{ "Event": { "analysis": "1", "date": "2026-03-03", "extends_uuid": "", "info": "[Threat Intel] Signed malware impersonating workplace apps deploys RMM backdoors", "protected": false, "publish_timestamp": "1776726071", "published": true, "threat_level_id": "3", "timestamp": "1776726063", "uuid": "4146c066-4058-4a0a-b3cf-f1854c6a9f08", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#96f4f6", "local": false, "name": "misp-galaxy:producer=\"Microsoft\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" }, { "colour": "#3bc6ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772679615", "to_ids": false, "type": "link", "uuid": "a2dfb480-b719-4fa9-b0e5-096f64df2e70", "value": "https://www.microsoft.com/en-us/security/blog/2026/03/03/signed-malware-impersonating-workplace-apps-deploys-rmm-backdoors/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772679615", "to_ids": false, "type": "text", "uuid": "fb5fa287-8ee2-4d41-ad99-698dd87280b9", "value": "Multiple phishing campaigns were identified using workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. The attacks used digitally signed executables masquerading as legitimate software to install remote monitoring and management (RMM) tools like ScreenConnect, Tactical RMM, and Mesh Agent. These tools enabled attackers to establish persistence and move laterally within compromised environments. The malware was signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD. The campaigns demonstrate how familiar branding and trusted digital signatures can be exploited to bypass user suspicion and gain an initial foothold in enterprise networks." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772679615", "to_ids": false, "type": "text", "uuid": "230083a5-f570-45dd-8b38-2aa152fb73cb", "value": "Name: Signed malware impersonating workplace apps deploys RMM backdoors\nAuthor: AlienVault\nAdversary: \nTags: [\"persistence\", \"lateral movement\", \"tactical rmm\", \"workplace impersonation\", \"mesh agent\", \"phishing\", \"rmm\", \"digital signatures\", \"screenconnect\"]\nTgtd countries: []\nMlwr families: [\"ScreenConnect\", \"Tactical RMM\", \"Mesh Agent\"]\nAttack_ids: [\"T1543.003\", \"T1553.002\", \"T1082\", \"T1219\", \"T1036\", \"T1021\", \"T1112\", \"T1497\", \"T1204\", \"T1059.001\", \"T1547.001\", \"T1566\", \"T1078\", \"T1105\"]\nIndustries: []" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825090", "to_ids": true, "type": "ip-dst", "uuid": "7a993355-a7e5-48e4-af56-765d0bd07906", "value": "154.16.171.203", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:07/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772825037", "to_ids": true, "type": "md5", "uuid": "d9c4bf93-2812-46ec-9290-b297ada2a651", "value": "575e7adf57f741ba8ce32bfe83a1e7f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:07/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772825039", "to_ids": true, "type": "md5", "uuid": "77b1ef29-098b-41ef-b765-58d67c71228a", "value": "a6b1edca753b4d618d8b2f09eaa9e2af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:07/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772825040", "to_ids": true, "type": "sha256", "uuid": "c203dd53-32dd-4394-905b-f453bbe872bc", "value": "4c6251e1db72bdd00b64091013acb8b9cb889c768a4ca9b2ead3cc89362ac2ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:07/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772825042", "to_ids": true, "type": "sha256", "uuid": "3d6ad94c-61ba-4b78-946f-12ce95059879", "value": "947bcb782c278da450c2e27ec29cb9119a687fd27485f2d03c3f2e133551102e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:07/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772825044", "to_ids": true, "type": "sha256", "uuid": "086a6706-b22d-4ff3-9570-e0c1377c21e0", "value": "9827c2d623d2e3af840b04d5102ca5e4bd01af174131fc00731b0764878f00ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:07/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772825046", "to_ids": true, "type": "sha256", "uuid": "b0f9f3e0-3c30-4de1-a727-44db199f7b23", "value": "98a4d09db3de140d251ea6afd30dcf3a08e8ae8e102fc44dd16c4356cc7ad8a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