{ "Event": { "analysis": "1", "date": "2026-03-16", "extends_uuid": "", "info": "[Threat Intel] Boggy Serpens Threat Assessment", "protected": false, "publish_timestamp": "1774219684", "published": true, "threat_level_id": "2", "timestamp": "1774219684", "uuid": "32181f2c-5d46-43ff-ba89-9cf473e51e4f", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#98f3da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": "" }, { "colour": "#620e4e", "local": false, "name": "misp-galaxy:target-information=\"Hungary\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#19d775", "local": false, "name": "misp-galaxy:target-information=\"Turkmenistan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Phoenix\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773745207", "to_ids": false, "type": "link", "uuid": "dc257578-b874-4637-b2fd-3a2f31c3162a", "value": "https://unit42.paloaltonetworks.com/wp-content/uploads/2026/03/Boggy-Serpens.png" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773745207", "to_ids": false, "type": "link", "uuid": "16ad057e-c609-48df-b32b-86dff90c37a0", "value": "https://unit42.paloaltonetworks.com/boggy-serpens-threat-assessment/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773745207", "to_ids": false, "type": "text", "uuid": "f4c01f1a-7527-4124-a464-93376d899525", "value": "The Iranian threat group Boggy Serpens, linked to the Ministry of Intelligence and Security, has refined its cyberespionage tactics to focus on trusted relationship compromises and multi-wave targeting of strategic organizations. The group combines social engineering with AI-enhanced malware for long-term persistence, primarily targeting diplomatic and critical infrastructure sectors. Recent campaigns show increased technological capabilities, including AI-generated code and Rust-based tools. Boggy Serpens exploits hijacked accounts to bypass security measures and employs a secondary social engineering prompt to deliver malware. The group's determination is exemplified by a sustained four-wave campaign against a UAE marine and energy company, demonstrating its focus on infiltrating regional maritime infrastructure." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773745207", "to_ids": false, "type": "text", "uuid": "1e8defbe-fa31-4d69-ac4d-a86c73af7f93", "value": "Name: Boggy Serpens Threat Assessment\nAuthor: AlienVault\nAdversary: Boggy Serpens\nTags: [\"maritime\", \"nuso\", \"lamporat\", \"ai-enhanced malware\", \"trusted relationship compromise\", \"energy\", \"iranian\", \"cyberespionage\", \"udpgangster\", \"critical infrastructure\", \"blackbeard\", \"phoenix\", \"ghostbackdoor\", \"social engineering\"]\nTgtd countries: [\"Egypt\", \"Hungary\", \"Israel\", \"Saudi Arabia\", \"Turkmenistan\"]\nMlwr families: [\"GhostBackDoor\", \"BlackBeard\", \"UDPGangster\", \"LampoRAT\", \"Nuso\", \"Phoenix\"]\nAttack_ids: [\"T1132.001\", \"T1204.002\", \"T1573.001\", \"T1140\", \"T1055\", \"T1112\", \"T1547.001\", \"T1566\", \"T1078\", \"T1027\", \"T1095\", \"T1027.002\", \"T1071.001\", \"T1059.005\", \"T1574.002\"]\nIndustries: [\"Energy\", \"Government\", \"Defense\", \"Telecommunications\", \"Finance\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1773745207", "to_ids": false, "type": "threat-actor", "uuid": "1c60fff3-ffe8-4f42-b5af-adcddea9f6f4", "value": "Boggy Serpens" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773745207", "to_ids": false, "type": "vulnerability", "uuid": "29471dcf-de6c-48e8-bfc3-7eee4a7256b8", "value": "CVE-2026-1731" }, { "category": "Payload delivery", "comment": "UDPGangster Payload No sample in VT\r\nLast check:22/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774194828", "to_ids": true, "type": "sha256", "uuid": "cf75454b-61af-466c-99b5-1ae53c6299a8", "value": "fc4a7eed5cb18c52265622ac39a5cef31eec101c898b4016874458d2722ec430", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774195873", "to_ids": true, "type": "ip-dst", "uuid": "c83b198c-6df6-4439-9c45-ed1ca0fc975f", "value": "157.20.182.75", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774195894", "to_ids": true, "type": "ip-dst", "uuid": "a5e391f7-a325-426d-b443-e412e2231c59", "value": "159.198.66.153", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774195916", "to_ids": true, "type": "ip-dst", "uuid": "4b3f50aa-dea7-46c1-9734-4b8503c4c5b4", "value": "159.198.68.25", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774195937", "to_ids": true, "type": "ip-dst", "uuid": "07295f66-3bf2-4610-be19-1aef1e1a15b7", "value": "64.7.198.12", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774195958", "to_ids": true, "type": "domain", "uuid": "b82c1745-1684-4e2e-9aa8-e7b55feb94ff", "value": "bootcamptg.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774195980", "to_ids": true, "type": "domain", "uuid": "82d3c421-577a-45c0-a466-4f064fd46992", "value": "codefusiontech.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196001", "to_ids": true, "type": "domain", "uuid": "8c42d716-3f7c-401d-b59c-da505a5f96ae", "value": "maxisteq.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196022", "to_ids": true, "type": "domain", "uuid": "8f0f0914-2074-40de-8eb0-053d09d70c3b", "value": "miniquest.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196045", "to_ids": true, "type": "domain", "uuid": "85dc5201-9dd0-445c-aebf-e6ed1cd83c42", "value": "promoverse.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196066", "to_ids": true, "type": "domain", "uuid": "93b02d2f-d591-488f-97f4-07c65e74ec26", "value": "screenai.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196088", "to_ids": true, "type": "domain", "uuid": "85cb9476-3e79-41c6-a059-c3551bcae2f2", "value": "stratioai.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196110", "to_ids": true, "type": "hostname", "uuid": "e697ff4a-b886-4840-92c1-795b3491d32c", "value": "reminders.trahum.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196131", "to_ids": true, "type": "domain", "uuid": "207c42ee-00d3-48d8-89e4-57680f678ab1", "value": "netivtech.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196152", "to_ids": true, "type": "hostname", "uuid": "8ca29441-4b05-48f2-832d-f695bdf5631c", "value": "nomercys.it.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774196173", "to_ids": true, "type": "ip-dst", "uuid": "3fa70c4c-cbda-400b-9b6a-60f55da42260", "value": "46.101.36.39", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Other", "comment": "Telegram Bot ID", "deleted": false, "disable_correlation": false, "timestamp": "1774192933", "to_ids": false, "type": "text", "uuid": "7081e836-959c-4b0e-a42d-da34830a2fea", "value": "8398566164:AAEJbk6EOirZ_ybm4PJ-q8mOpr1RkZx1H7Q" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196195", "uuid": "e9808384-68ac-4805-9704-b4708c390868", "Attribute": [ { "category": "Payload delivery", "comment": "BlackBeard Variant (Reddit.exe)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196195", "to_ids": true, "type": "md5", "uuid": "f3e4f0f1-baa0-48d0-aa99-83ebbf51558e", "value": "a90b3823abef1667290c26b0f147fd48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackBeard Variant (Reddit.exe)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194781", "to_ids": true, "type": "sha1", "uuid": "7f8a628d-55b5-4873-9796-26f1c4b7afa0", "value": "2ad96dc8e2113d56e3ff3457199cabf8cfa92224", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackBeard Variant (Reddit.exe)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194781", "to_ids": true, "type": "sha256", "uuid": "54218796-1bf2-423b-b8fa-18bc539efa2e", "value": "0be499354dc498248d27f6d186eb3bb75a607ae4a2c0a6734c76f1a1b7b1d316", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193884", "to_ids": true, "type": "ssdeep", "uuid": "61d323e5-9f60-4354-9d69-901b7fef12e4", "value": "24576:li8CxkFmdNY74p3qy2YMohshnNBj8/A1jYCP:li8CxaeNYkRqy2YMoKpzvf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193884", "to_ids": false, "type": "size-in-bytes", "uuid": "282a79c3-259e-4e90-a34a-a5636a5d6553", "value": "1288195" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193884", "to_ids": true, "type": "vhash", "uuid": "521c1710-be45-4769-9141-8bf6c65a0b2f", "value": "016076655d155d05155053zb2z6e1z1079zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193884", "to_ids": true, "type": "filename", "uuid": "a8f8f8c5-0ae4-4495-b352-0e1e11edc897", "value": "reddit.