{ "Event": { "analysis": "1", "date": "2026-02-24", "extends_uuid": "", "info": "[Threat Intel] Hydra Saiga: Covert Espionage and Infiltration of Critical Utilities", "protected": false, "publish_timestamp": "1774245868", "published": true, "threat_level_id": "2", "timestamp": "1774245867", "uuid": "41a92b4d-8004-4ebf-ab32-d95b8f11b77f", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"", "relationship_type": "" }, { "colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#cb74ba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Search Victim-Owned Websites - T1594\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#2031cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Filter DLL - T1556.002\"", "relationship_type": "" }, { "colour": "#bce57a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#657ac3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol Tunneling - T1572\"", "relationship_type": "" }, { "colour": "#8ed4a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#5affe5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Remote Management - T1021.006\"", "relationship_type": "" }, { "colour": "#07ff3c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": "" }, { "colour": "#866c0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Active Scanning - T1595\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#c84641", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"GUI Input Capture - T1056.002\"", "relationship_type": "" }, { "colour": "#e43954", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#7d37d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#3970d7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#0fa7af", "local": false, "name": "misp-galaxy:target-information=\"Armenia\"", "relationship_type": "" }, { "colour": "#d802cf", "local": false, "name": "misp-galaxy:target-information=\"Azerbaijan\"", "relationship_type": "" }, { "colour": "#bd512b", "local": false, "name": "misp-galaxy:target-information=\"Belarus\"", "relationship_type": "" }, { "colour": "#6d455d", "local": false, "name": "misp-galaxy:target-information=\"Bulgaria\"", "relationship_type": "" }, { "colour": "#74d147", "local": false, "name": "misp-galaxy:target-information=\"Czech Republic\"", "relationship_type": "" }, { "colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": "" }, { "colour": "#7d6b1a", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Greece\"", "relationship_type": "" }, { "colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": "" }, { "colour": "#41c393", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": "" }, { "colour": "#c385b5", "local": false, "name": "misp-galaxy:target-information=\"Morocco\"", "relationship_type": "" }, { "colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": "" }, { "colour": "#13bb3c", "local": false, "name": "misp-galaxy:target-information=\"Oman\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#04e23c", "local": false, "name": "misp-galaxy:target-information=\"Slovakia\"", "relationship_type": "" }, { "colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": "" }, { "colour": "#4ece2e", "local": false, "name": "misp-galaxy:target-information=\"Tajikistan\"", "relationship_type": "" }, { "colour": "#19d775", "local": false, "name": "misp-galaxy:target-information=\"Turkmenistan\"", "relationship_type": "" }, { "colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": "" }, { "colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": "" }, { "colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Colombia\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": "" }, { "colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Health\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Legal\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"kazakhstan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"JLORAT\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773802825", "to_ids": false, "type": "link", "uuid": "0d5009f7-b38a-47ae-ab66-24c8487664c5", "value": "https://www.vmray.com/hydra-saiga-covert-espionage-and-infiltration-of-critical-utilities/", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773802825", "to_ids": false, "type": "text", "uuid": "bbe8500d-cedf-4806-b484-f304bc28f87d", "value": "Hydra Saiga, a suspected Kazakhstani state-sponsored threat actor, has been actively targeting government, energy, and critical infrastructure in Central Asia, Europe, and the Middle East since 2021. The group is known for using Telegram Bot API for C2 communication and employing a mix of custom implants and 'Living off the Land' techniques. Their activities align closely with Kazakhstan's geopolitical interests, particularly in water and energy sectors. The group has compromised at least 34 organizations across 8 countries, with reconnaissance extending to over 200 additional targets globally. Hydra Saiga's operations demonstrate a clear focus on water infrastructure linked to major regional rivers and gas distribution systems, reflecting strategic intelligence collection efforts." