{ "Event": { "analysis": "1", "date": "2026-03-25", "extends_uuid": "", "info": "[Threat Intel] ClickFix Campaigns Targeting Windows and macOS", "protected": false, "publish_timestamp": "1775507898", "published": true, "threat_level_id": "3", "timestamp": "1775507898", "uuid": "48f9f7c1-7858-42c2-9d30-5530602d1b80", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#82a529", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shortcut Modification - T1547.009\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": "" }, { "colour": "#680082", "local": false, "name": "ms-caro-malware:malware-platform=\"MacOS\"", "relationship_type": "" }, { "colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command Obfuscation - T1027.010\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774494014", "to_ids": false, "type": "link", "uuid": "393dc0cc-7b29-43d8-8195-4ae934950e2b", "value": "https://www.recordedfuture.com/research/clickfix-campaigns-targeting-windows-and-macos" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1774494014", "to_ids": false, "type": "text", "uuid": "88af56dc-b289-43da-8115-3c23950b838b", "value": "Insikt Group identified five distinct clusters using the ClickFix social engineering technique for initial access. These clusters impersonate various services like Intuit QuickBooks and Booking.com, demonstrating operational variance but similar core techniques. ClickFix manipulates victims into executing malicious commands within native system tools, bypassing traditional security controls. The methodology has become a standardized template for cybercriminals and APT groups. Campaigns target diverse sectors and use sophisticated obfuscation and living-off-the-land tactics. Defenders are advised to implement aggressive behavioral hardening and user awareness training to mitigate these threats." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1774494014", "to_ids": false, "type": "text", "uuid": "6c7292c2-a16b-4a3a-b4dd-fe98edd20bc0", "value": "Name: ClickFix Campaigns Targeting Windows and macOS\nAuthor: AlienVault\nAdversary: \nTags: [\"living-off-the-land\", \"vidar\", \"windows\", \"lumma stealer\", \"odyssey stealer\", \"lummastealer\", \"netsupport rat\", \"redline stealer\", \"initial access\", \"obfuscation\", \"social engineering\", \"macos\", \"macsync\", \"clickfix\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: [\"T1547\", \"T1204.002\", \"T1566.002\", \"T1082\", \"T1071\", \"T1140\", \"T1218\", \"T1547.009\", \"T1059\", \"T1204\", \"T1059.001\", \"T1547.001\", \"T1566\", \"T1059.004\", \"T1027\", \"T1027.002\", \"T1071.001\", \"T1105\", \"T1204.001\"]\nIndustries: [\"Accounting\", \"Travel\", \"Real Estate\", \"Technology\", \"Finance\", \"Government\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775490993", "to_ids": true, "type": "ip-dst", "uuid": "d8835a98-27c6-4d6c-adf8-c9d96ab7d693", "value": "94.156.112.115", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486695", "to_ids": true, "type": "sha256", "uuid": "d9df1927-f682-4515-805d-2f6292dcfa1f", "value": "397dcea810f733494dbe307c91286d08f87f64aebbee787706fe6561ed3e20f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491015", "to_ids": true, "type": "ip-dst", "uuid": "e0c6b570-8684-4225-a05e-ae14e85c862a", "value": "152.89.244.70", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491036", "to_ids": true, "type": "ip-dst", "uuid": "cc3ce89a-e0ae-450b-809e-ed847de8791d", "value": "193.222.99.212", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491057", "to_ids": true, "type": "ip-dst", "uuid": "c3680791-84c6-4ce3-898f-678814ab1807", "value": "193.35.17.12", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491078", "to_ids": true, "type": "ip-dst", "uuid": "5f69065c-b633-48ce-ba00-eb2f2241ff12", "value": "193.58.122.97", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491099", "to_ids": true, "type": "ip-dst", "uuid": "0eb74cd6-6f40-460f-843a-ea64708640af", "value": "45.144.233.192", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491120", "to_ids": true, "type": "ip-dst", "uuid": "723cd5d7-b6aa-4001-abf6-c686c7c0a901", "value": "45.93.20.141", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491141", "to_ids": true, "type": "ip-dst", "uuid": "9b9c5613-fbd5-40d7-aa28-cf44c8a629e2", "value": "45.93.20.50", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491163", "to_ids": true, "type": "ip-dst", "uuid": "d27ce4d9-eda7-4a79-9cbc-4ebecc8eb26b", "value": "62.164.177.230", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491184", "to_ids": true, "type": "ip-dst", "uuid": "9e684425-2f5b-4115-ba30-bd53e19ba57f", "value": "77.91.65.144", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491205", "to_ids": true, "type": "ip-dst", "uuid": "4f675b22-108d-4e88-95f3-b48d9c66d9a0", "value": "77.91.65.31", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491227", "to_ids": true, "type": "ip-dst", "uuid": "b688e6a8-2c67-44ad-a45d-cd2484813a55", "value": "91.202.233.206", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491248", "to_ids": true, "type": "url", "uuid": "4db0682f-76cf-43f6-a3f2-d2b7628f7bfb", "value": "http://alababababa.cloud/cVGvQio6.txt.", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491269", "to_ids": true, "type": "domain", "uuid": "eef9cdc3-f73b-435e-9b25-ee4322fed7e5", "value": "4freepics.