8c92ea81", "value": "Type Description: PDF\nMicrosoft: None\nVT Total Detection:19/64\nFirst Submission:2025-09-11T18:02:07.000000+00:00\nLast Submission:2025-09-11T18:02:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775966337", "uuid": "31e4ef35-be8e-4a23-869a-6acb2b32abde", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775966337", "to_ids": true, "type": "md5", "uuid": "34a2521c-6017-4a38-9a78-081042ace8e7", "value": "fb90e7b475444988714c42ca4c510239", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964175", "to_ids": true, "type": "sha1", "uuid": "f6f1ae96-2de0-44df-beab-ab1478bdfbc4", "value": "03aa19a0c246fb3a3dceac12bace4ce8beef0a6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964175", "to_ids": true, "type": "sha256", "uuid": "9d0b7d0f-df06-4219-8053-0310f37676e7", "value": "3e4002c7f0909d3c743b3586098e248d413f485c6bb033cafdb322bd8b206ebb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775963774", "to_ids": true, "type": "ssdeep", "uuid": "0a5868a4-d972-4402-bc80-4ba6d854e931", "value": "3072:w6gEy/NHudN++gI0fu5wkPSVRFZ6CkEA+AHdoTrQcqapTud04LDY:puuP0aSMqA9XcRpMdI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775963774", "to_ids": false, "type": "size-in-bytes", "uuid": "b205e20f-e8a8-477a-a647-2d010895d1e0", "value": "164492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775963774", "to_ids": true, "type": "vhash", "uuid": "0d61e787-2c59-442b-a092-6e1edbb36fce", "value": "9ca929e9a50f56ffa5a666f4120526019" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775963774", "to_ids": true, "type": "filename", "uuid": "e5c0e089-bd22-434c-ace4-c018bb61a1ff", "value": "File-2025-09-11_10.00.40.pdf" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775963774", "to_ids": false, "type": "text", "uuid": "42740d26-0270-4d05-bc9d-51f182c07e52", "value": "Type Description: PDF\nMicrosoft: None\nVT Total Detection:21/64\nFirst Submission:2025-09-11T16:17:14.000000+00:00\nLast Submission:2025-09-11T16:17:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775966358", "uuid": "4fd1b9fb-e602-458e-b9c2-98c4b5fee4c6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775966358", "to_ids": true, "type": "md5", "uuid": "e31b90a6-057f-464a-9d62-fbc36484b181", "value": "31c7c479b03aef2f5cf4947149d69f52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964177", "to_ids": true, "type": "sha1", "uuid": "300f2931-4506-4f75-b80f-beca58be63db", "value": "3b9dcee197955dc5fd4b15205543cec319003b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964177", "to_ids": true, "type": "sha256", "uuid": "ecc19c40-b852-4a32-af57-90c3bf8277e3", "value": "4e08a1525a62a387595a2e4942b56ec3f3b3259996115ea2e6ea3638ccb87705", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775963796", "to_ids": true, "type": "ssdeep", "uuid": "66a57491-961a-442b-baf1-f814c055fd96", "value": "393216:kiiTDrcpsA4KJmjSO93q43cFezmX7sMv6WNjaGixiHcumCNl+/gWti:N2+QU7sMiWNjOihmQl5Wt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775963796", "to_ids": false, "type": "size-in-bytes", "uuid": "945fa7c3-616a-4f61-9d99-31e35ce85f92", "value": "22836224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775963796", "to_ids": true, "type": "vhash", "uuid": "c095f4be-20bb-4a50-9159-9da479e1a00d", "value": "1270a6666d1c0d5d151510322z166002d12013zb035z23z2031z18z4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775963796", "to_ids": true, "type": "filename", "uuid": "ada33e8b-84b8-4a18-80b2-8f5cbc803439", "value": "4e08a1525a62a387595a2e4942b56ec3f3b3259996115ea2e6ea3638ccb87705.dll" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775963796", "to_ids": false, "type": "text", "uuid": "c9ad493f-4428-4058-ad98-805ad66fa748", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Banker.LPB!MTB\nVT Total Detection:49/72\nFirst Submission:2026-02-24T08:57:48.000000+00:00\nLast Submission:2026-04-01T15:49:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775966380", "uuid": "3915ca69-8884-4269-9320-730769167363", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775966380", "to_ids": true, "type": "md5", "uuid": "90b086b2-0f14-49b0-8da4-74e582bb2fd7", "value": "7a8c8410c2fbbdc293508ccb75ee4fbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964178", "to_ids": true, "type": "sha1", "uuid": "7d71d0bd-6719-4d47-9fa6-e5492b808761", "value": "1b0bdc6ab7560b36fdb610cb99976cc3bd6495a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964178", "to_ids": true, "type": "sha256", "uuid": "c1dc8c2b-c534-4f91-99e4-02afd84860ca", "value": "69fc15919044fc6a94bb251afd90a0a07204b79df3bc62c49ba6b0febefbc33e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775963817", "to_ids": true, "type": "ssdeep", "uuid": "