{ "Event": { "analysis": "1", "date": "2026-04-01", "extends_uuid": "", "info": "[Threat Intel] TA416 resumes European government espionage campaigns", "protected": false, "publish_timestamp": "1776072057", "published": true, "threat_level_id": "2", "timestamp": "1776072057", "uuid": "4f22e745-58d0-44a5-add2-e0bf187c9650", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#2d8ee7", "local": false, "name": "misp-galaxy:producer=\"Proofpoint\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": "" }, { "colour": "#241a62", "local": false, "name": "misp-galaxy:target-information=\"Iceland\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": "" }, { "colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": "" }, { "colour": "#bbeedc", "local": false, "name": "misp-galaxy:target-information=\"Kosovo\"", "relationship_type": "" }, { "colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Syria\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MUSTANG PANDA\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PlugX\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775617210", "to_ids": false, "type": "link", "uuid": "e1e4955e-d176-4822-81fc-e94345fc38ed", "value": "https://www.proofpoint.com/us/blog/threat-insight/id-come-running-back-eu-again-ta416-resumes-european-government-espionage" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1775617210", "to_ids": false, "type": "text", "uuid": "48e67ba2-d086-4e0e-b860-61ad8f43615e", "value": "Since mid-2025, China-aligned threat actor TA416 has resumed targeting European government and diplomatic organizations after a two-year operational shift to Southeast Asia. The campaigns primarily focused on diplomatic missions to the EU and NATO, using web bug reconnaissance and malware delivery through compromised accounts and attacker-controlled infrastructure. In March 2026, TA416 expanded operations to Middle Eastern diplomatic entities following the Iran conflict outbreak. Throughout this period, the actor continuously evolved infection chains, utilizing fake Cloudflare Turnstile pages, OAuth redirect abuse, and C# project files to deliver a customized PlugX backdoor via DLL sideloading. The group employed both broad reconnaissance campaigns and targeted malware delivery, demonstrating sophisticated tradecraft including use of re-registered legitimate domains and cloud infrastructure for command and control operations." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1775617210", "to_ids": false, "type": "text", "uuid": "1543799c-4d28-4ddb-b9ce-c18382fd7c10", "value": "Name: TA416 resumes European government espionage campaigns\nAuthor: AlienVault\nAdversary: TA416\nTags: [\"toneshell\", \"cloudflare turnstile\", \"korplug\", \"plugx\", \"TA416\"]\nTgtd countries: [\"Belgium\", \"Iceland\", \"Syrian Arab Republic\", \"Kuwait\", \"Iran, Islamic Republic of\", \"Kosovo\", \"Bangladesh\"]\nMlwr families: [\"PlugX - S0013\", \"Thoper\", \"TVT\", \"DestroyRAT\", \"Sogu\", \"Kaba\", \"Korplug\", \"TONESHELL\", \"PUBLOAD\"]\nAttack_ids: []\nIndustries: [\"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1776004465", "to_ids": false, "type": "threat-actor", "uuid": "bd200ee3-7341-40b1-8d30-91370670cc33", "value": "TA416", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MUSTANG PANDA\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018350", "to_ids": true, "type": "md5", "uuid": "d9224c89-58fb-42c0-8867-6e686ca28a99", "value": "90edc0cecd3f762c36a38a5642e0d939", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018351", "to_ids": true, "type": "md5", "uuid": "5c2e114d-2c1e-4610-8823-7bc178f90930", "value": "95254a16917d2c458ea5143ad35373cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018352", "to_ids": true, "type": "md5", "uuid": "db0b69fc-9e21-4ece-ac4c-7258165a47e3", "value": "f517f01384310145d989ec45a649d9c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018353", "to_ids": true, "type": "sha1", "uuid": "45e817bc-5b8d-4f6d-bfdc-35455ecf2777", "value": "15e9d47e34861fb6ebe27b5d683014ed4b49e39f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018354", "to_ids": true, "type": "sha1", "uuid": "5bfb0fca-56cd-45aa-8305-9cf24a67c75a", "value": "b4de571f772316c0fd6a7e74e3577ae6d3eb54db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018355", "to_ids": true, "type": "sha1", "uuid": "35a0cc76-cc5b-4ac5-85b5-683765ab50dd", "value": "f4183780f6684b1eb82e5556654be329da5a6843", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018356", "to_ids": true, "type": "sha256", "uuid": "6ab33a4e-d038-4f09-a5b4-39a7af6a762c", "value": "06a70c54c580ec4c362bfbc94147a0f1ac9020c421933ccf494a8d553b114260", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018357", "to_ids": true, "type": "sha256", "uuid": "0a15b284-3b0f-4ab3-94b1-63b8aa5078ef", "value": "16e258b7b712b747a6037d56ee8d2cc99f8f8139da4a3a59c24af0887531ace0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018357", "to_ids": true, "type": "sha256", "uuid": "c7b0a772-8dc9-4cf6-8cfb-040d0d3f100e", "value": "2261c7640fe2f3c2385de61c546b5020ec8a486ad5bad64c31bc9268f6b36a2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018358", "to_ids": true, "type": "sha256", "uuid": "3b9603f0-04c3-443a-9ebd-d6408d87dc45", "value": "2712f4ac5ad422bcf749699389cb1a0111a1b11e298efb0cffebc2e2f0becb5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018359", "to_ids": true, "type": "sha256", "uuid": "ca202436-db2f-4982-9a40-8ddbcdae8c26", "value": "28a8bdaee803d9cf9186ff4756e15b0fb491fd3b65bde002361615f27e5ca92d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018360", "to_ids": true, "type": "sha256", "uuid": "0ec163fa-4b79-4355-aed7-6a9a3e9cb968", "value": "29a70241660ff3234f1c5e8c01878ee01adb4a289262bd37403e1a323129ea86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018361", "to_ids": true, "type": "sha256", "uuid": "641b6a8f-4bff-4f7c-b996-536b3acbd7ab", "value": "2c3708a103b257fa75fcb34948c817fd564d4479f1e267b33c5b08f0d4c7634f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018362", "to_ids": true, "type": "sha256", "uuid": "97ed4dc6-7d01-4a8d-b063-156685be4c0b", "value": "30475ff5b32776e554433ff00e7c18590253521024662c267abaefd24f1b9bbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018363", "to_ids": true, "type": "sha256", "uuid": "386590f6-8db2-4036-827a-4a0f1f228137", "value": "31f3606433e95bfbb047d31c885e56a70111e130f3d2da0580644c01323b46d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018364", "to_ids": true, "type": "sha256", "uuid": "732fd43d-f429-4a01-8167-8cf725c7b41f", "value": "3c065947461df428b0d29e401e2a28a0d2560943e96d3ac8b9ed71858fbcec38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018365", "to_ids": true, "type": "sha256", "uuid": "aef38de9-7111-4ef4-a785-d74b26c07fca", "value": "3e7478d3854eaeed487230ba9299c87d5a5d70e4fbeac841555327c76b7b405e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018365", "to_ids": true, "type": "sha256", "uuid": "e6b83315-86d0-4942-b2ab-10bf3d7ff765", "value": "45d8d4f04eb44dc5d10290038825194b0ffc38048a786b4a8b81bb796afc58a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018366", "to_ids": true, "type": "sha256", "uuid": "acade78e-1deb-41ff-a0ca-ef02b96093ab", "value": "4d528842c7fe73681dfe569d38a39f8d38ca5548dbc8b6ac02df096713a92efd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018367", "to_ids": true, "type": "sha256", "uuid": "2c13ddba-2096-4943-8086-c1c3c689a8c4", "value": "5c3208c5217933e16c5119e7baf78f85fd409e8822d1cd7a8ef2d52a5bd511c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018368", "to_ids": true, "type": "sha256", "uuid": "311dc0bc-1b7b-413d-bbf6-fb0054b6ee64", "value": "6788365386ccd34d1db681c61ef07ef4d2faea5672571b77a76dc48f327afaa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018368", "to_ids": true, "type": "sha256", "uuid": "623b4770-ff7a-4dcc-b717-da7e4548b2de", "value": "69b685fadce4f34bc4964b3d78d43694a428ae1ee4d2fe0ce4ed26fad07847fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018370", "to_ids": true, "type": "sha256", "uuid": "3998bbb0-8462-4f91-9e9f-7d426022b266", "value": "774841a2bfb07b61a8be3de8ae31e9847f987de652eef179761dc3d1b34c42ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018371", "to_ids": true, "type": "sha256", "uuid": "ff411c0f-4e38-4ab0-ac27-e071a3b22d72", "value": "7be77e6166aae9a89b16b64b593f35afc7424926047635f2230a4e364c6a46d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018372", "to_ids": true, "type": "sha256", "uuid": "9000d556-634a-4f90-9f0d-b0839bbb22b8", "value": "7d2b6c48cbd6cef05ea2bdae7dfc001504cccda99dd89eb7fe6646e96c1d5515", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018372", "to_ids": true, "type": "sha256", "uuid": "2f6a5970-d1c0-4213-bcb1-b2fb0f967f8c", "value": "84d6a8b47edadf5725d9937d8928a90d190e0c98b5b4d1a4c58e97cddcd36768", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018373", "to_ids": true, "type": "sha256", "uuid": "31d5ea5a-697a-4efb-9e74-a397bfd1ff26", "value": "93e9402af72b355554f9ba93c64871b1bae5be498e3b8a10e61ebdd10ab0d050", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018374", "to_ids": true, "type": "sha256", "uuid": "14e6afe1-1c70-4ff5-a126-7196fe993336", "value": "965894996e2cb9be1e0ccc509e079e7eca072cbc4e68945beb00ff5979dda19c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018374", "to_ids": true, "type": "sha256", "uuid": "267f70cc-51d7-4f8d-bed2-449418970fc1", "value": "9d61c4e21bbbddde5bb780ea0c5238a3538a84b9afe98d62d08845b47fb5caa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018375", "to_ids": true, "type": "sha256", "uuid": "feefc939-8909-433c-9616-1c5259ec0326", "value": "9e67f72bfbc8772ce10633430e1277fd8374e99877ddedb598b4f6717c799eeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018376", "to_ids": true, "type": "sha256", "uuid": "0670dd31-bd47-49a9-bd4b-10f3f38646bd", "value": "a3f9e20315663e4e8feb13e77563e3cb0f2f4844734987e51e14bd172b9a04fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018376", "to_ids": true, "type": "sha256", "uuid": "6e484dec-d1d9-4f83-9177-b14e840fda74", "value": "a82c8845587a87010eab52ef8c35d45eaea8eb8102aae77ec96e222197b7db66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018377", "to_ids": true, "type": "sha256", "uuid": "d93c8769-3017-4c82-af50-e6bc02d51521", "value": "b6d866054dedf7a882dd1fa405a066de1278e35acf639b3a0e850a637d27c4bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018378", "to_ids": true, "type": "sha256", "uuid": "0b669d52-587b-4859-8169-efb1b357494c", "value": "c73050860c8aaa0f79c03781519cdcee133832805e2e3e778fef3cb0e917efb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018379", "to_ids": true, "type": "sha256", "uuid": "48e9ee6f-307d-4b41-98b5-a767fe7c117a", "value": "c8a6302adf92353556c600a0afa9146fbc04663fffe8be90808df2bf04ec5703", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018379", "to_ids": true, "type": "sha256", "uuid": "aa877257-f861-4d98-bd65-b54f3bf8eae4", "value": "e7ed0cd4115f3ff35c38d36cc50c6a13eba2d845554439a36108789cd1e05b17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018380", "to_ids": true, "type": "sha256", "uuid": "e4880651-8905-4f3d-a646-3253bb34a323", "value": "e9d8f28fd0aef3bc3f5b28a41b3f342165b371db9aefd7d03f2aba4292009d3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:12/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018381", "to_ids": true, "type": "sha256", "uuid": "5829c74e-239f-4a9b-904e-a21e503e5d6d", "value": "f333bc5238e39790fb7560de067a852e9a99df2bb783cf08738d8a0d424b9658", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019147", "to_ids": true, "type": "url", "uuid": "dfdc188a-ee62-43b7-b8fb-e4128ce93626", "value": "http://ombut.com:443", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019169", "to_ids": true, "type": "url", "uuid": "9da52211-e30c-4c42-bacb-d72485379eda", "value": "https://dash.ghonline.net:443/download/jyebbtg?error=interaction_required&error_description=Session+information+is+not+sufficient+for+single-sign-on.