{ "Event": { "analysis": "1", "date": "2026-04-20", "extends_uuid": "", "info": "[Threat Intel] The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy", "protected": false, "publish_timestamp": "1776783223", "published": true, "threat_level_id": "2", "timestamp": "1776783223", "uuid": "3d517942-519b-46e8-a3e1-bbac8b78fac5", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#5dfed4", "local": false, "name": "misp-galaxy:producer=\"Check Point\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" }, { "colour": "#a4da83", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cron - T1053.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Groups - T1069.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": "" }, { "colour": "#edf46c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": "" }, { "colour": "#82a529", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shortcut Modification - T1547.009\"", "relationship_type": "" }, { "colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": "" }, { "colour": "#423494", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify System Firewall - T1562.004\"", "relationship_type": "" }, { "colour": "#5affe5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Remote Management - T1021.006\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": "" }, { "colour": "#9100c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Cloud Firewall - T1562.007\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#1b29e9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Defacement - T1491.001\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#8196ba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1090.003\"", "relationship_type": "" }, { "colour": "#e43954", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": "" }, { "colour": "#b596f0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Lateral Tool Transfer - T1570\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1518.001\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#3335c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"RC Scripts - T1037.004\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#3970d7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": "" }, { "colour": "#fae37b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": "" }, { "colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"the gentlemen\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SystemBC (Windows)\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776740411", "to_ids": false, "type": "link", "uuid": "cba63981-4698-4a9d-b703-61766fb152ad", "value": "https://research.checkpoint.com/2026/dfir-report-the-gentlemen/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776740411", "to_ids": false, "type": "text", "uuid": "d29498bc-d7e5-4cd0-8f4e-9c4aa5f3f5f1", "value": "The Gentlemen ransomware-as-a-service program has rapidly expanded since mid-2025, claiming over 320 victims with 240 attacks occurring in early 2026. The service provides multi-platform lockers for Windows, Linux, NAS, BSD, and ESXi, enabling comprehensive coverage of corporate environments. During an incident response engagement, an affiliate deployed SystemBC proxy malware for covert tunneling and payload delivery. Analysis of the SystemBC command-and-control server revealed a botnet of over 1,570 victims, primarily corporate and organizational targets. The intrusion progressed from domain controller compromise through credential validation, remote execution via administrative shares, and deployment of Cobalt Strike payloads. Attackers disabled defenses, established persistence through scheduled tasks and services, and ultimately deployed ransomware via Group Policy. The operation demonstrates sophisticated lateral movement capabilities, defense evasion techniques, and integration of mature post-exploit..." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776740411", "to_ids": false, "type": "text", "uuid": "f07ae843-cbf9-4867-b5d9-3ae1fd2d51df", "value": "Name: The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy\nAuthor: AlienVault\nAdversary: The Gentlemen\nTags: [\"cobalt-strike\", \"domain-compromise\", \"the gentlemen\", \"psexec\", \"systembc\", \"esxi-encryption\", \"lateral-movement\", \"cobalt strike\", \"anydesk\", \"ransomware-as-a-service\", \"mimikatz\", \"group-policy-deployment\"]\nTgtd countries: [\"United States of America\", \"Germany\", \"United Kingdom of Great Britain and Northern Ireland\"]\nMlwr families: [\"SystemBC\", \"Cobalt Strike - S0154\", \"The Gentlemen\", \"Mimikatz\", \"AnyDesk\", \"PsExec\"]\nAttack_ids: [\"T1053.005\", \"T1047\", \"T1033\", \"T1003\", \"T1133\", \"T1036.005\", \"T1489\", \"T1087.002\", \"T1204.002\", \"T1543.003\", \"T1053.003\", \"T1069.002\", \"T1135\", \"T1082\", \"T1106\", \"T1555\", \"T1070.006\", \"T1547.009\", \"T1021.002\", \"T1562.004\", \"T1021.006\", \"T1070.001\", \"T1482\", \"T1562.007\", \"T1083\", \"T1036.004\", \"T1491.001\", \"T1041\", \"T1060\", \"T1059.001\", \"T1090.003\", \"T1562.001\", \"T1078\", \"T1486\", \"T1573.002\", \"T1570\", \"T1518.001\", \"T1059.003\", \"T1070.004\", \"T1037.004\", \"T1071.001\", \"T1018\", \"T1105\", \"T1021.001\", \"T1569.002\", \"T1490\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1776740411", "to_ids": false, "type": "threat-actor", "uuid": "7020a3a4-9300-45c4-8841-ea9ade3244fd", "value": "The