{ "Event": { "analysis": "1", "date": "2026-04-23", "extends_uuid": "", "info": "[Threat Intel] Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft", "protected": false, "publish_timestamp": "1779545537", "published": true, "threat_level_id": "2", "timestamp": "1779545536", "uuid": "3a50dc3f-5422-4fc5-b70c-bcc316cd6318", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#892644", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": "" }, { "colour": "#8ed4a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#07ff3c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#e43954", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#865fd1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Credential Manager - T1555.004\"", "relationship_type": "" }, { "colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Trigona\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"trigona\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777028410", "to_ids": false, "type": "link", "uuid": "84fcb2b6-833e-45d2-b0cf-53008ca87815", "value": "https://www.security.com/blog-post/trigona-exfiltration-custom" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1777028410", "to_ids": false, "type": "text", "uuid": "2aeff99d-7938-49a3-9850-db66272cbeaa", "value": "Trigona ransomware affiliates have adopted a custom-developed exfiltration tool called uploader_client.exe in attacks observed during March 2026, marking a significant tactical evolution. This command-line utility features parallel data streams, connection rotation to evade network monitoring, and granular file filtering capabilities. The shift from commonly used off-the-shelf tools like Rclone to proprietary malware suggests attackers are attempting to maintain a lower profile during critical attack phases. Prior to data exfiltration, attackers deploy multiple security-disabling tools including HRSword, PCHunter, and various BYOVD utilities to terminate endpoint protection at the kernel level. Remote access is established through AnyDesk, while credential theft is conducted using Mimikatz and Nirsoft utilities. This custom tooling approach demonstrates a higher degree of technical maturity compared to typical ransomware affiliate operations." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1777028410", "to_ids": false, "type": "text", "uuid": "b31c7ef1-323b-46e6-8ab4-564de9fa4171", "value": "Name: Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft\nAuthor: AlienVault\nAdversary: Rhantus\nTags: [\"trigona\", \"ransomware-as-a-service\", \"kernel driver abuse\", \"wktools\", \"stpprocessmonitorbyovd\", \"malextractor\", \"hrsword\", \"dumpguard\", \"gogra\"]\nTgtd countries: []\nMlwr families: [\"Trigona\", \"uploader_client\", \"HRSword\", \"PCHunter\", \"Volgmer - S0180\", \"YDark\", \"WKTools\", \"DumpGuard\", \"StpProcessMonitorByovd\", \"PowerRun\", \"Mimikatz\", \"AnyDesk\", \"MalExtractor\", \"GoGra\"]\nAttack_ids: [\"T1543.003\", \"T1135\", \"T1082\", \"T1071\", \"T1005\", \"T1219\", \"T1055\", \"T1560\", \"T1555.003\", \"T1003.001\", \"T1090\", \"T1083\", \"T1057\", \"T1041\", \"T1562.001\", \"T1068\", \"T1486\", \"T1555.004\", \"T1021.001\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1777028410", "to_ids": false, "type": "threat-actor", "uuid": "83d0f24c-1598-4f19-87f1-317c1fd7156d", "value": "Rhantus" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545503", "to_ids": true, "type": "sha256", "uuid": "ed18502a-7136-48ab-bd68-0ced07ba0b73", "value": "0ce7badb26174b6129fb13d7e255e582f84d8aaedeabcd02c80d84a609144068", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545505", "to_ids": true, "type": "sha256", "uuid": "620dc3f6-c0ea-45ff-9388-4089188faa4f", "value": "35f28a31a47b0bcd92722265473d66ffef6c4bd460c71c36b57df2ac0d02f671", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545507", "to_ids": true, "type": "sha256", "uuid": "4b906c64-46d4-445c-9945-c4615fdc4fa7", "value": "396aa1f8f308010a3c76a53965d0eddd35e41176eacd1194745d9542239ca8dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545508", "to_ids": true, "type": "sha256", "uuid": "1e09413f-8bf3-44fe-926b-003a96af7c1c", "value": "48f3d66492a494965e7039079158e2fee552aaab517d1a55352209c9eedcb765", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545510", "to_ids": true, "type": "sha256", "uuid": "38e5e423-1091-43e7-a43b-25932ba4db99", "value": "49a7b3cf426d1f35a2138c0a6cec397688d223d7f2bcbbeed53b511a328a97be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545512", "to_ids": true, "type": "sha256", "uuid": "51278f39-64e9-4406-9c0f-05d771c315c0", "value": "4adbb1906762c757764ffc5fa64af96e091966f4f5a43aae12fcc4f05f1c26b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545514", "to_ids": true, "type": "sha256", "uuid": "7d169fe6-1c22-4b63-8df4-79c2dd434cd6", "value": "647b2f12486343fe065dc4abbb11e2338589eb099c72792b5a05e64a5e2937fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545516", "to_ids": true, "type": "sha256", "uuid": "df5c4364-2dec-458e-b03c-b3c2ba93e319", "value": "6c31dd44b29b5f87030caececc616cf366badeff5a7e4c9933aa5fa6445a0c7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545517", "to_ids": true, "type": "sha256", "uuid": "e68dae24-d1a1-445e-8f75-b12d015e5beb", "value": "72fc3d03065922b9a03774bbd1873e5e7f3a5a2abf5dcf7bfb2e98aceed53a9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545519", "to_ids": true, "type": "sha256", "uuid": "1f37d740-b2a5-4fec-9e94-307384560f42", "value": "73cd405b5bfc99ec5cf33467d4be7fc7e39ae18337568ee10173c17ba6e8f0d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545521", "to_ids": true, "type": "sha256", "uuid": "7d7d59a5-f746-4524-9b6f-568c744ef7fc", "value": "771de264c5d7e1e5ac85f00c42e9fe3b439bcbd4f9aa11e4fd7bc0d87fa2344e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545524", "to_ids": true, "type": "sha256", "uuid": "c835c6c2-b0a6-4bfe-b9af-9148935b50ef", "value": "87bf4b152d9548f415f12f353f988b5442729e7f24e2902ddfd0baa4a944354a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545526", "to_ids": true, "type": "sha256", "uuid": "020f10fa-135a-4909-a48c-a2a841d1fae3", "value": "8a2f4907159a68867b22bc772590