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491290", "to_ids": true, "type": "domain", "uuid": "2b65e29e-981b-4aa6-bfa9-3ae96e3600d0", "value": "acconthelpdesk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491312", "to_ids": true, "type": "domain", "uuid": "62a9f42b-1746-4103-83a1-b08a3846cb4e", "value": "account-help.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491333", "to_ids": true, "type": "domain", "uuid": "7cdaee5e-4d1d-4bb1-aa50-c68172ea9682", "value": "account-helpdesk.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491354", "to_ids": true, "type": "domain", "uuid": "d439e581-673f-4305-a687-f25d3f87c563", "value": "account-helpdesk.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491376", "to_ids": true, "type": "domain", "uuid": "09de6b6a-70c7-4ba8-9fb3-821c46b9632b", "value": "account-helpdesk.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491397", "to_ids": true, "type": "domain", "uuid": "07b74fc9-8b16-45f5-91dc-95dad5a2007d", "value": "accountmime.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491418", "to_ids": true, "type": "domain", "uuid": "18cce4f9-305a-4523-b4ec-3559c359cfe9", "value": "accountpulse.help", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491439", "to_ids": true, "type": "domain", "uuid": "56cf3387-4481-4891-8bde-02eb8fadea59", "value": "acebirdrep.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491460", "to_ids": true, "type": "domain", "uuid": "cb9dc075-e88d-4f79-897b-ba360d0c550a", "value": "admin-activitycheck.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491481", "to_ids": true, "type": "domain", "uuid": "119fe4bc-7871-41f3-91a7-041b042e9310", "value": "alababababa.cloud", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491503", "to_ids": true, "type": "domain", "uuid": "9b326c22-f27e-4559-8123-34b938511e8a", "value": "anthonydee.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491524", "to_ids": true, "type": "domain", "uuid": "6fd69ea9-dea6-4bd2-957e-5cdddbca7582", "value": "appmacintosh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491545", "to_ids": true, "type": "domain", "uuid": "d7d3db85-c98d-48f5-8fae-93ef408523bf", "value": "appmacosx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491567", "to_ids": true, "type": "domain", "uuid": "896b54c1-96c3-49e1-989f-4c23a4a68d1a", "value": "apposx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491588", "to_ids": true, "type": "domain", "uuid": "23b327a9-59a4-4fc3-9b91-a9042afbc9d6", "value": "appsmacosx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491609", "to_ids": true, "type": "domain", "uuid": "7403cb3e-3451-4d7b-93ef-243877b3d49d", "value": "appxmacos.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491630", "to_ids": true, "type": "domain", "uuid": "301b8891-6a18-4c30-a7ed-30d08afff442", "value": "ariciversontile.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491652", "to_ids": true, "type": "domain", "uuid": "959549aa-b7f9-4690-b678-da1bd178e96e", "value": "bancatangcode.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491673", "to_ids": true, "type": "domain", "uuid": "b2096fb2-49e4-4c02-a7a5-654120676d54", "value": "bebirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491694", "to_ids": true, "type": "domain", "uuid": "fbdad010-6320-4e7a-b90c-67979825aa81", "value": "billiardinstitute.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491715", "to_ids": true, "type": "domain", "uuid": "9a8505f9-b404-4b3a-acb4-ea229e059c4b", "value": "birdrankbox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491737", "to_ids": true, "type": "domain", "uuid": "cb633c86-054b-4d36-af7c-9eeec5d0e1a0", "value": "birdrankfx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491759", "to_ids": true, "type": "domain", "uuid": "253302ac-f9eb-4a93-bbba-43b02d3261f0", "value": "birdrankgo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491780", "to_ids": true, "type": "domain", "uuid": "c54fa058-280b-4486-a771-368f51732d70", "value": "birdrankinc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491801", "to_ids": true, "type": "domain", "uuid": "01402da6-e659-40ca-8bf2-b4fa1a09649d", "value": "birdrankllc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491822", "to_ids": true, "type": "domain", "uuid": "db2f5d06-e54e-4d6f-b5b8-eccd2334bf81", "value": "birdrankmax.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491844", "to_ids": true, "type": "domain", "uuid": "c6b08dde-33c2-483e-b046-663b88b74aff", "value": "birdranktip.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491865", "to_ids": true, "type": "domain", "uuid": "7298796d-5bb4-4d5a-9ddc-deb9b6442a56", "value": "birdrankup.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491886", "to_ids": true, "type": "domain", "uuid": "ea35fd38-8210-469a-9b26-6f419ad4022d", "value": "birdrankus.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491908", "to_ids": true, "type": "domain", "uuid": "b73621d4-56e9-42f7-9bb3-72637a0a14c3", "value": "birdrankusa.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491929", "to_ids": true, "type": "domain", "uuid": "dfc1b599-4ac5-49ba-aab0-692c08c03e6a", "value": "birdrankvip.