&state=o1", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019191", "to_ids": true, "type": "url", "uuid": "54ba97c0-a7f8-4424-833f-b9188ab5eb7f", "value": "https://phpthemes.net/images/upload/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019212", "to_ids": true, "type": "url", "uuid": "84495f14-8f89-42f2-a273-6636c1585d5a", "value": "https://phpthemes.net/images/upload/eu.png/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019233", "to_ids": true, "type": "url", "uuid": "7f426a15-958d-4ea3-8ebe-244903d2c411", "value": "https://web.florarevival.com:443/download/a6d6u9ff13?error=interaction_required&error_description=session+information+is+not+sufficient+for+single-sign-on.&state=6", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019255", "to_ids": true, "type": "url", "uuid": "cb6b1db1-29da-4246-b871-346e791cce51", "value": "https://welnetsanda.org/images/upload/logo.png/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019277", "to_ids": true, "type": "url", "uuid": "bf137c96-8054-4cd3-8ff8-2e18dc7ba770", "value": "https://www.buscacnpj.org/download/we7823bn?error=interaction_required&error_description=session+information+is+not+sufficient+for+single-sign-on.&state=3", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019298", "to_ids": true, "type": "url", "uuid": "d578a461-bc38-48d2-a99b-0ec6a62926ff", "value": "https://www.bushidomma.net/download/l7o9afe?error=interaction_required&error_description=session+information+is+not+sufficient+for+single-sign-on.&state=2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019319", "to_ids": true, "type": "url", "uuid": "6f39c97f-68a8-4dd8-9595-0f29e5d89100", "value": "https://www.foxmediagency.com/download/qqa36sa0d6fq066?error=interaction_required&error_description=Session+information+is+not+sufficient+for+single-sign-on.&state=o1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019340", "to_ids": true, "type": "url", "uuid": "a891d946-e162-44db-9ca5-c84dbf99fb3c", "value": "https://www.subusiness.org/download/aetce17ge?error=interaction_required&error_description=session+information+is+not+sufficient+for+single-sign-on.&state=47", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019361", "to_ids": true, "type": "domain", "uuid": "e32cd130-9b0e-4885-8c42-811770ff844e", "value": "aaitile.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019383", "to_ids": true, "type": "domain", "uuid": "ffee7507-1633-4b57-a3ee-1a2175ef8889", "value": "adimagemarketing.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019405", "to_ids": true, "type": "domain", "uuid": "050ddfe5-e2b1-4a31-9250-d07201759145", "value": "alpinemfg.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019426", "to_ids": true, "type": "domain", "uuid": "bc2cdda2-d639-47e9-8e2c-ebc01a40f826", "value": "amblecote.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019447", "to_ids": true, "type": "domain", "uuid": "e6b68046-508f-4af8-b7ab-fa6de4357e63", "value": "anbusivam.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019468", "to_ids": true, "type": "domain", "uuid": "a63cabf9-bef0-4918-9f6b-ed4fcb170a35", "value": "atravelingwitch.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019489", "to_ids": true, "type": "domain", "uuid": "f4f3102e-a7bb-4a84-80e9-dd2b363a1952", "value": "basecampbox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019510", "to_ids": true, "type": "domain", "uuid": "a3a567bb-2f13-4490-88b1-895ace130f83", "value": "bobbush.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776019531", "to_ids": true, "type": "domain", "uuid": "d9a1ede4-8fda-4966-9c70-75ca916341e1", "value": "buddhismnewsdaily.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044609", "to_ids": true, "type": "domain", "uuid": "68e020e2-dd43-4282-b94b-390bd5b2ae61", "value": "buscacnpj.org", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044630", "to_ids": true, "type": "domain", "uuid": "d4d88969-2fd6-4d00-baf8-1bbb9ef21ac9", "value": "bushidomma.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044651", "to_ids": true, "type": "domain", "uuid": "3f150bd3-d85c-40a8-8443-a3e3c583ad3c", "value": "busopps.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044672", "to_ids": true, "type": "domain", "uuid": "6b5bfa1e-5e8c-462b-96fe-e6adf115b6c6", "value": "buywownow.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044694", "to_ids": true, "type": "domain", "uuid": "22aa9e81-271f-482c-acc8-5fa86f20cf01", "value": "buzzurro.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044716", "to_ids": true, "type": "domain", "uuid": "893c31c5-372e-47ee-862c-787a05188bf7", "value": "carhirechicago.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044738", "to_ids": true, "type": "domain", "uuid": "f118e67d-a299-4c07-94e2-ecb8f7b91008", "value": "cnrelojes.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044759", "to_ids": true, "type": "domain", "uuid": "9b01e37a-d2d5-4040-b848-eb782734b682", "value": "coastallasercompany.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044781", "to_ids": true, "type": "domain", "uuid": "9d7c106d-77d9-4129-8f59-8daab271e68a", "value": "colorflee.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044802", "to_ids": true, "type": "domain", "uuid": "13d630ce-b3ed-40ba-9950-47b5c0d6576b", "value": "creatday.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044823", "to_ids": true, "type": "domain", "uuid": "6dc0fe18-dfa4-4391-b409-632792de7232", "value": "cseconline.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044845", "to_ids": true, "type": "domain", "uuid": "b4913e5d-59b3-42d4-9cee-38f760015b4b", "value": "cubukluescort.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044867", "to_ids": true, "type": "domain", "uuid": "dc09893a-7032-444b-a59f-6a6e1b362ad3", "value": "dalerocks.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044888", "to_ids": true, "type": "domain", "uuid": "2887cf14-7364-4b39-a297-4fd09195f947", "value": "decoraat.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044909", "to_ids": true, "type": "domain", "uuid": "2bf6b50c-d59b-4ba2-b17a-35de5c0f7570", "value": "designehair.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044930", "to_ids": true, "type": "domain", "uuid": "ae79843b-7feb-4d6e-97e3-8924fd10a5f5", "value": "devlyrics.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044951", "to_ids": true, "type": "domain", "uuid": "f43837a3-0511-4c88-8eb2-702ef5c4bf67", "value": "devredin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044973", "to_ids": true, "type": "domain", "uuid": "eacf90f6-8a2d-4628-9672-95110ce4b75b", "value": "dnzapping.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776044994", "to_ids": true, "type": "domain", "uuid": "18a10383-30c6-4ada-ab28-cdb00dbfae96", "value": "doorforum.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045015", "to_ids": true, "type": "domain", "uuid": "fecc3c3e-a154-4ce1-8089-90dee6664793", "value": "ecoafrique.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045037", "to_ids": true, "type": "domain", "uuid": "ea9c52cc-b738-4097-b656-53daf0abf05b", "value": "ecolnomy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045058", "to_ids": true, "type": "domain", "uuid": "119e9529-0385-4e75-b6ca-9a616f9fd590", "value": "ecomputers.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045079", "to_ids": true, "type": "domain", "uuid": "c7169217-ef0a-4d83-b31c-efcadaed7d73", "value": "embwishes.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045101", "to_ids": true, "type": "domain", "uuid": "a5145139-f6b6-4944-a01c-e03eb5b8e7a5", "value": "espacebus.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045122", "to_ids": true, "type": "domain", "uuid": "4003a34d-4644-4223-a784-c987903d0d56", "value": "famisu.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045143", "to_ids": true, "type": "domain", "uuid": "c8484c09-894f-46eb-8258-30cbf40e69e2", "value": "florarevival.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045164", "to_ids": true, "type": "domain", "uuid": "5062a8c6-234a-4d47-8aa2-19f2780db908", "value": "foxmediagency.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045186", "to_ids": true, "type": "domain", "uuid": "01c373e4-b464-4f61-a74e-c40975b6db52", "value": "fruitbrat.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045207", "to_ids": true, "type": "domain", "uuid": "6ca0acdf-54f2-46b9-9b32-4dd983ceb467", "value": "fuyuju.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045229", "to_ids": true, "type": "domain", "uuid": "e77161cd-63c6-4ef8-b412-385302d02cef", "value": "gesecole.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045250", "to_ids": true, "type": "domain", "uuid": "6ce62433-47d9-4f26-9331-b275ee55a640", "value": "gestationsdiabetes.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045271", "to_ids": true, "type": "domain", "uuid": "999ee6e2-7658-4511-8ade-86157bf01a09", "value": "ghonline.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045294", "to_ids": true, "type": "domain", "uuid": "d8899be0-78f1-48be-a342-6f92fa782b60", "value": "goodmedsx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045315", "to_ids": true, "type": "domain", "uuid": "6123ac2c-6cff-4a57-bf9d-defcbf34afc9", "value": "gynecocuk.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045336", "to_ids": true, "type": "domain", "uuid": "b00b0850-306f-491a-b396-d7920e78002c", "value": "harrietmwelch.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045359", "to_ids": true, "type": "domain", "uuid": "80cfc945-d94c-4c55-98f5-026405dbefdb", "value": "hayabusamt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045380", "to_ids": true, "type": "domain", "uuid": "69a1cbfb-3e29-4bca-b4e8-eab7603b74c0", "value": "hnk-capljina.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045401", "to_ids": true, "type": "domain", "uuid": "34186256-131b-4213-9f7f-4c1d1e26460b", "value": "hoplitellc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045422", "to_ids": true, "type": "domain", "uuid": "e25af79a-4d08-4d92-9461-a97b9844b8e4", "value": "it-evenement.nl", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045444", "to_ids": true, "type": "domain", "uuid": "9501ac65-7886-437d-b61b-cabaf9914ce2", "value": "loumuenz.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045465", "to_ids": true, "type": "domain", "uuid": "9eddebf4-46d9-4372-87be-aeec2fa36394", "value": "majicbus.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045486", "to_ids": true, "type": "domain", "uuid": "a9a5402b-ee6b-485d-a02b-9de7684aa8d0", "value": "meritsoftwebportals.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045507", "to_ids": true, "type": "domain", "uuid": "67717af9-dd98-4800-87da-48a5900380a5", "value": "mettayoga.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045529", "to_ids": true, "type": "domain", "uuid": "75a5af5b-e616-4113-a503-e0c2db1b4a39", "value": "mongolianews.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045550", "to_ids": true, "type": "domain", "uuid": "7d19942f-1515-4a43-9711-78da8b1a45b5", "value": "napasbdc.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045572", "to_ids": true, "type": "domain", "uuid": "50171675-dfe9-4968-975c-bd8e20750290", "value": "nvofficespace.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045593", "to_ids": true, "type": "domain", "uuid": "9a37a298-916f-4de9-9dc2-338a462cad67", "value": "ombut.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045614", "to_ids": true, "type": "domain", "uuid": "46939f97-466b-4b1c-96b0-d5de6b865f23", "value": "papermoonweddings.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045635", "to_ids": true, "type": "domain", "uuid": "eb592563-d896-46db-b7fb-37cc443ba092", "value": "paquimetro.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045657", "to_ids": true, "type": "domain", "uuid": "4e54493c-1eae-406c-a582-e27e8c18e3a6", "value": "phbusiness.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045679", "to_ids": true, "type": "domain", "uuid": "f6dd006a-8646-4b2a-8809-469816c5b3dc", "value": "phpthemes.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045700", "to_ids": true, "type": "domain", "uuid": "bd91912d-95d1-407a-8b36-862a90239907", "value": "portabalbufe.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045721", "to_ids": true, "type": "domain", "uuid": "2ac4c097-24e7-466b-b967-9d2d19e4c1d2", "value": "premegalithic.