ebcafcfa656a23951228ecd89e4f598472b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545527", "to_ids": true, "type": "sha256", "uuid": "7457bb73-be1e-4e8f-9a86-8c4782bf23f5", "value": "99c4775ed813f354c9e53f42797226d82b26f44d19e81036c9e55222d1744189", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545529", "to_ids": true, "type": "sha256", "uuid": "a087f78f-9af1-4fc9-b482-e918dcf85786", "value": "a18555c1ca53d4826191a30889d82205a304932f997baec755c98ddad4326cb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545531", "to_ids": true, "type": "sha256", "uuid": "1df59ede-6246-46af-8db3-c11423374b92", "value": "d4339a5b9d15211dbc85424cf7fa8ff825033ea3378506d8ecb19b016db5b4ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545533", "to_ids": true, "type": "sha256", "uuid": "b7c9c077-b4c7-4ba1-8196-adecf4505e0b", "value": "d833e8fc97b3c865ebfb96a48da9ec446148cb5ad7e66ca5c47cd693f7923888", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545535", "to_ids": true, "type": "sha256", "uuid": "ec8d4d17-3b25-445e-b8cb-0c7f1969908a", "value": "df5a574254637d2880633b0582e956b23f66efc6781e825c65e1ccfaa6c58809", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545536", "to_ids": true, "type": "sha256", "uuid": "417b1b3f-13b2-4471-bfc2-0bb7f5858e25", "value": "f5390674f0f49fe8af116396828c3de6729347ebc3c772d87618e55629aec06c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777611949", "to_ids": true, "type": "ip-dst", "uuid": "43bc55a8-21c1-4a65-b79b-5d20ee264723", "value": "163.172.105.82", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545445", "uuid": "47c12a47-9401-46ce-a7d0-58f329abf01f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545444", "to_ids": true, "type": "md5", "uuid": "5a611f76-1493-45ac-aa0a-667b1c3076ca", "value": "e9dc058440d321aa17d0600b3ca0ab04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545444", "to_ids": true, "type": "sha1", "uuid": "58fa082b-6414-4a0a-888d-429a0abf4f93", "value": "539c228b6b332f5aa523e5ce358c16647d8bbe57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545445", "to_ids": true, "type": "sha256", "uuid": "1403a97c-a760-4cb0-b3a1-16ad48a3fc83", "value": "e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608138", "to_ids": true, "type": "ssdeep", "uuid": "4e400395-693f-4cca-a04c-83016d2cbfd6", "value": "6144:wW3dQfk45aQOVusKHL7G0FJ6KbJLor/XqNjHtBfLptTksD0c2PMM40:FgkOZHvNJ6KbJE/qNBJT/h2PM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608138", "to_ids": false, "type": "size-in-bytes", "uuid": "801665b6-257b-4e85-a44a-d823c5371bb3", "value": "380928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608138", "to_ids": true, "type": "vhash", "uuid": "3bf23b25-25d8-49a3-9411-45a67c729774", "value": "03503e0f7d1bz6!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608138", "to_ids": true, "type": "filename", "uuid": "5daeb068-5afb-4ec2-8b2e-99b95f785ee5", "value": "gmer.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 01/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608138", "to_ids": false, "type": "text", "uuid": "1ff0d976-c36f-4a10-ada4-cdfc28f98128", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win32/Gmer\nVT Total Detection:40/71\nFirst Submission:2016-03-11T17:30:29.000000+00:00\nLast Submission:2026-04-30T23:18:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545447", "uuid": "1cdc7734-374b-4a83-8576-d66c483a3953", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545447", "to_ids": true, "type": "md5", "uuid": "9329b600-db06-4d5b-934f-9e89c107534c", "value": "d28f0cfae377553fcb85918c29f4889b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545447", "to_ids": true, "type": "sha1", "uuid": "6a7fc92e-8889-4170-979f-5ad07f2dc9d9", "value": "32e24780735a0148c3cc4ce7dda30ed9365397a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545447", "to_ids": true, "type": "sha256", "uuid": "60f4ec10-cc38-4cfa-85eb-3c93baec1e42", "value": "816d7616238958dfe0bb811a063eb3102efd82eff14408f5cab4cb5258bfd019", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608159", "to_ids": true, "type": "ssdeep", "uuid": "e336001a-f77e-405c-8dfa-7962db560aea", "value": "1536:NN7ZEyhh5vmK6ApMmmIzrhz9vfbw557J6:vpZv0rmmAt9nk557J6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608159", "to_ids": false, "type": "size-in-bytes", "uuid": "c463fbc4-edab-4d32-9ba1-294fa35fa032", "value": "54272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608159", "to_ids": true, "type": "vhash", "uuid": "cb560024-c62d-47df-a2e4-0ea6e5cab581", "value": "054046655d1510407011z9002727fz12z4afz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608159", "to_ids": true, "type": "filename", "uuid": "3eb987a6-2582-4e5f-93b9-14f5a91190c6", "value": "VNCPassView.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 01/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608159", "to_ids": false, "type": "text", "uuid": "43e9b864-944f-4453-8d8a-5e448b19e0c5", "value": "Type Description: Win32 EXE\nFile distributed by: ['Nir Sofer']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['VNCPassView.exe']\nMicrosoft: None\nVT Total Detection:22/72\nFirst Submission:2014-08-01T09:20:52.000000+00:00\nLast Submission:2026-03-25T16:32:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545450", "uuid": "470434b8-0310-4bc9-8241-c918097beb3d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545449", "to_ids": true, "type": "md5", "uuid": "82d9e76d-87da-4004-bece-108509564403", "value": "df218168bf83d26386dfd4ece7aef2d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545450", "to_ids": true, "type": "sha1", "uuid": "2cccc6a8-3ea1-4b82-a1ab-e43aaf003e79", "value": "4a3418d78d8fe36b39d1ee5435796369b88a8762", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545450", "to_ids": true, "type": "sha256", "uuid": "3b9e58d9-d9aa-49f0-b987-0e01a7519817", "value": "7a313840d25adf94c7bf1d17393f5b991ba8baf50b8cacb7ce0420189c177e26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608182", "to_ids": true, "type": "ssdeep", "uuid": "d20a303d-07dd-4724-a1c7-1ec58f51896a", "value": "1536:gvcwAKSueykH88dTJ0sprwe4l9yj1iyjNQbH:g6K3eyc88ZqorweA9ajKj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608182", "to_ids": false, "type": "size-in-bytes", "uuid": "894eb2fb-48f8-4d44-a996-c10703f50827", "value": "66048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608182", "to_ids": true, "type": "vhash", "uuid": "9d7ab96f-7f5b-4cdf-bc80-698e963ee3b4", "value": "06403e0f7d10101011z11z6015z17z13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608182", "to_ids": true, "type": "filename", "uuid": "baf79f82-79db-45c3-8129-0a543bb654dd", "value": "mspass.