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491950", "to_ids": true, "type": "domain", "uuid": "ed15e5da-6241-4f6c-85ba-0d1c8df53a61", "value": "birdrankzen.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491971", "to_ids": true, "type": "domain", "uuid": "62047f50-0f0b-4a5f-9581-698973a00d5a", "value": "birdrepbiz.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775491992", "to_ids": true, "type": "domain", "uuid": "44bc3859-a50c-4ee2-ba55-d655ca451fb8", "value": "birdrepgo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492013", "to_ids": true, "type": "domain", "uuid": "25901c47-7dc3-4f71-8308-0f49a132498b", "value": "birdrephelp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492035", "to_ids": true, "type": "domain", "uuid": "6edf5e4a-d39f-4b1c-bf0b-9cf7971ae7e1", "value": "birdreplab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492056", "to_ids": true, "type": "domain", "uuid": "6478a7fc-a425-4eb3-9d79-dd47c2df6272", "value": "birdrepsys.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492077", "to_ids": true, "type": "domain", "uuid": "7a8e63ae-8ff8-4f47-8e3b-d9e5716bd901", "value": "birdrepusa.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492098", "to_ids": true, "type": "domain", "uuid": "b95cbca9-fcdf-407f-a78b-92ba3142552f", "value": "birdrepuse.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492120", "to_ids": true, "type": "domain", "uuid": "7719b7ef-d8d3-4038-908d-6593e0d4d48b", "value": "bitbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492141", "to_ids": true, "type": "domain", "uuid": "cf4f1474-395d-4497-8188-f73e363b8326", "value": "bitbirdrep.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492162", "to_ids": true, "type": "domain", "uuid": "186555b7-8f8b-4b5f-9eec-5b03adb2e0ea", "value": "bkng-updt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492183", "to_ids": true, "type": "domain", "uuid": "93653833-aa43-411a-b62f-e497eb96904a", "value": "checkaccountactivity.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492204", "to_ids": true, "type": "domain", "uuid": "fe46dae0-6a9e-4afb-bae3-5db962c2d677", "value": "checkhelpdesk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492226", "to_ids": true, "type": "domain", "uuid": "97c16380-aec9-4a8a-b0c9-42dcffb893e2", "value": "checkpulse.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492247", "to_ids": true, "type": "domain", "uuid": "123498d1-7ca3-46e2-8484-ae32e45d09eb", "value": "checkpulses.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492268", "to_ids": true, "type": "domain", "uuid": "9a66ca09-7454-48ea-968d-2a91d0f81a7b", "value": "chrm-srv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492289", "to_ids": true, "type": "domain", "uuid": "235eeb55-9ab3-4568-a780-71e9571a637c", "value": "cryptoinfnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492311", "to_ids": true, "type": "domain", "uuid": "c8f8cb55-7361-48fe-8cc4-416f4608da53", "value": "cryptoinfo-allnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492332", "to_ids": true, "type": "domain", "uuid": "29889d1e-b9fe-4692-b498-437f0a2cd04e", "value": "cryptoinfo-news.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492354", "to_ids": true, "type": "domain", "uuid": "b171f6dd-17c1-4e38-8592-b211f8c90725", "value": "cryptonews-info.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492375", "to_ids": true, "type": "domain", "uuid": "5035b478-ff3b-4690-826e-29d2dc14ab4f", "value": "customblindinstall.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492396", "to_ids": true, "type": "domain", "uuid": "583c9483-91c6-49a1-b4d6-22ab1dd2c648", "value": "deinhealthcoach.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492417", "to_ids": true, "type": "domain", "uuid": "0f6edc55-f06f-494d-afab-42896f8f5dc1", "value": "elive123go.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492438", "to_ids": true, "type": "domain", "uuid": "cbcaaef7-c074-4e57-9f84-e4c47fd0e90d", "value": "elive777a.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492459", "to_ids": true, "type": "domain", "uuid": "488cd6dc-9ca1-4f18-9981-1e5c8a15b65a", "value": "extracareliving.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492481", "to_ids": true, "type": "domain", "uuid": "9f645bde-dcad-4e64-9e10-50a8a2ee45cd", "value": "financementure.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492502", "to_ids": true, "type": "domain", "uuid": "7beb725f-dc4f-4317-bca6-048183da4e05", "value": "fixbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492523", "to_ids": true, "type": "domain", "uuid": "6e3b8dcc-a763-4f0e-8ee1-62e23fadf468", "value": "fomomforhealth.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492544", "to_ids": true, "type": "domain", "uuid": "f6b7a948-f682-4a78-a80d-6a540133dc3e", "value": "getbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492565", "to_ids": true, "type": "domain", "uuid": "656498ce-1a0f-4b38-8f14-9bdabd9a5339", "value": "gobirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492587", "to_ids": true, "type": "domain", "uuid": "015810be-ac42-4030-94a0-0fe58872bec5", "value": "gologpoint.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492608", "to_ids": true, "type": "domain", "uuid": "322b2189-3d4b-4ff1-aa78-ffce26977887", "value": "guypinions.