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045742", "to_ids": true, "type": "domain", "uuid": "92ee64da-043e-46df-8cea-77bb633f7d62", "value": "racineupci.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045764", "to_ids": true, "type": "domain", "uuid": "cdb32a50-d2ac-4750-a3e1-43c5c2ca51b4", "value": "rhonline.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045785", "to_ids": true, "type": "domain", "uuid": "16b840d8-f009-4083-80c8-91bdded3c101", "value": "rondabusco.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045806", "to_ids": true, "type": "domain", "uuid": "cb8c7ecf-3d9d-4fd6-8b3a-320cc66c5f38", "value": "ronnybush.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045828", "to_ids": true, "type": "domain", "uuid": "3b221efc-e452-43ba-bb89-d688c244bd54", "value": "shalomrav.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045850", "to_ids": true, "type": "domain", "uuid": "53702087-4f55-46de-8fd8-38491179be38", "value": "softhunts.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045871", "to_ids": true, "type": "domain", "uuid": "9e7c6f6f-2f33-4f02-b0cf-2441289347fb", "value": "speedifynews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045892", "to_ids": true, "type": "domain", "uuid": "5325c3e7-c0b4-4408-a114-8f2ca3fefa4a", "value": "stuypa.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045914", "to_ids": true, "type": "domain", "uuid": "22b5fae3-257f-4d88-8eff-36e58f382532", "value": "subusiness.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045935", "to_ids": true, "type": "domain", "uuid": "190eccde-3185-420c-b0c2-4617f89ed51b", "value": "supplementsoftheyear.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045956", "to_ids": true, "type": "domain", "uuid": "1d415b0d-4cab-41d3-b628-0d01e062f35b", "value": "thecamco.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045978", "to_ids": true, "type": "domain", "uuid": "efe655a8-c328-4dc4-8f9f-37f1169affc5", "value": "theprmummy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776045999", "to_ids": true, "type": "domain", "uuid": "7f6f0e34-c579-4c97-b9ca-8443120aa817", "value": "turileco.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046020", "to_ids": true, "type": "domain", "uuid": "be77376e-f4ac-45d6-a36b-531ab35fbd24", "value": "welnetsanda.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046042", "to_ids": true, "type": "domain", "uuid": "a46bb76c-24cc-4913-a76b-ab33015a76b4", "value": "winesnmore.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046063", "to_ids": true, "type": "domain", "uuid": "2d294990-3bfe-4cfb-8c84-d70d6d23e3eb", "value": "ytsonline.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046085", "to_ids": true, "type": "hostname", "uuid": "a4377495-693e-49b5-a5b1-f7ced5a75d0f", "value": "dash.ghonline.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046106", "to_ids": true, "type": "hostname", "uuid": "32f81304-af4b-4493-a007-e8cd61dec601", "value": "epc.copenhagen2025.dm", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046127", "to_ids": true, "type": "hostname", "uuid": "8aeca053-28ab-4837-8b0e-27f7de5d048d", "value": "web.florarevival.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046148", "to_ids": true, "type": "hostname", "uuid": "3ecf9986-54f0-4cdb-baf6-c60d29b298e2", "value": "www.buscacnpj.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046169", "to_ids": true, "type": "hostname", "uuid": "4fc13bf0-8b1e-4865-b6d7-cc4b22021e64", "value": "www.bushidomma.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046190", "to_ids": true, "type": "hostname", "uuid": "a2cb95ca-799b-4241-b70b-d129116a9410", "value": "www.foxmediagency.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046211", "to_ids": true, "type": "hostname", "uuid": "4368598d-c493-4f58-ad1e-74f9b3c889bf", "value": "www.subusiness.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046233", "to_ids": true, "type": "url", "uuid": "4110dd6c-2e25-4caa-a731-969dc93f0c64", "value": "https://mydownload.z29.web.core.windows.net/nv2199_update_on_situation_of_cambodia-thailand_border.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046254", "to_ids": true, "type": "url", "uuid": "6df3d8b7-dc5a-4a0c-9631-3efec543e84a", "value": "https://mydownload.z29.web.core.windows.net/nv2230_update_of_situation_on_cambodia-thailand_border.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046275", "to_ids": true, "type": "url", "uuid": "e792f03b-f309-401f-8e16-3d99b588f686", "value": "https://mydownload.z29.web.core.windows.net/naju_plan_obuka_oktobar_2025.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046296", "to_ids": true, "type": "url", "uuid": "026dd30f-73a9-49fd-8aed-2bdad5ca1095", "value": "https://mydownload.z29.web.core.windows.net/epc_invitation_letter_copenhagen_1-2_october_2025.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046318", "to_ids": true, "type": "url", "uuid": "3a56b59c-d093-4c9f-b137-ff84839944c3", "value": "https://mydownloadfile.z7.web.core.windows.net/jatec_workshop_on_wartime_defence_procurement_(9-11_september).html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046340", "to_ids": true, "type": "url", "uuid": "47654f49-e502-44f7-9182-3550640c905b", "value": "https://mydownfile.z11.web.core.windows.net/agenda_meeting_26_sep_brussels.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046361", "to_ids": true, "type": "url", "uuid": "6cb2c29c-5599-41b7-9b0c-fd79c912deaf", "value": "https://filesdownld.z13.web.core.windows.net/a9t3zb7l1qx5.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046383", "to_ids": true, "type": "url", "uuid": "4cc8cb86-de68-4d25-89d0-9694c471a170", "value": "https://filestoretome.z23.web.core.windows.net/filelocate.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046404", "to_ids": true, "type": "url", "uuid": "b2de4b44-3071-4057-a4b7-93b96bdefe6d", "value": "https://attd.z23.web.core.windows.net/attd.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046426", "to_ids": true, "type": "url", "uuid": "6eab4c65-21db-448d-886e-ffb5f9bbb414", "value": "https://gooledives.z48.web.core.windows.net/election_2026.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046447", "to_ids": true, "type": "url", "uuid": "f942311e-7a3a-43f9-859e-aa241cd79089", "value": "https://gooledives.z48.web.core.windows.net/%e0%a6%a8%e0%a6%bf%e0%a6%b0%e0%a7%8d%e0%a6%ac%e0%a6%be%e0%a6%9a%e0%a6%a8_%e0%a7%a8%e0%a7%a6%e0%a7%a8%e0%a7%ac.html", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046468", "to_ids": true, "type": "hostname", "uuid": "a4acccda-532d-4248-b778-3ed763c0dbe3", "value": "mydownload.z29.web.core.windows.net", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046489", "to_ids": true, "type": "hostname", "uuid": "e2a43788-e717-4a6d-902c-ce301b110275", "value": "mydownloadfile.z7.web.core.windows.net", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046511", "to_ids": true, "type": "hostname", "uuid": "9a7d689a-a7c3-4b5c-a531-41570a3ffa34", "value": "mydownfile.z11.web.core.windows.net", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046532", "to_ids": true, "type": "hostname", "uuid": "b38b6c86-8889-4163-be86-52fd143f886e", "value": "filesdownld.z13.web.core.windows.net", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046553", "to_ids": true, "type": "hostname", "uuid": "8d77dad9-dd9b-442a-8ace-542e929baa72", "value": "attd.z23.web.core.windows.net", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046574", "to_ids": true, "type": "hostname", "uuid": "7e8c6f6d-6266-43a5-bfc7-15822e974835", "value": "filestoretome.z23.web.core.windows.net", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046595", "to_ids": true, "type": "hostname", "uuid": "5e7b7cc7-d8e6-4f44-be79-5dedac84081a", "value": "gooledives.z48.web.core.windows.net", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046616", "to_ids": true, "type": "hostname", "uuid": "e08b2099-323b-4e71-8c03-19e0504a0d40", "value": "reloadsite.z13.web.core.windows.net", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046638", "to_ids": true, "type": "url", "uuid": "acef289b-cfb8-42d6-b8a0-7439e1f4ae9b", "value": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=607bb911-0f5a-4186-9d48-ecff8e094280&response_type=code&scope=invalid&prompt=none&state=2", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046660", "to_ids": true, "type": "url", "uuid": "068466dc-10d6-4a15-a988-a5fb97c3476f", "value": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=5e6b7cf5-69b7-4f85-87d1-8b4cb6df8aa2&response_type=code&scope=invalid&prompt=none&state=3", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046681", "to_ids": true, "type": "url", "uuid": "904fb42b-2f18-4c4f-ad12-29a4dc379eb9", "value": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=8d015a9c-f912-445d-8b3c-4f3b3201ded1&response_type=code&scope=invalid&prompt=none&state=47", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046703", "to_ids": true, "type": "url", "uuid": "e05062d3-544c-45ae-ad89-b94f2436bc3b", "value": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=684d7892-c993-41d7-b6c1-07613c43cd61&response_type=code&scope=invalid&prompt=none&state=17", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046725", "to_ids": true, "type": "url", "uuid": "1778c839-00d1-4f93-86ce-11ec2c9340bb", "value": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=a9785a2d-445e-4ffa-a770-bec734911841&response_type=code&scope=invalid&prompt=none&state=1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046746", "to_ids": true, "type": "url", "uuid": "d3c2bf99-4cd2-4d61-b8cc-932d2ec7d77a", "value": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=149&x_client_ver=1.0.0&response_type=code&client_id=b004ab26-f57b-439d-ae54-c39b958e5743&nonce=ab93f2c1&prompt=none&scope=invalid&ui_locales=en-us", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046767", "to_ids": true, "type": "url", "uuid": "34d5aa4e-fa7a-4ab1-81fc-4f4ef5ae5601", "value": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=6&x_client_ver=1.0.0&response_type=code&client_id=3c7bf1a4-927f-40a1-97b0-7a7aa08f4bb2&nonce=ab93f2c1&prompt=none&scope=invalid&ui_locales=en-us", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046789", "to_ids": true, "type": "url", "uuid": "152ad664-7166-4348-8fd3-952aab1722bb", "value": "https://login.windows.net/common/oauth2/v2.0/authorize?client_id=7d980c52-31e5-4554-9e20-b89c4617102f&response_type=code&scope=invalid&prompt=none&state=1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046810", "to_ids": true, "type": "url", "uuid": "8443c348-ab44-4357-938f-f5c7b06b1a4a", "value": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?utm_source=portal&utm_medium=web&client_id=c47683e4-16a3-4b8a-a3d3-c1fe4c86f073&response_type=code&scope=invalid&prompt=none&utm_campaign=login&state=o1&ref=dashboard", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046832", "to_ids": true, "type": "domain", "uuid": "67c9a661-60db-47eb-af3d-0aa19dbdfa37", "value": "2025.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046853", "to_ids": true, "type": "domain", "uuid": "546c7596-2e33-4396-9816-6de7c07d6cb3", "value": "attd-asia-2025.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046875", "to_ids": true, "type": "domain", "uuid": "e80ca96e-bc5f-4ec1-854a-c90581080e0e", "value": "updater.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776046896", "to_ids": true, "type": "domain", "uuid": "0a2991d3-1ace-44cc-a476-45f5c7ef1529", "value": "report.