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608182", "to_ids": false, "type": "text", "uuid": "17117c39-957b-4af3-a7f9-a62fc22568b9", "value": "Type Description: Win32 EXE\nFile distributed by: ['Nanni Bassetti']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['MessenPass.exe']\nMicrosoft: None\nVT Total Detection:54/71\nFirst Submission:2014-09-17T11:38:59.000000+00:00\nLast Submission:2026-03-18T22:24:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545453", "uuid": "170b080e-09ff-4a50-8ff9-7693f0a3d16d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545452", "to_ids": true, "type": "md5", "uuid": "31a04b2d-88d1-4a88-aef6-f58b2eadd3b6", "value": "1dfe0e65f3fb60ee4e46cf8125ad67ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545452", "to_ids": true, "type": "sha1", "uuid": "a87903c4-abae-4c18-908b-2bc122338be9", "value": "bd48322845f8930e58e038dfd4e1e243e80a6b76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545453", "to_ids": true, "type": "sha256", "uuid": "3738a8af-b5eb-4333-90d7-d01d9795c350", "value": "598555a7e053c7456ee8a06a892309386e69d473c73284de9bbc0ba73b17e70a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608206", "to_ids": true, "type": "ssdeep", "uuid": "5d81e50f-d9dc-4be9-9883-87b4aa69af62", "value": "1536:gcfPiE7uVvceOVIrTMtSduWQYp7WPcJmBzVkMo2S7Ns9:gkPiETwModuNI2c+VkMTS7Ns9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608206", "to_ids": false, "type": "size-in-bytes", "uuid": "b72a7090-a390-4b26-b468-f982b22c07e9", "value": "74752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608206", "to_ids": true, "type": "vhash", "uuid": "af1f2a34-6ea2-4b83-baa4-cd00cb0d1f87", "value": "074046655d1510407031z9002f2c5z27z52z5003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608206", "to_ids": true, "type": "filename", "uuid": "c334ce70-6e8a-4c49-8cdb-b02ff483e4a4", "value": "Dialupass" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608206", "to_ids": false, "type": "text", "uuid": "fca714e7-5a4f-42b7-9ddd-aa2ba561fdb1", "value": "Type Description: Win32 EXE\nFile distributed by: ['Open Source']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['dialupass.exe']\nMicrosoft: Trojan:Win32/Ymacco.AB59\nVT Total Detection:42/71\nFirst Submission:2019-09-14T18:51:03.000000+00:00\nLast Submission:2026-04-30T16:50:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545455", "uuid": "eaea773b-e421-48a3-8ba4-2cb78a15b5bb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545454", "to_ids": true, "type": "md5", "uuid": "8ffdc5ce-950e-4e2b-aa54-8052c49f0602", "value": "fae1061813f2148296767d28262d2c25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545455", "to_ids": true, "type": "sha1", "uuid": "0507bc71-778d-4ebf-9167-12a6e0322036", "value": "746710470586076bb0757e0b3875de9c90202be2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545455", "to_ids": true, "type": "sha256", "uuid": "5e1a3d09-c149-4f00-9ebe-125207c66670", "value": "c7d994eb2042633172bd8866c9f163be531444ce3126d5f340edd25cbdb473d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608229", "to_ids": true, "type": "ssdeep", "uuid": "cc7918c4-feb1-404c-bbcf-8d5dbb4eb5f8", "value": "24576:oUwboBA5CRW8FIB32I2gu4rLEh3O5/FKmX+6wvpNPW:oLbn5CYD12T4riudKm2VW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608229", "to_ids": false, "type": "size-in-bytes", "uuid": "b1f3d1a1-672f-46ea-b9c7-42e93b6f73c2", "value": "878592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608229", "to_ids": true, "type": "vhash", "uuid": "fa54c16e-3aa8-42d5-85fa-793ba9dcd770", "value": "08503f7f5d50101011z11z201013z1015z10101010101019z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608229", "to_ids": true, "type": "filename", "uuid": "c16d1d17-6058-41b1-8e75-1daff7037291", "value": "netscan.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608229", "to_ids": false, "type": "text", "uuid": "12ad12ed-f975-4645-b515-4a122491b0ee", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:14/71\nFirst Submission:2012-01-15T20:14:46.000000+00:00\nLast Submission:2026-03-05T22:54:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545458", "uuid": "5baafd09-04d1-488d-87f3-d28c951fed3b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545457", "to_ids": true, "type": "md5", "uuid": "fac974d4-4db2-4d72-a729-7fc667328a4e", "value": "987b65cd9b9f4e9a1afd8f8b48cf64a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545457", "to_ids": true, "type": "sha1", "uuid": "e584181a-274a-49ae-a576-3358f2c380bf", "value": "5f1cbc3d99558307bc1250d084fa968521482025", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545458", "to_ids": true, "type": "sha256", "uuid": "94ebe34e-9130-42a9-9acd-78cfbe249055", "value": "2b214bddaab130c274de6204af6dba5aeec7433da99aa950022fa306421a6d32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608251", "to_ids": true, "type": "ssdeep", "uuid": "0727b030-d97a-4cd2-8b56-2bb72720ea16", "value": "98304:ec2woDnsJL7vEGeQECPKHvf5M3Tj2bg1pFNAlVu8kBQxC6yZKylLj:L2woDnwL7884f5Am01pElVu8kCI6GNj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608251", "to_ids": false, "type": "size-in-bytes", "uuid": "33242056-22ce-4acf-8a10-524a8eeae354", "value": "10916080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608251", "to_ids": true, "type": "vhash", "uuid": "826fa172-c1cf-45b1-90b7-58592d19279a", "value": "017076651d1577751561e051z78c00d2z32z4e2d5zf0b01f7032801027z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608251", "to_ids": true, "type": "filename", "uuid": "f433919f-fcca-4c7f-b111-7f7e0c156714", "value": "PCHunter.