{ "Event": { "analysis": "1", "date": "2026-03-23", "extends_uuid": "", "info": "[Threat Intel] AI-Assisted Lure Factory Targets Developers & Gamers", "protected": false, "publish_timestamp": "1779546904", "published": true, "threat_level_id": "3", "timestamp": "1779546903", "uuid": "3877fbbc-045c-47b7-88fb-f08151c3461c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ac3eed", "local": false, "name": "misp-galaxy:producer=\"Netskope\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005c", "local": false, "name": "rectifyq:topic=\"ai\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778497205", "to_ids": false, "type": "link", "uuid": "49f17d67-74cf-4550-ae5f-9f74771ab2aa", "value": "https://www.netskope.com/blog/openclaw-trap-ai-assisted-lure-factory-targets-developers-gamers" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778497205", "to_ids": false, "type": "text", "uuid": "add19a4d-dd38-4dfe-ab3e-6078f9e911a3", "value": "A large-scale malware campaign tracked as TroyDen's Lure Factory has been identified distributing LuaJIT-based infostealers through over 300 delivery packages hosted on GitHub. The operation uses AI-generated lure names incorporating obscure biological taxonomy and medical terminology to target developers, gamers, Roblox players, and crypto users. The malware employs a two-component design with a renamed LuaJIT runtime and encrypted Lua payload that evades sandbox detection through anti-analysis checks and extreme sleep delays. Upon execution, it disables proxy detection, captures desktop screenshots, performs geolocation, and exfiltrates data to C2 servers in Frankfurt. The infrastructure demonstrates scalability with multiple IP addresses serving identical encrypted commands, while maintaining simultaneous campaigns across gaming cheats, developer tools, phone trackers, and VPN crackers." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778497206", "to_ids": false, "type": "text", "uuid": "0b7342c2-2b4b-42ba-bdc0-aa2cf4722f9c", "value": "Name: AI-Assisted Lure Factory Targets Developers & Gamers\nAuthor: AlienVault\nAdversary: TroyDen\nTags: [\"infostealer\", \"lummastealer\", \"ai-generated lures\", \"luajit\", \"prometheus obfuscator\", \"credential theft\", \"troyden\", \"github\", \"two-component payload\", \"redline\"]\nTgtd countries: []\nMlwr families: [\"LuaJIT\", \"Redline\", \"LummaStealer\"]\nAttack_ids: []\nIndustries: [\"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778497206", "to_ids": false, "type": "threat-actor", "uuid": "5dcfc73d-20da-481e-8366-66a5d751b126", "value": "TroyDen" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951534", "to_ids": true, "type": "ip-dst", "uuid": "ae714877-ba3e-4ad2-870b-3878cbd36520", "value": "89.169.12.241", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951555", "to_ids": true, "type": "ip-dst", "uuid": "af63c230-75fc-4268-afff-767e8c1db8f2", "value": "213.176.73.80", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951576", "to_ids": true, "type": "ip-dst", "uuid": "2cabfd71-dde7-4470-ba60-570665b97812", "value": "213.176.73.130", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951597", "to_ids": true, "type": "ip-dst", "uuid": "130be426-22ca-4d9c-9e2b-58a99a6b5cb3", "value": "217.119.129.121", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951618", "to_ids": true, "type": "ip-dst", "uuid": "0bcc38b6-ddfa-495c-ab6c-2abda68cbe52", "value": "217.119.129.76", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951641", "to_ids": true, "type": "ip-dst", "uuid": "06f7d00d-952a-47ca-a03f-f4e67e5a5f89", "value": "94.156.154.6", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951662", "to_ids": true, "type": "ip-dst", "uuid": "d8435561-3085-43c9-8791-0560e2043ee5", "value": "213.176.73.159", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951684", "to_ids": true, "type": "ip-dst", "uuid": "5229fba5-11b5-4acd-a97f-92c346123a9f", "value": "217.119.129.118", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951705", "to_ids": true, "type": "ip-dst", "uuid": "8d10be52-045a-4763-8675-cb94ed0df034", "value": "217.119.129.122", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546903", "to_ids": true, "type": "sha256", "uuid": "f95ea40d-980b-4605-9ce0-2bd1dfb37d08", "value": "3fc5816afde3e58bf9fcaa1b3873f2d4bc8629ee7a8341a4a4979d2729cad5e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951726", "to_ids": true, "type": "hostname", "uuid": "aadac441-8df9-42dd-a34c-c7a77131c3ea", "value": "openclaw-v3.8.