{ "Event": { "analysis": "1", "date": "2026-03-23", "extends_uuid": "", "info": "[Threat Intel] KICS GitHub Action Compromised: TeamPCP Supply Chain Attack", "protected": false, "publish_timestamp": "1775507890", "published": true, "threat_level_id": "2", "timestamp": "1775507890", "uuid": "44bc747a-341c-43ba-ba4d-0c9694ea4cb9", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#52774b", "local": false, "name": "misp-galaxy:producer=\"Wiz Blog\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#da180c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bootkit - T1542.003\"", "relationship_type": "" }, { "colour": "#e8825f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"", "relationship_type": "" }, { "colour": "#a320c3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unsecured Credentials - T1552\"", "relationship_type": "" }, { "colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#d596aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"3b16bb5a-eb4f-4603-a909-bebc5df4a46d\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774407615", "to_ids": false, "type": "link", "uuid": "99f2b979-1c9b-42b4-955b-bf447705c45d", "value": "https://www.wiz.io/blog/teampcp-attack-kics-github-action" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1774407615", "to_ids": false, "type": "text", "uuid": "e7cae062-d64a-4811-bd1e-7cc5ca429108", "value": "The KICS GitHub Action, an open-source infrastructure as code security scanner by Checkmarx, was compromised by TeamPCP, the group behind the recent Trivy attack. Between 12:58 and 16:50 UTC on March 23, 35 tags were hijacked, exposing users to credential-stealing malware. The attack involved staging imposter commits and updating tags using a compromised identity. The malware uses a new C2 domain, creates a fallback repository, and adds Kubernetes-focused persistence code. Additionally, two OpenVSX extensions were compromised. The payload targets cloud provider credentials and installs persistence on non-CI systems. Security teams are advised to audit workflows, search for exfiltration artifacts, and implement long-term hardening measures." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1774407615", "to_ids": false, "type": "text", "uuid": "fead3680-d364-4c8a-ba62-ea7c3becce63", "value": "Name: KICS GitHub Action Compromised: TeamPCP Supply Chain Attack\nAuthor: AlienVault\nAdversary: TeamPCP\nTags: [\"kics\", \"cloud credentials\", \"infrastructure as code\", \"credential theft\", \"supply chain attack\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: [\"T1056.001\", \"T1059.007\", \"T1542.003\", \"T1195\", \"T1552\", \"T1552.001\", \"T1041\", \"T1078\", \"T1195.002\", \"T1105\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1774407615", "to_ids": false, "type": "threat-actor", "uuid": "39fe951d-3795-44bc-b8cc-ced8db9f9bf4", "value": "TeamPCP" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486679", "to_ids": true, "type": "sha1", "uuid": "4d80c2ae-ba63-4e28-8c39-0e3101a2a4cd", "value": "8e20c7a67bb95632e2040327a355fb97e6014d29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490541", "uuid": "afc26a86-8af6-426e-a436-06465a7f9028", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490541", "to_ids": true, "type": "md5", "uuid": "e9d14cfb-074d-4079-bb13-b4011a7f2e5a", "value": "0fccc8e3a03896f45726203074ae225d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486674", "to_ids": true, "type": "sha1", "uuid": "1413822d-db0f-4cae-8e10-23bfecce23b0", "value": "7e25ec4a3e0a01e1f01ff4a09d57e7c4fd40d30f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486674", "to_ids": true, "type": "sha256", "uuid": "76425e3a-01aa-47e0-b637-74306d31b6cc", "value": "0d66d8c7e02574ff0d3443de0585af19c903d12466d88573ed82ec788655975c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486157", "to_ids": true, "type": "ssdeep", "uuid": "2b0ac68d-d806-4f71-a0a2-5df7c3def6df", "value": "48:Xc/KhTPfEQ3Eu//13RKTEX2+1sHYZx1f3c1fWQoFJS+MdgU8zrCRHFPYhUb:sKfEQUS/zKTW38os1OQoS+igjA9YhUb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486157", "to_ids": false, "type": "size-in-bytes", "uuid": "de2ce1f5-3da9-453d-8d5e-874e8145dc4c", "value": "3563" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486157", "to_ids": true, "type": "vhash", "uuid": "d32e0d9f-57d4-4654-afea-4239a4f94a87", "value": "efdc7193adc834013e74e356baa2b686" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486157", "to_ids": true, "type": "filename", "uuid": "f292e73e-4b93-4592-b137-2dcf5690cd6b", "value": "0d66d8c7e02574ff0d3443de0585af19c903d12466d88573ed82ec788655975c.gz" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486157", "to_ids": false, "type": "text", "uuid": "9c9e6bd8-7315-4578-bbf7-e128775b01e8", "value": "Type Description: GZIP\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:26/62\nFirst Submission:2026-03-24T05:07:01.000000+00:00\nLast