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193884", "to_ids": false, "type": "text", "uuid": "3f65e6bc-5b18-45f9-abe8-6f4093ec6613", "value": "BlackBeard Variant (Reddit.exe)\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/RustyStealer.A!AMTB\nVT Total Detection:53/72\nFirst Submission:2026-01-26T10:25:07.000000+00:00\nLast Submission:2026-01-26T10:25:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196216", "uuid": "9692e640-9918-41fa-911e-1f1dd376b4bb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196216", "to_ids": true, "type": "md5", "uuid": "88dd0b96-9128-4c27-af61-8f906a4f7cf3", "value": "f93be01556d2f1c0994889540eddf3fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194782", "to_ids": true, "type": "sha1", "uuid": "b7a0db11-5f5b-40bd-b047-8d71b5a91354", "value": "6ffc467ec99d2bd502dea013f9debd2b0051f77f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194783", "to_ids": true, "type": "sha256", "uuid": "46805877-2eee-4bc5-980f-8c030457d375", "value": "0ce54a5a6f061b158e3891aadd03773d0bae220b0316e84fc042a741924b3525", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193909", "to_ids": true, "type": "ssdeep", "uuid": "325e0817-f37e-4830-947c-2161b3aecd0a", "value": "49152:pDJ4iIIOAsRp66XKhca8+4MqS5ez2tq+/CMVh9SsaJh4l1KKp88Z5Mf8Aci1M1:n4iIIO316hcY4TRMl9zaJhUpXHji1M1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193909", "to_ids": false, "type": "size-in-bytes", "uuid": "11ab47c5-2045-4b06-9dee-72f41ca9c6f7", "value": "9579520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193909", "to_ids": true, "type": "vhash", "uuid": "08c0f133-f239-4457-a2b3-892c492bdfb6", "value": "d2aada29ed2df700143e1989f0116dab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193909", "to_ids": true, "type": "filename", "uuid": "5133bbd3-1d37-4862-81ca-337880636518", "value": "Transaction Volumes Sheet_Filled.xls" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193909", "to_ids": false, "type": "text", "uuid": "2c3fb321-43b4-4a19-a610-b061ba93b7e5", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: None\nVT Total Detection:27/63\nFirst Submission:2026-01-30T09:58:50.000000+00:00\nLast Submission:2026-01-30T09:58:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196238", "uuid": "22023fd5-5042-4dbe-8b0b-f041819252e7", "Attribute": [ { "category": "Payload delivery", "comment": "BlackBeard Variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196238", "to_ids": true, "type": "md5", "uuid": "2a129bac-e67b-4974-a5f1-6a0675d4a237", "value": "e67c4eee0f424064d811794fc8f80130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackBeard Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194784", "to_ids": true, "type": "sha1", "uuid": "8502bba0-a4c6-41d1-96d4-24e32f654f00", "value": "fa9670efb79e2b30da2e017d767cd948c008040a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackBeard Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194784", "to_ids": true, "type": "sha256", "uuid": "991e006f-c2e2-4f78-b7c0-1097bbb3bb92", "value": "156b325231742a73ded4104fbde1c55ad3913d2eaf09b5194ef74c81ee3ba393", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193932", "to_ids": true, "type": "ssdeep", "uuid": "0facef9f-d27c-47a6-9458-b9e349eb3bbe", "value": "24576:iJYJIIB8OGMpbFpYbe652G5ADVuSvEqCm:i+IICOGiF8pUuC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193932", "to_ids": false, "type": "size-in-bytes", "uuid": "e5b06387-102b-40ea-9308-305493214a9f", "value": "1287680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193932", "to_ids": true, "type": "vhash", "uuid": "671d1c60-f3d8-46a1-aa64-3d409d67d86d", "value": "016066655d1555155053zb2z721z1059zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193932", "to_ids": true, "type": "filename", "uuid": "82d50bfd-837b-4313-a852-935a5c6ed221", "value": "nginx.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193932", "to_ids": false, "type": "text", "uuid": "598453c0-af02-4be9-a44b-474c6d2c65d8", "value": "BlackBeard Variant\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/TroyStealer.SE!MTB\nVT Total Detection:44/72\nFirst Submission:2025-10-07T07:01:24.000000+00:00\nLast Submission:2025-10-10T02:51:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196259", "uuid": "a9cfe07d-3271-4e5e-b4d4-fce3817e86f2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196259", "to_ids": true, "type": "md5", "uuid": "3f500a29-a684-4de0-9570-06b72e6d166e", "value": "10af4e0e90eb0ff371f32a049edc5511", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194785", "to_ids": true, "type": "sha1", "uuid": "65394e78-1c0c-49bb-be24-a8b03fb2d91d", "value": "0588cf26b6e9210f86a266ac0366af1fd29f135c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194786", "to_ids": true, "type": "sha256", "uuid": "e1f5a6eb-8ba0-44d7-a3ca-a38c8f39a849", "value": "167d5ab70f55c100e51833fbfea44048095889c162e1330df0631423fc547409", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193955", "to_ids": true, "type": "ssdeep", "uuid": "44f1d951-2966-45be-9cef-7f311a513d73", "value": "49152:8p5nIgUKI58q7arT62mcWvYWDLiq1b4v:cnRFI5taC2mVQ0p4v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193955", "to_ids": false, "type": "size-in-bytes", "uuid": "1e8ff352-bdea-4be7-86ef-1120dd45897b", "value": "1977344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193955", "to_ids": true, "type": "vhash", "uuid": "105508a3-1af8-4c66-adc1-4252107e2267", "value": "320aca1b3fcb7fd36bdbcbfebcf82751" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193955", "to_ids": true, "type": "filename", "uuid": "f8a406a9-ee98-4170-acac-2a38ba76d738", "value": "t5lj0gg.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193955", "to_ids": false, "type": "text", "uuid": "82b68d35-82f9-44be-b87e-dfe73e05fcdf", "value": "Type Description: MS Word Document\nMicrosoft: TrojanDropper:O97M/Muddywater.SI!MTB\nVT Total Detection:40/63\nFirst Submission:2026-01-30T09:15:05.000000+00:00\nLast Submission:2026-02-26T22:31:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196280", "uuid": "6c837126-4e15-4ffe-8eca-9ac58fc56f4e", "Attribute": [ { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196280", "to_ids": true, "type": "md5", "uuid": "46a1f01d-7b7d-4b38-89f5-7099cd8f0ebf", "value": "1c8c4746a1669b00f53d846158dd9693", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194787", "to_ids": true, "type": "sha1", "uuid": "b3d74cdf-a2b7-4285-928b-42c9812bd81c", "value": "d97d21536c061e7a7151a453242d36f3ab196a14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194787", "to_ids": true, "type": "sha256", "uuid": "6616900e-2e3b-49b7-bf81-b53b00bb4e2d", "value": "1b9e6fe4b03285b2e768c57e320d84323ac9167598395918d56a12e568b0009a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774193979", "to_ids": true, "type": "ssdeep", "uuid": "a9c9c13c-6cc7-4a2d-a043-5ab46678c984", "value": "3072:pBVBEtZ0Ws/UMmTQY/HIrgloh2aC/GnbJerraaKWSt4jT3ySy:Rsns/9mEYvIrglCckgn95" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774193979", "to_ids": false, "type": "size-in-bytes", "uuid": "68a1b6cc-6f93-46f0-b71a-ff69347d9f8e", "value": "223232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774193979", "to_ids": true, "type": "vhash", "uuid": "22a5cd2a-33dd-4e4b-90a9-87d90c2fa32e", "value": "025066655d155d055az589z2hz39z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774193979", "to_ids": true, "type": "filename", "uuid": "0a1dbdcd-f399-4273-8b9c-0151881e045c", "value": "pic.LOG" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774193979", "to_ids": false, "type": "text", "uuid": "979aeb6e-4c1f-4028-8119-77a3339bd8a6", "value": "Nuso Variant\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/MuddyWater.DA!MTB\nVT