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951747", "to_ids": true, "type": "hostname", "uuid": "55953c78-011f-469b-b232-6d142a0a0215", "value": "openclaw-v1.8.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546854", "uuid": "145ee23c-ac38-42bc-8a6c-125ee7f4d162", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546854", "to_ids": true, "type": "md5", "uuid": "d4fd8122-9928-4e5d-ac13-6548e6b30e0a", "value": "cff98a1cd9d9f096facf561288ac132f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546854", "to_ids": true, "type": "sha1", "uuid": "888308e5-3ed8-48a0-b2a1-f9e903b90914", "value": "4c7d4cc784bd1e01044f99ed1edf55bbb6babc6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546854", "to_ids": true, "type": "sha256", "uuid": "c536051f-56b1-4fc5-9531-a07a15ce5ba1", "value": "c655c2d410e6b36d9ef1359aef67183bf76c193c609697492e41d30622f7ebd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945542", "to_ids": true, "type": "ssdeep", "uuid": "943d152c-6dd3-4b72-ab4c-a2c456733f71", "value": "12288:GeCEht59qO3g/ALyYG0ZaDajTCXMO8xzDOeQakP:5tnA/f0Za6TCXKBxl0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945542", "to_ids": false, "type": "size-in-bytes", "uuid": "82239cda-57d1-4840-a553-09872918e7f3", "value": "546286" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945542", "to_ids": true, "type": "vhash", "uuid": "32fe1067-d6bc-48d9-be40-42a6729d86b2", "value": "a89fb8d5f03b752f11f71a67ae2a6b84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945542", "to_ids": true, "type": "filename", "uuid": "6a99cca9-de30-4d79-999d-44ca19ea35a5", "value": "docker-openclaw-v1.8.zip" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945542", "to_ids": false, "type": "text", "uuid": "6ea1ba50-2be5-400e-a7b9-2b277b002db8", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:49/68\nFirst Submission:2026-03-22T13:23:00.000000+00:00\nLast Submission:2026-03-22T13:23:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546857", "uuid": "dcc8950a-b150-47b1-b002-80e353df3daa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546856", "to_ids": true, "type": "md5", "uuid": "7b9ea5c3-3454-4174-b4e3-e9bf19572be0", "value": "7f8763a16a923fc1a188fd04dacbfaaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546856", "to_ids": true, "type": "sha1", "uuid": "98651fc3-871a-4f7d-919a-3cf075d1c195", "value": "0aec3fdd44982b06ac84c51a74ad353156909e33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546857", "to_ids": true, "type": "sha256", "uuid": "f760941a-fe86-4d24-86a8-a5f3beeaaca5", "value": "b54ea465f77f1eb726d3244aa52d13c103ad9c4fc5a15061b7067347896b433c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945563", "to_ids": true, "type": "ssdeep", "uuid": "222613bb-bcff-4123-9359-9d29216eacfb", "value": "3:Lj1AG6LFdR:yG6LR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945563", "to_ids": false, "type": "size-in-bytes", "uuid": "adfaa2c7-2013-47ce-8e73-1e82bb28f272", "value": "25" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945563", "to_ids": true, "type": "filename", "uuid": "4cb90a36-b97f-4f9d-9fd7-f0a6ada495d7", "value": "Launch.bat" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945563", "to_ids": false, "type": "text", "uuid": "12175905-07db-4afe-9588-4996327fdae5", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2026-02-22T19:31:50.000000+00:00\nLast Submission:2026-05-13T00:00:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546859", "uuid": "54ec42af-6505-4cff-8ac7-65cbbf904b28", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546859", "to_ids": true, "type": "md5", "uuid": "5074e17b-fb90-480d-9ed4-b9f9e7710090", "value": "1770fcdf879803a04811686ef260c7cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546859", "to_ids": true, "type": "sha1", "uuid": "269ea34f-85c7-48b8-84e9-1569f87addac", "value": "47cf529da3eabf5298ce8a22647470391ab0870a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546859", "to_ids": true, "type": "sha256", "uuid": "f176bdfa-fa47-4cd3-ab59-5125f9b2f6aa", "value": "357cd0a1601d24bbb7949637b352b0ace1f30f51f788a03cafa98316068938e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945586", "to_ids": true, "type": "ssdeep", "uuid": "f5a2f028-ef68-4268-a12d-d95c109dc254", "value": "3072:BVk0ZXKS3rMorXHuyWXsOO2nYwcF1jUXvtGnuJHmKM6VTK9XxYXLG3KOMh3ClfwZ:BV7z3pjOVX3OZTEQBQTK9x/3iSptzwVn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945586", "to_ids": false, "type": "size-in-bytes", "uuid": "af1f5eca-9267-45d1-9734-9101ecf3b321", "value": "308772" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945586", "to_ids": true, "type": "filename", "uuid": "98d83a3e-6d98-499b-bfae-e2c95bd2f05f", "value": "license.txt" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945586", "to_ids": false, "type": "text", "uuid": "049c689d-4097-4f21-b229-d7fa51fc0ef3", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:6/61\nFirst