Gentlemen" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776774784", "to_ids": true, "type": "domain", "uuid": "76512cfb-82c7-4162-a6b3-5ab192bd058c", "value": "tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776773589", "to_ids": true, "type": "sha256", "uuid": "d59bc1e3-864c-4596-b13a-5a0d07da41f2", "value": "c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776773590", "to_ids": true, "type": "sha256", "uuid": "b2a65122-92b9-4b3a-8795-143643a0bcdf", "value": "fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776774805", "to_ids": true, "type": "url", "uuid": "1f59221c-8617-4b0b-ab3f-fd114aeeb695", "value": "http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776773590", "to_ids": true, "type": "sha1", "uuid": "9951488c-a3af-4bb9-9d91-4206160622c1", "value": "f1025bb2f147c01742f263bc0b8d462af9728a22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776774827", "to_ids": true, "type": "ip-dst", "uuid": "2379a448-a995-419a-b5a3-c55d8df3fcaf", "value": "91.107.247.163", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776774848", "to_ids": true, "type": "ip-dst", "uuid": "54371a60-62b4-4f8f-b5d4-a25a55ad5eac", "value": "45.86.230.112", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1776740993", "uuid": "c3003ae8-f934-4d56-80d9-45be36e8536b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1776740993", "to_ids": false, "type": "text", "uuid": "fa4f1b40-8fcc-4ee5-9bfc-36edf641b831", "value": "thegentlemen_ransomware" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1776740993", "to_ids": false, "type": "comment", "uuid": "0eb7c19a-5453-49cd-818a-9823dbc60f95", "value": "The Gentlemen Ransomware written in GO" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1776740993", "to_ids": true, "type": "yara", "uuid": "9612deb8-50de-487c-a212-1287099f00df", "value": "rule thegentlemen_ransomware\r\n{\r\n meta:\r\n author = \"@Tera0017/Check Point Research\"\r\n description = \"The Gentlemen Ransomware written in GO.\"\r\n strings:\r\n $string1 = \"Silent mode (don't rename files)\" ascii\r\n $string2 = \"Encrypt only mapped and UNC network shares\" ascii\r\n $string3 = \"README-GENTLEMEN.txt\" ascii\r\n $string4 = \"gentlemen.bmp\" ascii\r\n $string5 = \"gentlemen_system\" ascii\r\n $string6 = \"[+] Encryption started. Going background...\" ascii\r\n $string7 = \"[+] FULL Encryption started\" ascii\r\n condition:\r\n uint16(0) == 0x5A4D and 4 of them\r\n}" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776774869", "uuid": "94178078-b31b-4623-9412-1cf545da3a61", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776774869", "to_ids": true, "type": "md5", "uuid": "d38c0436-e6d5-4f84-bffb-1e0d76ef9bb8", "value": "24a648a48741b1ac809e47b9543c6f12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773562", "to_ids": true, "type": "sha1", "uuid": "b2cf9252-6d28-4fdc-9059-81a93cd46e26", "value": "3e2272b916da4be3c120d17490423230ab62c174", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773562", "to_ids": true, "type": "sha256", "uuid": "fdcb702d-90c1-453b-b805-c328abc2e932", "value": "078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772096", "to_ids": true, "type": "ssdeep", "uuid": "e48dde84-2ec5-4b13-b5c9-af0f067dfa85", "value": "12288:LOO6oMlKDdwPDMlkw6Pph0lhSMXle+eO1HK+meynh5yRX3oRG72:LD9McwPDCkw6Bh0lhSMXlemqth5yRX3E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772096", "to_ids": false, "type": "size-in-bytes", "uuid": "0a7ea05b-4d03-4809-9a5a-e2f5c2005d0c", "value": "716176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772096", "to_ids": true, "type": "vhash", "uuid": "d2e9c329-d4d6-4797-9045-a21141721421", "value": "075056656d156562e1z14z7b1z2lz33z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772096", "to_ids": true, "type": "filename", "uuid": "26533430-5771-4941-a08e-1205ba64594c", "value": "psexec.c" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772096", "to_ids": false, "type": "text", "uuid": "ca4ceccc-aeba-4cc2-8b62-d77aa2617ec8", "value": "Type Description: Win32 EXE\nFile distributed by: ['Microsoft']\nData sources: ['Microsoft Corporation', 'National Software Reference Library (NSRL)']\nVerdict filename: ['Tools_PsExec.exe', 'PsExec.exe', 'PSexec.exe']\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2023-04-11T18:54:04.000000+00:00\nLast Submission:2026-04-21T11:23:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776774890", "uuid": "f23fb575-e3e6-4a7d-b33d-dfc041e4316e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776774890", "to_ids": true, "type": "md5", "uuid": "a5a13e30-4f7c-4f40-af42-92bddcb76c84", "value": "44118d8fb41634b3d8d8b1c6fdf9c421", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773563", "to_ids": true, "type": "sha1", "uuid": "bdfeb50a-e324-48ed-8c38-53a8bf2c2e59", "value": "2c27a865b3ab1f0bd2ea1e8f7298b5ef9348c5ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773564", "to_ids": true, "type": "sha256", "uuid": "3bb67ddd-bc07-41d9-b630-b3bd74280bb9", "value": "cc14df781475ef0f3f2c441d03a622ea67cd86967526f8758ead6f45174db78e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772118", "to_ids": true, "type": "ssdeep", "uuid": "9c326fc2-8665-4fe9-a53d-4b5d2184a707", "value": "3072:iR+zpegrEiHunfFqNmIWhn01GGXqw7Wnh5rebFHh9aohhx0dUFyMLooZ3/3yqp/5:o+zpegrEiHuf+mZhn01N7Wnh5rebL9/9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772118", "to_ids": false, "type": "size-in-bytes", "uuid": "cb4af1e7-bb0f-405c-9032-f73ade45595e", "value": "193984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772118", "to_ids": true, "type": "vhash", "uuid": "ea668735-34bb-4963-b1d2-93fc7cbab451", "value": "015056655d151563c8z62hz13z8fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772118", "to_ids": true, "type": "filename", "uuid": "034ea102-9607-426c-9cf6-250e4f70eaca", "value": "psexesvc.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772118", "to_ids": false, "type": "text", "uuid": "9b1d6873-55e4-46a8-9dfa-34386953ea23", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2023-04-11T18:55:18.000000+00:00\nLast Submission:2026-04-20T02:22:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776774911", "uuid": "fd7a8a5d-ec62-4165-9903-fa31db95ca7f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776774911", "to_ids": true, "type": "md5", "uuid": "796485be-6113-45a8-9f77-d7133b0e8274", "value": "4200b46a93c6ab059e2b34ce200c4a5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773564", "to_ids": true, "type": "sha1", "uuid": "8e479f76-335b-49b2-8633-bc2f72a3222e", "value": "42bcc743c71a9ea083c1c750a398110582796762", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773564", "to_ids": true, "type": "sha256", "uuid": "b169157e-783d-4924-a353-0842078dde0d", "value": "3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772140", "to_ids": true, "type": "ssdeep", "uuid": "f58005cd-dfd6-43df-b6c5-d5f6d46a71ac", "value": "49152:Dl5LxQaoySboC9C5ZtPzKgv5bQgZ3tA5m25ElcY:DHS3EX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772140", "to_ids": false, "type": "size-in-bytes", "uuid": "d1153739-6851-45b5-bca9-4448a99be83b", "value": "2962944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772140", "to_ids": true, "type": "vhash", "uuid": "e9771aa5-52d9-424b-a145-3117f5912b55", "value": "026086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772140", "to_ids": true, "type": "filename", "uuid": "53be1d23-a488-4608-9f3a-eb230cc654d1", "value": "hapvida.