Total Detection:49/72\nFirst Submission:2026-02-11T11:14:53.000000+00:00\nLast Submission:2026-02-16T05:33:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196302", "uuid": "5d13c6d9-7246-40f4-94fa-3e0ef416c90c", "Attribute": [ { "category": "Payload delivery", "comment": "Rust Payload (BlackBeard)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196302", "to_ids": true, "type": "md5", "uuid": "253d4c79-98c3-4d05-9abb-3d2b77d90988", "value": "2e3a263cb3e488eee42d87acd380c6a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rust Payload (BlackBeard)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194789", "to_ids": true, "type": "sha1", "uuid": "375b74e9-478d-4c77-91fc-f58355e4cf29", "value": "b2bb54d3502dc6ba1601f3f127d9ddf9f29cf5a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rust Payload (BlackBeard)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194789", "to_ids": true, "type": "sha256", "uuid": "8156e4ea-c324-44c9-89e8-18d7d58da064", "value": "1bcd8d7dc7bed5873bbdd2822e84e19773a33d659b16587ca9dc6db204447a86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194003", "to_ids": true, "type": "ssdeep", "uuid": "648d0b4d-0fef-45e4-a52d-6fe033015d08", "value": "49152:ieJ55PNH64yDWPsJWL7K0YwpLKSo5xR5nZsExvlZ:i055PU4uSsApLKSo5xbnZsExvlZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194003", "to_ids": false, "type": "size-in-bytes", "uuid": "5f6882eb-b38b-4f31-b17d-8687da020093", "value": "1869576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194003", "to_ids": true, "type": "vhash", "uuid": "dda51081-bb12-45c0-becc-4fbc8dc368f5", "value": "016076657d155515555az43!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194003", "to_ids": true, "type": "filename", "uuid": "6a6b350b-b46c-4a04-9111-8c65aecd37be", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194003", "to_ids": false, "type": "text", "uuid": "2cb2617c-c3c8-47a6-91d6-bfdc8cfe4b7b", "value": "Rust Payload (BlackBeard)\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BlackBeard.DA!MTB\nVT Total Detection:46/72\nFirst Submission:2025-11-19T07:28:14.000000+00:00\nLast Submission:2025-11-19T07:28:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196323", "uuid": "0ed945dc-c1ef-4e50-9de6-c5a666414b1e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196323", "to_ids": true, "type": "md5", "uuid": "62ed8452-6d7d-46ed-a038-f12cb505e614", "value": "1de19958e7c2ef14addfb35b43a594ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194790", "to_ids": true, "type": "sha1", "uuid": "d531020c-4982-4d12-ac33-57dfdfae8046", "value": "ec251c5b831be6265d8daeb0437229b8b00e0b68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194791", "to_ids": true, "type": "sha256", "uuid": "01dff1a5-207d-47c0-8a88-1b6494ce80a7", "value": "1c16b271c0c4e277eb3d1a7795d4746ce80152f04827a4f3c5798aaf4d51f6a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194026", "to_ids": true, "type": "ssdeep", "uuid": "8741bd6b-bae9-4cdc-afcd-766a02237345", "value": "6144:vlbxkBalSumigFe8kd3mZPid9yycjzLh:vlb2crgFe8kdWynEL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194026", "to_ids": false, "type": "size-in-bytes", "uuid": "47683b3a-d5aa-400a-8e1b-90399fa420e1", "value": "1316352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194026", "to_ids": true, "type": "vhash", "uuid": "62e3528a-4b3f-428a-9782-85d9b2de89e0", "value": "bef5ec9cb19453024ef964e25baf0e79" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194026", "to_ids": true, "type": "filename", "uuid": "b9b77fee-dbc0-4eac-9afc-28d4916e4b84", "value": "1c16b271c0c4e277eb3d1a7795d4746ce80152f04827a4f3c5798aaf4d51f6a1.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194026", "to_ids": false, "type": "text", "uuid": "1513f343-261e-4c32-a3ba-87f17ca8de60", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:O97M/Obfuse!AMTB\nVT Total Detection:38/63\nFirst Submission:2025-08-19T10:17:50.000000+00:00\nLast Submission:2026-02-23T10:25:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196345", "uuid": "427527fd-e7e2-4980-8361-0ec8c883019b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196345", "to_ids": true, "type": "md5", "uuid": "fa108735-466f-492f-bab5-885b0d51aa2b", "value": "07502104c6884e6151f6e0a53966e199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194792", "to_ids": true, "type": "sha1", "uuid": "83b1670f-3ed7-4dd9-b9bf-99546cb405c6", "value": "3e958a16db654e438a3ed3d7e6a3deccc2190eed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194792", "to_ids": true, "type": "sha256", "uuid": "68b462b2-2c4d-4fed-bd47-3085d8f04249", "value": "23f3a98befdff13c802eed32eea754018b8b525ec0dd3afce8459a0287df74ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194049", "to_ids": true, "type": "ssdeep", "uuid": "2e3f271e-fd15-4350-a34a-086bacd2cf58", "value": "24576:jcGB4L890QKs+ozBvGnvz6kGfbPWGGD8AURrpDx3Y7pRn7eMHL2qDKGv:jcO0P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194049", "to_ids": false, "type": "size-in-bytes", "uuid": "190f6009-a425-40f4-af2c-365092f6e0c0", "value": "2286592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194049", "to_ids": true, "type": "vhash", "uuid": "ce14eaf3-2c4d-4689-a191-938ada90a722", "value": "9fd6f2fc77d384bf1b3157bfd0331b57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194049", "to_ids": true, "type": "filename", "uuid": "fc698a59-b141-4c45-b1dd-e3e7d8c44f0a", "value": "AIC_2025.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194049", "to_ids": false, "type": "text", "uuid": "308854b5-faaf-4121-b512-5c498c3f15e4", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:31/63\nFirst Submission:2025-09-16T10:45:51.000000+00:00\nLast Submission:2025-09-16T10:45:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196366", "uuid": "4a408a4e-cecf-4cce-a57f-afa10b7ef5ab", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196366", "to_ids": true, "type": "md5", "uuid": "fc4bdc97-8a00-40a5-8298-09b068bca76c", "value": "e73ba93d008affdc4cce0cb4e18ae5c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194793", "to_ids": true, "type": "sha1", "uuid": "8000b1f7-6384-4f15-9074-9b22f86e4f19", "value": "f07a8014f36181e88d273d07b7a5503417f799a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194793", "to_ids": true, "type": "sha256", "uuid": "e080c439-3518-49e8-89e7-561b55dba97f", "value": "2c92c7bf2d6574f9240032ec6adee738edddc2ba8d3207eb102eddf4ab963db0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194073", "to_ids": true, "type": "ssdeep", "uuid": "acdbcb45-851e-4d53-8cc7-eebd6e332e4f", "value": "3072:rMYZIalcHTqrca3IqyQMKzY1mgUVdyKoQQojuoko+1t+gE:QYDOHyIqTY1ZGmQQFvomt+t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194073", "to_ids": false, "type": "size-in-bytes", "uuid": "bf045ef2-a53d-4b01-81b7-da3590e94e06", "value": "1307136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194073", "to_ids": true, "type": "vhash", "uuid": "84720c0b-a612-4a90-b902-aae6a8fd2fd2", "value": "14c16dc839f43879068c875be9f2498e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194073", "to_ids": true, "type": "filename", "uuid": "a5c86c6b-01f2-41ee-bfd5-658f31f8afc7", "value": "DPR for dredging in FreeSpan_16082025.2.