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492629", "to_ids": true, "type": "domain", "uuid": "f5de49ff-4ff4-44dd-8a34-6b2643d97a53", "value": "helpbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492650", "to_ids": true, "type": "domain", "uuid": "085eb28b-a06a-4995-89fc-95a000ee13df", "value": "helpbirdrep.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492671", "to_ids": true, "type": "domain", "uuid": "ac9cf80f-ada7-407a-b0ef-c22e32fd19b8", "value": "helpdeskpulse.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492692", "to_ids": true, "type": "domain", "uuid": "14c8edc0-b271-471e-972f-a490f55f7eec", "value": "hotelupdatesys.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492714", "to_ids": true, "type": "domain", "uuid": "08bd68aa-4259-4225-9843-13ddfb7d77b1", "value": "infobirdrep.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492736", "to_ids": true, "type": "domain", "uuid": "fb03527b-9873-4ef9-b21f-fb8e28668447", "value": "joeyapple.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492757", "to_ids": true, "type": "domain", "uuid": "69645f68-5e93-40c8-b751-55cd52cc8da6", "value": "justbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492778", "to_ids": true, "type": "domain", "uuid": "ed144368-81d0-4b1e-b1aa-eb338f708323", "value": "mac-os-helper.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492799", "to_ids": true, "type": "domain", "uuid": "e635e481-3bfd-40b6-a38c-8d27d57471d8", "value": "macapp-apple.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492820", "to_ids": true, "type": "domain", "uuid": "8ce39264-169f-43fd-871a-093cb7eb9bb1", "value": "macapps-apple.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492842", "to_ids": true, "type": "domain", "uuid": "08696bdf-9667-45b6-ad02-c061ee749aa4", "value": "macintosh-hub.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492863", "to_ids": true, "type": "domain", "uuid": "c0bc8eac-5f61-4a8a-9d9a-517e7f1b1112", "value": "macos-storageperf.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492885", "to_ids": true, "type": "domain", "uuid": "085edbd6-149d-48b7-8d24-8451d0ca82c0", "value": "macosapp-apple.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492908", "to_ids": true, "type": "domain", "uuid": "ab1606c6-4009-44af-8ebd-3201ec68b0cd", "value": "macosx-app.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492929", "to_ids": true, "type": "domain", "uuid": "1ca6fdb9-0766-4f79-80f0-5dcbea934674", "value": "macosx-apps.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492950", "to_ids": true, "type": "domain", "uuid": "a703b731-fd3b-4116-9fcd-4e476e2d3bf4", "value": "macosxapp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492972", "to_ids": true, "type": "domain", "uuid": "484de77c-29cb-4b55-b5fd-54b67dfc6084", "value": "macosxappstore.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775492993", "to_ids": true, "type": "domain", "uuid": "87d8349e-2b78-498e-a38d-5e2f16977e1b", "value": "macxapp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493014", "to_ids": true, "type": "domain", "uuid": "98f27e8a-cf71-4787-9e15-5e6e191f6bc8", "value": "macxapp.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493035", "to_ids": true, "type": "domain", "uuid": "edd35cf1-0268-43ce-8ab1-f3c8666d1a6d", "value": "mrinmay.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493056", "to_ids": true, "type": "domain", "uuid": "7e4fe0b9-314b-41a5-8cf8-60dffd82daf5", "value": "ms-scedg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493079", "to_ids": true, "type": "domain", "uuid": "ca130de2-0eb1-446f-bca2-7ace8b87df33", "value": "mybirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493101", "to_ids": true, "type": "domain", "uuid": "4cecd877-1fd8-4bf8-9db1-ffe1241c4e91", "value": "nhacaired88.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493123", "to_ids": true, "type": "domain", "uuid": "1fc10348-0581-4e6c-9f0c-8212b6cfb51c", "value": "nobovcs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493144", "to_ids": true, "type": "domain", "uuid": "efac7d43-d96a-466e-96b9-4d4e2fc6299e", "value": "nowbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493165", "to_ids": true, "type": "domain", "uuid": "e6463d32-f7af-4758-b6e7-639e13571996", "value": "octopox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493186", "to_ids": true, "type": "domain", "uuid": "ee7e3ac3-926d-4b47-9f3d-6ae11e3ca872", "value": "optbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493208", "to_ids": true, "type": "domain", "uuid": "16ed7f9a-407b-4163-80cc-40059897b3cb", "value": "orkneygateway.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493230", "to_ids": true, "type": "domain", "uuid": "2c4b15c3-cf90-4ebe-a7fd-b627c9063174", "value": "probirdrep.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493251", "to_ids": true, "type": "domain", "uuid": "ed3aa95c-0724-4704-8b9c-e4d1728d204e", "value": "pulse-help-desk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493272", "to_ids": true, "type": "domain", "uuid": "c60fa247-b934-470e-a090-9ac28543ac2b", "value": "quiptly.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493293", "to_ids": true, "type": "domain", "uuid": "630260a0-0c9b-4eeb-b22e-fc2aea603e5d", "value": "shopifyservercloud.