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608251", "to_ids": false, "type": "text", "uuid": "5da36cad-57df-4e83-85aa-878cf6e95e21", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:49/71\nFirst Submission:2019-01-31T13:02:27.000000+00:00\nLast Submission:2026-04-26T19:56:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545460", "uuid": "4dddbab6-eb60-4652-a236-cc8528e1f4be", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545459", "to_ids": true, "type": "md5", "uuid": "bce628ba-3bbb-42ab-b62b-6552d0dd93df", "value": "44bd492dfb54107ebfe063fcbfbddff5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545460", "to_ids": true, "type": "sha1", "uuid": "c933e117-7395-4e04-bba2-799528f681f9", "value": "9f7835b3cdc7cbc641904b1923d7de4a72b3c437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545460", "to_ids": true, "type": "sha256", "uuid": "9f568abf-4a61-4e9f-ad48-0478e07c8b88", "value": "205818e10c13d2e51b4c0196ca30111276ca1107fc8e25a0992fe67879eab964", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608273", "to_ids": true, "type": "ssdeep", "uuid": "de58f989-ef29-4453-8a3a-c66931f7b324", "value": "768:+C8WYk0Eyg40RwOSjSCGgx7UOjb/p3XcS/86woD18N+:iWY5qRRwOSjsUYAx8J6woWN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608273", "to_ids": false, "type": "size-in-bytes", "uuid": "6a90244d-d30f-4868-806d-8cef607be0b0", "value": "30720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608273", "to_ids": true, "type": "vhash", "uuid": "b5e99852-b381-4cfb-b6e6-67b5bcc5e91c", "value": "03403e0f7d10101011z11z601fz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608273", "to_ids": true, "type": "filename", "uuid": "21ec69a5-d054-4230-8807-d8152d0bde1b", "value": "rdpv.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608273", "to_ids": false, "type": "text", "uuid": "65d5a904-889f-4268-b977-9f722dbc29e6", "value": "Type Description: Win32 EXE\nFile distributed by: ['Nir Sofer']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['RemoteDesktopPassView.exe', 'rdpv.exe']\nMicrosoft: HackTool:Win32/Passview!MSR\nVT Total Detection:47/71\nFirst Submission:2014-09-17T17:07:20.000000+00:00\nLast Submission:2026-04-30T19:45:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545463", "uuid": "c890a14a-43f0-4661-995a-a7ebb3bbb501", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545462", "to_ids": true, "type": "md5", "uuid": "1edcb699-fbff-4fa1-ab04-a4a7673e7001", "value": "8f2fde9aa0eb6f6c83c30608061691cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545463", "to_ids": true, "type": "sha1", "uuid": "c3f42abc-7be1-4ea4-b7a5-2725242b6350", "value": "4df0949f634c4d74a7e1cc48b6575f9a27dc21c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545463", "to_ids": true, "type": "sha256", "uuid": "0934ad87-b8c2-4406-80f1-1ece45cd07c9", "value": "b3774ba01a3096348fd76a7072407b9f07bb9589e0f5ba31ca576689bbbe94e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608295", "to_ids": true, "type": "ssdeep", "uuid": "4a50b745-4dfb-4709-8218-344044f9c524", "value": "49152:pTuMpIZ8QafjyhrxTzY+bQSnwniI0EnsuiNEn/zZUI7XtqfwxCWwSaVQcS:3pnQafjyVxHY+bQSnwniNEnsuiNEn/z1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608295", "to_ids": false, "type": "size-in-bytes", "uuid": "a0537008-8cf4-4c41-a963-3d3e61e277f9", "value": "1966032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608295", "to_ids": true, "type": "vhash", "uuid": "d7581f48-d14b-48df-9895-8e69cf132c5a", "value": "016076655d1d1515556160e02002e00997z7015z70300a4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608295", "to_ids": true, "type": "filename", "uuid": "cefd2253-328e-4e2c-bd6e-abd1d049e808", "value": "HRSword.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608295", "to_ids": false, "type": "text", "uuid": "c09c3ef2-435d-487d-bad8-fbdf66d8acfb", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:16/71\nFirst Submission:2021-02-23T21:13:25.000000+00:00\nLast Submission:2022-12-27T09:52:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545466", "uuid": "f27c0771-4c23-4660-a33c-b0bb9d7b1ead", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545465", "to_ids": true, "type": "md5", "uuid": "75468cfa-2ed0-485c-8c81-977841899e2a", "value": "c73e71825adbfb9821b9fa6e8672903c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545465", "to_ids": true, "type": "sha1", "uuid": "d299145e-03dd-4b10-8d90-a80ddcd6353e", "value": "31b827dad64b2dd881b9f0ceb012e0ac6885492c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545466", "to_ids": true, "type": "sha256", "uuid": "c6107d26-0e61-4e8d-8a5f-e47894de531e", "value": "274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608317", "to_ids": true, "type": "ssdeep", "uuid": "63980834-bc55-4412-a21c-736db74fdc23", "value": "768:tk0ByYHIVcmA9ytao/fZ+B8zlu7QVHZC5isH:tZyYGA9aLHMB8zl8QJwisH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608317", "to_ids": false, "type": "size-in-bytes", "uuid": "b5116c89-233a-4185-b651-25907c2c5542", "value": "30552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608317", "to_ids": true, "type": "vhash", "uuid": "ec1813db-7bc8-4d82-80a7-28fe71efaa1f", "value": "034076651d161e55155iz29xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608317", "to_ids": true, "type": "filename", "uuid": "df834bca-285c-4384-9e39-234792c3cfc0", "value": "mimidrv.sys" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608317", "to_ids": false, "type": "text", "uuid": "f378ed1b-bae2-46ab-88b2-89a560226522", "value": "Type Description: Win32 EXE\nFile distributed by: ['Offensive Security']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['mimidrv.sys']\nMicrosoft: HackTool:Win32/Mimikatz\nVT Total Detection:60/71\nFirst Submission:2021-08-12T04:32:04.000000+00:00\nLast