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194073", "to_ids": false, "type": "text", "uuid": "2b1519a5-080c-412a-ae93-6fa592b302c4", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:O97M/Obfuse!AMTB\nVT Total Detection:37/63\nFirst Submission:2025-08-19T11:16:48.000000+00:00\nLast Submission:2025-08-19T11:16:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196387", "uuid": "f3c5c63f-0d8a-44bb-b93f-4721b02d4a82", "Attribute": [ { "category": "Payload delivery", "comment": "Loader/Injector", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196387", "to_ids": true, "type": "md5", "uuid": "ea5004cd-d44e-459a-b407-422cb53fd15a", "value": "9ae27aad32327a419a9062b31fe74a60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader/Injector", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194795", "to_ids": true, "type": "sha1", "uuid": "ee5a4a22-2f1c-461b-9f91-b54f4ae256fe", "value": "4f7448c6a43a20e07ff63e5070045dbe23d8cf79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader/Injector", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194795", "to_ids": true, "type": "sha256", "uuid": "47933967-b6f5-4c52-80c6-cc5e765cd7ca", "value": "47bb271c34210f52e3e08339a0c83688d9e9aa5c7cfc45b3e4bdffd1753f6cb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194096", "to_ids": true, "type": "ssdeep", "uuid": "504de9cb-a625-4757-a7e6-94456034dbf9", "value": "49152:wKJ55PNH64yDWPsJWL7K0YGpLKSo5xR5nZsExvlZ:wY55PU4uSsWpLKSo5xbnZsExvlZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194096", "to_ids": false, "type": "size-in-bytes", "uuid": "f8ea3cfa-21af-4fdd-abb8-6f0942209d91", "value": "1869576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194096", "to_ids": true, "type": "vhash", "uuid": "a9c76d26-56d1-44d9-8ced-520643136560", "value": "016076657d155515555az43!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194096", "to_ids": true, "type": "filename", "uuid": "137420d7-8aa4-4b7c-a843-263c6dac4113", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194096", "to_ids": false, "type": "text", "uuid": "6fd9ec88-e1b9-4194-8f7b-169cb702a46d", "value": "Loader/Injector\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BlackBeard.DA!MTB\nVT Total Detection:51/72\nFirst Submission:2025-11-25T15:34:46.000000+00:00\nLast Submission:2025-11-30T13:11:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196409", "uuid": "83f9fac3-16c3-4f7a-87f9-cb16df9a3059", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196409", "to_ids": true, "type": "md5", "uuid": "e545399a-68ea-47cc-b91a-fde2a8283676", "value": "057e58ff00be3032fd6e3f5d2cc80905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194796", "to_ids": true, "type": "sha1", "uuid": "4a4cdb37-2d91-4ad7-bbca-9276ba1c6763", "value": "56380a652471962387693f4bcc893fd21f0fc324", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194796", "to_ids": true, "type": "sha256", "uuid": "1386cd7b-be98-49f4-8af0-a610960294af", "value": "4d2958d93d4650fc4a70f70663fe6943e8c11d61b2824512da296e8fd84e5bb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194119", "to_ids": true, "type": "ssdeep", "uuid": "3f2e41de-951d-4585-aeb9-49af3a50f5c3", "value": "49152:ECe8URnPYHY43saSkleDFvCH1pjPh4ScRbI0/JP38Gw4jMXhku8Wx0y+tOonhBWV:ECePRffvlEFJ4ZbIoJADxMFlhB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194119", "to_ids": false, "type": "size-in-bytes", "uuid": "649447e6-f6a4-47e9-b79d-253297779871", "value": "4042752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194119", "to_ids": true, "type": "vhash", "uuid": "121b2abc-46eb-44f1-adca-c4b182b0879f", "value": "37146e47783783074a5a0fda88b12a29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194119", "to_ids": true, "type": "filename", "uuid": "a1b0d43d-bd33-4080-b55e-79841da1ec83", "value": "USG-NMDC Consumption Report (Jan 21 2025 \u2013 Feb 20 2026).xls" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194119", "to_ids": false, "type": "text", "uuid": "de48c1ef-4963-4dba-90ff-2f91f239ac19", "value": "Type Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/Muddywater.SJ!MTB\nVT Total Detection:37/62\nFirst Submission:2026-02-11T07:49:30.000000+00:00\nLast Submission:2026-02-11T08:23:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196430", "uuid": "3846d799-dfc0-4d9b-9d6b-51221786713c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196430", "to_ids": true, "type": "md5", "uuid": "564b3b35-70ad-4b47-b7bd-72873ff4751b", "value": "561b2983d558283c446ff674ff6138c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194798", "to_ids": true, "type": "sha1", "uuid": "5493ff7a-1a05-43ab-8406-e3918d3d3b2d", "value": "71b6ef406ff5057011aad0a1b819582245dcdadb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194798", "to_ids": true, "type": "sha256", "uuid": "744193a6-5dad-4b6a-8dfa-b5f32279d0b7", "value": "4db3645f678fb519b9f529dde41f77944754f574f16a9a845c22d3703da5bed0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194144", "to_ids": true, "type": "ssdeep", "uuid": "00023533-e014-49b5-aec6-f341799f1994", "value": "24576:ca2doRyu9ZJBL0qpKOeAh+nTUm1ylRA71B5P/:ca" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194144", "to_ids": false, "type": "size-in-bytes", "uuid": "a11523de-fd6f-4739-97e9-2d724ef8ad20", "value": "4021248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194144", "to_ids": true, "type": "vhash", "uuid": "2dc93f6e-3151-48e8-bdfb-6a1481faecee", "value": "67e42763d260eab0a6dda67cf46fecce" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194144", "to_ids": true, "type": "filename", "uuid": "1a1a6163-f520-4ad3-9bc1-fcf70db1fe38", "value": "4db3645f678fb519b9f529dde41f77944754f574f16a9a845c22d3703da5bed0.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194144", "to_ids": false, "type": "text", "uuid": "9eedf1e9-133f-48b8-b3d0-05a6a6584900", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:32/63\nFirst Submission:2025-08-11T15:15:27.000000+00:00\nLast Submission:2026-02-23T12:45:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196452", "uuid": "9b3564bc-ee72-4f68-a753-3ed2893ddb94", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196452", "to_ids": true, "type": "md5", "uuid": "76ac5813-6c08-4689-847a-5abc7d0b0ae3", "value": "6636407299e0b1a74961ae998cec20e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194800", "to_ids": true, "type": "sha1", "uuid": "4a4721cb-7162-4d9b-b416-d362d455540b", "value": "1b8df9a17dfe7a4d357dc7a121ae63179b4b41ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194800", "to_ids": true, "type": "sha256", "uuid": "1dd6d36d-0c97-4714-b40a-698b975248c9", "value": "52d8fb9a11920f27b9a3b43f27c275767a57cdffc95af94b7b66433506287314", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194167", "to_ids": true, "type": "ssdeep", "uuid": "d871b3dc-9b56-4094-b172-f459ea70f595", "value": "24576:8R5reVt2SeRjlWaao64FWyEady4pjgzw3z3x0YIgZe/HuTPzEcrRKfa+tPXabp7q:8DreWSe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194167", "to_ids": false, "type": "size-in-bytes", "uuid": "8d36127e-200d-40d0-bffb-43b2ccf34599", "value": "2776064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194167", "to_ids": true, "type": "vhash", "uuid": "94020ed5-2c3b-4495-8e6d-7b6655e881c1", "value": "0702cd2c7e262acac7b35dcce162c9a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194167", "to_ids": true, "type": "filename", "uuid": "24c3d9ec-72d3-46eb-a109-7f86b9201397", "value": "shit.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194167", "to_ids": false, "type": "text", "uuid": "9b3c9d3d-29bf-4f82-8bb7-16f536145989", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:30/64\nFirst Submission:2025-07-24T11:42:42.000000+00:00\nLast Submission:2025-07-24T11:42:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196473", "uuid": "183d9d70-6202-4726-8a7b-3289a67abe31", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196473", "to_ids": true, "type": "md5", "uuid": "65567d6d-1817-4b0f-a9ae-6fd160066515", "value": "ee9f2088fb4a77dd0db4a04b00a25773", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194802", "to_ids": true, "type": "sha1", "uuid": "dd96d606-6851-4e75-a60c-8d2dad4ecfed", "value": "db779451200d7f6a4b652956f18351dd26d379db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194802", "to_ids": true, "type": "sha256", "uuid": "9c7a93ce-a7ff-43f7-8640-869056388ed3", "value": "5323a573e3f423b69ef965dadb3c059879d718b1c9052038ef749868cf361891", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194190", "to_ids": true, "type": "ssdeep", "uuid": "a0944fc8-a69c-4343-83a3-c55f149cac4f", "value": "49152:geJ55PNH64yDWPsJWL7K0YQpLKSo5xR5nZsExvlZ:g055PU4uSsgpLKSo5xbnZsExvlZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194190", "to_ids": false, "type": "size-in-bytes", "uuid": "67fa2445-aaa9-4ef3-b1d2-1c7c1f4ca288", "value": "1869576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194190", "to_ids": true, "type": "vhash", "uuid": "f2757a1f-009e-4f3c-9a5b-6583e299281f", "value": "016076657d155515555az43!