c4f73cbe-c508-4d18-a17b-a587c8fe859d", "value": "384:JrdQUxl4NoeFbWoDN12fbQCRGZYi5X3sh8Dyf+SVXi/r6A3tCXVYWJyjVowp:JrCxbvD3CM7YVmjtwwRXp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775963817", "to_ids": false, "type": "size-in-bytes", "uuid": "9f729e18-14f1-42ea-9980-9d8342021420", "value": "40274" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775963817", "to_ids": true, "type": "vhash", "uuid": "f252526d-4c75-48c4-bc62-1e6db6764adf", "value": "ae9035279397fa582c4cd2f3c26212db" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775963817", "to_ids": true, "type": "filename", "uuid": "e01bb634-2d57-4fef-a136-4f943664492f", "value": "07f07ffc-028d-4092-bc3f-74cb13257159AFULGXST.hta" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775963817", "to_ids": false, "type": "text", "uuid": "d4518ac3-3554-4321-b75d-9082f2b2c9d4", "value": "Type Description: HTML\nMicrosoft: Trojan:HTML/ScrInject.SYL!MTB\nVT Total Detection:25/62\nFirst Submission:2026-03-01T09:30:42.000000+00:00\nLast Submission:2026-03-01T09:30:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775966401", "uuid": "01e292a0-f75f-43b3-af48-781e3298848e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775966401", "to_ids": true, "type": "md5", "uuid": "792975d4-d411-4d64-a27e-2aadcf346314", "value": "b3ac96a58a6786df02a8f4ce51c8b7d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964179", "to_ids": true, "type": "sha1", "uuid": "5e75198e-031c-4ea0-8626-b9e652c0f9cc", "value": "fae272a8be9cbe839b2e864b98047581885d08ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964180", "to_ids": true, "type": "sha256", "uuid": "85036381-45b7-47cf-9564-0702ffb28b72", "value": "b56d00addd6c6a266de3c739dad22aa1de52624066544929754d47332257cba6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775963839", "to_ids": true, "type": "ssdeep", "uuid": "1a6e1dc9-7c4a-4410-8745-db573e25192d", "value": "384:0DcHqqYTHFNaMQnejTnmXy3gAevX7HIEw1hKhzCt0xaXZpHnl4eYyd:0gK/TlNaM/vmX8gAezo4hzC2YXx42" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775963839", "to_ids": false, "type": "size-in-bytes", "uuid": "940c4787-6ced-47b7-8575-4c8217116056", "value": "20079" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775963839", "to_ids": true, "type": "vhash", "uuid": "9ab4e793-2c2e-40e8-92c2-476eedd02189", "value": "322625e84a962ac1fa66b7633ff300ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775963839", "to_ids": true, "type": "filename", "uuid": "299522e0-57ef-49c3-92c3-0b8b0fc13b4c", "value": "c6a4d1b9-7e3c-4a52-9d1f-6b8a2f0e9c47MITOVSSA.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775963839", "to_ids": false, "type": "text", "uuid": "b1093ed8-f2bc-45f5-ac0d-68f8ea041632", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:7/69\nFirst Submission:2026-03-10T20:20:23.000000+00:00\nLast Submission:2026-03-10T20:20:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775966423", "uuid": "7c73dfb0-6608-477d-a75f-ff02e2fd9744", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775966423", "to_ids": true, "type": "md5", "uuid": "92798b58-4b38-4009-acdc-20cf1a302fed", "value": "89b9425c16e6c546d9e56130fc28782f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775964180", "to_ids": true, "type": "sha1", "uuid": "9524025f-0961-4de1-9a39-dda5cb660624", "value": "1742f7c96eac4025d218d46ac25db94cab52d27c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775964180", "to_ids": true, "type": "sha256", "uuid": "ea79dbbf-80be-41fa-b351-d758502592bb", "value": "d1d08f7e44641d921fad22ed175b928c696befd14a55271eb203f8fcaff553d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775963860", "to_ids": true, "type": "ssdeep", "uuid": "61f169b1-abd0-48a9-ae53-1252f930ba25", "value": "384:vyBcXpQUhrufKQlXQvFFzJKUL0cj35X7HIEw1hKhzCt0xaXZpHnl4eYnyO:6WrKnXUnxo4hzC2YXx4t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775963860", "to_ids": false, "type": "size-in-bytes", "uuid": "edea4356-2b21-4577-a7f6-eef262b1cce2", "value": "20430" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775963860", "to_ids": true, "type": "vhash", "uuid": "34d9f7ae-48dc-4a49-b1e8-21244346450f", "value": "322625e84a962ac1fa66b7633ff300ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775963860", "to_ids": true, "type": "filename", "uuid": "e7dc66bb-0597-474e-80bf-9909e2ea3020", "value": "c6a4d1b9-7e3c-4a52-9d1f-6b8a2f0e9c47CIMKYEXG.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775963860", "to_ids": false, "type": "text", "uuid": "daef772a-c286-4e21-810f-cba0cea6c162", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:5/69\nFirst Submission:2026-03-12T09:54:58.000000+00:00\nLast Submission:2026-03-12T09:54:58.000000+00:00" } ] } ] } }