Submission:2025-11-06T08:13:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545468", "uuid": "1cf6b311-832d-42fd-8f92-80a85922dd39", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545467", "to_ids": true, "type": "md5", "uuid": "e0c3bae3-1c67-4835-bc5f-18a96d464759", "value": "f3d20449bab41301aefad304cb02773b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545468", "to_ids": true, "type": "sha1", "uuid": "c9a5aea5-e231-4dc6-9c82-58c77e7f4fbe", "value": "73f8e5c17b49b9f2703fed59cc2be77239e904f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545468", "to_ids": true, "type": "sha256", "uuid": "102f58d7-054a-43e5-b30e-3d24c1aba450", "value": "c41216eee9756a1dcc546df4fe97defc05513eed64ce6ac05f1501b50e6f96cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608339", "to_ids": true, "type": "ssdeep", "uuid": "e8d4af97-c778-425d-8f3d-dc206d487e0f", "value": "12288:sOCpKSjFsvqBUO9eH7M0tNLq0OfvCzMak3u:s1jF0qBnS7btNLq0OXCzMxu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608339", "to_ids": false, "type": "size-in-bytes", "uuid": "cf827e90-9a80-4bb8-b38b-d7233567ba9a", "value": "466432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608339", "to_ids": true, "type": "vhash", "uuid": "b3086fd0-d499-4077-8f71-8969a4d966c4", "value": "045046655d1550607031z9005f2f5z47z52z520303bz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608339", "to_ids": true, "type": "filename", "uuid": "3f65925b-561c-4b0f-813d-4d778535652b", "value": "Web Browser Pass View" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608339", "to_ids": false, "type": "text", "uuid": "15f03257-899a-4f41-8962-79cc407c8f7b", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:53/71\nFirst Submission:2021-04-16T13:52:28.000000+00:00\nLast Submission:2026-04-27T04:49:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545471", "uuid": "b500f61c-74b3-4b06-b2bb-2cd0fd346bca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545470", "to_ids": true, "type": "md5", "uuid": "1fc38f6d-5a29-4852-86e0-8611ad7b0d80", "value": "97e045bc056b5f68f18ea4fbbb9cc64a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545470", "to_ids": true, "type": "sha1", "uuid": "dd62946e-f4c7-48f6-bab4-73316f97a84e", "value": "99c4401366ad7e561ce3ac8e5bb9a7a8144aa3ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545471", "to_ids": true, "type": "sha256", "uuid": "4da4e740-b73e-443b-93ce-27912b392179", "value": "207b11f7dc4f17e4e5a9c25dbfb6a785a7456d7c381ecea7c729d8d924be1fb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608362", "to_ids": true, "type": "ssdeep", "uuid": "9a1f6234-5d2d-4e74-a862-498d37cea347", "value": "196608:3eKA5By8zSyzReo/GjvIsSORz2psnuH0QTJeOLB7xnFpkpsv5/Dk47tecp:uvaJyzReoXsSUz4IAB9FOGv57Dp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608362", "to_ids": false, "type": "size-in-bytes", "uuid": "9b4f3793-df46-4d31-a3d0-55fd81560f7d", "value": "10024080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608362", "to_ids": true, "type": "vhash", "uuid": "db5c6cb9-455f-44e9-b6b8-5d5474f8c672", "value": "017076050d05070775701011z1011z21z13z1015z1010101010101017z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608362", "to_ids": true, "type": "filename", "uuid": "0d1b1196-5430-4d13-afa0-7b771a47501b", "value": "LuciRoot.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608362", "to_ids": false, "type": "text", "uuid": "f07ed89e-504b-465e-ae06-ec33cf2caae3", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win64/YDark!MSR\nVT Total Detection:45/71\nFirst Submission:2022-01-05T12:01:34.000000+00:00\nLast Submission:2025-02-11T03:19:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545473", "uuid": "295c6a21-f5c1-40ed-8f5c-f585abc45bab", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545473", "to_ids": true, "type": "md5", "uuid": "550b7d63-5529-4b75-9440-5b145497538f", "value": "58bb9dab4e9b3aa2fd1e7a7b17d2eeb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545473", "to_ids": true, "type": "sha1", "uuid": "aab58e12-c608-457e-a850-4563ce63bf9c", "value": "8729815f87f4186fd46d52418c1b7ae2a54aebcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545473", "to_ids": true, "type": "sha256", "uuid": "ae28a7e5-3bad-48ce-9858-7a6b3c8129ea", "value": "6ce228240458563d73c1c3cbbd04ef15cb7c5badacc78ce331848f5431b406cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608384", "to_ids": true, "type": "ssdeep", "uuid": "c99b49df-cda5-4727-8993-260b14114389", "value": "49152:4aohnC+kao3dSYoXDpGCD/x6jGrjCPoBsbfLRCX4B/+5dswnbh2wEtIy0ZRVQ+1z:InFkao3MYoTpGCD/x6jAjCPoBspCX4pG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608384", "to_ids": false, "type": "size-in-bytes", "uuid": "2cebf231-e778-4393-894b-0fa1e231c640", "value": "1988920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608384", "to_ids": true, "type": "vhash", "uuid": "88dcddc1-48ba-476d-a036-8ef67614c502", "value": "016076655d1d1515556160e02002e00997z7015z70300a5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608384", "to_ids": true, "type": "filename", "uuid": "b1ebd6b3-ddc7-41b9-9115-7b84437b51c7", "value": "HRSword.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 01/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608384", "to_ids": false, "type": "text", "uuid": "ed106301-522d-4779-bf54-590cdea97160", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:4/72\nFirst Submission:2023-10-26T04:09:30.000000+00:00\nLast Submission:2026-02-27T10:37:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545476", "uuid": "43ff6845-ccbb-42f9-8ebc-ef15c311d753", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545475", "to_ids": true, "type": "md5", "uuid": "a22d19d0-e166-46af-a463-22dbb6732672", "value": "fc3b93e042de5fa569a8379d46bce506", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545476", "to_ids": true, "type": "sha1", "uuid": "9b439f13-1754-4f95-b62c-740de374b6eb", "value": "1ba499bafaa369be58e795a150403c8729ef5d95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545476", "to_ids": true, "type": "sha256", "uuid": "da6198a4-4549-4854-ac2e-1efe7775d794", "value": "5be325905df8aab7089ab2348d89343f55a2f88dadd75de8f382e8fa026451bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608406", "to_ids": true, "type": "ssdeep", "uuid": "9949e38a-d839-4b83-990e-6b08eb3831fa", "value": "12288:hKEbpRc5EKKppUIkZLCchAaVSO6H0Miqpm/m4CynFOHmt9e:h3dRc94puFmaQH0Miqom41nFOHmq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608406", "to_ids": false, "type": "size-in-bytes", "uuid": "04180d10-24e6-44e9-b329-31407590f72e", "value": "510976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608406", "to_ids": true, "type": "vhash", "uuid": "bc4a61e0-3e16-416a-9427-6dd15d03d76b", "value": "055046656d1510807031z80064355z33z11z42z5gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608406", "to_ids": true, "type": "filename", "uuid": "bdebe3db-db69-48c4-9b88-d745d98803cc", "value": "mailpv.