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194190", "to_ids": true, "type": "filename", "uuid": "39a56e6a-8b9e-435a-961b-47112128bdac", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194190", "to_ids": false, "type": "text", "uuid": "764899ea-26a2-4ca8-a102-5d7c3876f264", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/BlackBeard.DA!MTB\nVT Total Detection:43/71\nFirst Submission:2025-11-20T08:45:49.000000+00:00\nLast Submission:2025-11-20T08:45:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196494", "uuid": "9a298ad4-fd97-47c5-91b6-57cdce71c07a", "Attribute": [ { "category": "Payload delivery", "comment": "Phoenix v4/Mononoke", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196494", "to_ids": true, "type": "md5", "uuid": "b7e6462e-9dbc-4e16-bb04-813818ac1197", "value": "4dee09dcd5ab407ee9086445303e7cdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phoenix v4/Mononoke", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194803", "to_ids": true, "type": "sha1", "uuid": "ac3829bf-8798-429b-b8c7-6f3583c62676", "value": "bed6506f8f5281888f89781cf6fbc750545292fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phoenix v4/Mononoke", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194803", "to_ids": true, "type": "sha256", "uuid": "78b170b9-1bbf-40f6-bec4-b275b0abce9e", "value": "5ec5a2adaa82a983fcc42ed9f720f4e894652bd7bd1f366826a16ac98bb91839", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194214", "to_ids": true, "type": "ssdeep", "uuid": "10c862d6-a193-4d6b-a281-a1bd68edf6d6", "value": "24576:R3VQq9/LGOvoK13NZoHUyP1hPpIho9mhta+C16FWDOCuc5D6gVL39D7FsSr6E9n1:UaF70bKUUW/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194214", "to_ids": false, "type": "size-in-bytes", "uuid": "37fc5738-12e7-44ec-9425-dc81c7745a0a", "value": "1260544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194214", "to_ids": true, "type": "vhash", "uuid": "996cdca2-6d57-47fe-9d4b-aebcb4257607", "value": "0160be06555d15551d151az59!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194214", "to_ids": true, "type": "filename", "uuid": "3008c652-48be-41d4-92b8-be3c4e8d2322", "value": "Mononoke.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194214", "to_ids": false, "type": "text", "uuid": "731f8394-633b-4d34-9501-cc0ed265ce72", "value": "Phoenix v4/Mononoke\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/MuddyWater.DC!MTB\nVT Total Detection:51/72\nFirst Submission:2025-07-24T11:47:54.000000+00:00\nLast Submission:2025-07-26T07:52:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196516", "uuid": "62719beb-3c75-4c9e-90a5-09fed84f6f99", "Attribute": [ { "category": "Payload delivery", "comment": "Phoenix v4/Mononoke", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196516", "to_ids": true, "type": "md5", "uuid": "ed1e4239-dddc-49e7-9637-e77b848b6efe", "value": "844d714c0bdab06d4d85e26202e654dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phoenix v4/Mononoke", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194805", "to_ids": true, "type": "sha1", "uuid": "e9853dce-20e9-4d7e-a23e-b29e55fbfda0", "value": "6de859a27ccc784689e8748cef536e32780e498a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phoenix v4/Mononoke", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194805", "to_ids": true, "type": "sha256", "uuid": "f5a652ae-4561-4484-b17d-9baeb551ed80", "value": "668dd5b6fb06fe30a98dd59dd802258b45394ccd7cd610f0aaab43d801bf1a1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194237", "to_ids": true, "type": "ssdeep", "uuid": "1b7e240a-b9ae-4d9e-ab31-b1f51a8b7753", "value": "12288:3sC24F08g8n1rqaVU2EJOoWeiXhIr38zbn1PfLrahbxEOI/TjnJTfl:3sWF08g8n1e4Uv4oWir3Ubn1sHI7jJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194237", "to_ids": false, "type": "size-in-bytes", "uuid": "2c0d113b-b405-4317-8adc-87acceb475d9", "value": "1424384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194237", "to_ids": true, "type": "vhash", "uuid": "493337f4-5aaf-4609-8091-3df80bfe3b08", "value": "0160be06555d15551d151az59!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194237", "to_ids": true, "type": "filename", "uuid": "fb604d7c-1a9b-46c3-8f21-b38bee616c68", "value": "668dd5b6fb06fe30a98dd59dd802258b45394ccd7cd610f0aaab43d801bf1a1e.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194237", "to_ids": false, "type": "text", "uuid": "12147958-9864-4136-a774-1e5a47b1b168", "value": "Phoenix v4/Mononoke\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/MuddyWater.DC!MTB\nVT Total Detection:51/72\nFirst Submission:2025-08-15T11:37:23.000000+00:00\nLast Submission:2025-10-10T22:11:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196538", "uuid": "7d9b9b55-65b8-43c8-8c03-a2618de9fbc9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196538", "to_ids": true, "type": "md5", "uuid": "5f58cbcf-65c6-4a01-a60c-f03bcc069b34", "value": "461a3efa1f9b4da7d3a767ecbd02851f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194806", "to_ids": true, "type": "sha1", "uuid": "5b146eff-6edf-4eb6-86d0-8f7b92307b01", "value": "115c98fae3a6843921953d417e5636d809d4d8c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194806", "to_ids": true, "type": "sha256", "uuid": "24aa7803-70e3-4f13-bb60-4136d139d394", "value": "69e038b9f3a228f09059bc1ce92b1c5c49396bb70987a38df0fdb39eed380b22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194260", "to_ids": true, "type": "ssdeep", "uuid": "4170b4c8-5d95-47d5-9d4d-ede9d261db27", "value": "24576:HDUlb8rhiyCoUvKl3g7AX2tioQk+31jNurs9Bq9XRD19D:HD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194260", "to_ids": false, "type": "size-in-bytes", "uuid": "fafeb03f-1f24-4f17-afa5-0e8ddd260149", "value": "2757120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194260", "to_ids": true, "type": "vhash", "uuid": "73db8059-9312-40b7-b6d3-8b8d257fd46a", "value": "972f27685099c368e270968ce3612e75" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194260", "to_ids": true, "type": "filename", "uuid": "ee8ea0b2-aa9b-4473-a331-a61a09509de9", "value": "Middle East and Maritime Economy.doc (copy)" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194260", "to_ids": false, "type": "text", "uuid": "f5e96111-13d0-4f82-ab06-58f25e1c217b", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:31/63\nFirst Submission:2025-10-07T07:01:24.000000+00:00\nLast Submission:2025-10-07T07:01:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196560", "uuid": "3742baec-765f-4879-98a0-c0e0904f525f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196560", "to_ids": true, "type": "md5", "uuid": "b8c9ee20-121c-4e8f-b089-e41eba88c0b1", "value": "f97650ede0c39a29b0b5c5472f685d11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194808", "to_ids": true, "type": "sha1", "uuid": "7bcc0856-bc07-4e59-b804-ee11c0f072fd", "value": "8ef8d08d98a7680d1cc7f3a367813e5568b2033d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194808", "to_ids": true, "type": "sha256", "uuid": "eab31b06-8f93-452f-a4f0-1a7101141959", "value": "6f079c1e2655ed391fb8f0b6bfafa126acf905732b5554f38a9d32d0b9ca407d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194284", "to_ids": true, "type": "ssdeep", "uuid": "0d1c96a0-c11c-4913-8056-64994d6c97bb", "value": "24576:3iqchRQCffg3YhbHfdARpuPTB7Y8UwX2hQ1fZjDOriD:3iq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194284", "to_ids": false, "type": "size-in-bytes", "uuid": "a8e40586-25e3-4e7a-bb5a-bbc724628937", "value": "3836416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194284", "to_ids": true, "type": "vhash", "uuid": "2b5bfe8f-18f8-43fb-85f5-f84112f3fb60", "value": "840d9270cdc54989f417226f43eacc87" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194284", "to_ids": true, "type": "filename", "uuid": "61014470-0590-4f5c-a0ff-8be1fd8097ac", "value": "__substg1.0_37010102" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194284", "to_ids": false, "type": "text", "uuid": "149e6e95-c731-4670-bb8b-d101f7e4d9a7", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:VBA/Malgent!MSR\nVT