{ "Event": { "analysis": "1", "date": "2026-03-19", "extends_uuid": "", "info": "[Threat Intel] Analyzing the Current State of AI Use in Malware", "protected": false, "publish_timestamp": "1775245817", "published": true, "threat_level_id": "3", "timestamp": "1775245817", "uuid": "41bbf2f5-e5e0-48ba-b020-f7bffc70088e", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#0ec9f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#1a8d0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": "" }, { "colour": "#18005c", "local": false, "name": "rectifyq:topic=\"ai\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774004420", "to_ids": false, "type": "link", "uuid": "258db639-d952-4c23-a13e-d804c981b261", "value": "https://unit42.paloaltonetworks.com/ai-use-in-malware/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1774004420", "to_ids": false, "type": "text", "uuid": "836e2af5-a9ab-4a36-a15b-c0b5a3fe23a2", "value": "Unit 42 researchers investigated the use of large language models (LLMs) in malware creation and functionality. They examined two samples: a .NET infostealer incorporating OpenAI's GPT-3.5-Turbo model via API, and a Golang-based malware dropper leveraging an LLM for environment assessment. The infostealer's LLM integration was poorly implemented and non-functional, serving as 'AI theater'. The dropper used an LLM to evaluate system safety before deploying its payload. While these samples show experimentation with AI in malware, they highlight challenges in effective implementation. The researchers anticipate future advancements in AI-assisted malware creation and execution, emphasizing the need for evolved defenses against AI-driven threats." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1774004420", "to_ids": false, "type": "text", "uuid": "d80a3857-d8af-4ada-bc77-af00a424f02e", "value": "Name: Analyzing the Current State of AI Use in Malware\nAuthor: AlienVault\nAdversary: \nTags: [\"ai\", \"gpt\", \"llm\", \"dropper\", \"infostealer\", \"openai\", \"sliver\", \"malware\"]\nTgtd countries: []\nMlwr families: [\"Infostealer\", \"Sliver\"]\nAttack_ids: [\"T1120\", \"T1082\", \"T1071\", \"T1036\", \"T1016\", \"T1059\", \"T1083\", \"T1057\", \"T1078\", \"T1027\", \"T1553\", \"T1573\", \"T1012\", \"T1132\", \"T1124\"]\nIndustries: []" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774004420", "to_ids": false, "type": "vulnerability", "uuid": "875176c8-5a5c-4da6-9368-1315c2e55cdb", "value": "CVE-2026-0628" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775238764", "uuid": "b62de67e-869c-44bf-ab0a-b344fcc8c851", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775238764", "to_ids": true, "type": "md5", "uuid": "38ea3abe-1329-4097-9341-763a421bdc57", "value": "1820b89d8c476762db802e1bc408f9e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237377", "to_ids": true, "type": "sha1", "uuid": "0d72c7df-9f39-42b2-8e61-914a94587c00", "value": "ccc55968cdfa8acaa98597b9b580ab81ec986c19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237377", "to_ids": true, "type": "sha256", "uuid": "5f288554-80ed-482a-acea-919b67599b30", "value": "052d5220529b6bd4b01e5e375b5dc3ffd50c4b137e242bbfb26655fd7f475ac6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775235189", "to_ids": true, "type": "ssdeep", "uuid": "8c8fe1e0-a92d-4327-8eeb-398ca875b5f7", "value": "393216:eDcV3Dk9tFkiCiLUgzoxM2Y7z25nKVP7Od0e/45HSbbPbHz9uGc:eQV49fkiCiLU6oYS5nC75BH0jJuz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775235189", "to_ids": false, "type": "size-in-bytes", "uuid": "8edbd02b-9b47-4e09-9ff0-86164b81425e", "value": "27898880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775235189", "to_ids": true, "type": "vhash", "uuid": "254fa3bd-4f28-4e98-b4d9-ecc83866287b", "value": "0270f6655d75551555757az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775235189", "to_ids": true, "type": "filename", "uuid": "e75a6085-7e62-4a26-9c58-d9d17ade2339", "value": "1440296.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775235189", "to_ids": false, "type": "text", "uuid": "4839c65b-1563-42fe-9d4a-5bd478e20cf9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:44/71\nFirst Submission:2025-08-28T16:47:24.000000+00:00\nLast