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608406", "to_ids": false, "type": "text", "uuid": "002f2cac-d70c-47ae-af9e-2f0d59eac772", "value": "Type Description: Win32 EXE\nFile distributed by: ['Nir Sofer']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['mailpv.exe']\nMicrosoft: HackTool:Win32/Passview!MTB\nVT Total Detection:51/71\nFirst Submission:2021-07-04T22:28:48.000000+00:00\nLast Submission:2026-04-05T18:25:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545479", "uuid": "2d1d7c8a-2eac-457b-a325-7b9c0ad9e952", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545478", "to_ids": true, "type": "md5", "uuid": "446f8dba-7a86-4e64-b140-30bc65639c12", "value": "23516ea1f2cc771f705807c2fc7d163e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545478", "to_ids": true, "type": "sha1", "uuid": "9aa9c97a-1ca7-4b49-839d-c2016652a8a6", "value": "e43d7a6ad722d285813afb9eefe53d264af6948b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545479", "to_ids": true, "type": "sha256", "uuid": "20b5d4bb-b34a-4cd4-a5f8-5eb2522e0a88", "value": "f27eab3157451e31db71169e71f76d28325193218f9dc8f421136d4a20165feb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608428", "to_ids": true, "type": "ssdeep", "uuid": "a0f9f372-b099-41c8-862a-19c90908fb87", "value": "196608:4tac0RuCfQva7ODUj8QFSlDja2uzyNfdDphY92TfP/ppPSq4EvQ3sDlnsE8TgK:4opfEaV8QpzAW9AvwEvQ0ng8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608428", "to_ids": false, "type": "size-in-bytes", "uuid": "dd10df64-4068-4331-be83-418fa81f7add", "value": "11923968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608428", "to_ids": true, "type": "vhash", "uuid": "3e4198fa-be4a-42bb-a2cb-105551acdbc4", "value": "017076050d05070775501011z1011z21z13z1015z1011z1010101017z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608428", "to_ids": true, "type": "filename", "uuid": "81182e0c-7435-41b1-8f7e-b02fcfc1ca00", "value": "WKTools.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608428", "to_ids": false, "type": "text", "uuid": "ebc082bd-504d-48a1-9c3b-32b0ab5513f7", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:43/71\nFirst Submission:2022-03-23T04:19:05.000000+00:00\nLast Submission:2023-08-08T06:30:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545481", "uuid": "f74e5bcd-3b3a-4f65-b4d0-449b00f0c57e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545480", "to_ids": true, "type": "md5", "uuid": "b9d2ae2d-e740-408b-8fa1-f576002c8763", "value": "ab06eeb603656d3943cd30396f82a45f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545481", "to_ids": true, "type": "sha1", "uuid": "564f44ed-53e0-4754-a441-a847c68c205f", "value": "1a12519bdeb372e8b1836d78ec61617bbac166aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545481", "to_ids": true, "type": "sha256", "uuid": "cd1ffc9d-823d-46fd-bc2a-ca9eb1b4b184", "value": "b066ca2702853c2fcbf686897c18f6d315be7ae753007ac2c1d73c87b0a30de9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608450", "to_ids": true, "type": "ssdeep", "uuid": "18467967-a47a-4765-a702-3ffe89305e88", "value": "24576:02DW/xbqX2YIb4Qsu3/PNLZQeHy0ed1uli7:02EWXtQsW/PNdQ2gMlu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608450", "to_ids": false, "type": "size-in-bytes", "uuid": "3d378135-a7e5-4c4c-90a9-863bc76e48f7", "value": "1064456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608450", "to_ids": true, "type": "vhash", "uuid": "1143269c-0147-4ec8-b0b4-e83b09d5c923", "value": "016056655d15556220b02002300a96z1410043ze2za2030e039z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608450", "to_ids": true, "type": "filename", "uuid": "1197c62c-620f-4f99-8a12-4ba8a1c0ec43", "value": "PowerRun.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608450", "to_ids": false, "type": "text", "uuid": "3a585697-1a4a-4d39-8a06-ac4962e64f2c", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/71\nFirst Submission:2025-08-04T15:26:55.000000+00:00\nLast Submission:2026-04-29T22:59:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545484", "uuid": "26e7aa3c-7485-424c-82ff-c5e54dc46dea", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545483", "to_ids": true, "type": "md5", "uuid": "5be295da-8442-4c6e-b13d-3de85f2ee9d8", "value": "d611f824074a57e7fd1d08341edeb559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545483", "to_ids": true, "type": "sha1", "uuid": "3b17e224-5d0b-469b-949a-b3e1409313f7", "value": "b67a2f9d9de2135617caea8d4a7488e2a962e3e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545484", "to_ids": true, "type": "sha256", "uuid": "ddbb8e6f-1b47-416e-a9e2-6045159d0268", "value": "1588023393eb6b4d9433d539d303ecb56b6c3630e860f94d1a137834bdedf2bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608473", "to_ids": true, "type": "ssdeep", "uuid": "639b0337-bbff-4fa8-ae50-f12ab64a1fa0", "value": "98304:Q6DKa9nZwSGbOQAQNnfwCtJa0MYw/pw/uQ/eLQ0x:Q6DKa9ZwSN0wAa0MYyp/x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608473", "to_ids": false, "type": "size-in-bytes", "uuid": "e8992b7b-77ce-4171-a8fb-9a9467f91c4a", "value": "9795784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608473", "to_ids": true, "type": "vhash", "uuid": "52a76e20-777c-4a05-80f4-fc08994aab3e", "value": "096056651d156561e051z78c00d2z32z4e2d5zf0b01f7032801027z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608473", "to_ids": true, "type": "filename", "uuid": "9634d7db-f4b6-454b-b95e-354a1bf95e01", "value": "LuciRoot.