825111", "to_ids": true, "type": "ip-dst", "uuid": "40cca8cc-9fcf-4ca7-bd44-2bb37eba84a1", "value": "136.0.157.51", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825133", "to_ids": true, "type": "ip-dst", "uuid": "06710969-b5e7-4e28-82b8-08c483936516", "value": "173.195.100.77", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825178", "to_ids": true, "type": "domain", "uuid": "41c0cdd3-4bb9-4f21-9f4f-547d5579b914", "value": "adb-pro.design", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825200", "to_ids": true, "type": "domain", "uuid": "7bd4853c-b929-4bd4-8975-343af9e66dce", "value": "chata2go.com.mx", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825221", "to_ids": true, "type": "domain", "uuid": "d36f9d27-948f-4729-a70c-9efa2c764fa2", "value": "easyguidepdf.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825243", "to_ids": true, "type": "domain", "uuid": "51e8b6bb-38d1-490c-ba8b-bf4f1319c4dd", "value": "eliteautoused-cars.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825265", "to_ids": true, "type": "domain", "uuid": "a8ddeee4-d9a5-405b-9a3a-59f470fc3660", "value": "httpsecured.im", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825287", "to_ids": true, "type": "domain", "uuid": "cb4f07ac-aff7-4db4-bccd-9cea6479261a", "value": "lankystocks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825309", "to_ids": true, "type": "domain", "uuid": "3af28346-de4a-4dee-a671-5ff1eed2f901", "value": "pacificlimited.mw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825331", "to_ids": true, "type": "domain", "uuid": "29d8f1dc-c85d-4871-a2e4-cc5ce18733a3", "value": "sherwoods.ae", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825353", "to_ids": true, "type": "domain", "uuid": "fafc108d-af42-4d1d-aa9d-e3260db19aa0", "value": "sunride.com.do", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825375", "to_ids": true, "type": "domain", "uuid": "218ca01f-342e-438d-8da8-92962e1d0d3f", "value": "waynelimck.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825419", "to_ids": true, "type": "hostname", "uuid": "c9d35afe-6235-4e9f-b07f-258ad1511427", "value": "www.metrosuitesbellavie.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825441", "to_ids": true, "type": "url", "uuid": "5a5538c2-2603-4dad-aff0-27e137726571", "value": "https://store-na-phx-1.gofile.io/download/direct/fc087401-6097-412d-8c7f-e471c7d83d7f/Onchain-installer.exe", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825463", "to_ids": true, "type": "url", "uuid": "fc804889-5083-4ff9-a257-9f43e566e706", "value": "https://waynelimck.com/bid/MsTeams.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825486", "to_ids": true, "type": "url", "uuid": "46475a8e-ff99-47f9-a3b0-602da1bb2d3c", "value": "https://pub-575e7adf57f741ba8ce32bfe83a1e7f4.r2.dev/Project%20Proposal%20-%20eDocs.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825508", "to_ids": true, "type": "url", "uuid": "b5f9cd2b-0a90-4f1c-b54c-98fa14a1efb1", "value": "https://adb-pro.design/Adobe/download.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825530", "to_ids": true, "type": "url", "uuid": "215ccf83-67af-4800-ba01-6ff552c6822c", "value": "https://easyguidepdf.com/A/AdobeReader/download.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825552", "to_ids": true, "type": "url", "uuid": "5e474a5a-6524-4104-a89b-221a2a001e31", "value": "https://chata2go.com.mx/store/invite.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825575", "to_ids": true, "type": "url", "uuid": "2ded9eb3-10f3-4a04-82c1-99833fc802fe", "value": "https://lankystocks.com/Zoom/Windows/download.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825597", "to_ids": true, "type": "url", "uuid": "4ad6a0c3-d288-43e1-b904-077a881396bf", "value": "https://sherwoods.ae/dm/Analog/Machine/download.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825620", "to_ids": true, "type": "url", "uuid": "3b2530ff-e343-40e3-8419-60fe3cd2636d", "value": "https://hxxpsecured.im/file/MsTeams.