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776004523", "to_ids": true, "type": "email-src", "uuid": "b07041c6-95b4-42dc-9274-d77f2c147f19", "value": "kordula.wehrli@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776004523", "to_ids": true, "type": "email-src", "uuid": "acb40df7-1966-4973-94aa-0de72889aa4d", "value": "kayden.beaufort@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776004523", "to_ids": true, "type": "email-src", "uuid": "a2a30354-8156-4ab6-85c9-d7ed0aba6078", "value": "emmeline.voss@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776004523", "to_ids": true, "type": "email-src", "uuid": "d51b3712-52ce-4c0b-9839-d0d8d38ed369", "value": "epc.copenhagen2025.dm@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776004523", "to_ids": true, "type": "email-src", "uuid": "29e7eba1-b249-486b-a516-541165cb411e", "value": "galinaburl76@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776004523", "to_ids": true, "type": "email-src", "uuid": "a43183d0-f4e5-418d-a1fe-83855d2222ee", "value": "office2000005@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776004523", "to_ids": true, "type": "email-src", "uuid": "198b8e0c-ee16-4730-aa59-fe55d2811b90", "value": "hsuhalingaye26@gmail.com" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776046917", "uuid": "b8f06b8f-1448-4613-bd52-451b0b580ab6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776046917", "to_ids": true, "type": "md5", "uuid": "c517ed17-ac22-491e-aca3-0afade359980", "value": "0538e73fc195c3b4441721d4c60d0b96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018304", "to_ids": true, "type": "sha1", "uuid": "8dff6435-1cde-4f58-b95c-18d0257e8a6b", "value": "baa569318144905563b469a5a006ad54eb616a02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018304", "to_ids": true, "type": "sha256", "uuid": "6cf873eb-2639-4e26-a279-7a6b197926e4", "value": "4ed76fa68ef9e1a7705a849d47b3d9dcdf969e332bd5bcb68138579c288a16d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009194", "to_ids": true, "type": "ssdeep", "uuid": "f50a9026-ba77-4ef8-8308-526278d7c52b", "value": "6144:Icf1ilncapZSD4CPpdOHFCJdCCKCjdHvvpphA7vvI1k:Lf+capZO4uaEJECKc3phAU1k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009194", "to_ids": false, "type": "size-in-bytes", "uuid": "7eae9bcd-e921-446d-83a1-8837f9a13ace", "value": "360112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009194", "to_ids": true, "type": "vhash", "uuid": "942d3e1a-8ab4-46e2-a1f3-dbb14c28ceb3", "value": "035066655d1515656az5anzefz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009194", "to_ids": true, "type": "filename", "uuid": "dec4116e-1d04-4dd6-8c6c-ce30e5a3b37c", "value": "CNMPAUI.EXE" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009194", "to_ids": false, "type": "text", "uuid": "c0201922-4693-4927-b9ea-fab37ae7544e", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2018-02-27T19:49:33.000000+00:00\nLast Submission:2026-04-12T07:31:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776046938", "uuid": "217a5e26-b494-4a84-929e-0b4256e62920", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776046938", "to_ids": true, "type": "md5", "uuid": "25fedf74-2837-4ea2-a7fc-0e5536cd0402", "value": "06fcc2a56de5acdf1ca1847c79cca9e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018305", "to_ids": true, "type": "sha1", "uuid": "41fac80f-3f8c-4bb7-99fb-229564262986", "value": "0252819a4960c56c28b3f3b27bf91218ffed223a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018305", "to_ids": true, "type": "sha256", "uuid": "299a041f-d9d0-4fce-9469-92c34591b47d", "value": "de13e4b4368fbe8030622f747aed107d5f6c5fec6e11c31060821a12ed2d6ccd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009216", "to_ids": true, "type": "ssdeep", "uuid": "d4df1319-4412-4a0a-9c39-58b53c4f792c", "value": "24576:RAGLknP/dOkO7UqJ8cuTGWJp8QUkHEPkrCUL:6GLkP1OktA0SwHEPFUL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009216", "to_ids": false, "type": "size-in-bytes", "uuid": "c591f185-767f-4d51-915c-12ea5dde6b15", "value": "1512349" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009216", "to_ids": true, "type": "vhash", "uuid": "e9d3ac12-af6d-40ca-b46b-b18cf174c96e", "value": "577d7f7bdc0c02e6a69bcb5e6ffbfebb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009216", "to_ids": true, "type": "filename", "uuid": "87b5b10e-be92-47cb-bd95-f251ab775249", "value": "Energy_Infrastructure_Situation_Note _Tehran_Province_2026.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 12/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009216", "to_ids": false, "type": "text", "uuid": "e3cb5dc0-e908-4630-ad00-7b52926aa63f", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:32/67\nFirst Submission:2026-03-16T14:33:51.000000+00:00\nLast Submission:2026-04-12T08:05:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776046959", "uuid": "b2e82aee-d850-4f79-9352-7f8b4e0f3bc1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776046959", "to_ids": true, "type": "md5", "uuid": "c21c6cbb-cbfb-4c00-a2e4-ae4daa9c3c90", "value": "0749f8e05b6f0b4d200eadb4f7bb28e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018306", "to_ids": true, "type": "sha1", "uuid": "b3d30e9b-7729-4f68-adb8-1f72993370e2", "value": "ff6486815bdbf1a7b7c8035a6cf8d0157a2a778f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018306", "to_ids": true, "type": "sha256", "uuid": "3df339dc-6818-481d-87cc-73898c221891", "value": "eb10443a2f0b9a25d01a84426a6a8532b0e7c9157abda55b94c98a1fd2d45562", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009238", "to_ids": true, "type": "ssdeep", "uuid": "e3fb066e-e7a9-4fc7-b49c-2de52206fe56", "value": "12288:r4ow+nfLUoGKAet55O6qn/9uWpKH71Gvs2ydA71ro1Sv0t45OQCHNcYSvvKYXduF:r4ow+nfLUoGKATCttcKYXd9vtfI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009238", "to_ids": false, "type": "size-in-bytes", "uuid": "281cbad7-aa54-4ec5-968e-2ffd54605c7d", "value": "653615" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009238", "to_ids": true, "type": "filename", "uuid": "8d989ce4-fd3a-4cec-bbfc-1989549bd869", "value": "crashlog.dat" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009238", "to_ids": false, "type": "text", "uuid": "63c70f9b-3c43-4e7d-8e90-0e86d5ac7129", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:21/62\nFirst Submission:2025-12-23T07:13:58.000000+00:00\nLast Submission:2026-01-15T19:29:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776046980", "uuid": "20b860b4-912e-402b-ac17-31067a370e5e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776046980", "to_ids": true, "type": "md5", "uuid": "304acdea-bc92-4493-9009-2310f62286a4", "value": "0aad27ddd173bfae8009b1ecb46f29b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018307", "to_ids": true, "type": "sha1", "uuid": "d771604f-e959-4b5d-ba0f-86fbf9cc323a", "value": "3aa6baf0265b2789dae0548b5284d4158c8c256b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018307", "to_ids": true, "type": "sha256", "uuid": "aeb19939-df87-4e3f-a1c4-fd5203932715", "value": "0b916d2b4a02d01b42c2b04e281d786a05cc7974d2c4a272b01e8060fa713403", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009259", "to_ids": true, "type": "ssdeep", "uuid": "d82d74f6-7d1b-4e09-9e3e-39b99ecb2ee1", "value": "96:9exycuRJdSPmzOztoUFOCpnkqLdjZ5/pnhjvAe1GrJy8qBNGE5vA:DdSP8gl5/pnhLAJk74" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009259", "to_ids": false, "type": "size-in-bytes", "uuid": "237156d6-e2f0-47e1-8c9f-368d3b07d09a", "value": "8897" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009259", "to_ids": true, "type": "filename", "uuid": "4a65e6ab-68b7-4074-92e9-75e153f1ba31", "value": "Browser Updater.csproj" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009259", "to_ids": false, "type": "text", "uuid": "70664749-cb59-4b9e-97a5-27c01e4cdaae", "value": "Type Description: SGML\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:11/62\nFirst Submission:2026-02-25T08:46:01.000000+00:00\nLast Submission:2026-02-25T08:46:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047002", "uuid": "7148dbe3-c259-428b-9a85-ccb29cec9a4d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047002", "to_ids": true, "type": "md5", "uuid": "8a33c32a-7111-4812-a90e-12c06c198242", "value": "0f9bf9bdfc6f9471345a6a64bb0e57da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018308", "to_ids": true, "type": "sha1", "uuid": "8c6a780e-f51f-4320-9c74-16f9f3a114b3", "value": "e34f1632b45fcff76e6c8e321e87e9e0d28cab59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018308", "to_ids": true, "type": "sha256", "uuid": "3edfb9d0-7c7f-4a3e-a3ce-851e060d5bd0", "value": "50746ddd81a5dbc5cec793209ab552125fff9c7184aa5bcfe22d6c3b267f67f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009281", "to_ids": true, "type": "ssdeep", "uuid": "120cd83a-7235-43ae-8ab4-087d482d305c", "value": "24576:BQxoah9YCjK1Uh4rNUS4rmdxKgG8oUh4ryNqlt8IzO8uAmaCiKb6BwWrV2YV4:BkoFUh4rNUS4rmdxKgG8oUh4ry8uA8i+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009281", "to_ids": false, "type": "size-in-bytes", "uuid": "51fce923-f039-4bb8-9284-6f3fbfb20869", "value": "1218413" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009281", "to_ids": true, "type": "vhash", "uuid": "ffcaf0b9-2326-4ac9-8c00-66fdf49762f1", "value": "577d7f7bdc0c02e6a69bcb5e6ffbfebb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009281", "to_ids": true, "type": "filename", "uuid": "a9fa7d89-c5b1-44aa-9377-b4504ca1e5c9", "value": "50746ddd81a5dbc5cec793209ab552125fff9c7184aa5bcfe22d6c3b267f67f1.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009281", "to_ids": false, "type": "text", "uuid": "c9588b3f-e47d-487a-a13f-a5c3179e1e96", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:31/67\nFirst Submission:2026-01-15T07:52:34.000000+00:00\nLast Submission:2026-01-15T07:52:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047023", "uuid": "e0d5839f-96b3-42ba-863b-af494c7ffde9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047023", "to_ids": true, "type": "md5", "uuid": "f70805f4-ce16-4457-91c2-40acd7299cf6", "value": "2226d3e8843b3e2c228da3a3fdc56e7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018309", "to_ids": true, "type": "sha1", "uuid": "c2877519-bac3-47f7-97c0-0dfd0c258362", "value": "596b582169f5d65c4791477a61099c03fbb63a41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018310", "to_ids": true, "type": "sha256", "uuid": "ab39c06e-5d62-438b-a9f3-adc191dff401", "value": "c96338533d0ab4de8201ce1f793e9ea18d30c6179daf1e312e0f01aff8f50415", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009303", "to_ids": true, "type": "ssdeep", "uuid": "8289cc6a-5bdf-4355-8a85-9bedfddd472b", "value": "48:vpgiGF/Ubi8XGCheuCarSGyQK8HRqcn6GZXsJajldcYH3NzKiiN:BB+AhGCheubvyQK8x966ldl3NmiiN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009303", "to_ids": false, "type": "size-in-bytes", "uuid": "baf08847-8e86-4422-b0c2-48281c3d1d0e", "value": "4096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009303", "to_ids": true, "type": "vhash", "uuid": "e40cabdf-0701-4c0a-a63f-4d07376170fc", "value": "143046551d051.z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009303", "to_ids": true, "type": "filename", "uuid": "b6bf7a9a-98ca-47ac-9945-c90257196bb3", "value": "cnmpaui.dll" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009303", "to_ids": false, "type": "text", "uuid": "333f4258-12c3-42d9-9b23-a715324503a3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Korplug.GZF!MTB\nVT Total Detection:52/72\nFirst Submission:2025-10-03T02:58:38.000000+00:00\nLast Submission:2026-04-07T11:15:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047044", "uuid": "eea3d6b3-2d8c-4657-b0fa-77e7f902e2b2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047044", "to_ids": true, "type": "md5", "uuid": "e6bd5f71-5747-4436-80f7-0cdf3aea8469", "value": "319e0fce4e637a5412e125d6c99348d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018310", "to_ids": true, "type": "sha1", "uuid": "9890b35e-0575-4383-973a-f795dcd72699", "value": "76e7ba416a8dda8e761c62ceb215ab9611ef5b6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018310", "to_ids": true, "type": "sha256", "uuid": "d02f79cb-a039-4a87-8a45-d4f44431306b", "value": "843b22df66f87a587be77145da163f9615fe8164a5ea17f9e33562ff43894fbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009325", "to_ids": true, "type": "ssdeep", "uuid": "c90aa74e-ecfa-4ed5-9180-16f6832882dc", "value": "48:vpgh91H4lfRJCjZj3DDzdpthOEeyXvphxBlIX8R:BSl4lJoHB/reEjHCMR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009325", "to_ids": false, "type": "size-in-bytes", "uuid": "e8b9c1c6-4278-46f4-ae80-250faee34482", "value": "3584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009325", "to_ids": true, "type": "vhash", "uuid": "1b138a3d-ea1e-4eda-bfb9-2199628cb91c", "value": "133046551d051.z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009325", "to_ids": true, "type": "filename", "uuid": "86171ca7-c5d9-4e30-9a5a-30274bc25869", "value": "843b22df66f87a587be77145da163f9615fe8164a5ea17f9e33562ff43894fbf.dll" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009325", "to_ids": false, "type": "text", "uuid": "4bfc6938-eb90-462b-b592-4dca11e79e32", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/GreedyRobin.B!dha\nVT