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493314", "to_ids": true, "type": "domain", "uuid": "10af8acd-b87a-46a4-ad87-0682dff6f01b", "value": "sign-in-op-token.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493336", "to_ids": true, "type": "domain", "uuid": "8460b449-048d-494a-b7d2-639b9a19c290", "value": "subsgod.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493357", "to_ids": true, "type": "domain", "uuid": "df617e53-f6a6-4d6e-9fad-afaed029e50a", "value": "surecomforts.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493378", "to_ids": true, "type": "domain", "uuid": "9e7f1ca1-f602-436d-9932-f49163068b5b", "value": "theinvestworthy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493399", "to_ids": true, "type": "domain", "uuid": "b298f538-8e66-456b-b67d-35deffe21b03", "value": "thepulseactivity.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493421", "to_ids": true, "type": "domain", "uuid": "15eee16f-dcc4-4199-8ab2-7fa036304dc2", "value": "thestayreserve.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493442", "to_ids": true, "type": "domain", "uuid": "1cf9fe27-5c2e-4c88-b3cf-b7e7d745a2e6", "value": "topbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493463", "to_ids": true, "type": "domain", "uuid": "2de08dac-fb31-4f31-b0e6-4f6f33bea665", "value": "topbirdrep.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493484", "to_ids": true, "type": "domain", "uuid": "f636f8df-1dca-4a4f-951e-b7a5329ab3e5", "value": "traderslinkfx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493505", "to_ids": true, "type": "domain", "uuid": "a09c6f50-ec0b-47d6-a5db-b7e35943cc2d", "value": "usbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493526", "to_ids": true, "type": "domain", "uuid": "67faae99-dc40-4047-9367-31af3b59de38", "value": "usebirdrep.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493547", "to_ids": true, "type": "domain", "uuid": "19d2c8f4-b225-4ea8-9009-5bbfdddf3b7f", "value": "ustazazharidrus.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493569", "to_ids": true, "type": "domain", "uuid": "beaf37d3-b00a-4434-86e2-0b3f0578707c", "value": "valetfortesla.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493590", "to_ids": true, "type": "domain", "uuid": "7f3247d0-644e-46cb-87af-5ffab8faec2a", "value": "vipbirdrank.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493612", "to_ids": true, "type": "domain", "uuid": "62917da8-973f-4116-9c3c-a60fec0dc4c9", "value": "visitbundala.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493634", "to_ids": true, "type": "domain", "uuid": "e8070d43-d94a-4853-bc5f-f24ff3e0f1d0", "value": "yvngvualr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493655", "to_ids": true, "type": "hostname", "uuid": "f6ef98a0-1e51-441f-897e-dec31721ac84", "value": "apple.assistance-tools.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493676", "to_ids": true, "type": "hostname", "uuid": "b844b723-46a8-46d7-b7db-c8e83cd48452", "value": "apple.diagnostic.wiki", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493697", "to_ids": true, "type": "hostname", "uuid": "0a8727a2-3194-435d-aee2-d953750c859b", "value": "grandmastertraders.traderslinkfx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493719", "to_ids": true, "type": "hostname", "uuid": "0c33f939-f681-448d-9c1e-5265e747c60b", "value": "hostmaster.extracareliving.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493740", "to_ids": true, "type": "hostname", "uuid": "2cf8bc81-dc9d-4577-9793-736f771f451c", "value": "ned.coveney-ltd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493762", "to_ids": true, "type": "hostname", "uuid": "0282005b-c3b1-4b91-9fbb-e397f5179210", "value": "stormac.it.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493783", "to_ids": true, "type": "hostname", "uuid": "e456b033-411e-4f9f-8175-71a142867398", "value": "suedfactoring.it.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493804", "to_ids": true, "type": "domain", "uuid": "2bef02d6-c038-41a8-9955-a6ac94e254fb", "value": "ng.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493826", "to_ids": true, "type": "ip-dst", "uuid": "57974bea-b864-4313-be06-63261c55aa20", "value": "87.236.16.20", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493847", "to_ids": true, "type": "domain", "uuid": "064d0aa2-082a-4fc0-a93f-538dcd4d8fe2", "value": "erslinkfx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493868", "to_ids": true, "type": "ip-dst", "uuid": "3acd14b9-8af1-4731-aa32-3346314d7678", "value": "45.135.232.33", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493890", "to_ids": true, "type": "ip-dst", "uuid": "0f90d027-9f32-4c25-a250-b184babbad85", "value": "217.119.139.117", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1775486695", "to_ids": true, "type": "sha256", "uuid": "bb409b97-5268-4ee0-916d-4ce06fcfbaee", "value": "52f2813b9a7449946bdb98c171320d1801aa37a65903416c1aa186e44c66d745", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493911", "to_ids": true, "type": "domain", "uuid": "f9195ca0-6caa-4a0e-8026-94c2a0c02b1d", "value": "booking.com", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493932", "to_ids": true, "type": "domain", "uuid": "14364e1b-658d-44b9-bb4c-4b0be53c6c84", "value": "cskhga6789.