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825642", "to_ids": true, "type": "url", "uuid": "327ffd6f-88d1-460d-8037-388c6887539a", "value": "https://pixeldrain.com/api/file/CiEwUUGq?download", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825664", "to_ids": true, "type": "url", "uuid": "1c869e02-36dd-4645-893f-34581ee63675", "value": "https://sunride.com.do/clean22/clea/cle/MsTeams.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825686", "to_ids": true, "type": "url", "uuid": "73581160-d856-404a-8947-d99709c9f297", "value": "https://eliteautoused-cars.com/bid/MsTeams.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825709", "to_ids": true, "type": "url", "uuid": "0912bfae-0c87-4bd3-a74b-87cf1408fbbb", "value": "https://sherwoods.ae/wp-admin/Apex_Injury_Attorneys/download.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825731", "to_ids": true, "type": "url", "uuid": "71e9492a-c20b-417a-94b1-4439dfaa8447", "value": "https://yad.ma/wp-admin/El_Paso_Orthopaedic_Group/download.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825753", "to_ids": true, "type": "url", "uuid": "99a01a70-fb45-4b58-b81e-48bab8df00bd", "value": "https://pacificlimited.mw/trash/cee/tra/MsTeams.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825776", "to_ids": true, "type": "url", "uuid": "85418542-44cb-4cc4-9a14-448fbea7547c", "value": "https://yad.ma/Union/Colony/download.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825798", "to_ids": true, "type": "url", "uuid": "9e2c0c56-7733-4a4f-aaef-441723f068ab", "value": "https://yad.ma/Union/Colony/complete.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825820", "to_ids": true, "type": "url", "uuid": "821ce28c-a4a9-4b9c-94c4-ded58d7bb58c", "value": "https://www.metrosuitesbellavie.com/crewe/cjo/yte/MsTeams.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825844", "to_ids": true, "type": "domain", "uuid": "7c77c2e3-5c7a-4cfc-bdb6-c0356bdce4b6", "value": "trustconnectsoftware.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825866", "to_ids": true, "type": "hostname", "uuid": "017fb310-74f0-458f-a550-716bfb04ad16", "value": "turn.zoomworkforce.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825888", "to_ids": true, "type": "domain", "uuid": "acd073af-fefe-4eee-89a8-d6d4bee98610", "value": "rightrecoveryscreen.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825910", "to_ids": true, "type": "domain", "uuid": "9a193f4c-e3aa-4367-962a-cc6a51e5a5f3", "value": "smallmartdirectintense.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825932", "to_ids": true, "type": "hostname", "uuid": "cb975fff-ca42-47a1-89e6-449f260fc4b2", "value": "r9.virtualonlineserver.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825954", "to_ids": true, "type": "hostname", "uuid": "d9d337cf-49e9-4be1-9e3f-71b3fa73455e", "value": "app.ovbxbzuaiopp.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825977", "to_ids": true, "type": "hostname", "uuid": "871693fc-8ea5-4266-88a2-bbd21aa25c01", "value": "server.denako-cin.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772825999", "to_ids": true, "type": "hostname", "uuid": "237b5196-9226-4516-b974-3fc0eef419cd", "value": "cold-na-phx-7.gofile.io", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826021", "to_ids": true, "type": "domain", "uuid": "de79793b-1179-42a3-b805-acdaab9ada6f", "value": "absolutedarkorderhqx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826043", "to_ids": true, "type": "hostname", "uuid": "6bdad2e7-da02-431e-8d73-88caa2e2f1de", "value": "app.amazonwindowsprime.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826065", "to_ids": true, "type": "hostname", "uuid": "552db3de-2a38-4249-bab1-65d8bafb7e87", "value": "pub-a6b1edca753b4d618d8b2f09eaa9e2af.r2.dev", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826087", "to_ids": true, "type": "hostname", "uuid": "6ed986de-ff26-41bf-a50b-afd893d00634", "value": "cold-na-phx-8.gofile.io", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826109", "to_ids": true, "type": "hostname", "uuid": "618f7336-c7cf-4fbf-8627-4b8feeb89c2c", "value": "server.yakabanskreen.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826131", "to_ids": true, "type": "hostname", "uuid": "2b1765f2-e295-4c13-a8d8-5481355c8d48", "value": "server.nathanjhooskreen.