Total Detection:48/72\nFirst Submission:2026-03-04T09:18:58.000000+00:00\nLast Submission:2026-04-07T11:22:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047065", "uuid": "4e3dafc9-1c6b-482f-bc06-0bc8d911fe5d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047065", "to_ids": true, "type": "md5", "uuid": "b8628d91-9d7f-4bba-b734-1b9dfe105c3c", "value": "381247c1d4c68a406237d7d3aa030930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018311", "to_ids": true, "type": "sha1", "uuid": "fcf27875-c6ae-4dd7-82ee-2a1a7cf90adb", "value": "1151100a0aa1ed88f7897709444fd3b3b1044c10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018311", "to_ids": true, "type": "sha256", "uuid": "29519ebf-186c-480c-969f-070dc98e10e3", "value": "29cd44aa2a51a200d82cca578d97dc13241bc906ea6a33b132c6ca567dc8f3ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009346", "to_ids": true, "type": "ssdeep", "uuid": "c32f7281-e0e9-4640-a932-c9928801e2b8", "value": "3072:H2dP4WlUaFT7U4cy9YA4GvB8R+mFZipuqK358LWh5BA:WZxldRl8RzZQup2v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009346", "to_ids": false, "type": "size-in-bytes", "uuid": "8f17a50e-18ba-4e86-a4d7-c1e01e23192e", "value": "113212" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009346", "to_ids": true, "type": "vhash", "uuid": "129ead21-0155-4f0a-8c57-56425a2d07a6", "value": "1ce69ebbf5b51caae861f26f26ff2f23" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009346", "to_ids": true, "type": "filename", "uuid": "496fa758-6a46-4f00-9650-ae71ca60f2ff", "value": "29cd44aa2a51a200d82cca578d97dc13241bc906ea6a33b132c6ca567dc8f3ad.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009346", "to_ids": false, "type": "text", "uuid": "0dd79fed-6b7e-40fa-9f5c-a6d0731179c7", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:21/69\nFirst Submission:2026-02-06T07:59:12.000000+00:00\nLast Submission:2026-02-06T09:38:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047086", "uuid": "b8907e82-478f-472a-a8d5-72e0d7bcce9c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047086", "to_ids": true, "type": "md5", "uuid": "f3c70945-edb6-41c2-b89f-361530397bac", "value": "42fd91f217aeaeef241a27962643d070", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018312", "to_ids": true, "type": "sha1", "uuid": "98ab3732-c729-4602-999e-c3428df75390", "value": "91704137f33d66ae494ae0c2e7d002df6c3c3068", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018312", "to_ids": true, "type": "sha256", "uuid": "3d4cf0d4-d2e4-4cae-b1e9-9f1da8dd6e94", "value": "d0576b39bb6c05ea0a24d3a3d5d7cb234454fefc65860f21a97757582adc7650", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009368", "to_ids": true, "type": "ssdeep", "uuid": "4cf3ee3f-519a-46c2-97eb-0e1ece68ac53", "value": "24:8XJl5vvHYmq9sGay2/hq9nqJKrqBmv+RmAvtXFzSZif+IWpw45Ii+K+cPWk+/CW:8XJjvQV/+/I9qJKG3zvbSZimIWO4imN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009368", "to_ids": false, "type": "size-in-bytes", "uuid": "1c421db0-9433-44ed-be41-c36c322f59e3", "value": "2092" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009368", "to_ids": true, "type": "filename", "uuid": "7f4ec736-4efd-4c25-93de-675ac5fbb315", "value": "Meeting_Outcome_Briefing_10_January_2026.lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009368", "to_ids": false, "type": "text", "uuid": "7a925d4a-f5dd-49c2-bd26-91099cdd14f3", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:32/63\nFirst Submission:2026-01-15T07:52:59.000000+00:00\nLast Submission:2026-01-15T21:04:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047107", "uuid": "66cf7731-8fbd-42a4-8858-7d7753cb9bc9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047107", "to_ids": true, "type": "md5", "uuid": "7310ab71-ecd7-4a3f-890f-c958f4761014", "value": "52f6beda7097db23ec1b395eff9efb4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018313", "to_ids": true, "type": "sha1", "uuid": "e04160e5-e5b7-4254-8970-3cc552b70e6b", "value": "28f88998f2d99a579572d3641f7549e08147f471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018313", "to_ids": true, "type": "sha256", "uuid": "f600423b-bc95-4086-b82f-806035486877", "value": "6b363e0f16fc5a612bd98631e7cdc4f68a95329e92c21ef0495c9117b8b8f360", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009390", "to_ids": true, "type": "ssdeep", "uuid": "713504c5-a1eb-4ff6-87a1-3515bd20e766", "value": "12288:meBdiskOMuAD6yrHrtxiiDZIN3MLSLqkvqg6c1ysDDZ+UE076LVwWrV2YV:J8uAmaCiKb6BwWrV2YV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009390", "to_ids": false, "type": "size-in-bytes", "uuid": "195eee60-43a4-4a10-9f06-75d53bd95335", "value": "615176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009390", "to_ids": true, "type": "vhash", "uuid": "191c4e8f-57d9-4756-8a44-a39533823a7e", "value": "065056655d155560f013z800557z101az10033z1075z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009390", "to_ids": true, "type": "filename", "uuid": "e6d2dee1-209c-49fa-b60d-c58ed99f092d", "value": "ABRemove.exe" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009390", "to_ids": false, "type": "text", "uuid": "1bad4185-a7bc-4c02-a143-329aa80473b2", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2025-09-21T15:06:54.000000+00:00\nLast Submission:2026-03-23T11:43:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047128", "uuid": "d2b71e2c-1d72-4f0a-b0c0-08081bf5423a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047128", "to_ids": true, "type": "md5", "uuid": "cbe9930f-8c0e-48d8-9830-63d787b68470", "value": "5c92f0a474846a8df4aaff5c3b16af34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018314", "to_ids": true, "type": "sha1", "uuid": "0b42882c-b180-4b99-99b1-74b248bd5db6", "value": "cad73d8b5710c0784d95edd6766b0bfdb0fd7382", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018314", "to_ids": true, "type": "sha256", "uuid": "c54d39f4-6792-4da4-af86-66e93116c5a6", "value": "42c3b9cad6c8383699eba4f82d51908c0d61e9ea454bc40447cf20475ce20ff0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009412", "to_ids": true, "type": "ssdeep", "uuid": "371295d7-7998-43b8-a357-deb024f12225", "value": "24576:V4ow+nfLUoGKATCttcKYXd9vtfXIgTpCkt6G02mvR:tUTvItcbvtACt6x2m5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009412", "to_ids": false, "type": "size-in-bytes", "uuid": "d34dfb04-3b84-4e20-84fc-8d4d9c284f2a", "value": "1280946" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009412", "to_ids": true, "type": "vhash", "uuid": "c90b0adb-6c9c-4e2a-a71c-c48fc5698c77", "value": "061845065b8aba2f6ad659c3851252cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009412", "to_ids": true, "type": "filename", "uuid": "0d317e04-108b-41dc-94ab-b528e9141134", "value": "42c3b9cad6c8383699eba4f82d51908c0d61e9ea454bc40447cf20475ce20ff0.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009412", "to_ids": false, "type": "text", "uuid": "f641a751-2312-4692-9cc4-928a6a8e5b81", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:34/67\nFirst Submission:2025-12-22T09:28:35.000000+00:00\nLast Submission:2025-12-22T09:28:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047150", "uuid": "dd7d6cff-a7b0-45d1-acee-c699ea2e38f5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047150", "to_ids": true, "type": "md5", "uuid": "2dd69a8a-0aff-4dd2-9bf8-4b8133446895", "value": "637dbccf9d5d5fb9e41cadbf0803bc55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018315", "to_ids": true, "type": "sha1", "uuid": "3def77b7-bb12-410c-97e1-7982e0c77746", "value": "0de54e53ea7eb2256608fd818a2733d67e1089f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018315", "to_ids": true, "type": "sha256", "uuid": "ace10537-b664-4129-bf53-1ca0afc53ebf", "value": "36e516182b4c8aa48ea3e50b7dc353f32d3412f59fb0cb1c7b3590aa4d821c57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009434", "to_ids": true, "type": "ssdeep", "uuid": "2f440aa9-f149-4942-95da-61fca12c2347", "value": "12288:9rQFFzUJXqZVSc7J9HhYd33IMZojPwqwSGcFEpMKWSD9nwugg2yReM:9rQFZUVqZLCd3r0PwO7EpMKWSD9ug2M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009434", "to_ids": false, "type": "size-in-bytes", "uuid": "1138e5e0-a6a1-4812-88e0-3a44fd060e76", "value": "693746" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009434", "to_ids": true, "type": "filename", "uuid": "d02776d6-9fa2-4763-8fea-f34673dbdb8d", "value": "cnmplog.dat" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009434", "to_ids": false, "type": "text", "uuid": "decf23f7-9371-4098-b52c-d105f8ec9c11", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:2/62\nFirst Submission:2025-10-03T12:27:41.000000+00:00\nLast Submission:2025-10-14T02:12:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047171", "uuid": "540af669-6f30-4ffc-8d6e-b77055952703", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047171", "to_ids": true, "type": "md5", "uuid": "7f537548-6ab0-46a4-b871-a69e557f0d4b", "value": "65658848c424482eaa4bac6e53c25146", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018316", "to_ids": true, "type": "sha1", "uuid": "a998da56-1408-449a-8cee-bcaed58dc16c", "value": "1039ae50b6274c01510df396d962579828f025bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018316", "to_ids": true, "type": "sha256", "uuid": "0972fda1-bf95-408d-8820-f0fb9278061b", "value": "795ad4789a185c3abc35b3ad82117db6b60a7b8ab857e41080873f070d4a06f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009456", "to_ids": true, "type": "ssdeep", "uuid": "6660322d-50a1-4ebf-921d-c51aa28004e1", "value": "6144:0Km/VNjM4HRP7x+8Ly1/4tje2uwvd+1e+iKXbhTm0RS:nGx+8y4tjeTe+1ehohT7k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009456", "to_ids": false, "type": "size-in-bytes", "uuid": "0714050f-33b4-415b-8b7c-c63a5945a417", "value": "274944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009456", "to_ids": true, "type": "vhash", "uuid": "4f843a0e-fa56-4320-b064-85e0cc6636a2", "value": "12506665551d1d055bzd?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009456", "to_ids": true, "type": "filename", "uuid": "b28e0c53-1ab9-4a14-aa01-2faa45786105", "value": "dKqkTTXndDEW" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009456", "to_ids": false, "type": "text", "uuid": "98a6e89f-2ad1-4af5-866a-4988a624a57c", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:45/72\nFirst Submission:2025-11-21T13:56:59.000000+00:00\nLast Submission:2026-04-09T08:09:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047192", "uuid": "8dbccd2a-14f9-4b94-af02-3b4f81e332f2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047192", "to_ids": true, "type": "md5", "uuid": "c3888ad3-bbe2-47ca-8cc3-d08f76e4f516", "value": "69f3f25b4049e8ed198ba2c76a2a137f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018317", "to_ids": true, "type": "sha1", "uuid": "3d92944a-3518-4fe2-8d32-4fe3f1d32038", "value": "f049bf58b9362fc474c1d543b085f39a4134edab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018317", "to_ids": true, "type": "sha256", "uuid": "c536ef6f-e4f4-4a40-80bc-c892e71342af", "value": "64bae6a215ad9e956d1028603438228003d832bdd5e586ad4988f5c7ad1c54f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009478", "to_ids": true, "type": "ssdeep", "uuid": "1df38a04-3309-4ee1-b95b-f4eb3d9c3347", "value": "48:8VczB7B8vP/t/K47VqGZyvpYfSSmIPqZu2sMQN:8VEFOt/K4JNZgBvNQN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009478", "to_ids": false, "type": "size-in-bytes", "uuid": "ca24a744-fab1-40c6-b6e1-e9e5f28d8f93", "value": "2174" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009478", "to_ids": true, "type": "filename", "uuid": "04bd14c0-ea21-409d-b3ed-9b9c3cc0ef04", "value": "Information_Note_Elections_Republic_of_Kosovo_28_December_2025.lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009478", "to_ids": false, "type": "text", "uuid": "a413e1df-3c84-404a-98e0-3c51f4f5ada1", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK!MSR\nVT Total Detection:34/63\nFirst