Submission:2026-02-22T19:58:31.000000+00:00\nLast Submission:2026-05-13T00:00:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546862", "uuid": "4e822a72-56d7-4d4d-a8c8-2b628d5174d9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546861", "to_ids": true, "type": "md5", "uuid": "32da5f20-d3ac-49ce-9a44-2a0e42433c32", "value": "c1317f7281ff9d56daeb7fae01acbdbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546862", "to_ids": true, "type": "sha1", "uuid": "a458bc6c-b85f-41e0-9a5a-a5272dcb5557", "value": "3ede36c1d7afdbdba58f2e7a69e679ea85d1bec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546862", "to_ids": true, "type": "sha256", "uuid": "d29e3ce4-0dd4-4615-b6b6-51a257ac4209", "value": "30694a0101abfeea642cb9de7fb7eb66789eea74d8d7257b39822d7dab59445d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945608", "to_ids": true, "type": "ssdeep", "uuid": "81fb24eb-b357-484a-ab00-a7e3555b508e", "value": "12288:0Ixb6mgscIPv+xPBPx3ph7WfsnE6VTdUZ9nUt2ZvIX/19X7BroLkLwqG:llRcIOXrh7dEiTWZC8gXTFD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945608", "to_ids": false, "type": "size-in-bytes", "uuid": "4356c5ab-6229-4fba-87a5-40863f30f3d2", "value": "771584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945608", "to_ids": true, "type": "vhash", "uuid": "ef6b4ba8-2e45-431a-8f79-22270832ae42", "value": "075056655d15555az69=zb1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945608", "to_ids": true, "type": "filename", "uuid": "35904bc1-9591-4415-aab1-7b98161ca36b", "value": "unc.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945608", "to_ids": false, "type": "text", "uuid": "399d435b-608e-429c-a8e0-e9de1f628f63", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/Lazy.PGPK!MTB\nVT Total Detection:49/71\nFirst Submission:2026-02-22T19:52:20.000000+00:00\nLast Submission:2026-05-16T15:31:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546865", "uuid": "5f239cc2-34cc-4286-97cc-945f5a42df99", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546864", "to_ids": true, "type": "md5", "uuid": "5d19be7c-e9ac-4f89-983a-588c11de8ef8", "value": "eadca51e1e060ce37b40a4b0b9d46108", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546864", "to_ids": true, "type": "sha1", "uuid": "dc286b04-627c-4f8d-ac3c-a48e4680cc40", "value": "f559e34c3d7cf38f7ec8bdbbeadb97a56b7e51b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546865", "to_ids": true, "type": "sha256", "uuid": "9a6bf82f-931a-4753-82cf-0cf877a27975", "value": "11c06aab7aa3f1857cc9add05b392ba6bd62a7fd2d168e41d9ba5557a96c78f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945629", "to_ids": true, "type": "ssdeep", "uuid": "b5eeea02-4336-4e10-9c09-5c308e43ce7f", "value": "12288:g5W3ZqF4KU7pUTqfpOFfsc7PZWzB0or6v0:g2ZqF4H7S+fsFt0NJrp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945629", "to_ids": false, "type": "size-in-bytes", "uuid": "e56eb34e-bed7-47f1-af7b-cca34848a7aa", "value": "583568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945629", "to_ids": true, "type": "vhash", "uuid": "09ae49d1-e278-462f-8365-e51686625f1b", "value": "a89fb8d5f03b752f11f71a67ae2a6b84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945629", "to_ids": true, "type": "filename", "uuid": "401aa5ec-1ad7-4ece-b8da-6be6f50a97e6", "value": "docker-openclaw-v3.8.zip" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945629", "to_ids": false, "type": "text", "uuid": "c6cbe9eb-8b5f-4343-a293-ca8cd9ad9d93", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:38/69\nFirst Submission:2026-03-22T13:23:58.000000+00:00\nLast Submission:2026-03-22T13:23:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546867", "uuid": "2905b05a-2137-4d84-9934-ffdf8e7918ab", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546866", "to_ids": true, "type": "md5", "uuid": "0fe1eff0-8c30-4fd0-a4b2-4e48a31bf275", "value": "3c5761b118ed15942be670b5c81811e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546867", "to_ids": true, "type": "sha1", "uuid": "162a1651-bd57-43e0-9dd1-076448721101", "value": "b98ba9ba95824f1a95d39f7422bcedbed4371e20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546867", "to_ids": true, "type": "sha256", "uuid": "0fd8f8b3-7f63-4114-9b13-aae85a8010b7", "value": "8e322af81744217427abef3cab949aee1de70