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826155", "to_ids": true, "type": "hostname", "uuid": "77712346-fb45-4bb9-924c-5bf01b1f9bcb", "value": "read.pibanerllc.de", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826177", "to_ids": true, "type": "ip-dst", "uuid": "472ed78b-2612-4ed7-a2b3-edf79c672c68", "value": "66.150.196.166", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772826199", "to_ids": true, "type": "domain", "uuid": "ec5697aa-d185-42eb-8748-84aa969ccde7", "value": "pacdashed.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776722980", "to_ids": true, "type": "hostname", "uuid": "7d89858c-fa1a-4c37-8e8a-0c8fb93f5544", "value": "smallmartdirectintense.comr9.virtualonlineserver.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776723002", "to_ids": true, "type": "hostname", "uuid": "0ffe3754-f670-4b24-8bde-a2bfc1ee97fe", "value": "app.ovbxbzuaiopp.onlineserver.denako-cin.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776723024", "to_ids": true, "type": "hostname", "uuid": "69256184-7029-4168-a15c-172d3f83b24a", "value": "cold-na-phx-7.gofile.ioabsolutedarkorderhqx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776723046", "to_ids": true, "type": "hostname", "uuid": "9a4c9cf4-376f-4762-bdf2-797ac0919595", "value": "cold-na-phx-8.gofile.ioserver.yakabanskreen.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776723067", "to_ids": true, "type": "url", "uuid": "8e692200-4af5-44c2-9dbf-a6893c556286", "value": "http://yad.ma/Union/Colony/complete.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826221", "uuid": "4954aa1d-d1e8-4e17-a13f-fcc9b5feb59a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826221", "to_ids": true, "type": "md5", "uuid": "d982e47e-0133-4245-9f8c-f1754cae5bdd", "value": "0507b89eeb35741df61eeff7769b3397", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825004", "to_ids": true, "type": "sha1", "uuid": "4b313bcd-60ef-479c-bef9-0b7a7f62a96f", "value": "253238019e1ea386d2d72584bff8eadf4f5ec5b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825005", "to_ids": true, "type": "sha256", "uuid": "0bdc589e-da5d-41eb-baa8-b4093e0ffb4b", "value": "5701dabdba685b903a84de6977a9f946accc08acf2111e5d91bc189a83c3faea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824139", "to_ids": true, "type": "ssdeep", "uuid": "ae08412a-5d4f-417d-830e-b4ca1fd29034", "value": "393216:vKxapWfkzI/r4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81t:z48Gr/vbpvuY7Key+7PJsYPUlb5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824139", "to_ids": false, "type": "size-in-bytes", "uuid": "61736943-8ad3-4297-a2bd-b5b539c4b5c9", "value": "36333184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824139", "to_ids": true, "type": "vhash", "uuid": "d91b97f5-80a6-4c00-ad1f-cb1d0e3187c1", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824139", "to_ids": true, "type": "filename", "uuid": "ac5781e5-c95c-47aa-86cb-7c68c9a4df86", "value": "Installer.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824139", "to_ids": false, "type": "text", "uuid": "4ecb15d9-1411-4e00-afc9-07938616346d", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:32/71\nFirst Submission:2026-02-06T20:16:43.000000+00:00\nLast Submission:2026-03-04T10:43:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826242", "uuid": "0cdd82c7-0648-4792-8ae0-1f3487bcb2e5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826242", "to_ids": true, "type": "md5", "uuid": "f56f0aac-1c49-438e-a09c-0acc491ee39b", "value": "1649e35d73a5b9cd9251ee7b4842bef6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825007", "to_ids": true, "type": "sha1", "uuid": "2014cdae-ec2f-4d8e-bf88-521b3c085559", "value": "f086e99ae0f2001ee0c74f3c92a878031a40ed74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825007", "to_ids": true, "type": "sha256", "uuid": "b377ca11-ffe4-4c7b-bf36-e83272431316", "value": "35f03708f590810be88dfb27c53d63cd6bb3fb93c110ca0d01bc23ecdf61f983", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824163", "to_ids": true, "type": "ssdeep", "uuid": "1f5379e5-e451-41be-a721-7be51cf5dd6e", "value": "393216:wKxapWfkhI2r4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81Z:K4+Pr/vbpvuY7Key+7PJsYPUlbd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824163", "to_ids": false, "type": "size-in-bytes", "uuid": "b7208b8a-efe0-4582-b233-d7106c35b7b0", "value": "36330944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824163", "to_ids": true, "type": "vhash", "uuid": "42ef0b77-879d-4150-ac0e-48329979d0b0", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824163", "to_ids": true, "type": "filename", "uuid": "0bb29463-c156-4bd2-adf6-8427f283480b", "value": "Ssa.