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772140", "to_ids": false, "type": "text", "uuid": "b022ffb8-df3f-4099-8103-16f67bd5b49d", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:54/72\nFirst Submission:2025-10-19T16:58:34.000000+00:00\nLast Submission:2026-04-03T10:29:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776774932", "uuid": "b81c18d0-eea8-4e95-98ab-53f9b0abf8ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776774932", "to_ids": true, "type": "md5", "uuid": "d41ccc67-b300-4d7d-9d18-a049833b6ca2", "value": "de1a114a2c5552387a1bbb61501bf129", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773566", "to_ids": true, "type": "sha1", "uuid": "5a214ef2-b2ba-4f78-94e3-15bb157e3e1e", "value": "d6aaed67606d6dab0f652c755d3d363025f60adb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773566", "to_ids": true, "type": "sha256", "uuid": "fed04082-9bc4-46d2-8e01-a617cd2a3dcc", "value": "62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772163", "to_ids": true, "type": "ssdeep", "uuid": "66f40be9-7729-4b9f-8525-905796903c10", "value": "49152:NZOwuHOMjxbtjNE9EJv9Jh1bPgZDts5mm5ElcY:NCxH/EX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772163", "to_ids": false, "type": "size-in-bytes", "uuid": "bc79b4bc-62e1-454e-8386-6c706187c3d6", "value": "3280900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772163", "to_ids": true, "type": "vhash", "uuid": "b7721f10-fef4-4ed5-aa25-6e0f10e6bd48", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772163", "to_ids": true, "type": "filename", "uuid": "d57c9f7a-73a9-4b2b-9e69-3f4814eb5395", "value": "6bxljka.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772163", "to_ids": false, "type": "text", "uuid": "c4350e52-d07c-4db2-aed0-28f9e8b0acf3", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:54/72\nFirst Submission:2025-12-01T15:12:54.000000+00:00\nLast Submission:2025-12-01T15:12:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776774954", "uuid": "71105262-0001-41ed-bac5-209cd3705568", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776774954", "to_ids": true, "type": "md5", "uuid": "fa97d68f-4a0b-4d12-87eb-b0898054862e", "value": "0b33a1a23b044beb5c9a63aafd35595c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773567", "to_ids": true, "type": "sha1", "uuid": "33e83939-0938-4625-bd6e-ac4af68fd47f", "value": "00ff099e3cf7b548a7a0260cde8ac2f24a746da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773567", "to_ids": true, "type": "sha256", "uuid": "6aabaadd-8f3d-4b5e-8f51-05414b3d457a", "value": "860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772185", "to_ids": true, "type": "ssdeep", "uuid": "87e3ccd2-7273-4e88-a48c-b13d6a59fc31", "value": "49152:8zsqmpUIjZ89DZWWI4Zr4CkdQoUjhdZmGfi4gNJoX3kw5ElcYB9nwPDC7bODth5a:8z7mDhd5KX3kCEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772185", "to_ids": false, "type": "size-in-bytes", "uuid": "c12f9ec9-98c3-4be5-ab0f-d0cee291db82", "value": "3971072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772185", "to_ids": true, "type": "vhash", "uuid": "b4296ae3-032e-4086-abdc-f87d2c771dd0", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772185", "to_ids": true, "type": "filename", "uuid": "0ac691a4-5441-48f8-ae0b-d95dbd031057", "value": "2026-02-11_0b33a1a23b044beb5c9a63aafd35595c_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772185", "to_ids": false, "type": "text", "uuid": "95cc44de-0e07-4bac-91ea-184ab25d84f5", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:50/72\nFirst Submission:2026-02-07T19:02:20.000000+00:00\nLast Submission:2026-02-11T01:48:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776774975", "uuid": "e1ce5369-eaae-4a68-b668-e200aff87a7d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776774975", "to_ids": true, "type": "md5", "uuid": "f5222d51-84a1-4429-86ff-8d664e9b7348", "value": "f4ae5b89db5a6a36dbd98287ab7c860a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773567", "to_ids": true, "type": "sha1", "uuid": "6bcca035-0137-4c19-8cd7-f58ee73a7a58", "value": "36d968425629b10f38be17787f8afe4b8afa131e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773567", "to_ids": true, "type": "sha256", "uuid": "5fc8a99c-d16d-4ecc-91ff-8a4f6edf1250", "value": "992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772207", "to_ids": true, "type": "ssdeep", "uuid": "d3900fb2-c130-4629-bed9-c015178358b0", "value": "768:B8FafRsX+kyVmQzDe1NDArRjoFK/gRoJGGcra:BbsX+kyVJiosKYRo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772207", "to_ids": false, "type": "size-in-bytes", "uuid": "1bad3c73-8971-4352-8813-07a63f18a280", "value": "32768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772207", "to_ids": true, "type": "vhash", "uuid": "c71b1f45-2335-4080-93f1-906d521ced9d", "value": "034046555d551083z22z227z31z11zb012z16z37z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772207", "to_ids": true, "type": "filename", "uuid": "8e3fd400-d22f-4eab-9849-082bd2b77a79", "value": "tkja.