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773802825", "to_ids": false, "type": "text", "uuid": "c5234bbe-b999-4118-adee-fc007ca9910a", "value": "Name: Hydra Saiga: Covert Espionage and Infiltration of Critical Utilities\nAuthor: AlienVault\nAdversary: Hydra Saiga\nTags: [\"kazakhstan\", \"jlorat\", \"custom implants\", \"espionage\", \"central asia\", \"water resources\", \"critical infrastructure\", \"energy sector\", \"telemiris\", \"telegram\"]\nTgtd countries: [\"Armenia\", \"Azerbaijan\", \"Belarus\", \"Bulgaria\", \"Czechia\", \"Egypt\", \"Georgia\", \"Greece\", \"Iran, Islamic Republic of\", \"Kyrgyzstan\", \"Mongolia\", \"Morocco\", \"Netherlands\", \"Oman\", \"Russian Federation\", \"Slovakia\", \"South Africa\", \"South Georgia and the South Sandwich Islands\", \"Tajikistan\", \"Turkmenistan\", \"Uzbekistan\"]\nMlwr families: [\"JLORAT\", \"Telemiris\"]\nAttack_ids: [\"T1053.005\", \"T1560.001\", \"T1047\", \"T1113\", \"T1594\", \"T1204.002\", \"T1566.001\", \"T1556.002\", \"T1567\", \"T1218\", \"T1572\", \"T1555.003\", \"T1021.006\", \"T1003.001\", \"T1595\", \"T1041\", \"T1059.001\", \"T1547.001\", \"T1056.002\", \"T1562.001\", \"T1078\", \"T1027\", \"T1059.006\", \"T1071.001\", \"T1018\", \"T1046\"]\nIndustries: [\"Government\", \"Energy\", \"Manufacturing\", \"Education\", \"Legal\", \"Water\", \"Healthcare\", \"Aviation\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1773802825", "to_ids": false, "type": "threat-actor", "uuid": "cdb4bc6c-d8ca-428e-825c-638f2ebbf60a", "value": "Hydra Saiga" }, { "category": "Payload delivery", "comment": "Golang stealer No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235046", "to_ids": true, "type": "sha256", "uuid": "071124b3-f992-494b-afcd-5afa61b82146", "value": "3da644eec41a32d72d3632b76a524d836f39f3b9854eda5d227cdf7fc4c7b543", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PyInstaller stealer No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235048", "to_ids": true, "type": "sha256", "uuid": "f951171f-0758-4769-9157-982bf0016404", "value": "8dda063860120a04bf3c7679f6a02a14aee4b5d2c3efc4dbd638dabce8a288a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FakeLogonScreen tool No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235050", "to_ids": true, "type": "sha256", "uuid": "8e14b22a-4310-4ed1-8977-5bb569694f61", "value": "e179bf035b9d9d17f8a76ecfc1ebf3b19b69f8ea05421f0d4507ded9e60c657c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237866", "to_ids": true, "type": "ip-dst", "uuid": "c5f7e15f-f447-43a7-897c-e4137b025be5", "value": "141.98.82.198", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237888", "to_ids": true, "type": "ip-dst", "uuid": "bcf84bf3-f166-4d08-9a55-4245c4b0be7c", "value": "168.100.11.127", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237910", "to_ids": true, "type": "ip-dst", "uuid": "26f33ab0-e134-412b-9c23-91d0ee066a16", "value": "172.86.75.237", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237933", "to_ids": true, "type": "ip-dst", "uuid": "98abe7cb-b097-420c-9aa2-a4709a703934", "value": "179.60.150.151", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237955", "to_ids": true, "type": "ip-dst", "uuid": "0cd6e566-1160-4be0-b7dd-e7b673876251", "value": "193.149.129.181", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237978", "to_ids": true, "type": "ip-dst", "uuid": "39b87d86-6d63-46a2-b2a0-29a8d870c1d6", "value": "193.176.182.155", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238000", "to_ids": true, "type": "ip-dst", "uuid": "612f9faa-dac6-4719-b9e4-3af067b1a3a5", "value": "195.38.162.147", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238022", "to_ids": true, "type": "ip-dst", "uuid": "b34d19b5-9960-4373-88ad-5c7daad2dfa7", "value": "195.85.115.196", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238044", "to_ids": true, "type": "ip-dst", "uuid": "f80f7b9c-eb79-4504-aef5-6068dc29fee5", "value": "64.7.198.46", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238066", "to_ids": true, "type": "ip-dst", "uuid": "26031567-9167-4ada-9d54-86291f912802", "value": "64.7.198.66", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238088", "to_ids": true, "