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824163", "to_ids": false, "type": "text", "uuid": "ea2f309e-6047-42dc-a567-1d13d1d6648b", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:31/70\nFirst Submission:2026-02-02T06:20:51.000000+00:00\nLast Submission:2026-03-05T18:21:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826264", "uuid": "c70afe5a-581d-43df-b1d6-82a335612fb6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826264", "to_ids": true, "type": "md5", "uuid": "bde95f2e-4259-4db7-9cd0-b3fb55080fa4", "value": "1b06c31e5c11f4fcfc52460852fd44be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825010", "to_ids": true, "type": "sha1", "uuid": "0d8bc725-f5c3-4694-ad44-535ed4aa0864", "value": "e1307cf83815818cf22c5dde25edcb26a493c791", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825010", "to_ids": true, "type": "sha256", "uuid": "f82e9fc6-bf44-49c9-bb55-fcde0fb5542c", "value": "af651ebcacd88d292eb2b6cbbe28b1e0afd1d418be862d9e34eacbd65337398c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824186", "to_ids": true, "type": "ssdeep", "uuid": "a08de7eb-12d0-40bd-9588-f67c1821df18", "value": "393216:6KxapWfk4I4r4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81m:M4nPr/vbpvuY7Key+7PJsYPUlb6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824186", "to_ids": false, "type": "size-in-bytes", "uuid": "7d3675e9-603c-40e6-8979-228bc4905af6", "value": "36331496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824186", "to_ids": true, "type": "vhash", "uuid": "99b629d0-f01b-430f-9a41-3bc3c65412bb", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824186", "to_ids": true, "type": "filename", "uuid": "dcbdd73b-0846-4616-9a5e-fe54bf295961", "value": "AdobeReader.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824186", "to_ids": false, "type": "text", "uuid": "810595d4-3f7a-47b4-bbf9-9b129a9ea303", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:34/71\nFirst Submission:2026-02-06T01:18:37.000000+00:00\nLast Submission:2026-03-04T10:50:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826286", "uuid": "1990d9b0-4afa-4593-a3ca-e6e6fcc48400", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826286", "to_ids": true, "type": "md5", "uuid": "f09e1f36-6fd1-4add-8632-08af731fa453", "value": "88374c5b7e56b7d0c21c08a8075b1ada", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825012", "to_ids": true, "type": "sha1", "uuid": "9a061d33-c1ea-43e4-91ce-ce759edf6cb1", "value": "e0d22391f7046dccf22ba0caf066eef25801b83b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825012", "to_ids": true, "type": "sha256", "uuid": "1668356f-d806-4aea-8330-dacd86b86965", "value": "c862dbcada4472e55f8d1ffc3d5cfee65d1d5e06b59a724e4a93c7099dd37357", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824230", "to_ids": true, "type": "ssdeep", "uuid": "99585ba6-3c1b-471c-923e-deb16c4e2210", "value": "393216:UKxapWfkhIcr4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81X:e46Rr/vbpvuY7Key+7PJsYPUlb7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824230", "to_ids": false, "type": "size-in-bytes", "uuid": "f20b14f0-d01d-4289-ac22-7940b757a3a0", "value": "36331496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824230", "to_ids": true, "type": "vhash", "uuid": "d4ad0864-be11-4a2c-b2c0-1d5f9bfa4e6e", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824230", "to_ids": true, "type": "filename", "uuid": "9f1d32fa-acf2-4914-8248-6f5c0b74725e", "value": "AdobeReader.