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772207", "to_ids": false, "type": "text", "uuid": "a082e1f9-1207-4711-b4ac-757dc44d32b0", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Coroxy.A\nVT Total Detection:60/72\nFirst Submission:2026-02-26T05:09:29.000000+00:00\nLast Submission:2026-02-26T06:22:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776774996", "uuid": "c42493e1-6dda-43db-9551-505ca4cb099e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776774996", "to_ids": true, "type": "md5", "uuid": "385989bf-1049-4d26-8d44-87d326a6d2d6", "value": "30b49ae2f685d4403d3013410f80c2e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773569", "to_ids": true, "type": "sha1", "uuid": "901fba05-5008-4d37-9eae-b071ccf868e4", "value": "68225c5613afe2174ed46e074147676b0f9a3915", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773569", "to_ids": true, "type": "sha256", "uuid": "282145c3-3e46-4e0d-97a0-1d3cf94780db", "value": "8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772228", "to_ids": true, "type": "ssdeep", "uuid": "8e2189a2-73bb-487f-8f42-71cacd439ed1", "value": "49152:dI2C9Fgt/jn6UxasuojbX6VpW1KdeC8bQPUVAn5ElcYc:Gr9FgZ6UQiX6XPz5EXc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772228", "to_ids": false, "type": "size-in-bytes", "uuid": "3f221c32-0abc-439d-a05a-3192137b166b", "value": "3128320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772228", "to_ids": true, "type": "vhash", "uuid": "a1c7602b-d4b2-4592-838e-6e23d0e88cc2", "value": "036066655d7d15641az2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772228", "to_ids": true, "type": "filename", "uuid": "2215b090-6605-4e0f-b089-f205ce6eb145", "value": "12d00z4y.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772228", "to_ids": false, "type": "text", "uuid": "1ae7005a-4200-492d-80ab-d6bafa8f7b72", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:48/72\nFirst Submission:2025-12-02T04:39:29.000000+00:00\nLast Submission:2025-12-02T04:39:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775018", "uuid": "6bbc8dab-f850-46b7-b0fb-e28d74a3a8a0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775018", "to_ids": true, "type": "md5", "uuid": "48d78279-2163-4c1b-b205-a21d905d4bac", "value": "5f5bf7fc7a9ac89ce0bbb07bd1160078", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773570", "to_ids": true, "type": "sha1", "uuid": "769f4d23-be43-4b4f-b258-28f119f52527", "value": "5264a94271d875675336a503c94ece0baceb58c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773570", "to_ids": true, "type": "sha256", "uuid": "f0bf4d45-299d-484c-90ad-21f3f6cef24b", "value": "ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772250", "to_ids": true, "type": "ssdeep", "uuid": "591bd65a-adfe-4f01-8ac2-6134783a9931", "value": "49152:x4No/UEhL6jSHeHGvvYOXmkxm3DL7TiiddCj2oHMv6kw512d5ElcY:x4AnTm3DL7Tiidd/hEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772250", "to_ids": false, "type": "size-in-bytes", "uuid": "ba05be8f-c724-4a9b-a8c5-b1e31915c1e3", "value": "3214336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772250", "to_ids": true, "type": "vhash", "uuid": "b047be9d-6d82-4515-aaf8-e835e82bcf7e", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772250", "to_ids": true, "type": "filename", "uuid": "63188e6e-f263-4937-a1bf-f96238f1ee17", "value": "pac.dll" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772250", "to_ids": false, "type": "text", "uuid": "ec61c5b6-aafc-450d-b733-2185907767e6", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:49/72\nFirst Submission:2025-11-18T16:41:55.000000+00:00\nLast Submission:2025-12-04T08:01:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775039", "uuid": "fe035a90-cc15-4f99-b9df-f2035bc17dbd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775039", "to_ids": true, "type": "md5", "uuid": "03b4039e-8745-4733-aa9f-9dae500a2850", "value": "6ae7c9a7ea0b8c40a64225734f6bd01d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773571", "to_ids": true, "type": "sha1", "uuid": "fb67d173-da28-4c8e-a491-7390b600008b", "value": "8468cb5888fb383d25f9144c2b2f61c414cea3f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773571", "to_ids": true, "type": "sha256", "uuid": "5cf75a91-5c32-4b2c-81a6-c4bc920bc690", "value": "c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772272", "to_ids": true, "type": "ssdeep", "uuid": "250f8012-74e0-4bf5-add8-45aade281f18", "value": "49152:ailDmmQw2iK2EY2spo4/ODIujYaqZGwfh4gpvTeE5EbAk6+cJz9nwPDC7bODth5a:aiFGvbSre2EU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772272", "to_ids": false, "type": "size-in-bytes", "uuid": "5b34ca5c-e015-47e7-952a-f0115031201a", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772272", "to_ids": true, "type": "vhash", "uuid": "142db3bf-94a1-425a-b5c1-7cd4338f1840", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772272", "to_ids": true, "type": "filename", "uuid": "23f23935-c1ca-4de8-8c79-408ed27f5b4c", "value": "gentle.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772272", "to_ids": false, "type": "text", "uuid": "f71ef9c6-2742-4f62-9ab4-df188af9fc4b", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:49/72\nFirst Submission:2026-04-03T11:22:28.000000+00:00\nLast Submission:2026-04-03T11:28:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775060", "uuid": "d349ad98-ce25-4a9e-8735-532ee1c025dd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775060", "to_ids": true, "type": "md5", "uuid": "6d3eca3b-7fce-4f53-9c80-757d02c46a68", "value": "c9d004384de06bbc53724b1431dc0fde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773571", "to_ids": true, "type": "sha1", "uuid": "c3b069ff-52ea-4275-a722-729cf5a7d469", "value": "8cdfedf9416ef9e50548f02e5dfa5dd5aa38c586", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773571", "to_ids": true, "type": "sha256", "uuid": "9002b53f-c445-496c-a9f0-1b5429318f4e", "value": "1eece1e1ba4b96e6c784729f0608ad2939cfb67bc4236dfababbe1d09268960c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772293", "to_ids": true, "type": "ssdeep", "uuid": "02a4e0d0-66c6-4e85-9586-79f7cc5978e3", "value": "768:/TH8eORh52N43WIykizkxpR8XgXJ7cuzg4M9iRtHpaWmoSfOtICuKw/:/7ORhA4WwpOXS7cuTpTY7ht" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772293", "to_ids": false, "type": "size-in-bytes", "uuid": "3b228aa7-67a3-4608-beee-b1235de0d942", "value": "36424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772293", "to_ids": true, "type": "vhash", "uuid": "5ecd2832-b7cc-4a7a-9d47-b54b1ca58907", "value": "5b918728384a365cf6305fe6683495b7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772293", "to_ids": true, "type": "filename", "uuid": "efa97863-b548-46d6-83b0-b1ad3154e911", "value": "cooff4.