Submission:2025-12-22T09:30:40.000000+00:00\nLast Submission:2025-12-22T09:30:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047213", "uuid": "c828ac9a-eeb4-435e-97cd-cabc150d163d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047213", "to_ids": true, "type": "md5", "uuid": "ddb3a60c-32cf-49dc-8596-c6914e2f5d63", "value": "769687f93869a70511aac1ef7c752455", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018319", "to_ids": true, "type": "sha1", "uuid": "dfe9a630-31d1-455d-9c2c-6e4ef7e178ee", "value": "ad833604d230b241e180950980ea462b3812f82a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018319", "to_ids": true, "type": "sha256", "uuid": "5603d562-2461-448d-a0eb-2ead5e82ff92", "value": "46314092c8d00ab93cbbdc824b9fc39dec9303169163b9625bae3b1717d70ebc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009500", "to_ids": true, "type": "ssdeep", "uuid": "cad9e0d5-aba1-44a1-acac-f2c9262d133b", "value": "48:vpgdn5Vnzk+0DPzdCH4iz40dMtvEAJ5B6NDGEhw0njK:Bz+iB0ZdmtMy5B6NDGgX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009500", "to_ids": false, "type": "size-in-bytes", "uuid": "5cd5e558-e8c0-4e14-8c12-236dd0e5bd79", "value": "5120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009500", "to_ids": true, "type": "vhash", "uuid": "0ce6c3ac-dfbb-4a38-a376-b0cb0e21f9b6", "value": "15306665151d1d051.z9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009500", "to_ids": true, "type": "filename", "uuid": "da8978af-4528-4d2a-bc17-bc19ae858ec9", "value": "46314092c8d00ab93cbbdc824b9fc39dec9303169163b9625bae3b1717d70ebc.dll" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009500", "to_ids": false, "type": "text", "uuid": "4baf22f3-2982-4f01-b909-4bbbeb2b85fd", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:47/72\nFirst Submission:2026-02-06T11:32:29.000000+00:00\nLast Submission:2026-02-06T14:20:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047234", "uuid": "9cc75ffb-ee1d-4b65-9e7e-7151924d5744", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047234", "to_ids": true, "type": "md5", "uuid": "e8a61d4c-7d09-4eb9-a66c-73cf9d7b24a8", "value": "7a183bd25d190662c3008c794f6cb604", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018320", "to_ids": true, "type": "sha1", "uuid": "5a62a71f-8ccf-4c05-9bff-27e71657ad03", "value": "39f6799543e18d9ebc68099e62a30f2e67913034", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018320", "to_ids": true, "type": "sha256", "uuid": "6b978642-dba7-4bac-9e4c-18fc4e8bb564", "value": "30c71d644bc72e0d55d46bed753ab3f72dc77b7f1be0e34693c957939a779507", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009522", "to_ids": true, "type": "ssdeep", "uuid": "d5d6a11f-a324-4721-a6f4-a675c760e565", "value": "24576:AsM4R5bgNI11wtFz+vWwMDt8KIgTpCkt6G02mvV:lnpjQDtsCt6x2md" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009522", "to_ids": false, "type": "size-in-bytes", "uuid": "26a3bc15-ebf1-457c-b92f-e8f10483cd42", "value": "1454366" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009522", "to_ids": true, "type": "vhash", "uuid": "385229ea-77ea-453c-b248-7f0f17608d13", "value": "061845065b8aba2f6ad659c3851252cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009522", "to_ids": true, "type": "filename", "uuid": "1014b558-6706-44eb-bf49-90fe3a7efcfa", "value": "3s2y4ojqo.exe" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009522", "to_ids": false, "type": "text", "uuid": "a0a031c0-2e74-4bea-b318-ab5df88a2ba7", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:32/67\nFirst Submission:2026-02-24T17:48:36.000000+00:00\nLast Submission:2026-02-26T05:43:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047256", "uuid": "482aa551-b456-415a-a72b-35f58474187e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047256", "to_ids": true, "type": "md5", "uuid": "07a41641-01ee-4cd2-b5fc-fea7951e153e", "value": "7a75e713db41c28378e823322fdea0fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018320", "to_ids": true, "type": "sha1", "uuid": "85781508-be00-4295-b3cc-dc62d4fb8bf0", "value": "d1a86ed06b18efef5ce724d2129cf1583b779b44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018321", "to_ids": true, "type": "sha256", "uuid": "d5dcfb05-a52f-4a8d-8d0c-d239707f7ba0", "value": "de8ddc2451fb1305d76ab20661725d11c77625aeeaa1447faf3fbf56706c87f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009544", "to_ids": true, "type": "ssdeep", "uuid": "4500dc7c-fdff-4cb8-b713-d640b4d6449d", "value": "96:9dztoUFOCpI5ENw7vnNU9i8OhVVOv8GZvFx:m5EuTB88VOLx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009544", "to_ids": false, "type": "size-in-bytes", "uuid": "2834bfcc-5d69-4847-9570-65761093e86e", "value": "3249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009544", "to_ids": true, "type": "filename", "uuid": "0318146c-060f-4433-9ab2-f10c7ed0a8ec", "value": "Invitation_Letter_No.02_2026.csproj" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009544", "to_ids": false, "type": "text", "uuid": "b3eb0eef-2e39-4d3d-a98b-1257919f9ab0", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:26/62\nFirst Submission:2026-02-27T11:49:03.000000+00:00\nLast Submission:2026-02-27T11:49:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047277", "uuid": "5152659b-3ef4-4223-b456-9ff61233a1ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047277", "to_ids": true, "type": "md5", "uuid": "6237ea73-08e7-4d79-b2f6-4b02cb38d54c", "value": "7ca528c170164f9945c87d5ba673b7b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018321", "to_ids": true, "type": "sha1", "uuid": "d4d882d8-4933-4969-89ed-41320ad810a8", "value": "bfb86c579e8a6ffc30b9976eb494fbed63939361", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018321", "to_ids": true, "type": "sha256", "uuid": "6e760148-46cd-423d-8730-cb13f782a22a", "value": "87929c8f53341a5e413950d33c7946c64e1d4b2eba6d1a8b2d08ef56f7065052", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009565", "to_ids": true, "type": "ssdeep", "uuid": "80b3a2ce-d8f6-4eca-baf6-64bb369fc13c", "value": "48:8TsqqK36GUS/JoMKjKLnAv7MlVKnKaSDMlmmIW5OGsMQN:8NXeUoMK2TkMKKaWMtTOGNQN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009565", "to_ids": false, "type": "size-in-bytes", "uuid": "fd45b607-17bc-42ce-9f07-7fc2e3c7d2f8", "value": "2134" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009565", "to_ids": true, "type": "filename", "uuid": "b3496e86-da26-495e-b01d-518872a35d9a", "value": "Post-Meeting_Report_US-Adriatic_Charter_Partnership_Commission.lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009565", "to_ids": false, "type": "text", "uuid": "4b00848e-7cf4-49e0-8716-6941931db3de", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:LNK/Malgent!MSR\nVT Total Detection:33/63\nFirst Submission:2025-12-26T08:37:08.000000+00:00\nLast Submission:2026-03-04T10:16:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047298", "uuid": "ee27a3ff-739a-4012-8245-ee66f3d0c644", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047298", "to_ids": true, "type": "md5", "uuid": "fc9d189f-e2ec-4733-9402-8863fcfcb40f", "value": "80fc64b636834e85ed58220d456cd5c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018322", "to_ids": true, "type": "sha1", "uuid": "8b7c6b4c-fa30-4e1d-8c91-8e293d2146e7", "value": "2989aa779d95c9e2d8cb3a65e2cb05203f0d562a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018322", "to_ids": true, "type": "sha256", "uuid": "54153e72-2af0-4e84-aeae-6ccc7c26022f", "value": "bcd30f2116f5ba6731c628483d597b2ba3620ed464c63875855906306beb102a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009587", "to_ids": true, "type": "ssdeep", "uuid": "97020026-86e0-44c1-bfb1-dba8eb2d6da8", "value": "24576:R4X1SmyMrjc/yh2mgiY2djPeUstqJDE8OX17gcHX6p8QUkHEPkrCUT:RC1SmyMrjc/g26vd7etwlE8MBgc1wHES" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009587", "to_ids": false, "type": "size-in-bytes", "uuid": "c2c927ab-2723-4bdb-aaf8-ef9f7daecb46", "value": "1477040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009587", "to_ids": true, "type": "vhash", "uuid": "2035a8ac-de45-4349-863f-763206283fa1", "value": "577d7f7bdc0c02e6a69bcb5e6ffbfebb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009587", "to_ids": true, "type": "filename", "uuid": "eaf0f315-1804-457a-b5d6-a65a322644cf", "value": "bcd30f2116f5ba6731c628483d597b2ba3620ed464c63875855906306beb102a.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 12/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009587", "to_ids": false, "type": "text", "uuid": "40596fd0-5ccd-4105-807e-707572676e7f", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:32/67\nFirst Submission:2026-03-19T10:03:28.000000+00:00\nLast Submission:2026-03-21T15:57:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047320", "uuid": "95c1b5f7-798c-43c7-96f9-f4d24ea0d3c1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047320", "to_ids": true, "type": "md5", "uuid": "5fb926c5-53b2-412f-8dba-f347cd2d5442", "value": "8a1a090b2c5de4a3c31b4062685aff9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018323", "to_ids": true, "type": "sha1", "uuid": "81b5ebc2-af2d-4b19-8f3d-800abdc4c7a0", "value": "83f522a490b6851aa9b30c1ec63c576e1fc120e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018323", "to_ids": true, "type": "sha256", "uuid": "aab9a25d-f564-4034-8ae9-0425e0e20354", "value": "e79d19d68d307c12413f8549aafa4a56776002dd04601e36e0125b2e6d56ff94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009609", "to_ids": true, "type": "ssdeep", "uuid": "2874b0a0-866c-49ac-8fd7-826057ecc0a3", "value": "24:8TwR8U0oVssGaZZ/PoWJojOKNoQS2WRmYlvsSjf+IPINOswRQ+K+cPWk+/CW:8IrVOU/wWiSKuQqxlvsSjmIPIAsMQN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009609", "to_ids": false, "type": "size-in-bytes", "uuid": "5976f682-c82c-4be3-9aff-ff1367a31274", "value": "2082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009609", "to_ids": true, "type": "filename", "uuid": "dc64a21b-36d0-401e-97d2-ffdd35a6d081", "value": "BRICS Report.lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009609", "to_ids": false, "type": "text", "uuid": "14c9a537-b82d-4810-8f45-0515bddc3ea1", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK.ADPB!MTB\nVT Total Detection:30/63\nFirst Submission:2026-02-24T17:48:58.000000+00:00\nLast Submission:2026-02-25T11:29:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047341", "uuid": "2e8e74d8-186d-47fd-a4a5-a1a91e06ea76", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047341", "to_ids": true, "type": "md5", "uuid": "87e59160-b558-4a44-9468-99000e80a8e5", "value": "9a574029357cbbba709a18f8d34df77f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018324", "to_ids": true, "type": "sha1", "uuid": "e6a4871d-6110-4c92-9120-fa891d0c982c", "value": "af99d1da4e1e272f54c8bd7f3eedaaa7bbfd9628", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018324", "to_ids": true, "type": "sha256", "uuid": "751929ae-d812-452e-98e6-9274cf7da021", "value": "3021f4d365a641722748c5e60d983a080db17bef8f0a1dbe624ffe63cd544cc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009673", "to_ids": true, "type": "ssdeep", "uuid": "e0d224a3-344f-4c85-8ebe-92e2f5b58237", "value": "12288:07I872qJn8X0A3MCOjinM+R9BDJh2Wq7:07UqJ8cuTGW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009673", "to_ids": false, "type": "size-in-bytes", "uuid": "e01d370c-8f1b-4dec-908d-29193ef634c7", "value": "582144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009673", "to_ids": true, "type": "vhash", "uuid": "dd0e6516-0957-479c-bb18-f7597c0549ce", "value": "15506665151d1d055bz32z2exz1b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009673", "to_ids": true, "type": "filename", "uuid": "a3de9355-1b25-4aa8-b439-d6ebfbf29f8d", "value": "Eraser.dll" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009673", "to_ids": false, "type": "text", "uuid": "bd78e1d4-0488-4081-8508-7c47c4afe003", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:46/72\nFirst Submission:2026-03-16T15:19:39.000000+00:00\nLast