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824230", "to_ids": false, "type": "text", "uuid": "ec641395-1e62-4be0-b982-62433c16085f", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:31/71\nFirst Submission:2026-02-06T03:42:49.000000+00:00\nLast Submission:2026-02-11T16:09:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826308", "uuid": "f07e6831-ce00-4e89-b69f-49085a170607", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826308", "to_ids": true, "type": "md5", "uuid": "7be130aa-54da-47ee-a935-0c839b1babdd", "value": "bd45296ec3006176fe07d784bbe00bea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825015", "to_ids": true, "type": "sha1", "uuid": "59871045-8352-4c8e-87fc-3120e312fccf", "value": "eb165bc46f2f94b1b14d2c4c08b29a51389093ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825015", "to_ids": true, "type": "sha256", "uuid": "b92187f4-6293-4c1e-803f-9508d1880e81", "value": "36fdd4693b6df8f2de7b36dff745a3f41324a6dacb78b4159040c5d15e11acb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824274", "to_ids": true, "type": "ssdeep", "uuid": "0be6fcab-fd75-4faf-974d-04128c315cb4", "value": "393216:FKxapWfkTIlr4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81l:R446r/vbpvuY7Key+7PJsYPUlbR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824274", "to_ids": false, "type": "size-in-bytes", "uuid": "e0979c3c-b767-47cc-86a0-59c55dc5a5ee", "value": "36331584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824274", "to_ids": true, "type": "vhash", "uuid": "067b3ed1-19d8-49cd-b7cb-1e2a792b72ab", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824274", "to_ids": true, "type": "filename", "uuid": "a6638517-76b3-4bc6-9e3d-f5beb5e89ef4", "value": "MsTeams.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824274", "to_ids": false, "type": "text", "uuid": "65f0f28b-1bbf-4423-ac7c-42a8356c8d6b", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:32/71\nFirst Submission:2026-02-25T18:57:29.000000+00:00\nLast Submission:2026-03-05T18:20:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826330", "uuid": "d4518cf0-b633-41f5-aabc-60fd4719e1c9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826330", "to_ids": true, "type": "md5", "uuid": "3a67cae1-be7a-4092-b7d6-0918377f0899", "value": "c7cbe37a075ceb7283b6ea1feaf8e085", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825017", "to_ids": true, "type": "sha1", "uuid": "15504c61-9ad7-47b4-8d86-08e9a5e3815d", "value": "5f61a36bfe588b07ae88d0786742e3983f66171f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825018", "to_ids": true, "type": "sha256", "uuid": "bfc17b44-f985-437c-bda8-249d3680f053", "value": "86b788ce9379e02e1127779f6c4d91ee4c1755aae18575e2137fb82ce39e100f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824297", "to_ids": true, "type": "ssdeep", "uuid": "eea97602-de46-47ae-9504-6e399ea67b14", "value": "393216:FKxapWfkVI9r4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81B:R428r/vbpvuY7Key+7PJsYPUlbt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824297", "to_ids": false, "type": "size-in-bytes", "uuid": "0c3f6941-65c6-4609-9907-ffcee386fecf", "value": "36333200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824297", "to_ids": true, "type": "vhash", "uuid": "dfde3cb9-d8b3-48fd-89bf-5838c59a02a1", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824297", "to_ids": true, "type": "filename", "uuid": "2c9c7b62-8c1d-4891-8ae0-6223df63d115", "value": "Proposal.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824297", "to_ids": false, "type": "text", "uuid": "8aee233a-b2bf-499b-ba6f-788b27b658a1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Trec!rfn\nVT Total Detection:31/70\nFirst Submission:2026-02-09T22:34:08.000000+00:00\nLast