Total Detection:37/63\nFirst Submission:2025-11-17T10:52:57.000000+00:00\nLast Submission:2025-11-17T10:52:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196582", "uuid": "a9a37450-7a35-42ec-83c5-97b993609ec4", "Attribute": [ { "category": "Payload delivery", "comment": "BlackBeard Variant (Reddit.exe)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196582", "to_ids": true, "type": "md5", "uuid": "d8b9a7dd-d527-4522-b135-aa99a489896c", "value": "c478e472f6223e7ee92cff8b459e55e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackBeard Variant (Reddit.exe)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194809", "to_ids": true, "type": "sha1", "uuid": "525250f0-12ed-4d6e-b940-a7a1a7d76508", "value": "326b808f4f933f20e4e8686e9a6e93454c8ed334", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackBeard Variant (Reddit.exe)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194810", "to_ids": true, "type": "sha256", "uuid": "cd041a45-d36a-4b82-846e-3046e418a803", "value": "7523e53c979692f9eecff6ec760ac3df5b47f172114286e570b6bba3b2133f58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194307", "to_ids": true, "type": "ssdeep", "uuid": "3869c7df-fe70-4a67-ac62-15c2379e7883", "value": "24576:li8CxkFmdNY74p3qy2YMohshnNBj8/A1jYC:li8CxaeNYkRqy2YMoKpzv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194307", "to_ids": false, "type": "size-in-bytes", "uuid": "aa7bab9c-3244-4de7-923f-69c6850588e0", "value": "1288192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194307", "to_ids": true, "type": "vhash", "uuid": "23d4c4c7-faef-488c-b99c-41af471ee64d", "value": "016076655d155d05155053zb2z6e1z1079zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194307", "to_ids": true, "type": "filename", "uuid": "a139f1e0-4327-4375-9097-8972589e059f", "value": "reddit.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194307", "to_ids": false, "type": "text", "uuid": "2c9b6dc1-a2b5-404d-a43e-f4b1c8983086", "value": "BlackBeard Variant (Reddit.exe)\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/RustyStealer.A!AMTB\nVT Total Detection:51/72\nFirst Submission:2026-01-06T18:47:44.000000+00:00\nLast Submission:2026-01-29T00:51:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196603", "uuid": "268d5cc2-2dc0-49a8-8460-0d1517d3d11b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196603", "to_ids": true, "type": "md5", "uuid": "c1352b07-ee52-47e4-98ba-b5edaa6ad142", "value": "a9235540208fa6a25614c24a59e19199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194811", "to_ids": true, "type": "sha1", "uuid": "0b97ab76-bcc4-44ce-91d9-bd753b087176", "value": "7bb0d162bbaa462c516502d1db56818d24ad825f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194811", "to_ids": true, "type": "sha256", "uuid": "6a8e1f7b-c9cd-4465-8c9d-df0b60cc6138", "value": "7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194331", "to_ids": true, "type": "ssdeep", "uuid": "a8b3474a-eace-4a78-a413-48a505b0886a", "value": "12288:t+8kLgmTS9halC5HxXnSBRUnm9vbOTNEIM0Uy5bR1MAES3ip1aSuF6nxv9gpeFn6:BmTS9SCTAf9vbOpEr2hF6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194331", "to_ids": false, "type": "size-in-bytes", "uuid": "9222f099-57d7-4c97-95f4-70f81f6847c8", "value": "1439232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194331", "to_ids": true, "type": "vhash", "uuid": "d1c18b60-3840-4776-bbea-22a9cc7c86a4", "value": "b6c0300f0c1a44cdc549fd73451d3bbe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194331", "to_ids": true, "type": "filename", "uuid": "204d33ed-05f7-498f-bacf-ae0d2d902bec", "value": "0054.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194331", "to_ids": false, "type": "text", "uuid": "4e2c0896-b9c1-45a8-a818-cfcb29f16d8c", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:Win32/Znyonm!rfn\nVT Total Detection:38/63\nFirst Submission:2025-11-03T09:54:26.000000+00:00\nLast Submission:2026-03-15T11:20:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196625", "uuid": "a6e3e734-45b2-4da1-b553-edd8e82b2518", "Attribute": [ { "category": "Payload delivery", "comment": "LampoRAT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196625", "to_ids": true, "type": "md5", "uuid": "792e1070-e197-4525-aa2d-0242c6137042", "value": "64af4e6216026ed8fcfbf8b07ee20707", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LampoRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194813", "to_ids": true, "type": "sha1", "uuid": "88e44b30-bac0-416a-91e1-241d484f5a55", "value": "efb18cf7cf227037e034c0b525f502e642815f94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LampoRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194813", "to_ids": true, "type": "sha256", "uuid": "a9304e75-e46e-460f-ad6a-5f924b4f8d17", "value": "81a6e6416eb7ab6ce6367c6102c031e2ae2730c3c50ab9ce0b8668fec3487848", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194354", "to_ids": true, "type": "ssdeep", "uuid": "991d72a8-d527-4ce8-801f-f6f9d61c2841", "value": "49152:aAJasiBKTMhol4oOIsSaYOcgBOePBg92yL6uU6/i3vHUPeE2GWF46C:5yomf7Ir+XI2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194354", "to_ids": false, "type": "size-in-bytes", "uuid": "da009459-5176-4907-a7b7-f54c46eb01bf", "value": "3276288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194354", "to_ids": true, "type": "vhash", "uuid": "bf1542fc-c800-4336-8d9b-350ce320e6af", "value": "036076655d156d05155033zb2z74z89zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194354", "to_ids": true, "type": "filename", "uuid": "61ba869f-980a-413d-9f33-012798d091ec", "value": "avp.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194354", "to_ids": false, "type": "text", "uuid": "71bfb63a-37e0-433c-b35f-72bc53652b2d", "value": "LampoRAT\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:42/72\nFirst Submission:2026-01-30T13:12:05.000000+00:00\nLast Submission:2026-02-27T19:33:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196647", "uuid": "712651a4-22fa-40a0-b88f-e52a64d40dfc", "Attribute": [ { "category": "Payload delivery", "comment": "sondouq.doc", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196647", "to_ids": true, "type": "md5", "uuid": "876f61d7-1dc2-49e7-892b-f058852d225c", "value": "14fb6a186166577fab71d56cbe1c74d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "sondouq.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194814", "to_ids": true, "type": "sha1", "uuid": "3e21c347-8370-40a8-83b4-bdef2a8f1310", "value": "816bfe9c5850e1c647a5132c4bb893120ce9fa8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "sondouq.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194814", "to_ids": true, "type": "sha256", "uuid": "20e9c5ce-24ab-43a1-a2b8-2c1cfd775da3", "value": "84e665a0dfbff74b4c356bfa282c7c253ae3411a8f4d58bfe121c8411c52552c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194377", "to_ids": true, "type": "ssdeep", "uuid": "0b3e4b22-20e1-492e-9228-62a51ccd03f9", "value": "24576:VQBDT+yeFJkhouH/oVwzKtmDGbdK0MWbWdSlakYDfc:VQBD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194377", "to_ids": false, "type": "size-in-bytes", "uuid": "0a443a84-1b4b-4985-b8ec-4e4d4deb7b8d", "value": "2798592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194377", "to_ids": true, "type": "vhash", "uuid": "ab2efd05-eada-4891-a772-576460477188", "value": "6e1370238cb2a8a26477a20d6a919fd8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194377", "to_ids": true, "type": "filename", "uuid": "5815de1f-3b74-4c2b-86f2-f3698174528f", "value": "sondouq.