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772293", "to_ids": false, "type": "text", "uuid": "8b6cceb3-b316-4a21-9723-718efd7bcede", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:19/65\nFirst Submission:2025-12-24T10:20:36.000000+00:00\nLast Submission:2025-12-24T11:25:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775082", "uuid": "eb4a9920-1a00-4882-a095-0eb2b6b6c46d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775082", "to_ids": true, "type": "md5", "uuid": "67430989-6357-4298-ada9-696f22a6786a", "value": "7f11809925adc6657e84165fdf780816", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773573", "to_ids": true, "type": "sha1", "uuid": "f647f150-8e4d-45a4-8521-4136bf875c1d", "value": "54a207ed34d83d1f71d34d4ad538e8221ffba259", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773573", "to_ids": true, "type": "sha256", "uuid": "29535e2a-68a3-4439-9f19-7218eabdb680", "value": "025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772316", "to_ids": true, "type": "ssdeep", "uuid": "d7a0549b-b17f-4aa4-8c0f-085e50009323", "value": "49152:0ZOwuHOMjxbtjNE9EJv9Jh1bPgZDts5mj5ElcY:0CxHeEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772316", "to_ids": false, "type": "size-in-bytes", "uuid": "8d01b9aa-f33c-4291-a4b6-5b7a37566a8f", "value": "2963456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772316", "to_ids": true, "type": "vhash", "uuid": "47a581b8-cfa6-463e-b275-7f5a2d97537d", "value": "026086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772316", "to_ids": true, "type": "filename", "uuid": "70d2350c-adde-4f5e-8472-ca8527d7462e", "value": "dona.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772316", "to_ids": false, "type": "text", "uuid": "350eba64-5dad-43df-a26c-5f571652cce9", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte!MTB\nVT Total Detection:51/72\nFirst Submission:2025-12-01T05:36:36.000000+00:00\nLast Submission:2025-12-09T03:19:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775103", "uuid": "95b01adf-ead3-475b-9e98-73ce88bfd236", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775103", "to_ids": true, "type": "md5", "uuid": "7bb869c0-d10b-4364-bd25-673832e23fdf", "value": "7a262d4cbbc4808932b6af42c4041f06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773574", "to_ids": true, "type": "sha1", "uuid": "b223d4d2-005f-431d-9f0f-1854b3f1496b", "value": "9e951cf2f868b71aaaa05966d8eb96d333b80106", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773574", "to_ids": true, "type": "sha256", "uuid": "2b7674fc-b724-4db5-813d-91a175e2c64e", "value": "22b38dad7da097ea03aa28d0614164cd25fafeb1383dbc15047e34c8050f6f67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772338", "to_ids": true, "type": "ssdeep", "uuid": "a595e23f-57b4-4688-bf9d-54d52c3fb7c3", "value": "49152:xC1TqFUxvYE/VmotXIMj4tPjn2HMvIdGwg/z8A5ElcYB9nwPDC7bODth5yx30GB:xCBqX3HEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772338", "to_ids": false, "type": "size-in-bytes", "uuid": "1ddd43a8-b147-4bcc-a830-901568ed6431", "value": "3952640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772338", "to_ids": true, "type": "vhash", "uuid": "95209a67-0955-442b-ad4f-63b8a2920079", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772338", "to_ids": true, "type": "filename", "uuid": "c3867330-11f4-4fd2-8f3c-bbebcc9da686", "value": "v6jif.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772338", "to_ids": false, "type": "text", "uuid": "1e2ba90e-2798-40aa-b231-a5e1212beb77", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:49/72\nFirst Submission:2026-03-02T19:03:40.000000+00:00\nLast Submission:2026-03-02T19:03:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775124", "uuid": "efc8233a-f68f-422a-a6ac-32ad741e8586", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775124", "to_ids": true, "type": "md5", "uuid": "aeaa7297-aa9c-4251-8af7-e48a55d12df5", "value": "0a454a07e071971832985701bc6e9164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773574", "to_ids": true, "type": "sha1", "uuid": "b480a517-aac5-4453-ac10-d9c90b470deb", "value": "d875d7e99f45c87e667dbebb8d8596182bdb94df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773575", "to_ids": true, "type": "sha256", "uuid": "5259a96e-3222-4199-96a6-c881c8485cb3", "value": "2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772359", "to_ids": true, "type": "ssdeep", "uuid": "b73900ad-0a61-417c-99ae-2d2aacfd1e5c", "value": "49152:JZOwuHOMjxbtjNE9EJv9JhRbPgZDts5me5ElcY:JCx7HEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772359", "to_ids": false, "type": "size-in-bytes", "uuid": "6d3897d8-c6fa-41cf-9eb0-74f968057b33", "value": "3280900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772359", "to_ids": true, "type": "vhash", "uuid": "8b9c3567-5178-403a-9953-389f27dad768", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772359", "to_ids": true, "type": "filename", "uuid": "6f5836f0-70eb-46ea-8a50-4fe88f43f40d", "value": "4fcyaik.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772359", "to_ids": false, "type": "text", "uuid": "7fbe7ce2-77b2-465d-8fa4-c56de547b369", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:49/72\nFirst Submission:2025-12-15T20:09:45.000000+00:00\nLast Submission:2025-12-15T20:09:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775145", "uuid": "85074578-ef81-4d14-af5a-c12e850bbb4d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775145", "to_ids": true, "type": "md5", "uuid": "5af06b34-a0e5-4922-96bb-ed1bbdcc622b", "value": "7a89b347beb55f63dbcbcfc0beedbe43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773576", "to_ids": true, "type": "sha1", "uuid": "cd2e5563-084e-4551-bf89-41f2902f9688", "value": "716e39bbc93fd4b394d9e6ef7c29aef1adc7dcb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773576", "to_ids": true, "type": "sha256", "uuid": "a47e4c9e-2c72-4b4a-99bc-d6d818ca5422", "value": "48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772381", "to_ids": true, "type": "ssdeep", "uuid": "d1aaee5e-593c-4748-b728-1a865a66949b", "value": "49152:UPb8MvCRH682J9ikm3SYMQHRZ8jrVVZNwfx14gGvmF+5ElcYB9nwPDC7bODth5yz:UPYBL15XFUEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772381", "to_ids": false, "type": "size-in-bytes", "uuid": "27d90e3a-9d10-4ebd-a2fb-6cc8b5904158", "value": "3963904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772381", "to_ids": true, "type": "vhash", "uuid": "60424e27-aa5e-4ac9-9ce8-bd0bfcc5e049", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772381", "to_ids": true, "type": "filename", "uuid": "395d3486-4bcb-4e96-87af-a3a0fa7323f6", "value": "win.