f1506f40e4e2d672af9e1f6ef0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945652", "to_ids": true, "type": "ssdeep", "uuid": "1aa22d9a-1921-4293-a648-68df4dd89e41", "value": "3:LjerT:mT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945652", "to_ids": false, "type": "size-in-bytes", "uuid": "97f51b9f-5b07-47eb-8fbb-bfbd89c8f5c7", "value": "22" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945652", "to_ids": true, "type": "filename", "uuid": "4cc9e964-6143-40ab-ba0e-0572e97151a2", "value": "Application.bat" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945652", "to_ids": false, "type": "text", "uuid": "14349f48-9177-4522-9a46-cdf1b7926add", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:0/61\nFirst Submission:2026-02-17T16:48:12.000000+00:00\nLast Submission:2026-02-21T08:07:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546870", "uuid": "37b6cc7e-4f57-49e8-99c5-c1be1dfab419", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546869", "to_ids": true, "type": "md5", "uuid": "7c70a67b-e842-4c1e-b2de-e86f2ac38187", "value": "591ee71dcfc0f810fb33921c400e47ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546869", "to_ids": true, "type": "sha1", "uuid": "a8301458-da5d-4210-90de-24cbe0f8827c", "value": "f0b67da6174f8c8662b34beba7930369cb96ddac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546870", "to_ids": true, "type": "sha256", "uuid": "4d6bd779-323f-42ab-bc19-28e3ac4dca65", "value": "c58720dcb30e5c887ff5bfd41bb46a611f2655128f1ef1a771e1745f24349dfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945674", "to_ids": true, "type": "ssdeep", "uuid": "946540c2-bc8d-4715-9d90-3d1b9253d684", "value": "6144:lOhFlfou5G+vpaPidzpTrfoZiIc3vJY97NpHWlTj1m1:+J5GCaPijyiIc/CHpHeTj1m1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945674", "to_ids": false, "type": "size-in-bytes", "uuid": "df123dac-5a50-42d2-9ceb-850b5b269798", "value": "347036" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945674", "to_ids": true, "type": "filename", "uuid": "49d6ef2e-e391-485e-b696-8f6aa1e05390", "value": "base.txt" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945674", "to_ids": false, "type": "text", "uuid": "164c3aa4-3785-4f5e-bdce-50129e43414e", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:2/62\nFirst Submission:2026-02-16T21:43:50.000000+00:00\nLast Submission:2026-02-17T16:49:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546872", "uuid": "6306ae06-d456-42ae-86cc-eb9cc4789c32", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546872", "to_ids": true, "type": "md5", "uuid": "20aff91e-d8ed-4947-ad5c-bb14b3cce375", "value": "73c567b30d01312b68a7acf80a3314fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546872", "to_ids": true, "type": "sha1", "uuid": "0a885228-d83b-4712-bb58-a5d3a3b92965", "value": "463018b95dad283688ac588314c932accdc99d40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546872", "to_ids": true, "type": "sha256", "uuid": "bd0e4c1b-aa56-481b-b3fc-c215309364d0", "value": "b1d3e7e81016561faddf7b0a6cb9a3bd0174064b3b309c6948f5f1e6688a1381", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945696", "to_ids": true, "type": "ssdeep", "uuid": "1e5e9d2c-c348-455d-8b76-b63fbcecd330", "value": "12288:d1jeLwPDI0eF97VLJzZGMv2UzWIJn0X8cupaMKtdD5n9B7ow4Rkuz:zeLwLI0eF97bIMv2UaIR0Mcu96dxvKq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945696", "to_ids": false, "type": "size-in-bytes", "uuid": "4662c84e-7e50-4a32-9f0f-d4af291f794a", "value": "881152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945696", "to_ids": true, "type": "vhash", "uuid": "8467fc22-d87b-4a99-aa95-5b68492cebcc", "value": "085056655d15555az6c&z144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945696", "to_ids": true, "type": "filename", "uuid": "99809856-0d9a-41e0-83ae-048d4445b86b", "value": "lua.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 23/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945696", "to_ids": false, "type": "text", "uuid": "3342f16b-7f69-4320-a7bd-ae95e16adf63", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:43/72\nFirst Submission:2026-02-16T07:11:24.000000+00:00\nLast