Submission:2026-02-12T06:20:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826352", "uuid": "46dd1eaa-4817-4186-b883-8fa0f679c6f8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826352", "to_ids": true, "type": "md5", "uuid": "fc53fa28-e583-4d6f-a380-c8c7d370c0c6", "value": "ec54c5089d27b2ad844b96725924a22b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825020", "to_ids": true, "type": "sha1", "uuid": "a0fbcfa1-6c56-404b-ace7-22b4d2df9149", "value": "75e45900247ff595f1f67d45c16a4ec4bdabe60c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825020", "to_ids": true, "type": "sha256", "uuid": "245b89bc-f43e-406f-a4d1-b3955c26c55b", "value": "edde2673becdf84e3b1d823a985c7984fec42cb65c7666e68badce78bd0666c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824320", "to_ids": true, "type": "ssdeep", "uuid": "0662838f-c887-4a41-8dd1-fc1f2af77fdd", "value": "393216:TKxapWfkbIPr4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81F:n4sir/vbpvuY7Key+7PJsYPUlbp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824320", "to_ids": false, "type": "size-in-bytes", "uuid": "a5a1dccd-8d3c-4fc3-8a8a-8587d95ea09b", "value": "36331536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824320", "to_ids": true, "type": "vhash", "uuid": "523ebeea-320f-4734-8bea-692e15c9e2f6", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824320", "to_ids": true, "type": "filename", "uuid": "036fc9ec-56bf-46d6-bc1a-9493c2b77e0c", "value": "AdobeReader.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824320", "to_ids": false, "type": "text", "uuid": "61d2cc81-f164-4ea0-a457-1974d8df8522", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon!MTB\nVT Total Detection:32/71\nFirst Submission:2026-02-01T23:36:32.000000+00:00\nLast Submission:2026-02-04T14:10:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826374", "uuid": "e3f35125-c28f-40a4-9157-fabe52e26e03", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826374", "to_ids": true, "type": "md5", "uuid": "74710e81-93de-429c-b124-ffc6c2f1c31b", "value": "f55a1ee56f84bd6237f6833789b3a7ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825029", "to_ids": true, "type": "sha1", "uuid": "0f3b91db-8e75-4227-a787-e163e7d5bc2a", "value": "a12bc988d5b0b0e3c0c6b143851838e3d8786927", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825030", "to_ids": true, "type": "sha256", "uuid": "e46f7f48-263b-42aa-b152-9e9ce69ebd40", "value": "6641561ed47fdb2540a894eb983bcbc82d7ad8eafb4af1de24711380c9d38f8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824343", "to_ids": true, "type": "ssdeep", "uuid": "c2543e89-1f59-4f64-a54b-9e0d1a6ca131", "value": "393216:+KxapWfk7IVr4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/810:A4wKr/vbpvuY7Key+7PJsYPUlbY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824343", "to_ids": false, "type": "size-in-bytes", "uuid": "f98ac320-b917-4aec-b1f6-a5b8d0f22883", "value": "36331560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824343", "to_ids": true, "type": "vhash", "uuid": "f76734c0-8521-42d2-939b-ebbd36b6fe3d", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824343", "to_ids": true, "type": "filename", "uuid": "3710a8b7-f2e4-42b0-abef-53c7ac5eaa95", "value": "MsTeams.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824343", "to_ids": false, "type": "text", "uuid": "25646a49-23e7-4bff-a53d-95627ee41b49", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:36/71\nFirst Submission:2026-02-02T12:43:42.000000+00:00\nLast Submission:2026-02-27T05:31:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826396", "uuid": "3eb12af6-1e80-44fa-af10-259a989dbb62", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826396", "to_ids": true, "type": "md5", "uuid": "cdf87cf3-81e8-460c-937a-50d54353abfd", "value": "46c113aaf06776a03a5e07649f3b640f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825031", "to_ids": true, "type": "sha1", "uuid": "69c0c3f8-e052-4ed5-8bfe-bbcbda6edb5f", "value": "9f324becfa91b5e621b93630af51c95eb4c20576", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825031", "to_ids": true, "type": "sha256", "uuid": "2338a1ff-a0a6-4012-b43e-af6b1e754eb3", "value": "959509ef2fa29dfeeae688d05d31fff08bde42e2320971f4224537969f553070", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824411", "to_ids": true, "type": "ssdeep", "uuid": "43deda49-d826-48c1-9851-2ba9c39c79ae", "value": "393216:BKxapWfkHIgr4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81U:d4ctr/vbpvuY7Key+7PJsYPUlbw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824411", "to_ids": false, "type": "size-in-bytes", "uuid": "d4dd2c86-0246-4f66-be65-f6b8d7df1c97", "value": "36330984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824411", "to_ids": true, "type": "vhash", "uuid": "a81f5a19-d005-499f-8c12-d17513db5e0c", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824411", "to_ids": true, "type": "filename", "uuid": "fe094efd-e05f-437d-b5ba-da98353e1636", "value": "TrustConnectAgent.