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772381", "to_ids": false, "type": "text", "uuid": "65051ed6-2028-48d7-ad8b-159df54c2256", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:47/72\nFirst Submission:2026-03-03T00:07:19.000000+00:00\nLast Submission:2026-03-03T06:38:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775166", "uuid": "de7d4784-4129-460f-a026-ed3ab7a384a9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775166", "to_ids": true, "type": "md5", "uuid": "d67f22c3-a13d-47c3-89a1-6e06056d6cec", "value": "0f9cd505df07e4ebfff3fe61b689e527", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773577", "to_ids": true, "type": "sha1", "uuid": "bf702395-6d77-442a-89d4-4fab81a8bd61", "value": "5d4ae46c14371e20d99b42cc0a683f8d5ec326ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773577", "to_ids": true, "type": "sha256", "uuid": "1824eb3e-e20b-4b71-846d-d1d83283802a", "value": "5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772404", "to_ids": true, "type": "ssdeep", "uuid": "dc5cb84f-3e1e-40a7-9887-85f12865b1fd", "value": "768:DTH8eORh52N43WIykizkxpR8XgXJ7cuzg4M9iRtHpaWmonfhtICuKw/:D7ORhA4WwpOXS7cuTpTY0ut" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772404", "to_ids": false, "type": "size-in-bytes", "uuid": "b9427ba7-f9f3-4f12-9c62-22ee942ec571", "value": "36424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772404", "to_ids": true, "type": "vhash", "uuid": "33d1fcb4-6ee9-49d1-89ef-4a0b8ae000fb", "value": "5b918728384a365cf6305fe6683495b7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772404", "to_ids": true, "type": "filename", "uuid": "3ff2fe91-7009-4bed-b040-4f634a43df24", "value": "epuucrwbo.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772404", "to_ids": false, "type": "text", "uuid": "6d5c6f4e-4d24-4cbe-993a-92110014d168", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:19/65\nFirst Submission:2026-01-10T15:08:17.000000+00:00\nLast Submission:2026-01-10T15:08:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775188", "uuid": "bfdffd6c-7a33-49f3-8732-24389c048d20", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775188", "to_ids": true, "type": "md5", "uuid": "638ae8ed-0463-4886-b2a2-d491db074de1", "value": "8ee42d16a9381d726591ddc551863931", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773577", "to_ids": true, "type": "sha1", "uuid": "afeb7ae4-def8-46b5-a4db-849f95bbb786", "value": "908b39041bab41aef7b2d4d7ffdb72bb5b1e3437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773578", "to_ids": true, "type": "sha256", "uuid": "04f16981-93fa-4b11-956a-755ad8685332", "value": "788ba200f776a188c248d6c2029f00b5d34be45d4444f7cb89ffe838c39b8b19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772425", "to_ids": true, "type": "ssdeep", "uuid": "5cd135d0-21cf-4b7c-b6a5-f28127f2e93d", "value": "49152:agNcFQktmDTZlmh7uUMyqgRhAa56cV05Eu:agNsLGavCEu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772425", "to_ids": false, "type": "size-in-bytes", "uuid": "16c76165-f76a-48d5-8535-9d8f099192a9", "value": "2510996" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772425", "to_ids": true, "type": "vhash", "uuid": "e28e67bc-e55f-4f0e-8943-d12be5be4cdc", "value": "a32d859bd1256dc8d6bca18d4f8c19bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772425", "to_ids": true, "type": "filename", "uuid": "9e9af7f8-9d76-47ba-8e8d-85018fc7caf8", "value": "2x6d30i2u.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772425", "to_ids": false, "type": "text", "uuid": "0200defc-5928-4117-bc4c-bf1b2d692e6a", "value": "Type Description: ELF\nMicrosoft: PUA:Linux/Maltiverza\nVT Total Detection:21/65\nFirst Submission:2026-01-04T16:13:14.000000+00:00\nLast Submission:2026-01-04T16:13:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775209", "uuid": "7795397a-c569-4088-96dc-c9f7f3ab1136", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775209", "to_ids": true, "type": "md5", "uuid": "882bf2ba-5f36-4871-8c87-8ae92dcd141f", "value": "05e9d6d239ea29f0427b02a9bc903be7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773579", "to_ids": true, "type": "sha1", "uuid": "9734ebc9-fd50-4df1-861d-aa17893baa99", "value": "23a468d7277902384875d4167a81164bc2bf6e72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773579", "to_ids": true, "type": "sha256", "uuid": "9cb695ff-8c37-4dbc-bc77-760cd2395d1a", "value": "87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772447", "to_ids": true, "type": "ssdeep", "uuid": "1d2d6e64-5f9c-4958-a373-51cf4122f15c", "value": "49152:linqC+tAonu2oY4RpGe/nhYj37pZFwfH4gpvAuh5EbAk6+cJz9nwPDC7bODth5yX:liqlbUIuXEU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772447", "to_ids": false, "type": "size-in-bytes", "uuid": "e785638a-d4dd-44fa-8a3c-f2ca0c7a8cbb", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772447", "to_ids": true, "type": "vhash", "uuid": "e3530aa7-a682-4f81-bb0e-d1a03c927619", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772447", "to_ids": true, "type": "filename", "uuid": "dc163149-b9bf-4fa8-b475-043ab971e3e5", "value": "gp9g29x.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772447", "to_ids": false, "type": "text", "uuid": "fc877ea9-735d-43f1-afc7-c790d4a7aef5", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:54/72\nFirst Submission:2026-03-31T15:00:48.000000+00:00\nLast Submission:2026-04-03T21:23:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775230", "uuid": "d608aa56-0c00-4950-ab6d-00eaa0c0fa31", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775230", "to_ids": true, "type": "md5", "uuid": "4572022d-3308-49a9-ae8b-23f149951f7b", "value": "1e0f4cd09aa4464179933769b5009251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773580", "to_ids": true, "type": "sha1", "uuid": "03069ee2-a172-4511-9a91-3ba8b0f78586", "value": "124b943f6e82135b4d680df111ce121a200606dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773580", "to_ids": true, "type": "sha256", "uuid": "34294ae4-a1e4-4ba9-92fd-d96af589a11f", "value": "91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772469", "to_ids": true, "type": "ssdeep", "uuid": "9e59b541-b821-4d18-8267-6122804514fb", "value": "49152:1yQzHUkALMZtfx2EASYrHynjNhHMvIhwx/Sgv5ElcYB9nwPDC7bODth5yx30GoP:1y+q4AEXBFwPD+8th5z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772469", "to_ids": false, "type": "size-in-bytes", "uuid": "7b91d122-99cb-427a-8ada-71c01c885089", "value": "3957760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772469", "to_ids": true, "type": "vhash", "uuid": "9736c2e4-d8fb-47c3-b3c1-eed8bf77bec4", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772469", "to_ids": true, "type": "filename", "uuid": "8a666c52-bb96-420a-bf1b-de639ac52ab5", "value": "2026-02-08_1e0f4cd09aa4464179933769b5009251_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772469", "to_ids": false, "type": "text", "uuid": "17ab5969-9ff5-4e20-808a-c50aee9413d2", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:50/72\nFirst