Submission:2026-03-31T06:34:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546875", "uuid": "d7c11f4a-c426-43e0-a385-7ceefe7fc012", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546874", "to_ids": true, "type": "md5", "uuid": "842581f7-68fb-4b3a-8472-25a2cd79da52", "value": "646c12bbecf9b0454843b88172a5f6c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546875", "to_ids": true, "type": "sha1", "uuid": "74a7b564-f86c-4c76-b12e-03de47f794f5", "value": "7cef86d1b5ef47b6ecdd7a3e3525324b623de4b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546875", "to_ids": true, "type": "sha256", "uuid": "e2283759-9642-4d16-9f7b-438ce55b59df", "value": "b1f9c4d82eb5f73b9081c3d414b3c053c1550e46fa21d30079134be3c0040ddb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945717", "to_ids": true, "type": "ssdeep", "uuid": "2555206b-d297-460e-a5f7-68d96157a635", "value": "12288:U5W3Zqz4KU7pUTqfpOFfsc7PZWzB0or6vG:U2Zqz4H7S+fsFt0NJr3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945717", "to_ids": false, "type": "size-in-bytes", "uuid": "cb7cae9b-facb-4f03-99f1-972763b1d98f", "value": "583568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945717", "to_ids": true, "type": "vhash", "uuid": "16d86a48-8934-4b4e-ac82-7b25ec5d497a", "value": "a89fb8d5f03b752f11f71a67ae2a6b84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945717", "to_ids": true, "type": "filename", "uuid": "5ed08cfb-9802-425f-89c6-95c2790f4d60", "value": "openclaw-docker-v1.6.zip" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945717", "to_ids": false, "type": "text", "uuid": "43c8dde1-c983-428f-a1e7-78604e619e7d", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Suschil!rfn\nVT Total Detection:39/66\nFirst Submission:2026-03-22T13:25:36.000000+00:00\nLast Submission:2026-03-22T13:25:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546878", "uuid": "7cd73e3c-ac13-45c1-be2e-8927750ac8d7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546877", "to_ids": true, "type": "md5", "uuid": "125b3dea-30d9-4874-99f8-3651e6801c55", "value": "8cdb86a1d09c86868341eef47e41cc89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546877", "to_ids": true, "type": "sha1", "uuid": "e206368e-9cc8-461c-abc1-6fcf5f9b3b23", "value": "6fdba6e1c9e6f5801ccb4fbd81871fa8961de089", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546878", "to_ids": true, "type": "sha256", "uuid": "d00f69b3-2ecf-43f1-82b9-c1a9b6e34dd8", "value": "39d39e6726408e778c8ad3d85010e1db0a686ebec1f8807f96cf80be59dfdd59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945760", "to_ids": true, "type": "ssdeep", "uuid": "b59f3487-be29-4329-8035-d9d5e2c5222f", "value": "3:LjehNlRm7S:iM7S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945760", "to_ids": false, "type": "size-in-bytes", "uuid": "679c21cd-be53-4680-9620-daec44ed6ffd", "value": "169" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945760", "to_ids": true, "type": "filename", "uuid": "3cfe008a-01f0-4071-8278-46ff21fd91f1", "value": "Launcher.cmd" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945760", "to_ids": false, "type": "text", "uuid": "bf071ef7-9844-4490-97f0-fd41a23a0fa3", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:3/61\nFirst Submission:2025-12-29T15:45:23.000000+00:00\nLast Submission:2026-04-12T15:58:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546880", "uuid": "d659eea6-58f0-4ce7-a707-653198388298", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546879", "to_ids": true, "type": "md5", "uuid": "065586b1-37de-4f07-bd3a-08eb87bcdb09", "value": "c554b438af5eda08a70c47710032cd8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546880", "to_ids": true, "type": "sha1", "uuid": "9ae9f545-3c1b-4384-b1f7-dce7380c97c6", "value": "60704bf242842168b4475b06aa1efe69ece67e11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546880", "to_ids": true, "type": "sha256", "uuid": "2c859646-6c2c-4fd8-91ed-6d32ad2346a3", "value": "b5c571363632a6887c6e9471435ab0fdcbf16bae6dbdf28d0fc755a9d467e859", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945784", "to_ids": true, "type": "ssdeep", "uuid": "37dc0fce-e06a-4aa0-adc0-a83500b88fbd", "value": "3072:EkQp5cpN2CwCCkDnylU8xk2+Cfjpo8ar82RSetCF6NUrul2evDB8X3gXKw94tHTf:Ercf2CgeS+Cq58qM3gN70" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945784", "to_ids": false, "type": "size-in-bytes", "uuid": "416753dc-7f7c-4f6c-884b-cda39189e57b", "value": "356686" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945784", "to_ids": true, "type": "filename", "uuid": "be19cadd-c0b4-4d98-9c24-945feb8b2887", "value": "cdef.txt" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945784", "to_ids": false, "type": "text", "uuid": "02831adf-7fef-43bd-b434-836c46acc979", "value": "Type Description: Text\nMicrosoft: None\nVT Total Detection:1/62\nFirst Submission:2026-01-02T15:08:22.000000+00:00\nLast