Submission:2025-09-06T13:51:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775238785", "uuid": "b85ca63e-e5fb-4cc2-b8e3-01be3e28c022", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775238785", "to_ids": true, "type": "md5", "uuid": "4d2d6de5-db6d-4243-aac5-8efe2b2d7535", "value": "5bfec41f26fe1ce101dd01456adb982b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237378", "to_ids": true, "type": "sha1", "uuid": "65ce57ef-d3a8-4bda-be34-0437e0d88f4c", "value": "f2969f58e82aaeb1581a183fc813718f8ce8151d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237378", "to_ids": true, "type": "sha256", "uuid": "91b60f7b-fc5c-4ec7-b167-5713d93b0bae", "value": "02ce798981fb2aa68776e53672a24103579ca77a1d3e7f8aaeccf6166d1a9cc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775235210", "to_ids": true, "type": "ssdeep", "uuid": "57967e24-a365-42c1-8978-15960e5afb49", "value": "1536:gqXC5rvPrM2+mGGy+F5Ao1CTXm0vMLt01FteFEAgTcTVmWAo:gqXCVv7KrG5AokXm0ULvF+bo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775235210", "to_ids": false, "type": "size-in-bytes", "uuid": "996eac29-2770-45a6-84e4-d80805a4ea61", "value": "87040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775235210", "to_ids": true, "type": "vhash", "uuid": "7c4b5dc7-c019-4033-9104-00272e700f9f", "value": "284036751515020701010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775235210", "to_ids": true, "type": "filename", "uuid": "fd54ffb8-19a0-4dbc-80a6-0a22f5452f48", "value": "CryptoStealer.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775235210", "to_ids": false, "type": "text", "uuid": "10af9dcd-1a33-4d45-8d15-3e477e039491", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Tasker.NEAC!MTB\nVT Total Detection:47/71\nFirst Submission:2025-09-18T01:22:59.000000+00:00\nLast Submission:2025-09-18T01:22:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775238807", "uuid": "6d632723-5afc-418c-9f6a-8ab5a456e9df", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775238807", "to_ids": true, "type": "md5", "uuid": "e0c011d3-2706-44f4-bd21-5671f6c8f380", "value": "d9a2bf9b0afb6976f3271a9a59ced8de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237378", "to_ids": true, "type": "sha1", "uuid": "9f3125a9-bfca-4089-a820-b3aa9c987008", "value": "52b78fc3b6d4996d03d1fe6b676388ebc75fbf27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237378", "to_ids": true, "type": "sha256", "uuid": "5ebdcedd-4336-4dc0-a6d6-35cf9add7984", "value": "1b6326857fa635d396851a9031949cfdf6c806130767c399727d78a1c2a0126c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775235232", "to_ids": true, "type": "ssdeep", "uuid": "20c963b4-dc6a-4c80-a09c-0f7b6ace0457", "value": "768:DptXN0W82/Qv5h/H+SawOH0sDEj3Nf+p0XU+64Usu:D90W82/65h/H+isDEDN2ShxUsu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775235232", "to_ids": false, "type": "size-in-bytes", "uuid": "92bfedcb-a766-4457-83d8-9db39836850d", "value": "26624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775235232", "to_ids": true, "type": "vhash", "uuid": "561b9e17-8376-45d9-845c-b83b41c4afd2", "value": "22403655151f00322z324" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775235232", "to_ids": true, "type": "filename", "uuid": "9037363f-7159-45e7-a285-6826f68e3ef1", "value": "CryptoStealer.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775235232", "to_ids": false, "type": "text", "uuid": "dc1cf8c7-6bca-4104-a607-f72a2591e567", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:42/71\nFirst Submission:2025-09-18T00:47:15.000000+00:00\nLast Submission:2025-09-18T00:47:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775238828", "uuid": "a2c24756-ea5b-4ecf-8b41-7f409a118cd2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775238828", "to_ids": true, "type": "md5", "uuid": "cd7932db-742a-465a-acbd-99a77813bf4b", "value": "2c7041e1a43936b6f89bc894b899ea90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775237380", "to_ids": true, "type": "sha1", "uuid": "0281be12-266b-43d7-bba7-511459bb6372", "value": "1a900392e7920878186b7449c5fabda2fef92044", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775237380", "to_ids": true, "type": "sha256", "uuid": "edf917a5-02c8-4940-90d5-d8054d7a7a4b", "value": "7c7b7b99f248662a1f9aea1563e60f90d19b0ee95934e476c423d0bf373f6493", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775235254", "to_ids": true, "type": "ssdeep", "uuid": "363f2168-3ad2-4519-a205-30116194dd2c", "value": "3072:XyAgIbHfvnRJdlFQyuE4XaS+CkRhuKIVJOsH9ckG:XyyvnNlduNqS+CkRh0OsH9ck" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775235254", "to_ids": false, "type": "size-in-bytes", "uuid": "d782030c-7192-480b-b5ee-66f48c25106c", "value": "150528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775235254", "to_ids": true, "type": "vhash", "uuid": "c4ec4e88-0f3b-4783-b23d-ae2a5bf02c97", "value": "21505f7655161517020d11011" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775235254", "to_ids": true, "type": "filename", "uuid": "d6b05f23-003d-4e55-ba6a-cc1bc8d6407b", "value": "CryptoStealer.exe" }, { "category": "Other", "comment": "Checked: 04/04/2026\nLast-scan\t: 03/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775235254", "to_ids": false, "type": "text", "uuid": "314beccb-3a86-424b-a84c-0787293b9773", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:49/71\nFirst Submission:2025-09-18T01:34:34.000000+00:00\nLast Submission:2025-09-18T01:34:34.000000+00:00" } ] } ] } }