Submission:2026-04-02T04:04:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047362", "uuid": "c003dc17-37aa-4c57-ae83-3be69a14fda7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047362", "to_ids": true, "type": "md5", "uuid": "5cca804b-44c5-4f3b-abea-928b9fb01f31", "value": "a12357ff6c0f7b021f32b0c9cd3d01c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018325", "to_ids": true, "type": "sha1", "uuid": "db3a3ad0-b8f0-4746-9429-1093aba54d3b", "value": "8ec98b77cf9f01bc88b3ae82749256d56a100f64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018325", "to_ids": true, "type": "sha256", "uuid": "ccf83a5e-31ee-4f94-bd4c-026fe8102d34", "value": "e1e597852d684bd6d0395d5094e58831f13635f668e7cf66ba71b8b66be0ce6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009695", "to_ids": true, "type": "ssdeep", "uuid": "6a0555cc-903d-4137-bec1-304fd2fd06a8", "value": "24:8XVV0s9bC/QBkPYI/lTZlklpBsNhL/OsvGKy+Y0KYbuW+Iy1+K+cPWk+/CW:8k0b6NYeGo/v+nku5Iy9N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009695", "to_ids": false, "type": "size-in-bytes", "uuid": "c098e157-b244-4886-9f29-1422759fc171", "value": "2200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009695", "to_ids": true, "type": "filename", "uuid": "5e3754ae-3cbb-4eff-a8d5-f9d0ff3bc2ec", "value": "ATTD-ASIA-2025.lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009695", "to_ids": false, "type": "text", "uuid": "573f1901-e28d-4984-8161-b9497b98bca2", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: None\nVT Total Detection:29/63\nFirst Submission:2025-11-21T06:41:52.000000+00:00\nLast Submission:2025-11-21T06:41:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047383", "uuid": "b753d52c-2103-4b6a-919c-bdc8300cff58", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047383", "to_ids": true, "type": "md5", "uuid": "b90267e8-7cd0-4d9f-902c-f3dc00922f56", "value": "a29e49a21bf3469a0044be2e2b989ad3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018327", "to_ids": true, "type": "sha1", "uuid": "ecb0f6ea-3fed-4f4e-8906-6c2d202a4a4f", "value": "258d5d6cbdec6494415a09ffe707dd724d9535cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018327", "to_ids": true, "type": "sha256", "uuid": "6c33d51b-d390-42db-855b-000a4b162ff1", "value": "bc8b022c10bcab39da302446b0a50988de94607c7e724f2051578e8ed2f8bbe7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009716", "to_ids": true, "type": "ssdeep", "uuid": "fcde29f3-f68c-4d04-bd83-acfc7c3f860b", "value": "6144:u376Gik8QUB78D6YwZpmXScVk5GnQ+vfhwLTlVPIBrCUUZEPKzWff:u7p8QUkdRVoGvvfqtVPkrCUUZI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009716", "to_ids": false, "type": "size-in-bytes", "uuid": "4cc3b59e-cb87-4f68-abde-65ee9fcd8938", "value": "296848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009716", "to_ids": true, "type": "vhash", "uuid": "19094c72-30c4-444f-88c2-54ae038f5828", "value": "025046655d151091z1001700889z35z602006cfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009716", "to_ids": true, "type": "filename", "uuid": "c13a37c9-34ae-4272-b86d-d322abca91a7", "value": "Verify.EXE" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009716", "to_ids": false, "type": "text", "uuid": "4d90d267-8866-48af-b1d6-588357b7fff5", "value": "Type Description: Win32 EXE\nFile distributed by: ['Nanni Bassetti']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['ErsChk.exe']\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2009-12-16T13:26:52.000000+00:00\nLast Submission:2026-04-02T03:57:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047404", "uuid": "8d8544e4-f94f-4c73-8572-e6c2c3a5c984", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047404", "to_ids": true, "type": "md5", "uuid": "d8183bf8-c704-402b-bdda-59b576c5bcd0", "value": "a8082a80cef9ccee9d7a35f5366e3afb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018328", "to_ids": true, "type": "sha1", "uuid": "24b72f10-bf30-4938-8dba-476fec1cddde", "value": "1612f489f8a6b28cbc727b9489d5e972f3bce5de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018328", "to_ids": true, "type": "sha256", "uuid": "9e5181b0-3a11-4ec1-a4c5-84402cb4a105", "value": "e036e2ba402d808adbb7982ec8d7a207849ff40456633b2b372bc7916d9dc22f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009738", "to_ids": true, "type": "ssdeep", "uuid": "2d5bd033-adfc-47b1-a172-693226bcb5d5", "value": "49152:cU/n+xrnGqorqh76fDFxMnwL/1hgCxJ3k1t9g7D:N/QbMDFGnOgCxpkj9wD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009738", "to_ids": false, "type": "size-in-bytes", "uuid": "6b9ad7b0-77c0-45e4-a870-b04c49fc6367", "value": "1973301" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009738", "to_ids": true, "type": "vhash", "uuid": "df94f3f3-df8b-4aec-86be-bb029aff58bc", "value": "854c8c17362957f9dd08b54121ae5e15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009738", "to_ids": true, "type": "filename", "uuid": "5fbe05ff-0552-40f6-a65b-2bdd5ef9e0b4", "value": "ATTD-ASIA-2025.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009738", "to_ids": false, "type": "text", "uuid": "264aa321-f52d-41ab-b417-9e742de4792b", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:29/67\nFirst Submission:2025-11-21T06:36:48.000000+00:00\nLast Submission:2025-11-21T07:12:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047425", "uuid": "3b17d5ef-80f8-4342-9c5b-90819f19560f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047425", "to_ids": true, "type": "md5", "uuid": "61980c2a-f3ee-4f33-9b37-e67a36dbc731", "value": "a9c77dbe140490c5a22c3ae2536a8b32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018329", "to_ids": true, "type": "sha1", "uuid": "2c35472c-066c-429a-9f88-f7045e16b8c1", "value": "f5ce76038ffbb80bec76ea0c8aabe944ec92777c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018329", "to_ids": true, "type": "sha256", "uuid": "8e5d19a0-2a98-4937-9d8b-9e61bcb0f2fe", "value": "b1606ca49aa15eadb039f33d438697973b203693d0003e467e1f33b36d10a530", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009760", "to_ids": true, "type": "ssdeep", "uuid": "777ddd20-5501-4006-b3b0-c724b3f74b28", "value": "12288:8CRAP+JQpdFZNTTZSnxBXm6cvAgeOu0aSCB2t+1Hm00cCm5Rki:8C6mJaFZRTZeDaIgTpCkt6G02mvB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009760", "to_ids": false, "type": "size-in-bytes", "uuid": "c04f981e-3621-45a7-9d12-2fe13cabe727", "value": "1351585" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009760", "to_ids": true, "type": "vhash", "uuid": "b552c636-7fd0-4772-8ba1-04e821710563", "value": "061845065b8aba2f6ad659c3851252cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009760", "to_ids": true, "type": "filename", "uuid": "c4c9ddb5-b105-491b-a9fc-5d1fcc7802eb", "value": "Post-Meeting_Report_US-Adriatic_Charter_Partnership_Commission.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009760", "to_ids": false, "type": "text", "uuid": "c0ab902f-f10c-4f6a-a48e-6413cb7d54e7", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:32/67\nFirst Submission:2025-12-26T08:36:41.000000+00:00\nLast Submission:2026-03-05T02:02:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047446", "uuid": "73bc7c74-7871-4732-844c-50495a250ec6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047446", "to_ids": true, "type": "md5", "uuid": "0c736d1a-1c68-419f-91a4-236ecf234855", "value": "adb67ffe941a706b6343f94413f6e5f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018331", "to_ids": true, "type": "sha1", "uuid": "2bcef602-0475-40b3-9845-0a5467bdf0c9", "value": "49e02aee84df430d7ae448d7cd722401f8a2c9f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018331", "to_ids": true, "type": "sha256", "uuid": "65f81f21-51eb-4823-a102-e61aa3c16678", "value": "53086e3b557a1d21cf7f4ffc73d92c39b08872334a8cdb09dda0a06bd060cfe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009782", "to_ids": true, "type": "ssdeep", "uuid": "1af54ba1-c684-444a-8aa6-f1d953adc4e0", "value": "6144:hs7qbi3R8Yixur04bvSDY001dfdUkuSwdlzC1ZWG2:hs7rR04bqDY001b7undDG2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009782", "to_ids": false, "type": "size-in-bytes", "uuid": "7c171f3c-f5d8-4bbd-be54-90779f7f1102", "value": "279240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009782", "to_ids": true, "type": "vhash", "uuid": "25b29c39-7f86-428c-811e-b43a769f3706", "value": "025046655d15708043zb005b7z27z203004303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009782", "to_ids": true, "type": "filename", "uuid": "db5ca696-c223-4cff-a3c8-671f0d7c56a8", "value": "CNMSST2.EXE" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009782", "to_ids": false, "type": "text", "uuid": "cb58dd0f-f537-49bf-9365-01e7b694b07b", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2017-09-20T10:50:09.000000+00:00\nLast Submission:2026-04-06T03:30:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047468", "uuid": "7ffae67e-de58-482c-b73e-7769964e9da4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047468", "to_ids": true, "type": "md5", "uuid": "0cfec7c5-01ff-482e-8bb3-a5b345c2e813", "value": "bbcfb30c493faa48c07d1d46c9daf8da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018331", "to_ids": true, "type": "sha1", "uuid": "cb8fde29-f304-4651-a334-9166d08f1a98", "value": "43d6ddc2de9c01cdb5ef17ee4e3d88289fa51a23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018332", "to_ids": true, "type": "sha256", "uuid": "d4f003fb-06fb-4fd3-b0f1-9a6888716b6e", "value": "b394e7a3b350b2104b73e29a04e48e5ede5078b9a811abae58d842ce3442c6b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009804", "to_ids": true, "type": "ssdeep", "uuid": "ccff08fa-dd8d-47d3-a12b-92c1a6bfcc42", "value": "3072:x2dYbiCUxCPGc6E84EhLyw1/bO+HpOHHldmawa+mJZhQ9fzU7S2:QuFcCPG/E84Edyw1/SAeHzmaLJq9fzUl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009804", "to_ids": false, "type": "size-in-bytes", "uuid": "1c930bc8-8c17-4720-877f-a533e75892ec", "value": "113803" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009804", "to_ids": true, "type": "vhash", "uuid": "f7651e8d-1a0d-46cc-ad51-05c65444e8bb", "value": "2566c4f2549d8bfb19f1f8d4dc725448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009804", "to_ids": true, "type": "filename", "uuid": "a1c0b870-00a1-4b1c-ae20-cc0ace748f47", "value": "b394e7a3b350b2104b73e29a04e48e5ede5078b9a811abae58d842ce3442c6b3.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009804", "to_ids": false, "type": "text", "uuid": "150a4b24-fefc-418f-a3d7-f8a673af70de", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:10/69\nFirst Submission:2026-02-25T08:44:17.000000+00:00\nLast Submission:2026-04-07T11:35:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047489", "uuid": "60e98cc4-04b2-40a4-a7f1-8bd43b783097", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047489", "to_ids": true, "type": "md5", "uuid": "5f1b3afc-baf0-4fae-aeb8-03715bb6392a", "value": "bd6c687a3908052ee14b7d5178442a72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018333", "to_ids": true, "type": "sha1", "uuid": "d2f69bf6-905d-4dfe-a7cb-4227910a29d1", "value": "b4dba13f8777ed6578df8beb879ed664590958b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018333", "to_ids": true, "type": "sha256", "uuid": "390466a8-70ec-4915-acc1-74914f6b4575", "value": "56f0247049be8b9dc1da7c55957d2fb4f7177965ba62789c512f3e2b4c0c5c26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009826", "to_ids": true, "type": "ssdeep", "uuid": "fbdc51d4-6a7f-495e-9466-efe9983043dd", "value": "24576:eijgwxAdLJ+Sp2RAdL6NzssHvEZWv2xlMueaissp4Mn13btHg1k61WLxONxrkwt:edeAdLU0L6BZPHexOwir4M1LasNON5t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009826", "to_ids": false, "type": "size-in-bytes", "uuid": "61a70ab2-af19-4fb7-93a6-e3f1cc77ee97", "value": "1331845" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009826", "to_ids": true, "type": "filename", "uuid": "eb9f71d5-52d6-4f22-9a32-7d92497ec674", "value": "cnmplog.dat" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009826", "to_ids": false, "type": "text", "uuid": "b2d2bc36-789b-4a5f-bb76-6cca2bcfb427", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:3/62\nFirst Submission:2025-10-03T09:40:51.000000+00:00\nLast