Submission:2026-04-07T13:24:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546883", "uuid": "8e712eca-e25f-4a00-97f6-cdc3ccedbb09", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546882", "to_ids": true, "type": "md5", "uuid": "c39a5fc9-b21a-4646-92b2-8d993054bc4d", "value": "4ebd617a3ad9a9619172bd14a902a400", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546882", "to_ids": true, "type": "sha1", "uuid": "a5b6dcfb-c0fd-48bb-b7b4-4e4f94ab1bd4", "value": "270f66d2c84ee86ff4b07c6220c51abd4897b5f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546883", "to_ids": true, "type": "sha256", "uuid": "dce49b08-665e-4f21-9beb-324cc069ddd8", "value": "c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945806", "to_ids": true, "type": "ssdeep", "uuid": "2df4c900-1b9f-4ec4-bc45-836cd9a9cc39", "value": "24576:QXEeYq+Fjb1h2Ac9qJqvqj+OhbaijGPDX732ywPKpQlABQFi8ePj40RvzinxO4xS:EEDv/2Ac9qB+OR4n3xBQKvjGQe11Fgl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945806", "to_ids": false, "type": "size-in-bytes", "uuid": "ee9ec973-b15a-4e8b-a5bf-10303f26845b", "value": "3531914" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945806", "to_ids": true, "type": "vhash", "uuid": "1d0d3e37-5010-41f8-aa6d-0407ed93ffbe", "value": "1361376d1555551c055d1az2553$z99" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945806", "to_ids": true, "type": "filename", "uuid": "372fbe97-3a7f-4e3e-a771-2ade34cd9f19", "value": "lua51.dll" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 10/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945806", "to_ids": false, "type": "text", "uuid": "5b07bf8c-79d8-4c7e-898d-0fbdca882813", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2021-11-30T09:25:38.000000+00:00\nLast Submission:2026-05-16T09:06:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546885", "uuid": "4fc14e9f-871f-4250-9451-2b246fd7b99e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546885", "to_ids": true, "type": "md5", "uuid": "10c01b82-dc2a-47e5-a342-2c72d9fbad90", "value": "00f60ee3ff2dee681b5d7d442009b2c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546885", "to_ids": true, "type": "sha1", "uuid": "7d50693b-a0b6-463b-a159-a2e7c427166a", "value": "f5199b4191add11d02d58f521cbea21465b7ff6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546885", "to_ids": true, "type": "sha256", "uuid": "6939ede2-e093-46ba-9b1c-3da3f60e74f3", "value": "5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945828", "to_ids": true, "type": "ssdeep", "uuid": "b9d54215-1b9a-4453-8780-583a72a5b699", "value": "1536:mmNzk2shF9CXUatIEqTIm4gKN2PwJy4wMUFA8:mmVvtQTKN64wHK8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945828", "to_ids": false, "type": "size-in-bytes", "uuid": "76a53b97-4094-43a8-913b-fb4d24350602", "value": "100900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945828", "to_ids": true, "type": "vhash", "uuid": "c8f2d106-a606-422f-adb5-592562203677", "value": "0151175d1515151c0d1d1az1723=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945828", "to_ids": true, "type": "filename", "uuid": "45c3936a-150b-4c5d-9dce-c45841269a8c", "value": "luajit.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945828", "to_ids": false, "type": "text", "uuid": "75cef8b5-08cf-42ea-a9ec-7b194a8e4f70", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:7/71\nFirst Submission:2021-11-30T09:25:13.000000+00:00\nLast Submission:2026-05-16T13:15:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546888", "uuid": "625f138e-0a2f-4f24-982f-5d78d974a69b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546887", "to_ids": true, "type": "md5", "uuid": "7fff2e7e-db32-44d1-b599-b02bafb9dc83", "value": "f489d2c9ca80bde0079ef1d1f715aeca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546887", "to_ids": true, "type": "sha1", "uuid": "5c15383c-2ac0-47ed-8323-7982490638cf", "value": "5f152711f125f7826f889bb45a00ba1fe9bd96d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546888", "to_ids": true, "type": "sha256", "uuid": "d5558435-6377-49bd-87eb-49800c8162c7", "value": "398ea394f9a4242ebe9fd67a5ca62445fc4a34b1731d4f99b8eea5e65a98ddcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945849", "to_ids": true, "type": "ssdeep", "uuid": "d6cac888-98ee-4fc6-978d-e55679ca2362", "value": "12288:weCEhtC9qO3g/ALyYG0ZaDajTCXMO8xzDOeQak6:XtUA/f0Za6TCXKBxlx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945849", "to_ids": false, "type": "size-in-bytes", "uuid": "8c255c10-c522-4885-bbc4-857fe4d61136", "value": "546286" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945849", "to_ids": true, "type": "vhash", "uuid": "f36ae4c2-70df-4b09-ba1e-a7ffedd2801a", "value": "a89fb8d5f03b752f11f71a67ae2a6b84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945849", "to_ids": true, "type": "filename", "uuid": "0cf11736-4f73-48a2-9677-f16f7e5fd6d3", "value": "location_number_tracking_tool_phone_v2.5.zip" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 