type": "ip-dst", "uuid": "2f87b6d3-3b6d-4b3e-9017-63148e08f760", "value": "65.38.120.38", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238110", "to_ids": true, "type": "ip-dst", "uuid": "42f4faf1-6e43-4021-9373-73c1199418c9", "value": "65.38.121.107", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238132", "to_ids": true, "type": "ip-dst", "uuid": "bcadac9b-9148-4656-a861-cb2f1396331b", "value": "72.5.43.100", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238154", "to_ids": true, "type": "ip-dst", "uuid": "ba2d3b1c-66db-495a-91bd-6668c337f330", "value": "72.5.43.178", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238176", "to_ids": true, "type": "ip-dst", "uuid": "90c4bfb1-a97e-465c-b357-b89f4a7f68ed", "value": "78.128.112.209", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238198", "to_ids": true, "type": "ip-dst", "uuid": "242eef85-0336-407c-8fb4-6e996719c170", "value": "81.19.136.241", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238220", "to_ids": true, "type": "ip-dst", "uuid": "0ec251c6-e25f-4bd5-8db2-d9393f2dc511", "value": "82.115.223.210", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238242", "to_ids": true, "type": "ip-dst", "uuid": "b0e6ad17-019b-464d-abf0-9e2f79bf4525", "value": "85.209.128.171", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238264", "to_ids": true, "type": "ip-dst", "uuid": "c0521415-c15e-4bd9-946e-cc39438a250d", "value": "88.214.26.37", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238286", "to_ids": true, "type": "ip-dst", "uuid": "473039ce-76d3-4fc4-84eb-3c17b2de19f6", "value": "96.9.125.168", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238308", "to_ids": true, "type": "url", "uuid": "be280d67-ce64-4a90-9346-bca191707a66", "value": "http://64.7.198.66/resosk443.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238330", "to_ids": true, "type": "url", "uuid": "884599a8-38c9-4b8e-9849-78e65c33282b", "value": "https://adm-govuz.com/rev.rar", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238352", "to_ids": true, "type": "url", "uuid": "bee5dc66-b078-4882-bf7d-7914a40caaa4", "value": "https://admin.inboxsession.info/teal/ru.rar", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238374", "to_ids": true, "type": "url", "uuid": "3e488d9f-dfc5-4d08-ae91-f9f0df0c9322", "value": "https://altaviva.ru/contacts/rsocx.rar", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238396", "to_ids": true, "type": "url", "uuid": "b8109b69-ae9e-4878-8866-ad2a05c25763", "value": "https://auth.allcloudindex.com/147/sokcs.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238418", "to_ids": true, "type": "url", "uuid": "cef1d92c-77ac-4349-9482-133c3d2cfcba", "value": "https://caspiannews.com/news-detail/russia-kazakhstan-sign-memorandum-for-new-cross-border-gas-pipeline-project-2025-10-10-0/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238440", "to_ids": true, "type": "url", "uuid": "9f90ff56-3fb2-40e3-bc12-e40ac1e6d03e", "value": "https://ex.wincorpupdates.com/sokcs.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238462", "to_ids": true, "type": "url", "uuid": "140347b7-9715-489b-995d-49f20699a238", "value": "https://france-deguisement.fr/wp-content/samba.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238484", "to_ids": true, "type": "url", "uuid": "0b6b56ae-1073-4f7c-a2ac-ecc30c2761e5", "value": "https://inbox.mailkeyboard.com/medic/medicru.rar", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238506", "to_ids": true, "type": "url", "uuid": "6bd2c20e-34ef-4f27-958d-8297164d2c0f", "value": "https://message.mailboxarea.cloud/steal/ru.exe-", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238530", "to_ids": true, "type": "url", "uuid": "9861c91a-0642-4022-9ca1-8d3c31363ee5", "value": "https://mosreg.docworldme.com/mfa/Central_Asia-Italy_Jeenbek_Kulubaev_working-visit-to-Italy.rar", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238552", "to_ids": true, "type": "url", "uuid": "5cbdd6e3-00d4-4573-8ad9-7d807d4259dc", "value": "https://naryncity.kg/minjust.gov.kg/kgnotary.rar", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238579", "to_ids": true, "type": "url", "uuid": "2f1c7269-85b7-4ef1-95b6-30b98702c02a", "value": "https://pweobmxdlboi.com/sokcs.