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608473", "to_ids": false, "type": "text", "uuid": "af9858ab-a05c-47cd-8e31-8ab5729e3e74", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/PcHunter!MTB\nVT Total Detection:49/71\nFirst Submission:2022-02-11T16:50:42.000000+00:00\nLast Submission:2023-01-28T04:43:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545486", "uuid": "9b9cc230-3043-4687-9557-f3006c020389", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545486", "to_ids": true, "type": "md5", "uuid": "625c433e-ee46-45d0-b14a-b0b3f4f3b909", "value": "c48b572a659a1ade4190421ab2280d87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545486", "to_ids": true, "type": "sha1", "uuid": "877ad2d2-118b-4613-98b5-01fc236f0494", "value": "1ca08190c945786c974156f75262d4fd55a868b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545486", "to_ids": true, "type": "sha256", "uuid": "4373c2a0-7ae9-4e59-8d13-6121c7ff8be8", "value": "0b679027e38f3d9ca554085be0e762c651e83e6414401b56635cdf3765ca1dac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608494", "to_ids": true, "type": "ssdeep", "uuid": "88c7e1f7-9844-4980-b4ab-f71380f6b44f", "value": "196608:mu268eU3PnTMUzHbfMFOv3p8T5Romnv537BjF1o:dtU37MgOO/gnR39jFe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608494", "to_ids": false, "type": "size-in-bytes", "uuid": "822c73f3-f6ce-41f6-9fb8-9dee9a8aef1b", "value": "8027064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608494", "to_ids": true, "type": "vhash", "uuid": "c577c723-9835-4198-94e4-f45feb1fa5d9", "value": "0860666c055d75651\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608494", "to_ids": true, "type": "filename", "uuid": "ec093247-e17f-4a9b-9ebd-15c214a5cdf5", "value": "AnyDesk.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608494", "to_ids": false, "type": "text", "uuid": "b286eb8a-4dc2-4823-877a-4d02c8904ffc", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/71\nFirst Submission:2026-02-10T10:14:04.000000+00:00\nLast Submission:2026-04-29T08:25:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545489", "uuid": "cb621583-0b67-4a0c-8161-80f27dd2e943", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545488", "to_ids": true, "type": "md5", "uuid": "050415ce-d192-42da-a8ba-0b2b75cbd73e", "value": "9b1ae658c91d5883d7743130c6ca0523", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545489", "to_ids": true, "type": "sha1", "uuid": "2323bf85-3c7b-482d-bb18-d2ac87ae14c3", "value": "92862afc2fb4c2e5d624d7e1b1ee2d9f0692b6f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545489", "to_ids": true, "type": "sha256", "uuid": "ce2e40e1-e1c3-41a2-8e5d-ec33f0169073", "value": "1433aa8210b287b8d463d958fc9ceeb913644f550919cfb2c62370773799e5a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608538", "to_ids": true, "type": "ssdeep", "uuid": "d7084c79-ac93-436f-aa3b-4cee336ba376", "value": "49152:kfIBZYiBl2P+so8FmdWAMT867ELaxQgJ5hr7IFrUJPkfDOj4kKcXEoYTFKMHdBrW:LBZpBpAeGJEKQgLh6oXaUVxSdNu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608538", "to_ids": false, "type": "size-in-bytes", "uuid": "c0d18b0c-edf0-4246-8912-ab8830b6cfcc", "value": "2922600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608538", "to_ids": true, "type": "vhash", "uuid": "db4420c4-5f59-4e4f-b004-3f95500f3443", "value": "026096050d0506070d1779z17z1xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608538", "to_ids": true, "type": "filename", "uuid": "fe13253f-924d-414d-b47f-5e67e34b06fb", "value": "file.sys" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608538", "to_ids": false, "type": "text", "uuid": "a7043b8b-23d1-4913-a852-bcb907cd67ea", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hitbrovi.C\nVT Total Detection:42/71\nFirst Submission:2022-03-23T04:25:21.000000+00:00\nLast Submission:2023-05-15T19:59:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545491", "uuid": "78361db8-9542-43f5-8405-9f073678378c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545490", "to_ids": true, "type": "md5", "uuid": "3f5caaf3-a9f4-40ff-bf6e-91d9bbbcc8df", "value": "fad7bc52b93328305f4bd52fe1ca498a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545490", "to_ids": true, "type": "sha1", "uuid": "b8a87785-3858-41e2-9116-6878484a0f0c", "value": "5d275449228e6464410aaefc58d7f3732e279fad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545491", "to_ids": true, "type": "sha256", "uuid": "5c16f089-750e-4568-9109-12bd6049b59d", "value": "4a44d0c6cf5de515dd296f05ff6674d1a340fccf6b4c11612d27be2d3baa82b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608645", "to_ids": true, "type": "ssdeep", "uuid": "2634bc7e-f4a6-47ab-8420-5113492bb92c", "value": "49152:CPCoI3IGRGFCnz9KwflU6Y0xO6ctDl1xK/phovxlRSwwwN/qiCOZ7WgyiSDISax9:CaoI3FRGQnxC6Y0LobAxhovxlRtY5OZt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608645", "to_ids": false, "type": "size-in-bytes", "uuid": "e7f7497d-1030-4f17-a2ba-d8e6fd53c262", "value": "2931400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608645", "to_ids": true, "type": "vhash", "uuid": "7460b52f-d8df-4ac8-9479-56c27a991b3c", "value": "02603e0f7d601011z1011z41z13z1015z1010101010101017z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608645", "to_ids": true, "type": "filename", "uuid": "b80d157c-e2ce-4a39-bd74-7e316ec33697", "value": "LuciRoot.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608645", "to_ids": false, "type": "text", "uuid": "05561a5e-05a0-4f99-a2ab-5875824f24fc", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:43/71\nFirst Submission:2022-02-11T15:54:48.000000+00:00\nLast Submission:2022-02-11T15:54:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545493", "uuid": "7cbe3b54-3d91-4e14-9b6e-e662aab11621", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545493", "to_ids": true, "type": "md5", "uuid": "2734b6f2-e657-426a-92a7-6fb5cdc19ea5", "value": "957f2d9e3370212548a57020233e6ba7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545493", "to_ids": true, "type": "sha1", "uuid": "3d683ebe-fd32-4ab5-a0f5-117eadad125a", "value": "ea5cd55a44b8be532af602002f498717fc192818", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545493", "to_ids": true, "type": "sha256", "uuid": "aae3de53-0c4c-4fdf-a8ed-10bff3869673", "value": "6688fb3039ad6df606d76a897ef1072cdc78b928335c6bfa691d99498caf5c4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608710", "to_ids": true, "type": "ssdeep", "uuid": "402371e2-3017-4786-9337-401bf0c0f332", "value": "24576:quogxWGhzk6Cufid1FeXUW07ZG6mpxUr7set:PWd1FekW0olpG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608710", "to_ids": false, "type": "size-in-bytes", "uuid": "5c8f4bac-0078-40ab-b8b6-c7f06e20d522", "value": "1513984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608710", "to_ids": true, "type": "vhash", "uuid": "3485ead0-2908-4fd8-b549-12e45fc43200", "value": "016076651d155515655612z1a2zb11z9221z50400290c0106001303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608710", "to_ids": true, "type": "filename", "uuid": "5c86a2c6-abe1-4573-97b3-20178893ae21", "value": "mimikatz.