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194377", "to_ids": false, "type": "text", "uuid": "6dd0aaf8-e7a3-459f-b206-9f073dea79d8", "value": "sondouq.doc\r\nType Description: MS Word Document\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:36/63\nFirst Submission:2025-10-21T06:35:11.000000+00:00\nLast Submission:2025-10-21T06:35:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196668", "uuid": "66414efa-d0d8-4b5a-bfca-82525cf60cad", "Attribute": [ { "category": "Payload delivery", "comment": "GhostBackDoor", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196668", "to_ids": true, "type": "md5", "uuid": "c86e6379-7f53-439a-9442-a8b2828818a7", "value": "24725e2759db07e879a6a0f248a4dc0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GhostBackDoor", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194816", "to_ids": true, "type": "sha1", "uuid": "91f86982-97be-42ea-9ef7-ebfe02bc4d50", "value": "80cea18e19665c5a57e7b9ca0bf36aad06096e93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GhostBackDoor", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194816", "to_ids": true, "type": "sha256", "uuid": "b2731810-0513-4b3e-8e90-c9c7b20792e0", "value": "8d2227f2c53d7e22a57e12c45cecdd43dbec08dbc3ab93e74e6df52cdf80548b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194401", "to_ids": true, "type": "ssdeep", "uuid": "f8d447c9-6659-4204-8ee3-2dceba796f5f", "value": "3072:03TPJHkf7uHYd2JsDUx8RVVnLF5ahbFDPzj:sx87HdRDUxMVtpcbR3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194401", "to_ids": false, "type": "size-in-bytes", "uuid": "75bc5950-8ea5-4a9c-98e6-8d3e02be622b", "value": "184834" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194401", "to_ids": true, "type": "vhash", "uuid": "e102d4c1-e0fb-401d-94df-690184e087b0", "value": "015076655d155d05055az4b!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194401", "to_ids": true, "type": "filename", "uuid": "e35b1903-0c11-42e6-9b42-9cddc605be05", "value": "burn.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194401", "to_ids": false, "type": "text", "uuid": "2e9ea3c9-dabe-4dea-8daf-2016e7ee20fc", "value": "GhostBackDoor\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/MuddyWater.DA!MTB\nVT Total Detection:52/72\nFirst Submission:2026-01-30T06:39:39.000000+00:00\nLast Submission:2026-03-05T03:37:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196689", "uuid": "37cba969-347b-4818-bfa1-790f04acdbe4", "Attribute": [ { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196689", "to_ids": true, "type": "md5", "uuid": "68f351d7-f1a0-4eee-afdf-ac18b1812ab6", "value": "384e118ce122574dab872efcbc2b222d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194817", "to_ids": true, "type": "sha1", "uuid": "1d984cee-676f-45e3-8467-57b5f9160c9f", "value": "9defffba933fc44f8e3b6e25b31508bc17d29077", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194817", "to_ids": true, "type": "sha256", "uuid": "2600d802-9f2b-4de2-b5aa-b205103ebbc3", "value": "9c207c51c448f96eaae91241a39c8bb85e2307f2d2a99244763a53176cf4c02f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194424", "to_ids": true, "type": "ssdeep", "uuid": "8d372f22-c39d-4af7-bd3a-dc1b324fd771", "value": "6144:DPkW/J7egdMJwvD9WMVhuBvBs77g/0GS+t5dhLRWC01nuYux7KmibkE8:AW/RdlhWMeBpsXg/E05/R5MFcK0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194424", "to_ids": false, "type": "size-in-bytes", "uuid": "aecfac0f-2056-457a-b940-c1b56bb54fc8", "value": "758272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194424", "to_ids": true, "type": "vhash", "uuid": "d26d3d06-e389-4ea0-ac04-0bfdefafc26d", "value": "075096551d1555151d051az649z8rz53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194424", "to_ids": true, "type": "filename", "uuid": "c1b6f49d-a256-482a-8e11-9d01d93856ad", "value": "9c207c51c448f96eaae91241a39c8bb85e2307f2d2a99244763a53176cf4c02f.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194424", "to_ids": false, "type": "text", "uuid": "7fda180e-ed3f-459b-a522-694e9f42dfd6", "value": "Nuso Variant\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/MuddyWater.DA!MTB\nVT Total Detection:53/72\nFirst Submission:2026-02-03T13:07:11.000000+00:00\nLast Submission:2026-02-09T10:39:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196710", "uuid": "a31515b3-3851-4364-825d-08bb29910ce9", "Attribute": [ { "category": "Payload delivery", "comment": "Rust Payload (BlackBeard)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196710", "to_ids": true, "type": "md5", "uuid": "96cd2169-8540-4633-a36e-817d69086c2d", "value": "74e75830252220cbbe7e3adec4340d2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rust Payload (BlackBeard)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194819", "to_ids": true, "type": "sha1", "uuid": "5870f337-93c9-430d-bd7e-c91879c0ddaf", "value": "b4f5555d5b934b927de4950131952e17e7194665", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Rust Payload (BlackBeard)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194819", "to_ids": true, "type": "sha256", "uuid": "6bdea174-1286-432f-9d62-85320848aa66", "value": "a2001892410e9f34ff0d02c8bc9e7c53b0bd10da58461e1e9eab26bdbf410c79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194448", "to_ids": true, "type": "ssdeep", "uuid": "fe4d1e79-16e6-4325-8ba6-bf1cada98163", "value": "24576:FNfoT3/QPvpFAEkgRk+5gQTAj2FUNu3eLrDSr+AtU5KJL:FNfor/QP3EAB5H8jXuOLrDSr+AtU5KJL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194448", "to_ids": false, "type": "size-in-bytes", "uuid": "11f3f2dd-4b6d-4329-afc8-10da97f9b335", "value": "1308672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194448", "to_ids": true, "type": "vhash", "uuid": "f8500119-a8f7-4acb-a3d6-7102e0eaf096", "value": "016066655d1555155053zb2z773z61z15za01az137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194448", "to_ids": true, "type": "filename", "uuid": "0231aba0-c4e8-4aae-a963-6407627f4007", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194448", "to_ids": false, "type": "text", "uuid": "ea20bb91-d7ce-46c4-9be0-c17e3bbf50d7", "value": "Rust Payload (BlackBeard)\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/TroyStealer.SE!MTB\nVT Total Detection:47/72\nFirst Submission:2025-11-17T10:24:09.000000+00:00\nLast Submission:2026-01-10T20:11:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196732", "uuid": "7f4beffd-deb3-48f6-bf2b-4ff236f2ab95", "Attribute": [ { "category": "Payload delivery", "comment": "Online Seminar.FM.gov.om.doc", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196732", "to_ids": true, "type": "md5", "uuid": "688e4ea4-355c-4a5c-919c-fc8becd69907", "value": "3ab16bd1c339fd0727be650104b74dd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Online Seminar.FM.gov.om.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194820", "to_ids": true, "type": "sha1", "uuid": "ad3e08af-106b-4351-acc3-169b25fcd341", "value": "2b5ddc48fe17d014e38b9fd6646b23d5eb70b471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Online Seminar.FM.gov.om.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194820", "to_ids": true, "type": "sha256", "uuid": "f577bb90-ff94-4524-bbd5-dfdbfdb3ded6", "value": "b2c52fde1301a3624a9ceb995f2de4112d57fcbc6a4695799aec15af4fa0a122", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194471", "to_ids": true, "type": "ssdeep", "uuid": "ce9c9aca-9335-4b98-b37e-bb99dbadc65d", "value": "6144:1kxmZlZgvvvKm5KqORB6fFYipUjqvVy0:bZlZgvvvKmINbUFPgwVy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194471", "to_ids": false, "type": "size-in-bytes", "uuid": "c53d8a8b-7833-4e48-9f00-0c50b47700e1", "value": "1288704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194471", "to_ids": true, "type": "vhash", "uuid": "918abcb4-1f56-4e6c-89e9-af903de225e7", "value": "35c734776fe05147670942468ef0aa58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194471", "to_ids": true, "type": "filename", "uuid": "9d6ba5ee-6f0c-437f-854d-810e1389d6d6", "value": "Online Seminar.FM.gov.om.