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493953", "to_ids": true, "type": "domain", "uuid": "85cff11a-7460-42b2-9163-9c963fd226b5", "value": "quicrob.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775493976", "to_ids": true, "type": "domain", "uuid": "92d16e5c-6dfc-4a7a-9ca1-eedc900eaab4", "value": "robovcs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775493997", "uuid": "16e9bdc6-b494-4762-80c1-6a98547fe2bc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775493997", "to_ids": true, "type": "md5", "uuid": "a18d4ae6-8bb9-4538-9490-21f0406dde7d", "value": "4b261a6adf6e0c952b5fb837091ff023", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486683", "to_ids": true, "type": "sha1", "uuid": "ee43aeab-3ef7-4ae9-ad78-6b1b188e622c", "value": "29c46d28aeb174415c2957b5ba62a4512334f886", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486683", "to_ids": true, "type": "sha256", "uuid": "31dc2b4c-b5f1-4b93-9917-2a38eb404952", "value": "5d821db386c7c879caeabf3e9f94c94a48eec6ec5a3a0efbae9d69da3f52c1db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486247", "to_ids": true, "type": "ssdeep", "uuid": "68cf8f76-021d-4c86-b92e-c448ce5584df", "value": "24:TSQwUuIhOXQUtlJ8NOUlw5hK/cowpnOGoyRKKkwBWQyo16:TtDa63SpOWQVwBWb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486247", "to_ids": false, "type": "size-in-bytes", "uuid": "1881af50-32bd-453c-8687-40fc5d062daa", "value": "1056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486247", "to_ids": true, "type": "filename", "uuid": "90e31aaf-0479-4c7e-ac91-2f0f89ea95dd", "value": "lnk.7z" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486247", "to_ids": false, "type": "text", "uuid": "d6f5dbf7-0266-4331-841c-21addcfe5066", "value": "Type Description: 7ZIP\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:14/63\nFirst Submission:2025-11-01T18:13:03.000000+00:00\nLast Submission:2026-02-25T17:15:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775494018", "uuid": "f9bb89c5-3ef8-4b05-9284-dcd085da8b8c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775494018", "to_ids": true, "type": "md5", "uuid": "4e986271-b593-48e4-b3c4-7bc4cb969d52", "value": "58712aacf6b0f8149c066bda3a034fc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486685", "to_ids": true, "type": "sha1", "uuid": "7847e427-eb96-4e16-9330-e697c0312bba", "value": "cf2da87d52a6b08a3b9502b1f6082b8b76ba4d32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486685", "to_ids": true, "type": "sha256", "uuid": "b3788814-55cb-4c5a-a7b8-7ad019d3a4a0", "value": "43907e54cf3d1258f695d1112759b5457576481072cc76a679b8477cfeb3db87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486269", "to_ids": true, "type": "ssdeep", "uuid": "8cadef80-c6ee-49a9-8a9e-908cdf2e274c", "value": "6144:t//CluW8GaYMOZjlRRfCqjgs961nr6FX3xgws8wk+u:1/nL4Xa+P++fqbu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486269", "to_ids": false, "type": "size-in-bytes", "uuid": "c0d67b48-0424-4ab4-a34b-e995a20b9ae0", "value": "303480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486269", "to_ids": true, "type": "vhash", "uuid": "1672f807-4c93-4111-a9c0-0ff3243c5f42", "value": "035066655d1d15155088z49277z7bz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486269", "to_ids": true, "type": "filename", "uuid": "2b39c755-5980-40f4-9022-44ecef30a43c", "value": "7z.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 05/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486269", "to_ids": false, "type": "text", "uuid": "9a3f1446-696f-4840-87f7-81ccbdf6ba99", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2023-05-08T11:49:17.000000+00:00\nLast Submission:2026-04-06T10:52:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775494039", "uuid": "895c0d34-25ec-4c87-9f04-8bbfaf0849f4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775494039", "to_ids": true, "type": "md5", "uuid": "aa055108-817f-4799-90a1-14b372fa9602", "value": "95c6515d88e9ea48a9b949a81c1dac4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486686", "to_ids": true, "type": "sha1", "uuid": "ae205fe8-47fc-4c6d-afb3-3bd0c337569a", "value": "c93eeb4241f69fea44c4d8ccdde03f3b40a6be3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486686", "to_ids": true, "type": "sha256", "uuid": "c197a961-8a4f-4767-8886-9d9b66fad9e5", "value": "b17c3e4058aacdcc36b18858d128d6b3058e0ea607a4dc59eb95b18b7c6acc7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486291", "to_ids": true, "type": "ssdeep", "uuid": "132e60f0-a277-48c3-8115-12b3c644ff69", "value": "24576:Jx6t04DSc9S0B07sjsPEtd+F5zrtV53SePrnvgwPWrlahtNxn:JxBOp1B07sjsPEtd2znPrnIwuh0Nxn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486291", "to_ids": false, "type": "size-in-bytes", "uuid": "12f120fa-31b4-4473-8a35-5b0cd5eceb7b", "value": "1151864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486291", "to_ids": true, "type": "vhash", "uuid": "4e9f0591-0ae0-4210-a589-69dde9308f69", "value": "116066655d1d15156az31197z7bz2ezd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486291", "to_ids": true, "type": "filename", "uuid": "1f6a49e9-4aec-409c-a973-ea91da0c260c", "value": "7z.dll" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 05/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486291", "to_ids": false, "type": "text", "uuid": "be394000-2dad-4422-b6d1-0fc43de7128e", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2023-05-08T11:49:18.000000+00:00\nLast