17/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945849", "to_ids": false, "type": "text", "uuid": "b7189287-ccf0-412d-a5ad-e368e6afded1", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:41/69\nFirst Submission:2026-02-23T19:00:35.000000+00:00\nLast Submission:2026-05-01T08:42:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546890", "uuid": "4d4077db-c273-4351-aa9b-fb4dd43743ba", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546890", "to_ids": true, "type": "md5", "uuid": "846b94a7-b26c-4f0c-aaa0-81da6307e7b7", "value": "9e4b85da6a180a2aafbffcf5fa7bd64b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546890", "to_ids": true, "type": "sha1", "uuid": "17446825-a06e-4896-9e30-418008f78e2d", "value": "9d6ff7800a4f44c274c62244e3d5aff5c3ef34bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546890", "to_ids": true, "type": "sha256", "uuid": "2852a795-995f-4803-a44f-dfa922d21ffa", "value": "b6e81d95c0c336e8b8bde3889f4df4ee17639f6ff055c631de19cab3c7efb63b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945871", "to_ids": true, "type": "ssdeep", "uuid": "4aafffc2-a491-42b9-a78c-8866eeb0b72c", "value": "24576:pjqZmcpucoZjxbq9j8XJlqrGAuImQIMESQ+hcqMXHC0Clwi6/CttWaRl:rcoZ9bq+MmMEL+hcjXHC/wnwdl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945871", "to_ids": false, "type": "size-in-bytes", "uuid": "78893fcf-c228-4a31-85de-1354cccc96ff", "value": "1394887" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945871", "to_ids": true, "type": "vhash", "uuid": "581de240-d918-40b2-a7eb-cfee8bec05e7", "value": "e75176705352e42535303cd0953b5a2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945871", "to_ids": true, "type": "filename", "uuid": "e512c2fe-7187-443b-b753-f26e62484a3e", "value": "tracking-tool-location-number-phone-3.2.zip" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945871", "to_ids": false, "type": "text", "uuid": "430e01d2-1f9e-4b62-80e7-4af629bcf7c8", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:13/68\nFirst Submission:2026-01-24T12:09:03.000000+00:00\nLast Submission:2026-01-24T12:09:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546893", "uuid": "5a1884ac-48a8-4503-b2d4-f69e059851a1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546892", "to_ids": true, "type": "md5", "uuid": "a05521b6-e75e-48c9-952a-387eae72e0ce", "value": "99f33917b74876af9dfc014892f7a25c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546893", "to_ids": true, "type": "sha1", "uuid": "c0066ec7-50c3-4805-a28f-322b00ab0beb", "value": "90941539786180d90576558ed20576ba83874d1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546893", "to_ids": true, "type": "sha256", "uuid": "a8981fb7-f2ae-4b62-8787-06287f58e6d2", "value": "28d09366dc7842fe42f44a27cb54c6e1ba6769f42a27b99f5d455efb1e6de454", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945893", "to_ids": true, "type": "ssdeep", "uuid": "6a10365c-f436-4333-9f0c-866abc742840", "value": "24576:zyJe7oZjxbq9j8XJlqrGAuImQIMESQ+hcqMXHC0Clwi6/CttWaRW:ssoZ9bq+MmMEL+hcjXHC/wnwdW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945893", "to_ids": false, "type": "size-in-bytes", "uuid": "f52fb7dd-94a9-4a33-b861-71f0f18aed93", "value": "1386736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945893", "to_ids": true, "type": "vhash", "uuid": "2da48734-34b0-4dae-8d38-fefdf44e5dc5", "value": "e75176705352e42535303cd0953b5a2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945893", "to_ids": true, "type": "filename", "uuid": "f173df7a-48d5-4716-b44a-8fa814cb4e80", "value": "fishing-planet-enhanced-menu-v2.9.zip" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945893", "to_ids": false, "type": "text", "uuid": "d1160f9a-1a6b-4608-9e71-4ed0c4ba6099", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:27/69\nFirst Submission:2025-12-23T22:48:46.000000+00:00\nLast