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608710", "to_ids": false, "type": "text", "uuid": "e677a5d9-1160-4a7d-a70e-9380bd71aac5", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win32/Mimikatz.D\nVT Total Detection:62/71\nFirst Submission:2024-01-02T10:02:51.000000+00:00\nLast Submission:2026-04-20T16:30:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545496", "uuid": "f4c1f2f0-a620-4a1d-9e97-c06f781f0a76", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545495", "to_ids": true, "type": "md5", "uuid": "bf6148a3-c55c-4c34-beb0-669f7a559ed0", "value": "716c04b0eaa8106b542d4041ad065ef5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545496", "to_ids": true, "type": "sha1", "uuid": "e1f5d515-27bf-45a0-9fec-424853a36fd5", "value": "e61f7aca50ca1eb9857dadec2f601a113ade907c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545496", "to_ids": true, "type": "sha256", "uuid": "82bfbd4d-e52c-4fb8-9917-0766976f8f6c", "value": "6bac99f56e54d5195783513ae6954a4a8509d7bc397c94f405266b5df9cd96cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608732", "to_ids": true, "type": "ssdeep", "uuid": "39397821-ca9d-4a03-b6b8-a340937c459a", "value": "192:yUmdNajsl0WOM5TzjtPu9c+navbE/ypwvWr0rEKn0T0BNbKQqm9PDgVoGQS+/c:yUmdNZZrTeavVo1HU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608732", "to_ids": false, "type": "size-in-bytes", "uuid": "773dc55d-45e0-4a47-adec-36cf461b8f4a", "value": "22057" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608732", "to_ids": true, "type": "vhash", "uuid": "d8e21857-22e6-497e-a523-a0e9fd86dcc4", "value": "c194a01df6792acaf214255e37138cdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608732", "to_ids": true, "type": "filename", "uuid": "f573cb18-3bf6-4031-a449-b0baacbe499a", "value": "pars.vbs" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608732", "to_ids": false, "type": "text", "uuid": "1016da8c-14bf-4030-b4b4-e142f7ac42e4", "value": "Type Description: VBA\nMicrosoft: Trojan:VBS/QilinExfil.Z!MTB\nVT Total Detection:29/61\nFirst Submission:2025-06-01T16:02:52.000000+00:00\nLast Submission:2025-09-25T08:53:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545499", "uuid": "4d10fce4-21d3-428d-9025-3158a20d7015", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545498", "to_ids": true, "type": "md5", "uuid": "bf1dc9aa-338f-4252-be78-46e1b7906e41", "value": "b9b514e817a9e1cc2e86e3c00b555873", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545498", "to_ids": true, "type": "sha1", "uuid": "806fcb2a-539d-4196-a0e3-eb33d8e2ab12", "value": "397a5701384f1ec1ded95f71dc69c0903935a9ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545499", "to_ids": true, "type": "sha256", "uuid": "1720a34e-a5be-493e-9ee2-bed7ab40dcf0", "value": "c64964944b4c1f649ae8f694964b3a212dc1028341ab71836306a456fba0b3f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608923", "to_ids": true, "type": "ssdeep", "uuid": "1ac467ef-3ce4-4c98-a36d-66e85f568a12", "value": "98304:PtBZc30lV5a5SvcLeMCaEB6pSw3OuhhdPQb52i:PtBm30la5OcLePaEBa5o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608923", "to_ids": false, "type": "size-in-bytes", "uuid": "3b97a612-4895-4503-ab7e-b0ff7bbcba60", "value": "3172352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608923", "to_ids": true, "type": "vhash", "uuid": "1a41518b-8393-4205-b045-2bb893be9f40", "value": "0360a6050d0506060d1779z17z1xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608923", "to_ids": true, "type": "filename", "uuid": "aff68005-9ca7-40d4-8884-5c0e8ac5823c", "value": "ke64" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608923", "to_ids": false, "type": "text", "uuid": "765fa093-f933-49ca-9d47-e9d33d1ca3f0", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:25/71\nFirst Submission:2024-02-02T20:01:15.000000+00:00\nLast Submission:2025-07-01T15:25:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545501", "uuid": "8f730e38-a3e7-4b59-b1d5-83ed8e3729ba", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545500", "to_ids": true, "type": "md5", "uuid": "f981cfdd-82f4-4a4d-969b-8c7144ff5b28", "value": "dc6252f2be3256e4202e46e6ffd4383b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545501", "to_ids": true, "type": "sha1", "uuid": "e6d5c5cc-a0d9-4540-8d23-c9c48cb9950c", "value": "239e671ea09e4c5154ffb3ed2a78aac1139ed3ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545501", "to_ids": true, "type": "sha256", "uuid": "4b269216-7dc1-4a89-8af4-b02054bf719c", "value": "eee885e5dae750848d0903d179cacd81149ceecec83c2ec4ad4545531de3cfdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777609007", "to_ids": true, "type": "ssdeep", "uuid": "0db56a82-b530-4029-b886-96dfdc0aa38f", "value": "49152:uomm8RDrzRK2LBUljhXnSvKRFOlvvuk6bO2SnYTAJKEqD0issi61:O1o2LWl13mKRwujS2Sn1J5qwW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777609007", "to_ids": false, "type": "size-in-bytes", "uuid": "acb41b04-625d-4174-8a65-34e46f272472", "value": "3002586" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777609007", "to_ids": true, "type": "vhash", "uuid": "f4cfd88e-874a-4fd4-898a-ce354033f11c", "value": "036056651d1d151az421e5z5055z32z27fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777609007", "to_ids": true, "type": "filename", "uuid": "e7330555-1f91-4b26-9f77-1e2b649e50e0", "value": "7z.sfx.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777609007", "to_ids": false, "type": "text", "uuid": "9f826209-f520-4f89-94db-b686cc77f4da", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win32/Stealer!MTB\nVT Total Detection:6/70\nFirst Submission:2024-07-19T06:24:42.000000+00:00\nLast Submission:2024-07-19T06:24:42.000000+00:00" } ] } ] } }