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824411", "to_ids": false, "type": "text", "uuid": "3166767f-5416-4bc5-b848-059a94eb8c0d", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:32/71\nFirst Submission:2026-01-28T23:02:26.000000+00:00\nLast Submission:2026-01-28T23:02:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826418", "uuid": "64996955-e2f9-48f2-825a-83f7c190da80", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826418", "to_ids": true, "type": "md5", "uuid": "e68c5a80-003e-4b72-888d-a77f50393488", "value": "2c46e541f541ae41666fdb4593df3dd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825033", "to_ids": true, "type": "sha1", "uuid": "7f00d4a7-0d6e-4d1e-81ed-389e0c247171", "value": "5335f6c7e56684eb79d2af6f69fa3b1f820074d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825033", "to_ids": true, "type": "sha256", "uuid": "0f2fd9e5-1734-46f7-9f5f-aa741ece3deb", "value": "c6097dfbdaf256d07ffe05b443f096c6c10d558ed36380baf6ab446e6f5e2bc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824478", "to_ids": true, "type": "ssdeep", "uuid": "13c5135b-c287-4936-98cd-a77126b24ad9", "value": "393216:UKxapWfkqIrr4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81j:e4R4r/vbpvuY7Key+7PJsYPUlbH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824478", "to_ids": false, "type": "size-in-bytes", "uuid": "49e90de5-e5fc-452e-8e41-efbb4be31b81", "value": "36331480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824478", "to_ids": true, "type": "vhash", "uuid": "ae70aeee-41ff-4744-abce-93f70aa4add5", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824478", "to_ids": true, "type": "filename", "uuid": "06babd8f-85ce-4a29-8b97-d87fd1868fe2", "value": "AdobeReader.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824478", "to_ids": false, "type": "text", "uuid": "0b49d99b-09f1-4b90-a972-3d61e2399291", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:30/71\nFirst Submission:2026-02-09T19:02:15.000000+00:00\nLast Submission:2026-02-09T19:08:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772826440", "uuid": "9dca0dd2-cf2e-41be-853f-9259a7fbebaf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772826440", "to_ids": true, "type": "md5", "uuid": "4a0e795b-3764-4bb7-a169-5e3a70442e70", "value": "3da2615bd8b17c149dbbf8c0bcc718cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772825035", "to_ids": true, "type": "sha1", "uuid": "c0b16866-20d6-445c-8580-56b8d5c11d32", "value": "606faf2f5daeaa32213cf6a8823f075e72972121", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772825035", "to_ids": true, "type": "sha256", "uuid": "6b090857-337d-4b6f-85cf-7743f768e8e5", "value": "ef7702ac5f574b2c046df6d5ab3e603abe57d981918cddedf4de6fe41b1d3288", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772824500", "to_ids": true, "type": "ssdeep", "uuid": "dc7ff11c-cf2f-42a9-8908-21ddeaabf780", "value": "393216:qKxapWfk4Iqr4SvhZ6sRvI9cR8vq/mQFgeyh0LfHPQu2jYvnUwEbc/81b:84DLr/vbpvuY7Key+7PJsYPUlb/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772824500", "to_ids": false, "type": "size-in-bytes", "uuid": "9a61ad60-1c9b-4324-a1c3-cf7d086391f4", "value": "36331512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772824500", "to_ids": true, "type": "vhash", "uuid": "16c2d1e0-1c4d-4788-9b31-79befd15cd4c", "value": "0370a666155d156d1d055148zc46z121c5z13z2ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772824500", "to_ids": true, "type": "filename", "uuid": "94745b01-385b-4d9d-bc94-1d27ae1edaae", "value": "ZoomWorkspace.dll" }, { "category": "Other", "comment": "Checked: 07/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772824500", "to_ids": false, "type": "text", "uuid": "50c3845c-fa7c-400f-9db9-0f793544db26", "value": "Type Description: Win32 EXE\nMicrosoft: SupportScam:Win32/Screwon.PRP!MTB\nVT Total Detection:31/71\nFirst Submission:2026-02-13T12:37:49.000000+00:00\nLast Submission:2026-02-14T04:16:15.000000+00:00" } ] } ] } }