Submission:2026-03-25T12:07:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490562", "uuid": "aebb312b-d21a-4693-9a7d-9f6f49d04454", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490562", "to_ids": true, "type": "md5", "uuid": "1e7890e0-11a5-4e13-9842-2467ca19a3e4", "value": "49e06269c77e9f028aef505f2c92d5a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486675", "to_ids": true, "type": "sha1", "uuid": "c489e5c3-51c8-45f6-9dc7-9e6c3d3905a0", "value": "193c4ef77cae0b08922aea0eebe4a14f22a7e67e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486675", "to_ids": true, "type": "sha256", "uuid": "75311a6b-8cd7-4c99-bca6-733eabb9a199", "value": "527f795a201a6bc114394c4cfd1c74dce97381989f51a4661aafbc93a4439e90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486179", "to_ids": true, "type": "ssdeep", "uuid": "3cab7458-7313-4926-b197-abcfe00fe537", "value": "96:KBmqxHELy62uFtLKmnJEOgSNREoThjEL+y4Yga1lTuux1yEPncwwdXSyAJy5Cl:0xk9ptLn1nEoThgL+DYga1lauxgE/naQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486179", "to_ids": false, "type": "size-in-bytes", "uuid": "cb1b0089-ad62-425b-b0c2-1597771c05ff", "value": "4202" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486179", "to_ids": true, "type": "vhash", "uuid": "754d870a-fd0b-456a-a31f-62b5976fecc4", "value": "877599dbaa8d81a9aeea927c5d2c841d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486179", "to_ids": true, "type": "filename", "uuid": "a3b79f74-8a1d-4b52-8296-efc8515c843a", "value": "environmentAuthChecker.js" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486179", "to_ids": false, "type": "text", "uuid": "adddcfde-e4eb-4e31-a176-6d41661d4099", "value": "Type Description: JavaScript\nMicrosoft: TrojanDownloader:JS/MalScript.PP!MSR\nVT Total Detection:24/62\nFirst Submission:2026-03-24T08:57:54.000000+00:00\nLast Submission:2026-03-30T12:42:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490584", "uuid": "e510cc7f-5e81-4e48-90a8-be1d628ab6bc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490584", "to_ids": true, "type": "md5", "uuid": "398dbc84-4d1b-4434-afa1-3e85683f6d25", "value": "81bfd2c98536a306357a54746d2b3d07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486676", "to_ids": true, "type": "sha1", "uuid": "ff0d08ba-8edc-401a-aaf6-731d4703bf07", "value": "224a749ecd3b4bec5429a8212d9660eca0299dee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486676", "to_ids": true, "type": "sha256", "uuid": "44e7fe6a-e279-4e5f-8095-f88d86558058", "value": "65bd72fcddaf938cefdf55b3323ad29f649a65d4ddd6aea09afa974dfc7f105d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486201", "to_ids": true, "type": "ssdeep", "uuid": "3ef81de8-d7f9-4a1e-9c5a-acd63b02cb18", "value": "3145728:HqlOjwcm4v6G/sdJJ9yv/U6+/Fe4iXd8S0o2FB35rFJg:H/j9oaoyvM6+FeP8Tm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486201", "to_ids": false, "type": "size-in-bytes", "uuid": "687094d0-54dc-4a49-be35-978f09a42def", "value": "119984938" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486201", "to_ids": true, "type": "vhash", "uuid": "d3244a68-29f3-44d3-ac9d-9e754f3f6bb0", "value": "f53d79f1264af1cabd8cff3633b7efe4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486201", "to_ids": true, "type": "filename", "uuid": "3a6797a8-efd8-4b54-82ec-632227ce541f", "value": "checkmarx.ast-results-2.53.0.vsix" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486201", "to_ids": false, "type": "text", "uuid": "ef3a3822-13a8-429b-8218-33487f8189cc", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:21/67\nFirst Submission:2026-03-24T08:27:00.000000+00:00\nLast Submission:2026-03-24T08:27:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775490605", "uuid": "59dc0e21-3058-4c29-b673-f4a0ce72fa56", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775490605", "to_ids": true, "type": "md5", "uuid": "89ffcb9a-43d5-4f25-90ba-287a413607ab", "value": "60fe39ec4452813f849bde618e3b5963", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486677", "to_ids": true, "type": "sha1", "uuid": "61efd57b-a004-4938-bc7d-0d42e8e0cd40", "value": "b3872147ef3b83c876bb48312adde3d03ef267f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486678", "to_ids": true, "type": "sha256", "uuid": "4a86bcf1-7ae5-45bd-bb9a-c61f4e5428ef", "value": "744c9d61b66bcd2bb5474d9afeee6c00bb7e0cd32535781da188b80eb59383e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486222", "to_ids": true, "type": "ssdeep", "uuid": "12117018-d6e6-48b1-b9de-a8fcfab22ee5", "value": "3145728:WqlOjwcm4v6G/s1JJ9yv/U6+/Fe4iXd8S0A2FB3m14:W/j9oawyvM6+FeP0l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486222", "to_ids": false, "type": "size-in-bytes", "uuid": "21e2c0b3-c480-47a7-8843-c9c80279711f", "value": "116509624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486222", "to_ids": true, "type": "vhash", "uuid": "558f8f20-e69b-4719-b314-3862786d3b81", "value": "b69a8d5fac8a83f8e2179f40c6e5d199" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486222", "to_ids": true, "type": "filename", "uuid": "4a53eb16-1c73-45b1-9c77-31e493842d03", "value": "checkmarx.cx-dev-assist-1.7.0.vsix" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486222", "to_ids": false, "type": "text", "uuid": "72799e84-54b7-40eb-bf87-cfa3ddec5fa6", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:22/67\nFirst Submission:2026-03-24T08:27:56.000000+00:00\nLast Submission:2026-03-24T08:27:56.000000+00:00" } ] } ] } }