Submission:2026-04-05T11:50:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775494061", "uuid": "d0bfee69-e8a0-4e4f-9761-54dc5b08c730", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775494061", "to_ids": true, "type": "md5", "uuid": "e8eff104-8d7b-4a83-9e4a-11af7948c92f", "value": "82a019c4e64840faced30e8bc8f2d4cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486687", "to_ids": true, "type": "sha1", "uuid": "b2882d05-cad8-4bca-83e9-952cb745dc42", "value": "8f1aaaef9bce0ea49cdb8b0560f0042586c01920", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486687", "to_ids": true, "type": "sha256", "uuid": "6d363431-a028-4a47-a50a-bbc03377f674", "value": "c0af6e9d848ada3839811bf33eeb982e6c207e4c40010418e0185283cd5cff50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486334", "to_ids": true, "type": "ssdeep", "uuid": "8faaf9a8-d1b6-4d47-bd09-5f8638182e55", "value": "49152:tCYvgm6WXgUDL5KG+EAm/6SHDhln/rhfk3yjJ59aXOHC82fBE5BFrBwniWU:SWXgUpB+bmCKDh5/gmJaXOH32fBENNWU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486334", "to_ids": false, "type": "size-in-bytes", "uuid": "24be26ea-bbc5-43d2-83c2-fe1dff9c47b4", "value": "3025089" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486334", "to_ids": true, "type": "filename", "uuid": "e02e3936-7fbb-4f3a-aa3d-2b1195395fb6", "value": "c0af6e9d848ada3839811bf33eeb982e6c207e4c40010418e0185283cd5cff50.7z" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486334", "to_ids": false, "type": "text", "uuid": "b0574bef-3635-47f6-8217-3073d7120dd3", "value": "Type Description: 7ZIP\nMicrosoft: None\nVT Total Detection:7/63\nFirst Submission:2026-02-16T22:46:51.000000+00:00\nLast Submission:2026-03-02T15:24:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775494082", "uuid": "65f6b266-5bb7-4e1f-90c6-fec3ca8506ad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775494082", "to_ids": true, "type": "md5", "uuid": "ed0c2958-8d92-45bb-a1b4-d832947eaa90", "value": "e272788063a75b03ad67ce23f39f2d53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486688", "to_ids": true, "type": "sha1", "uuid": "b0f1cba6-bea6-41f1-90e1-6b55934f060c", "value": "7e52feafbdf9ae4ebcd7ef00427f106b384a9874", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486688", "to_ids": true, "type": "sha256", "uuid": "d39bf24b-74b6-4164-be17-4759ad82161b", "value": "2e9356948f2214fbf12ab3e873e0057fb64764cb8ed9d1c82e7ab0b3eef92a37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486356", "to_ids": true, "type": "ssdeep", "uuid": "35d86c2c-f3b1-4b2c-a06b-a03228d2299a", "value": "384:0LzkJu8sXXCoDv6C3PgeiCE8gaYwZ5VpzG:cOC/iiPpzG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486356", "to_ids": false, "type": "size-in-bytes", "uuid": "2055bd3e-e21a-4bbf-8419-0941c4c028d9", "value": "22443" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486356", "to_ids": true, "type": "filename", "uuid": "1425993b-f796-46d6-8578-42727f7037f2", "value": "roberto99223" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486356", "to_ids": false, "type": "text", "uuid": "67755bcd-5acb-4af1-8ae4-01f732091e92", "value": "Type Description: Text\nMicrosoft: Trojan:MacOS/AtomicSteal.D\nVT Total Detection:35/62\nFirst Submission:2025-06-30T17:26:43.000000+00:00\nLast Submission:2025-06-30T17:26:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775494103", "uuid": "b0886955-49af-4864-be3c-0e9c3323539c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775494103", "to_ids": true, "type": "md5", "uuid": "cf29de55-43d4-4f95-8064-d159442cfff2", "value": "f266043ddf16ad745c9701803b972aec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486689", "to_ids": true, "type": "sha1", "uuid": "76864013-823c-4a80-b867-0d04a84fd7ef", "value": "70505b9a697cc80ca4535aac602972a5d4b0019b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486689", "to_ids": true, "type": "sha256", "uuid": "1e255ed4-b13e-4f93-8018-6a8ad5239bf6", "value": "25865914ff0ec9421a5fa7dff2f680498f8893374f24d0b67a735bd8369299e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486377", "to_ids": true, "type": "ssdeep", "uuid": "326ccb5d-2ffc-443d-baf3-2687d4ec0290", "value": "96:ZnQ8eCrOJ1NQDvZg8YRaxKiUTzgqxaybIvooedb1qJAMrenR:ZQ8eCrOPNQzZg8Ycsi+z1cybIvooIb1N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486377", "to_ids": false, "type": "size-in-bytes", "uuid": "077a606e-9116-4647-aed1-71c8b82282e5", "value": "3466" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486377", "to_ids": true, "type": "vhash", "uuid": "fc9f7ed3-7149-408f-972d-b5367ef4dd13", "value": "b15b6c2ff3fcb5c1d23f4e4817c4852b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486377", "to_ids": true, "type": "filename", "uuid": "c469bf85-e6ae-4aea-8fdc-28b9393095e9", "value": "phauk7y.