Submission:2026-02-22T00:44:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546896", "uuid": "7e35f5c5-129e-4f5b-b25e-c6dcd4535edc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546895", "to_ids": true, "type": "md5", "uuid": "2e6ae180-0d4e-4627-b9e8-0443ed3a88f9", "value": "7eb6dac341fad662bf2bedfce7a7fdce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546895", "to_ids": true, "type": "sha1", "uuid": "81b1fe8e-5c94-4af4-9501-2aff406bccd7", "value": "a6de13e6a4aef51f7b2bc298181ee5e02dd94861", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546896", "to_ids": true, "type": "sha256", "uuid": "247defb8-2a70-4151-9bb4-c22baa1d403c", "value": "964dfb63ff140149ed8b310dba63fd8d82a82dc9979348e93b3dd7206fd71d13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945915", "to_ids": true, "type": "ssdeep", "uuid": "5e48717c-4d06-42d3-bef6-1fced15812d1", "value": "3:LjehNt+L:imL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945915", "to_ids": false, "type": "size-in-bytes", "uuid": "f09c4957-98cd-46fd-b6b9-7a82df3355b8", "value": "43" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945915", "to_ids": true, "type": "filename", "uuid": "52257527-fd43-46c4-bd69-78ea54d946f3", "value": "Launcher.cmd" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945915", "to_ids": false, "type": "text", "uuid": "0423f447-0c83-4307-842d-a0a430d023fe", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:8/61\nFirst Submission:2025-12-21T01:52:31.000000+00:00\nLast Submission:2026-02-27T00:12:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546898", "uuid": "efa3d96c-b539-49ab-ac41-76da715b9766", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546897", "to_ids": true, "type": "md5", "uuid": "2270956d-d728-4619-ae48-138284d1f8ba", "value": "dd76846d31e2aa2f5e8c70588d51c2df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546898", "to_ids": true, "type": "sha1", "uuid": "b9507d61-4f78-4e3c-a24a-4196c7c0e740", "value": "bef485d8b3ab03ec389b984a231369f9aa2852c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546898", "to_ids": true, "type": "sha256", "uuid": "d7c3a565-1cbb-4e73-8ee7-a4469a95cc99", "value": "593916916552ce87cd6fde7353875e023cd8a89f13d222fc636634a43ff65cdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945937", "to_ids": true, "type": "ssdeep", "uuid": "ae344559-0f00-4972-8de3-2b7957108f1d", "value": "6144:EXGs+Qdx8Exl+9RSyNX267M8/08WfztlUryM0b6cusxcT34Fdw9jvqDroncmV+ro:EXGs1H8ExM9/ePVSsFwDqDm6o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945937", "to_ids": false, "type": "size-in-bytes", "uuid": "b68d738c-41ae-4d48-8938-f2caba69d35f", "value": "341209" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945937", "to_ids": true, "type": "filename", "uuid": "3379d3da-42f1-4301-ae4b-2bd90c099588", "value": "clib.txt" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 09/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945937", "to_ids": false, "type": "text", "uuid": "4521aacd-93c4-4f83-a650-1e58081abe54", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:24/61\nFirst Submission:2025-12-23T03:45:47.000000+00:00\nLast Submission:2026-02-17T11:46:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546901", "uuid": "72dfc348-44ce-4a71-a355-c35ef94fb392", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546900", "to_ids": true, "type": "md5", "uuid": "3e20f05b-0228-41fd-ad69-f3538b977f46", "value": "e273e69a05d1248757573b063661a525", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546900", "to_ids": true, "type": "sha1", "uuid": "37b5f72a-04e5-40db-9d64-e42babe0db9d", "value": "21cf6c0795909bf3b46e291675eb631910ca7b2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546901", "to_ids": true, "type": "sha256", "uuid": "578b1b2d-a58a-4cd7-ac97-18e01ada9a01", "value": "66ee4143e50c42b26f1059a33860d49513194c6b049245c9a68a45dbefa40ec1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945958", "to_ids": true, "type": "ssdeep", "uuid": "665a7d7d-1117-4b11-82b7-0405f82b3e79", "value": "12288:AeCEhtG9qO3g/ALyYG0ZaDajTCXMO8xzDOeQak+:HtIA/f0Za6TCXKBxlB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945958", "to_ids": false, "type": "size-in-bytes", "uuid": "464c5e8a-8362-480a-ac57-2609a630fe9b", "value": "546286" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945958", "to_ids": true, "type": "vhash", "uuid": "303f78c3-63b5-4afa-9d4c-45999c1e75cf", "value": "a89fb8d5f03b752f11f71a67ae2a6b84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945958", "to_ids": true, "type": "filename", "uuid": "0c8522c8-254d-4b68-a6ae-02d37cba9bef", "value": "fishing_planet_enhanced_menu_3.9 (1).zip" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 22/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945958", "to_ids": false, "type": "text", "uuid": "0d8f3259-f486-469f-bb9a-f9bb50c758ec", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:44/69\nFirst Submission:2026-02-23T01:35:58.000000+00:00\nLast Submission:2026-05-16T01:07:25.000000+00:00" } ] } ] } }