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194471", "to_ids": false, "type": "text", "uuid": "10397eab-d76a-44c1-af0f-aca979b851b4", "value": "Online Seminar.FM.gov.om.doc\r\nType Description: MS Word Document\nMicrosoft: Trojan:O97M/Obfuse!AMTB\nVT Total Detection:40/64\nFirst Submission:2025-08-21T17:14:25.000000+00:00\nLast Submission:2025-08-21T17:32:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196753", "uuid": "927e8b8f-0fe6-40b0-9a41-092f1894544a", "Attribute": [ { "category": "Payload delivery", "comment": "Unknown file name", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196753", "to_ids": true, "type": "md5", "uuid": "4a2fd970-c58b-4cfa-adfc-1142d2a07e8e", "value": "2c19001d5b81037ac70ef17f887cbec0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unknown file name", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194822", "to_ids": true, "type": "sha1", "uuid": "bb491562-3d91-4830-82f5-fd402fd1aa84", "value": "b028c83105f021545a1f1d6979d403ef30a90ba3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unknown file name", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194822", "to_ids": true, "type": "sha256", "uuid": "b5961309-7692-4a28-9962-2b31614ba287", "value": "c3afd5ce1ca50a38438bb5026cca27bfbf2d8e786e03f323adceb8ad17517eca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194494", "to_ids": true, "type": "ssdeep", "uuid": "d002c1a5-d965-4d9b-9f4d-d5c174d9eef2", "value": "12288:C7islTXazTp3islTXawpUuMZKLR6aTR35QJapFaskj1VF9LRG7/NOL2BhSSGC6+X:dslTeEslTCYV135QLTc2VaVL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194494", "to_ids": false, "type": "size-in-bytes", "uuid": "ee75fcf4-175a-41f9-980b-6a690949b0fc", "value": "1288192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194494", "to_ids": true, "type": "vhash", "uuid": "da370897-7e35-4d3b-b16d-96a43cba9960", "value": "0752d077256c8f314742f36d80e2185e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194494", "to_ids": true, "type": "filename", "uuid": "22ead023-c717-4c92-a851-22a95b2a37e0", "value": "c3afd5ce1ca50a38438bb5026cca27bfbf2d8e786e03f323adceb8ad17517eca.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194494", "to_ids": false, "type": "text", "uuid": "dab4facc-45a7-4d6d-88f9-a745c45117ac", "value": "Unknown file name\r\nType Description: MS Word Document\nMicrosoft: None\nVT Total Detection:31/64\nFirst Submission:2025-04-17T10:52:02.000000+00:00\nLast Submission:2025-08-15T02:58:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196775", "uuid": "684d7f89-cc7c-48d7-8250-63259f421553", "Attribute": [ { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196775", "to_ids": true, "type": "md5", "uuid": "0b731bff-2209-4372-b197-5379f31d3a10", "value": "f5ef5f40922113c2dfb32c202ae2b3f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194823", "to_ids": true, "type": "sha1", "uuid": "21651e6f-4525-4fc6-891e-cd9ba576e8c5", "value": "b55e063607e8f56c9b398b289ba04ddca11398fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nuso Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194823", "to_ids": true, "type": "sha256", "uuid": "851ac84d-4ff9-431a-a917-5b9b1ea4cc23", "value": "c91413ad7c94c0e2694862b9d671d1204873bf65576ba2cb91fbd562a4ccf79b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194518", "to_ids": true, "type": "ssdeep", "uuid": "ef42271d-1895-4d1c-9da0-4c65f8761721", "value": "6144:GLMI+Db2B7y5tkqsrElNFec0iliy4ccccccccvHx/u:Goe7yVTHMcnD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194518", "to_ids": false, "type": "size-in-bytes", "uuid": "40aa525a-b043-4377-b373-5d494d53a871", "value": "234683" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194518", "to_ids": true, "type": "vhash", "uuid": "c73f0ff0-bbc0-46b3-9b45-18787e7e33cb", "value": "025076655d155d05555az58nz23z29z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194518", "to_ids": true, "type": "filename", "uuid": "522a5178-3020-49b8-ad17-4579c471a5f4", "value": "c91413ad7c94c0e2694862b9d671d1204873bf65576ba2cb91fbd562a4ccf79b.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194518", "to_ids": false, "type": "text", "uuid": "18a34f4e-4e24-4e7d-97d8-06719e32ba9e", "value": "Nuso Variant\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:29/72\nFirst Submission:2026-02-15T13:49:45.000000+00:00\nLast Submission:2026-02-25T05:32:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196796", "uuid": "eef33a8a-7388-4238-a4be-55e5ebc410fa", "Attribute": [ { "category": "Payload delivery", "comment": "BlackBeard Variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196796", "to_ids": true, "type": "md5", "uuid": "ecc61bd5-ef25-41fd-8c54-a71ffa808759", "value": "b15c11faf60a41f855e117d9c1886b92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackBeard Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194825", "to_ids": true, "type": "sha1", "uuid": "7c5ec90a-d3a7-4191-8418-1f3e7cb86c68", "value": "16bd9e2a3e7e212b953ff85faefd3cef2033b82c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackBeard Variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194825", "to_ids": true, "type": "sha256", "uuid": "b7415f93-15fd-401b-8e25-a722d9b57b48", "value": "cc2ec568f978f328b6de112670a1b35ca1f9db377ff32cb9d313a5b2ac3c127b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194541", "to_ids": true, "type": "ssdeep", "uuid": "d9f90f01-edd2-4ee4-b619-a3443d9eaa2b", "value": "24576:yiJcz366cGXUEUQMTK8toGE3069FNPXja:yiJSK6cGpUQHFEAm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194542", "to_ids": false, "type": "size-in-bytes", "uuid": "1bb7ce07-389a-4198-838b-2dcdc5474fea", "value": "1309184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194542", "to_ids": true, "type": "vhash", "uuid": "2ba6aef0-6203-489a-a60a-39594aa0e5dd", "value": "016066655d1555155053zb2z721z1059zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194542", "to_ids": true, "type": "filename", "uuid": "f4ace43f-e426-4f15-bf98-3e19c6ca00b3", "value": "cloud.exe" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194542", "to_ids": false, "type": "text", "uuid": "738f580b-2510-4d55-a030-91ebcf5b1a69", "value": "BlackBeard Variant\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/RustyStealer.A!AMTB\nVT Total Detection:51/72\nFirst Submission:2025-10-21T06:39:57.000000+00:00\nLast Submission:2025-10-21T12:44:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774196818", "uuid": "2b813f7d-d589-437c-a433-0a5881cc385f", "Attribute": [ { "category": "Payload delivery", "comment": "Cybersecurity.doc", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774196818", "to_ids": true, "type": "md5", "uuid": "b7595b95-7f75-426b-ad00-05d899386168", "value": "3a95186019af1943a0ea0f8eb07a288f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cybersecurity.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774194826", "to_ids": true, "type": "sha1", "uuid": "a93e39a0-c0ff-46e6-81ac-9ce88d1a4102", "value": "b7e56f4b31f4fdbe844c3d4a4156f1d0e3b3ea97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cybersecurity.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774194827", "to_ids": true, "type": "sha256", "uuid": "23f16cc8-5bb0-4aae-8232-203dfc2e6456", "value": "f38a56b8dc0e8a581999621eef65ef497f0ac0d35e953bd94335926f00e9464f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774194565", "to_ids": true, "type": "ssdeep", "uuid": "1e2b5416-8c6c-41ba-94dd-a1778291c3ed", "value": "24576:J97DkXCl6mchTj6QZ0sedNOX7Prm4M3fbVaVHqkP3O55+D1K:b76CQm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774194565", "to_ids": false, "type": "size-in-bytes", "uuid": "9a1ff259-1377-4fa3-880e-f71887e7d168", "value": "2923520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774194565", "to_ids": true, "type": "vhash", "uuid": "bc0cacd3-8ef6-449c-89e7-048d25bee0d5", "value": "6e1d7e785d8c02f6c5360417e338b7e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774194565", "to_ids": true, "type": "filename", "uuid": "c6cb8c7e-b60f-4445-8fe4-e5adf7c7a48d", "value": "New rules for the General Administration of Pensions and Social Insurance.doc" }, { "category": "Other", "comment": "Checked: 22/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774194565", "to_ids": false, "type": "text", "uuid": "0e755ad9-6064-4f5d-9ee8-d1c9bb11691d", "value": "Cybersecurity.doc\r\nType Description: MS Word Document\nMicrosoft: TrojanDownloader:O97M/MuddyWater.GVA!MTB\nVT Total Detection:39/63\nFirst Submission:2026-01-06T07:58:40.000000+00:00\nLast Submission:2026-03-15T10:25:44.000000+00:00" } ] } ] } }