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486377", "to_ids": false, "type": "text", "uuid": "163e1cbd-0380-41e7-821c-23adbf6c647d", "value": "Type Description: Powershell\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:28/63\nFirst Submission:2026-02-16T22:50:32.000000+00:00\nLast Submission:2026-03-02T13:44:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775494124", "uuid": "e633ecc4-9344-4fcd-8643-bef70b130733", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775494124", "to_ids": true, "type": "md5", "uuid": "63d4fb7d-f379-4594-b39c-be6ad38c04e3", "value": "e40a9f7dcfb8dc18b49ef99617bbe9f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486690", "to_ids": true, "type": "sha1", "uuid": "3bb37a92-58c0-4b67-ac11-623f9555976f", "value": "c07fa6c91287907943b81bf18668a9dc51c98e7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486690", "to_ids": true, "type": "sha256", "uuid": "cb575296-f63a-4792-bbb4-16bb764a36d2", "value": "280c7fb3033c6c34df88b61a4c90eb03e1ae7d1dc00355ca280a83903b776473", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486399", "to_ids": true, "type": "ssdeep", "uuid": "332096a6-7d8f-46e2-9cf2-65f894a795c7", "value": "96:ZNQ8eCrOJ1NQDvZg8YRaxKiUTzgqxaybI2ooeduIZ1qv0AMrkGnR:XQ8eCrOPNQzZg8Ycsi+z1cybI2ooIu4d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486399", "to_ids": false, "type": "size-in-bytes", "uuid": "d5ae07d7-3ab6-4758-b3f4-92c4be5f3df1", "value": "3570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486399", "to_ids": true, "type": "vhash", "uuid": "c3dd291b-29e0-4f48-9d32-ff77efbc3cf4", "value": "b15b6c2ff3fcb5c1d23f4e4817c4852b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486399", "to_ids": true, "type": "filename", "uuid": "da2e48d7-537a-4f0f-8e43-2ccc9e448ea8", "value": "szawq.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486399", "to_ids": false, "type": "text", "uuid": "83649349-940d-485e-9590-ab9f73357d88", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Boxter.IRQ!MTB\nVT Total Detection:28/63\nFirst Submission:2026-02-14T15:09:50.000000+00:00\nLast Submission:2026-03-02T14:04:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775494145", "uuid": "933866e1-52de-492b-8fe3-858466c28b98", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775494145", "to_ids": true, "type": "md5", "uuid": "c97421ef-f4ff-4aba-8af8-75e57b361e38", "value": "92e92c7205bb49c126a7fece0a4b3f5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486692", "to_ids": true, "type": "sha1", "uuid": "b535250e-450d-4c95-a7e0-15b22dc775ec", "value": "12e680cc928a39aa5185365b35a02a6b2061420a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486692", "to_ids": true, "type": "sha256", "uuid": "826f8de5-2471-4a84-ae3a-dff19d20c895", "value": "3f8202dacab7371e760e83b7d2b8fbd5d767f5bd408ed713ab0550c83ae82933", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486421", "to_ids": true, "type": "ssdeep", "uuid": "4a6a5651-cd86-4638-8de2-44b228bfa97c", "value": "96:IwgDLQ1ggD4ZIOP61gv3tU8D3xxpnTdoxxpyg3oo2klh78qDAHrO15:k8igD42OC1O3tU8D3npTdoHpyMoo2klD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486421", "to_ids": false, "type": "size-in-bytes", "uuid": "36c5f083-f83a-4ad3-b0c1-462c888cd026", "value": "4107" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486421", "to_ids": true, "type": "vhash", "uuid": "d1765811-8d6a-4009-bf39-568fd6a8b501", "value": "152abe1587169e24f2e4d2c8d2446dd5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486421", "to_ids": true, "type": "filename", "uuid": "7953e077-2008-4ab8-8a9f-7ff051ddd762", "value": "d34p45.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486421", "to_ids": false, "type": "text", "uuid": "4081663b-37b8-482a-85f6-878b5e675cd4", "value": "Type Description: Powershell\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:27/63\nFirst Submission:2026-02-23T09:17:42.000000+00:00\nLast Submission:2026-03-02T13:40:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1775494166", "uuid": "a3f751a2-af5f-47c5-8e66-a827ca94bba1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1775494166", "to_ids": true, "type": "md5", "uuid": "45c08240-b1da-4b4b-8242-6fb6b32a2505", "value": "0e660f7e5a6621a9185a7b8080364500", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1775486693", "to_ids": true, "type": "sha1", "uuid": "11047515-90d4-4f3b-adc3-3b4178fc0f05", "value": "3b7b47b6260ab67c120a13a9c207efa91ebb7ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1775486694", "to_ids": true, "type": "sha256", "uuid": "16a091bd-5d2e-48c2-91ff-109ee59d0ccb", "value": "56ebaf8922749b9a9a7fa2575f691c53a6170662a8f747faeed11291d475c422", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1775486464", "to_ids": true, "type": "ssdeep", "uuid": "0d9507e2-b15d-475a-8660-f1fa2a09016c", "value": "768:NEVZl6FhWr80/0KEvr2bhuRLKzCKZikEr2bhugkKzCKZikW:NG0hG8KEj2hu1vN2hubvN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1775486464", "to_ids": false, "type": "size-in-bytes", "uuid": "eb58dcc0-2a8f-45b2-8291-b3de87aec8dc", "value": "120256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1775486464", "to_ids": true, "type": "vhash", "uuid": "b0a09971-05c0-448c-b148-89731f2b5b70", "value": "0150461515151bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1775486464", "to_ids": true, "type": "filename", "uuid": "c72170bd-9ebc-4d3a-9584-670ecfd23d02", "value": "client32.exe" }, { "category": "Other", "comment": "Checked: 06/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1775486464", "to_ids": false, "type": "text", "uuid": "6ba1f0f4-6945-46c5-8b07-47da96257050", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:21/72\nFirst Submission:2025-07-24T22:07:03.000000+00:00\nLast Submission:2026-04-01T14:18:40.000000+00:00" } ] } ] } }