Submission:2026-01-14T09:02:48.000000+00:00\nLast Submission:2026-02-08T03:25:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775251", "uuid": "8b80db05-6d25-4be2-84ee-88046b431276", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775251", "to_ids": true, "type": "md5", "uuid": "c9e21ab9-28ea-4f83-9533-73fff141e623", "value": "4609cbac6772a6c61fcf2745cd3b4362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773581", "to_ids": true, "type": "sha1", "uuid": "58180528-4c7d-464a-b75d-a67382797d96", "value": "af4066ca0ae65ac63de6af60f46a9b23bb6dbfee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773581", "to_ids": true, "type": "sha256", "uuid": "2fe3f48f-8c47-424c-8ed3-53ab24cfd068", "value": "994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772490", "to_ids": true, "type": "ssdeep", "uuid": "fbdc7e3b-1bbf-45e5-9030-5480f51c4fc9", "value": "49152:TQvWgP5dF2vDnaERiMeojrX6qpW1KdeC8bQPUVA35ElcYE:ELdFIaEICX6cPzpEXE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772490", "to_ids": false, "type": "size-in-bytes", "uuid": "c9a85927-95c5-4e9b-a862-963940ea883f", "value": "3293188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772490", "to_ids": true, "type": "vhash", "uuid": "d57d46ce-4f3d-4aa8-a8f0-1e61718d0552", "value": "036066655d6d5564bz2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772490", "to_ids": true, "type": "filename", "uuid": "73deecbf-f259-46e8-815b-cfdd1e71e83e", "value": "y859yn1.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772490", "to_ids": false, "type": "text", "uuid": "f08b529e-bc7a-445e-b0f8-65329bc20d83", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:50/72\nFirst Submission:2025-12-02T06:52:44.000000+00:00\nLast Submission:2025-12-02T06:52:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775272", "uuid": "e2cb2b38-3afa-464a-aa13-5285cad4507c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775272", "to_ids": true, "type": "md5", "uuid": "db09295c-9489-46d8-97bd-c0b85ddfb8a2", "value": "ed18c524e930cd1c34614f7cc3051dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773582", "to_ids": true, "type": "sha1", "uuid": "c475ba2e-57b1-47d6-90df-e8f65ed37d5f", "value": "ef4b60f8162dfe20cb96dcae865a912e52459bb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773583", "to_ids": true, "type": "sha256", "uuid": "1b7a6f9c-b11e-4045-bc30-f9d9c34dc735", "value": "9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772512", "to_ids": true, "type": "ssdeep", "uuid": "b0815b81-3586-4db7-9e84-c75bcfd8f3c8", "value": "49152:54No/UEhL6jSHeHGvvYOXmgnj6SHMv6kw512h5ElcY:54An+ZEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772512", "to_ids": false, "type": "size-in-bytes", "uuid": "21d6bb34-ac68-429b-8ded-5057bd4e9608", "value": "3534852" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772512", "to_ids": true, "type": "vhash", "uuid": "124fd7fb-ea0d-4ae8-8c4e-b504944746ff", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772512", "to_ids": true, "type": "filename", "uuid": "ee004c45-12b5-41d8-bb37-1a180ac100ba", "value": "fdjhkspz.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772512", "to_ids": false, "type": "text", "uuid": "a7ba1738-b77c-4a80-b15e-422711c3e495", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:47/72\nFirst Submission:2025-11-20T02:56:03.000000+00:00\nLast Submission:2025-11-20T02:56:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775294", "uuid": "408323c0-9b01-4b60-9839-3e0a52a52ef8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775294", "to_ids": true, "type": "md5", "uuid": "22b814b4-1946-4a3b-a587-f514c6e6e444", "value": "1cc9ae55b1856e4e9796c73f94c2e683", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773583", "to_ids": true, "type": "sha1", "uuid": "6d250b68-f098-4769-9b7b-c5fcba737c26", "value": "ebddc99a00bd7a5dcaf7b73349309d970e5c69b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773583", "to_ids": true, "type": "sha256", "uuid": "34f8493c-7e2c-457a-8f54-c9dfcebf438c", "value": "a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772534", "to_ids": true, "type": "ssdeep", "uuid": "ebf41535-c533-4b17-843f-37e26d1bcf89", "value": "49152:QuoWiWA8g8iwfnVqKC9YVjvVqjsLHMvI9wt/eyP5ElcYB9nwPDC7bODth5yx30G7:QuTPdGEXBFwPD+8th5M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772534", "to_ids": false, "type": "size-in-bytes", "uuid": "87546976-4a2e-45f9-a151-671929a8108d", "value": "3954688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772534", "to_ids": true, "type": "vhash", "uuid": "8dcc32e4-bf99-425b-a1e7-a75046c339d2", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772534", "to_ids": true, "type": "filename", "uuid": "4901b589-b78b-4f77-ae1b-bb5ab81e1e6f", "value": "2026-04-07_1cc9ae55b1856e4e9796c73f94c2e683_amadey_coinminer_dosia_frostygoop_glassworm_hive_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772534", "to_ids": false, "type": "text", "uuid": "9ccecc45-b344-4d79-a64f-ab33eb0fe587", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-05T15:10:32.000000+00:00\nLast