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238600", "to_ids": true, "type": "url", "uuid": "d35294a7-03c0-48b3-8b43-d31788a1cbf4", "value": "https://ss.qwadx.com/spoolsvc.rar", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238622", "to_ids": true, "type": "url", "uuid": "02bfa48a-3f30-4084-93ad-b151f149ef02", "value": "https://www.seqrite.com/blog/silent-lynx-apt-targeting-central-asian-entities/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238645", "to_ids": true, "type": "domain", "uuid": "f9d4f1af-41bc-4393-b59e-31e9b6aa7bc0", "value": "40gov.uz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238666", "to_ids": true, "type": "domain", "uuid": "77fe9932-9ccc-4525-ac0c-b64a7773fcd5", "value": "40minwater.uz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238688", "to_ids": true, "type": "domain", "uuid": "66710d27-0711-4baa-a5f9-381dc1a3bea1", "value": "adm-govuz.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238710", "to_ids": true, "type": "domain", "uuid": "c70ca10d-cde1-48ed-b130-191770556f42", "value": "allcloudindex.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238732", "to_ids": true, "type": "domain", "uuid": "0671bf8d-ca71-4946-bed9-9920eedfa423", "value": "altaviva.ru", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238754", "to_ids": true, "type": "domain", "uuid": "55adb727-6084-4a0b-97b3-86f6f417bef5", "value": "docworldme.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238776", "to_ids": true, "type": "domain", "uuid": "46923009-3f3a-4e1f-8a37-a2fb28c761a0", "value": "france-deguisement.fr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238798", "to_ids": true, "type": "domain", "uuid": "4777a708-9b6e-4839-a6a8-946e09856ce3", "value": "inboxsession.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238820", "to_ids": true, "type": "domain", "uuid": "225033f2-315d-43d7-941d-61f752f33035", "value": "mailboxarea.cloud", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238842", "to_ids": true, "type": "domain", "uuid": "7b2546a0-2c55-4ff1-90ba-d8f9046487ad", "value": "mailkeyboard.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238864", "to_ids": true, "type": "domain", "uuid": "7ab19ae0-5342-434b-bf66-6a2d6c31db34", "value": "naryncity.kg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238886", "to_ids": true, "type": "domain", "uuid": "4aa105d4-c5c0-4b20-8cc7-ffb2c3770824", "value": "pweobmxdlboi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238908", "to_ids": true, "type": "domain", "uuid": "00462186-fe5d-45c4-b316-80dca9d5f1d1", "value": "wincorpupdates.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238930", "to_ids": true, "type": "hostname", "uuid": "e80c58e3-7494-45c7-9327-5df5f5648d82", "value": "admin.inboxsession.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238952", "to_ids": true, "type": "hostname", "uuid": "e15d0e7c-a06d-469a-9922-f425405e90b7", "value": "auth.allcloudindex.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238974", "to_ids": true, "type": "hostname", "uuid": "914f84fc-cdd1-48a7-b5cf-57eacb6d3585", "value": "ex.wincorpupdates.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774238996", "to_ids": true, "type": "hostname", "uuid": "3e2f8926-d271-49e7-8a57-3e56caf5f036", "value": "inbox.mailkeyboard.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239018", "to_ids": true, "type": "hostname", "uuid": "eae9cb7a-fbd8-4ebe-97db-194fdb1fddf3", "value": "message.mailboxarea.cloud", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239040", "to_ids": true, "type": "hostname", "uuid": "165cca70-0abd-42c9-8a71-2d9c82b65689", "value": "mosreg.docworldme.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239062", "to_ids": true, "type": "hostname", "uuid": "db88ca5e-7f0c-46ff-ba79-35f556e2fb6a", "value": "ss.qwadx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hosting resocks executable", "deleted": false, "disable_correlation": false, "timestamp": "1774239084", "to_ids": true, "type": "url", "uuid": "816b9e92-5bb1-4f78-af0f-cafa21122e2e", "value": "http://64.7.198.46/rev.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "9e6faf41-0cb1-45e2-968d-655e111ee5d1", "value": "65.38.120.38|443" }, { "category": "Network activity", "comment": "On port 10443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "89880a7e-b4a9-4a88-af8e-39510765f49d", "value": "65.38.120.38|10443" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239106", "to_ids": true, "type": "url", "uuid": "5b1e010b-0681-443c-bb40-dbf054f47b14", "value": "http://65.38.121.107:8000/123.txt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 80", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "5e5e76dc-b549-4af2-9409-dc5b792bcd2b", "value": "72.5.43.100|80" }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "b26e3625-6598-4ac9-ad5a-eb8ea65d88e4", "value": "72.5.43.100|443" }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "446ea20a-a933-407a-b02a-44741e7798f4", "value": "72.5.43.178|443" }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "27c25d37-17d4-4133-8ba2-d2abac09aba9", "value": "78.128.112.209|443" }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "26802c9a-cb30-49f6-a10a-0905e06e3be0", "value": "81.19.136.241|443" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239128", "to_ids": true, "type": "url", "uuid": "853ac222-0b58-411b-a1c0-366ece034dcd", "value": "http://82.115.223.210:9942/panel", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239150", "to_ids": true, "type": "url", "uuid": "12f1f39e-4240-4ef9-94a8-7c5df07e4cb0", "value": "http://82.115.223.210:9942/cmd_", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239172", "to_ids": true, "type": "url", "uuid": "42e9be66-3b45-49f7-83a4-45a33ba92c84", "value": "http://85.209.128.171:8080/*", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 10443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "eb3b84ab-01c6-4a98-b346-b53099671bf5", "value": "85.209.128.171|10443" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239194", "to_ids": true, "type": "url", "uuid": "321e0eff-862b-44bc-b89a-442089f731c0", "value": "http://88.214.26.37:443/upload", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "d5f2b06d-6442-4697-bee9-40d61830564b", "value": "96.9.125.168|443" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239216", "to_ids": true, "type": "url", "uuid": "60e32dfb-be56-4c70-8321-21ec0eb5e932", "value": "http://141.98.82.198:443//upload", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1774229954", "to_ids": true, "type": "ip-dst|port", "uuid": "4135406d-6c24-4e5e-a940-7beed2ecae26", "value": "172.86.75.237|443" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239238", "to_ids": true, "type": "url", "uuid": "96085607-2efb-4fbe-9c4a-1f6b6d17390d", "value": "http://179.60.150.151:443/rsocx.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239260", "to_ids": true, "type": "ip-dst", "uuid": "ac02e987-3170-4a82-a402-19838f92ce56", "value": "185.106.92.127", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239282", "to_ids": true, "type": "url", "uuid": "3bcfa451-feaf-4c37-a126-3f0dcd000045", "value": "http://185.106.92.127/syclog.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239304", "to_ids": true, "type": "ip-dst", "uuid": "0be0c4fe-83b4-4d97-baca-9933856c8e35", "value": "86.104.15.60", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239326", "to_ids": true, "type": "ip-dst", "uuid": "6b99b3e4-9d2d-4ac1-b626-15e697665ea5", "value": "185.221.182.193", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239349", "to_ids": true, "type": "ip-dst", "uuid": "4dcd4aab-5bf8-491b-b41d-0674b148d8e4", "value": "176.126.165.66", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774239371", "to_ids": true, "type": "domain", "uuid": "407aa770-73d1-47df-bc84-752ff13cd840", "value": "qwadx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774239393", "uuid": "7ac11421-8e18-4b34-96e7-57f1da7bff40", "Attribute": [ { "category": "Payload delivery", "comment": "JLORAT sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774239393", "to_ids": true, "type": "md5", "uuid": "dfb16f2f-e195-4c66-848a-39048e17ffb2", "value": "6a49982272ba11b7985a2cec6fbb9a96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "JLORAT sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235041", "to_ids": true, "type": "sha1", "uuid": "c092beac-3008-45d8-a0e5-c941d34456ad", "value": "c17e4752c548261c30361353c33f28f5bb9c4ba5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "JLORAT sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235041", "to_ids": true, "type": "sha256", "uuid": "651bb451-2d94-462b-8d5f-9bf49221bd63", "value": "66962bb324a7c5a57ba0e9663bba156576a7e6aa5c6c1401c315b3d32f8d467d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233010", "to_ids": true, "type": "ssdeep", "uuid": "399f279d-87b5-40c8-baf2-3a00edb9f779", "value": "24576:p5X87S9R6h4YOnxRkgfvLmJDSY/9JmcJlgVIH06iy:rX8GvfnYVzJ2IU6i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233010", "to_ids": false, "type": "size-in-bytes", "uuid": "53cc82a4-cba6-4f0b-872f-a01228327ca3", "value": "1059840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233010", "to_ids": true, "type": "vhash", "uuid": "70d9498a-c04f-44a0-9d9a-7e2529cd5732", "value": "016046657d1560f5zb0072z4041z603021z3013z64z18z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233010", "to_ids": true, "type": "filename", "uuid": "94870c2a-7345-465b-8a93-ebbb14045011", "value": "POKYR2025-034 \u043e\u0442 25.02.2025 (\u0441 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c POKYR2024-257 \u043e\u0442 25.02.2025 \u0433.).exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233010", "to_ids": false, "type": "text", "uuid": "2e84e7bc-93fc-4d73-a62e-c313867abcc6", "value": "JLORAT sample\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:48/72\nFirst Submission:2025-03-11T04:09:04.000000+00:00\nLast Submission:2025-09-30T13:21:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774239415", "uuid": "b4c815f6-d5f3-47d7-b7c3-1fc5348cba01", "Attribute": [ { "category": "Payload delivery", "comment": "Powershell loader from the first campaign", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774239415", "to_ids": true, "type": "md5", "uuid": "ab7f55f7-41f9-4193-b0bb-82db2bfa5efd", "value": "6a315cce50fc843b0e6c8606b6868be1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Powershell loader from the first campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235043", "to_ids": true, "type": "sha1", "uuid": "d989f654-0b22-4e3a-b35f-6204a98e52ae", "value": "471e1de3e1a7b0506f6492371a687cde4e278ed8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Powershell loader from the first campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235043", "to_ids": true, "type": "sha256", "uuid": "8904eafb-4828-4a5e-b821-abc63ad80670", "value": "a44827d002d7d1a74963b80e6af8a7257977f44c89caff66f126b7d1cad1fd11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233056", "to_ids": true, "type": "ssdeep", "uuid": "a793ed53-aad7-4465-93a8-d5b0e3c2e514", "value": "3072:CXIciaRevSvlrYh6poU5yGKC5JcqBpN5Jdrrvcw:UIciaoAFYh6eUMqBpN5Jdrj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233056", "to_ids": false, "type": "size-in-bytes", "uuid": "9215b107-feba-41d5-aeb9-b5d4f16f624f", "value": "120320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233056", "to_ids": true, "type": "vhash", "uuid": "1d5caecd-b498-4c9f-bb55-02e1e8b49451", "value": "015066655d1555555az4b!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233056", "to_ids": true, "type": "filename", "uuid": "f713ada8-509f-46f4-8248-5fbdf7423dd0", "value": "Letter from the Permanent Representative of Turkmenistan to the UN addressed to the UN Secretary General regarding the launch.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233056", "to_ids": false, "type": "text", "uuid": "8fa699bf-14ee-4403-a923-e78e604bcb4e", "value": "Powershell loader from the first campaign\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Midie!MTB\nVT Total Detection:52/72\nFirst Submission:2024-12-18T08:47:02.000000+00:00\nLast Submission:2024-12-18T09:52:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774239436", "uuid": "4a9f98ee-7a86-471f-80e4-43f800000dd5", "Attribute": [ { "category": "Payload delivery", "comment": "Lure document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774239436", "to_ids": true, "type": "md5", "uuid": "64420101-c1ea-45a8-9f8a-9b11590d08b7", "value": "25524248a3dc675a9908da6c3b0342a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Lure document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235044", "to_ids": true, "type": "sha1", "uuid": "2a7de636-ec29-4dbe-9a3e-b2498f9a3780", "value": "811c1e4b2354a560a7b023800971aab5079846f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Lure document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235045", "to_ids": true, "type": "sha256", "uuid": "485b420e-d3c8-4288-aba9-9248ee270780", "value": "f78dad5a95bb01f14c822addc8e4ec17b3c95b7e42f27f68f678fb43a9e56d63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233101", "to_ids": true, "type": "ssdeep", "uuid": "986b7bf7-f794-4f9a-8bea-15c5ab269a92", "value": "768:EQHKOw1xPxw+tNyrD6xz99r3YCOqyyhZ:TqXPxrt0rD63BICO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233101", "to_ids": false, "type": "size-in-bytes", "uuid": "503f2176-8ea1-43d7-af83-d476407c0974", "value": "58368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233101", "to_ids": true, "type": "vhash", "uuid": "83fcdfc7-fe05-49a1-b54a-f93a8c1c0bdf", "value": "95d89f41c9490f01e6cec2068d7a5ea1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233101", "to_ids": true, "type": "filename", "uuid": "7016d45a-45d3-4bcb-9e49-2f0dae209b50", "value": "\u0625\u0646\u062c\u0627\u0632\u0627\u062a \u0627\u0644\u0631\u0628\u0639 \u0627\u0644\u062b\u0627\u0644\u062b 2024 (003).doc" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233101", "to_ids": false, "type": "text", "uuid": "c49e008d-9f55-417e-8647-4a1b69c606a2", "value": "Lure document\r\nType Description: MS Word Document\nMicrosoft: None\nVT Total Detection:34/64\nFirst Submission:2024-12-11T04:14:14.000000+00:00\nLast Submission:2024-12-15T10:56:10.000000+00:00" } ] } ] } }