Submission:2026-04-07T04:34:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775315", "uuid": "9001c42a-db29-489b-98c6-2d33061980fe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775315", "to_ids": true, "type": "md5", "uuid": "7646718b-e059-4de2-a62f-72ea713d98ec", "value": "3b46a729db7ae6af8b19711c9452194d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773585", "to_ids": true, "type": "sha1", "uuid": "a47f4456-8cc6-41c8-acf5-257d5f49e158", "value": "5aea74bf3e70f38eb596f8002b3c02514daee4f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773585", "to_ids": true, "type": "sha256", "uuid": "b155b766-b7c8-4d29-818c-ab672af7e41f", "value": "b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772555", "to_ids": true, "type": "ssdeep", "uuid": "9432f2b8-32bd-429f-99c9-88200baea959", "value": "49152:ailDmmYw2i62EYW0po4/2m3jeXiZ+wfN4gpv5eP5EbAk6+cJz9nwPDC7bODth5yX:aiFO34ReBEU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772555", "to_ids": false, "type": "size-in-bytes", "uuid": "39d73428-d99c-4866-8059-67253b535dfe", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772555", "to_ids": true, "type": "vhash", "uuid": "077ff629-21a9-4944-8e9b-9d2ce3c7b9f2", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772555", "to_ids": true, "type": "filename", "uuid": "a1d0852c-80ba-4338-9592-67f45c24bd7f", "value": "kis4vm0jd.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772555", "to_ids": false, "type": "text", "uuid": "9b3ca55c-8c64-482e-9ebf-6d6e389e1346", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:39/72\nFirst Submission:2026-04-01T12:09:24.000000+00:00\nLast Submission:2026-04-03T10:06:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775336", "uuid": "87881020-9a4c-4f76-909f-bb907c487e0e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775336", "to_ids": true, "type": "md5", "uuid": "6791db74-5016-44c8-890c-80a92567f9b6", "value": "a2a13b8da7370f5f4753d81c7958dfcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773586", "to_ids": true, "type": "sha1", "uuid": "1dc098c3-a40d-4b11-8726-76a1c05f7564", "value": "143cb70aede3ba09ae54e1da55c69f0129991f48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773586", "to_ids": true, "type": "sha256", "uuid": "9b5227f3-6032-4572-a404-e75a982b5944", "value": "efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772598", "to_ids": true, "type": "ssdeep", "uuid": "de0a2daa-ab01-42e6-a5d8-c0287c5c79e4", "value": "49152:Y6OykI7cUakFLqFWEacsxBixaEji4ZQGf504gDJo1J55ElcYB9nwPDC7bODth5yX:Y3gfFOW41JvEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772598", "to_ids": false, "type": "size-in-bytes", "uuid": "2c59ac59-162c-46a6-88de-132f20f19dc8", "value": "3956224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772598", "to_ids": true, "type": "vhash", "uuid": "717e4ecf-aa18-42a7-9cea-2f0385e79cc1", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772598", "to_ids": true, "type": "filename", "uuid": "e1dac2cb-e1e7-4923-a497-2e95a85a489f", "value": "2026-02-06_a2a13b8da7370f5f4753d81c7958dfcb_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772598", "to_ids": false, "type": "text", "uuid": "e841fed1-85e2-4ad0-84ca-224057f0f2b4", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:51/72\nFirst Submission:2026-01-16T11:38:04.000000+00:00\nLast Submission:2026-02-06T10:43:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775357", "uuid": "92b9eabf-a851-4dcf-8524-e58cda557864", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775357", "to_ids": true, "type": "md5", "uuid": "0c7c47bc-8a2a-4868-ba42-bbe1414392f6", "value": "ffb6011e7c82355046988166dd896930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773587", "to_ids": true, "type": "sha1", "uuid": "d9d18c35-b808-4205-bbd9-f3d040efbdc0", "value": "83c6c1bb37c9071e569aa4b247e54ab763bbf5da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773587", "to_ids": true, "type": "sha256", "uuid": "b9041070-91ac-47d7-aa12-2f631351c859", "value": "f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772620", "to_ids": true, "type": "ssdeep", "uuid": "2fa29b2f-874d-4ee8-8234-a5f2a9236961", "value": "49152:tOXpvfSEikgYDG+EqVkJ4CkdFjUwZ5GfQ4gNJ4w3ka5ElcYB9nwPDC7bODth5yxF:tO58U3dVGw3kwEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772620", "to_ids": false, "type": "size-in-bytes", "uuid": "b3a0782b-d39e-44ce-b1c4-a932d4c37658", "value": "3971072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772620", "to_ids": true, "type": "vhash", "uuid": "b5b4696a-a642-4398-820c-d2c2094f12e3", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772620", "to_ids": true, "type": "filename", "uuid": "9f23ae9b-069c-42db-98df-93bde1bf494d", "value": "amd.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772620", "to_ids": false, "type": "text", "uuid": "fcf34d87-736b-421e-8f3f-b80f8866fef3", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:48/72\nFirst Submission:2026-02-19T02:42:26.000000+00:00\nLast Submission:2026-02-19T05:01:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775378", "uuid": "7dd48ce8-0456-46d4-ae95-b1842eec5b54", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775378", "to_ids": true, "type": "md5", "uuid": "71812df3-bf04-43fe-b6bd-e9c57a4994e7", "value": "7b885b446bbd9b450146c88f84c64f30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773588", "to_ids": true, "type": "sha1", "uuid": "475ffe48-d407-4921-b92d-fbda411195c8", "value": "bd79aec521aa9f0cec374d57692b540b7b5a6ea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773588", "to_ids": true, "type": "sha256", "uuid": "0d026b24-eca8-4ffe-a2eb-890de36fd854", "value": "fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772641", "to_ids": true, "type": "ssdeep", "uuid": "3271f526-6e3c-4c86-ae24-5c820e8879d5", "value": "49152:Kj6+4dnfoiSEct2xaSUPDdP/7SsjHE4Z0wfs4gcvpG15ElcYB9nwPDC7bODth5yX:KjHodwdImGLEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772641", "to_ids": false, "type": "size-in-bytes", "uuid": "4083cc19-df86-4034-a8b6-ac352100587d", "value": "3968512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772641", "to_ids": true, "type": "vhash", "uuid": "ea252bf6-1624-47d0-9824-4a7307343757", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772641", "to_ids": true, "type": "filename", "uuid": "70d30d82-3fcd-460d-b9b7-f350b18b9f0b", "value": "rxeh0zn3w.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772641", "to_ids": false, "type": "text", "uuid": "b8313087-03c3-4513-bd71-94dbf8bcaed5", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:49/72\nFirst Submission:2026-03-31T06:45:07.000000+00:00\nLast Submission:2026-03-31T06:45:07.000000+00:00" } ] } ] } }