Submission:2026-01-19T07:06:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047510", "uuid": "492ac68d-5e1f-46a0-87c0-b7cf4204ef39", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047510", "to_ids": true, "type": "md5", "uuid": "d63b2204-5210-45a8-8723-66fd9ef9b7de", "value": "c24a8d717176ba9b1e53991b13ef9ba9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018334", "to_ids": true, "type": "sha1", "uuid": "5a667a86-6c26-4b91-b8f5-cbd05b7ad75c", "value": "b0a380e1387dc8e65553350b2851747de7177299", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018334", "to_ids": true, "type": "sha256", "uuid": "12b2b6e4-7f7c-475f-9d0a-81a9062159f4", "value": "e31eafb49dbcad079ff177703b5a033f3e0365991cf28492339eccfe0fdf812c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009848", "to_ids": true, "type": "ssdeep", "uuid": "d8074b3a-4c60-46ec-b58a-dcac3ebc2ed2", "value": "24:8Xss+8Ucaa6vRsGaT3vF/YBe2GFnKiDJWRm91lvviE/Nf+IWxMGUswRQ+K+cPWkK:8Mc3GK/msKoGyvKE/NmIWqfsMQN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009848", "to_ids": false, "type": "size-in-bytes", "uuid": "6d98f602-af66-4024-a821-db03f0c20b1c", "value": "2136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009848", "to_ids": true, "type": "filename", "uuid": "add50509-403a-4697-8772-655c57306c4b", "value": "Concept_Note_2nd_Global_Buddhist_Summit_2026.lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009848", "to_ids": false, "type": "text", "uuid": "6ffa8cb4-a789-492e-9e0e-1a251cce0a88", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK.ADPB!MTB\nVT Total Detection:34/63\nFirst Submission:2025-12-29T02:22:12.000000+00:00\nLast Submission:2025-12-31T17:00:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047531", "uuid": "7bc5cbf3-0f47-4116-a848-85e02048585f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047531", "to_ids": true, "type": "md5", "uuid": "4d6b0335-4065-4e09-aeea-c588733b014d", "value": "c27462566a4cc90b015664ab55caa250", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018335", "to_ids": true, "type": "sha1", "uuid": "6469669d-dceb-4bbe-9c8b-5ed0e86f24f5", "value": "e9aa4858ed341e964609b060138f3e37d5202345", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018336", "to_ids": true, "type": "sha256", "uuid": "6ce3ea00-cc89-452d-9986-2c7578a904e3", "value": "f988d58e4a32b908ff7a557d740c6860c59807832c7626774330dcaed65ead14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009870", "to_ids": true, "type": "ssdeep", "uuid": "ce670b98-573c-45d1-83dd-90cfaec045c7", "value": "12288:rQZDUpVu3oah9t+CjMbr7tUh4rNUS4rmdxKgG8oUh4ryNYxvbw0lt8IJ:rQxoah9YCjK1Uh4rNUS4rmdxKgG8oUhw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009870", "to_ids": false, "type": "size-in-bytes", "uuid": "2750b0ae-cc76-45a4-8129-94b6b914e903", "value": "589053" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009870", "to_ids": true, "type": "filename", "uuid": "6a867cc8-1d18-4436-a220-66d77bb265b6", "value": "backupper.dat" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009870", "to_ids": false, "type": "text", "uuid": "31203bca-62f0-4667-831a-f0ce626559d8", "value": "Type Description: unknown\nMicrosoft: Trojan:Win32/GreedyRobin.C!dha\nVT Total Detection:22/62\nFirst Submission:2026-01-17T15:22:59.000000+00:00\nLast Submission:2026-01-17T15:22:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047552", "uuid": "808253f9-96bc-42ec-a925-0996ba36be2d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047552", "to_ids": true, "type": "md5", "uuid": "682c32db-102d-4d0f-8af2-a83ed85420cf", "value": "c3c98201b693760f4de8495595ebbe7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018336", "to_ids": true, "type": "sha1", "uuid": "43815343-925e-4d3e-bf08-3980bbfa5526", "value": "0f203358170d69c2ca2995fdc8adb9d9a7f47d5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018336", "to_ids": true, "type": "sha256", "uuid": "db886b00-e7e2-400a-bd54-0483231d8a0f", "value": "7c96d08f5ce46d1a857184490a7e68ca2b02e9cbe9d188742f184f21bc9c62d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009891", "to_ids": true, "type": "ssdeep", "uuid": "cbdc0faf-7390-406e-ae0d-196bc4471b71", "value": "24:8sTBfMdTSqDJxuETbKnYeL/CKatUv9BgXayaytFkWrUMkWSml0mZ+K+cPWk+/CW:8gBf0pJ4IGrCqv99ZytFHHqmdpN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009891", "to_ids": false, "type": "size-in-bytes", "uuid": "9f913e7e-5ac9-4d3e-b657-15e0511d3a15", "value": "2460" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009891", "to_ids": true, "type": "filename", "uuid": "bd250dff-fce5-49ec-bfd3-bdac0441c19c", "value": "JATEC workshop on wartime defence procurement (9-11 September).lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009891", "to_ids": false, "type": "text", "uuid": "031c4fe9-6eb0-4b33-99c1-94138377c89b", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/WinLNK.CQ!MTB\nVT Total Detection:32/63\nFirst Submission:2025-10-28T08:07:43.000000+00:00\nLast Submission:2025-10-28T08:07:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047574", "uuid": "e91c19df-1bb0-42e4-9c9b-edaa6c754745", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047574", "to_ids": true, "type": "md5", "uuid": "bf7f92cb-9772-4db7-9ad6-646503573ff4", "value": "c647e6e683a88af07d861847a18468f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018338", "to_ids": true, "type": "sha1", "uuid": "d2e4d1ff-2485-4514-85cb-3bf94544cb18", "value": "68932940cebf56bb2fe65e4cf53781a97579599a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018338", "to_ids": true, "type": "sha256", "uuid": "6d538e2b-bc6e-4032-bd7d-5ad23d5e69eb", "value": "44cfba85aa27265779b01f6eb8b69718462b1ca8078b21066061e8d1622dff7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009913", "to_ids": true, "type": "ssdeep", "uuid": "1a3a9f2d-67e2-4461-91ad-aca799dc0568", "value": "24:vpmGSXW2GOCsRTtzoP64DelWzdQIt/NQh2cTgdEXZKLqyXvAwf/CCjls:vpguHs5tzoPfDDzdpt12gmyXv7Ns" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009913", "to_ids": false, "type": "size-in-bytes", "uuid": "1676603e-39b2-4dc2-91d7-5416b41f4232", "value": "3584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009913", "to_ids": true, "type": "vhash", "uuid": "be6c3109-e239-4dd0-ae8f-be0fdea8ebd0", "value": "133046551d051.z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009913", "to_ids": true, "type": "filename", "uuid": "ad0bdb03-2100-40b7-a4d6-cf70fab418b0", "value": "44cfba85aa27265779b01f6eb8b69718462b1ca8078b21066061e8d1622dff7a.dll" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009913", "to_ids": false, "type": "text", "uuid": "bc1a78f9-c150-4281-bdf7-2bea2b4ee305", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Korplug.AEPB!MTB\nVT Total Detection:50/72\nFirst Submission:2026-03-03T12:03:31.000000+00:00\nLast Submission:2026-03-04T06:44:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047595", "uuid": "7cc89e9e-06b4-4115-998e-9017bd68c87b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047595", "to_ids": true, "type": "md5", "uuid": "1112830b-f651-4a0b-9f5c-38b21d181180", "value": "d71ff71b7d5b7daf4ad892b0e7baca03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018339", "to_ids": true, "type": "sha1", "uuid": "75018eec-9226-4b7f-b212-0e501329c352", "value": "2c16f2830aa36848ca61272c2e4305102bfad537", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018339", "to_ids": true, "type": "sha256", "uuid": "524a8638-39a0-4031-80d6-94f3d2c0ec96", "value": "c5267fefaac1764eba5f42681eb216f146b7d18fcbf546275d33e70cb36fdfba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009935", "to_ids": true, "type": "ssdeep", "uuid": "0fcddd25-bed7-4f1f-8d8c-09917a702077", "value": "6144:27meON77rQiPy/tHzdrUAFkHHuEoL4E6eeBBvUdj2CnB7E2Oyp3CUIvbEKj11DHn:28rfAFkHWhkLkRdr7/dOkTW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009935", "to_ids": false, "type": "size-in-bytes", "uuid": "cde2c2d3-6ff8-46ad-b887-3c8f67459253", "value": "629154" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009935", "to_ids": true, "type": "filename", "uuid": "a8fb04f5-0d00-49e1-bd49-a7204dd7c4e6", "value": "Eraser.dat" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 12/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009935", "to_ids": false, "type": "text", "uuid": "03c2b8fa-20aa-4a8e-917f-2fc4198ad394", "value": "Type Description: unknown\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:20/62\nFirst Submission:2026-03-16T15:23:55.000000+00:00\nLast Submission:2026-04-02T04:05:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047616", "uuid": "a070d541-324b-4d87-b2f4-fc34427946ae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047616", "to_ids": true, "type": "md5", "uuid": "5efb7650-598c-4252-ac03-e8fe8e8caa14", "value": "dd82199fe9a36850aaaa6bf28293380a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018340", "to_ids": true, "type": "sha1", "uuid": "fa33b7f3-c31e-4903-98e5-000d9dc358f6", "value": "7552c901c68b9d57c7b6c29a34ff7cf4441b2047", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018341", "to_ids": true, "type": "sha256", "uuid": "610fe4ba-1c61-464c-919d-e4b4f857e1eb", "value": "a95e3857e2f32c2a9c23accadebc1ad6aabf73fed9d63c792d69122d9ec6726d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009956", "to_ids": true, "type": "ssdeep", "uuid": "0719eff6-9487-4ae1-be60-0de7823083c1", "value": "24:8nLfl6sGapp/wSKnOM3SS9vWtoZKBjWVIWz+IgEWDjGcPWk+/CW:8nWc/wSKd3rvWSZqjW+W6IBWDjVN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009956", "to_ids": false, "type": "size-in-bytes", "uuid": "a38bec68-516c-4d7c-a06f-1bbce7dba755", "value": "2188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009956", "to_ids": true, "type": "filename", "uuid": "022c2447-59be-422d-978a-9efba233f23e", "value": "Energy_Infrastructure_Situation_Note _Tehran_Province_2026.lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009956", "to_ids": false, "type": "text", "uuid": "5365a4cc-8794-44cb-b156-59c97c8d0cc9", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: None\nVT Total Detection:30/63\nFirst Submission:2026-03-16T14:34:17.000000+00:00\nLast Submission:2026-04-12T08:06:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047638", "uuid": "2bfe427a-5dd6-4688-ba33-5b22e44ecbd9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047638", "to_ids": true, "type": "md5", "uuid": "269fa534-62b8-4e3f-8a32-2e7b5a254a9f", "value": "ddd5f542c15be47f9e1d8a52768a1b1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018341", "to_ids": true, "type": "sha1", "uuid": "f2642e0b-5c01-47f8-aa05-2c816b21517f", "value": "bffb14c389ce70d00eff88e6fb151629d589efc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018341", "to_ids": true, "type": "sha256", "uuid": "9c315efe-35cf-49a3-90d5-98f4ea5331fb", "value": "784a914bd1878ad68a6cf3f693da5ddcc2f04b794204333098ad749b7e372fd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776009978", "to_ids": true, "type": "ssdeep", "uuid": "1343fad8-8499-4d5c-ae92-f0865ac297e1", "value": "24576:rD9Yz39Zimvrv692Cf8U3VIj+d47CuTwMuUjIgTpCkt6G02mvk:tYz39Zimvrv692Cf8U3yjlTwBCt6x2m8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776009978", "to_ids": false, "type": "size-in-bytes", "uuid": "430ba054-ee0b-4111-b48a-78ae93999ea5", "value": "1536886" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776009978", "to_ids": true, "type": "vhash", "uuid": "ea09b9eb-f85f-427d-bf0d-af5a0fc273f8", "value": "061845065b8aba2f6ad659c3851252cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776009978", "to_ids": true, "type": "filename", "uuid": "47fa808e-5e4c-46f2-8955-e4b343a09319", "value": "784a914bd1878ad68a6cf3f693da5ddcc2f04b794204333098ad749b7e372fd4.zip" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776009978", "to_ids": false, "type": "text", "uuid": "bc0c0634-7640-41fc-8be4-40bbeddd3b7d", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:35/67\nFirst Submission:2025-12-29T02:21:43.000000+00:00\nLast Submission:2025-12-29T02:21:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047659", "uuid": "b0fd6644-7402-454d-9956-b00ccd5eba74", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047659", "to_ids": true, "type": "md5", "uuid": "d364a152-5e47-4783-906c-d7f783b82141", "value": "e78d4f1f53123ceffedac6d4698438b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018343", "to_ids": true, "type": "sha1", "uuid": "31a37835-a975-4d28-a7d9-73ab2ef85419", "value": "a019aaa7b90bca17ef8f9910db3ad7c0a3c2afe4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018343", "to_ids": true, "type": "sha256", "uuid": "32df0167-21ac-4dd6-90b3-a89cedb6c885", "value": "ae8d2cef8eac099f892e37cc50825d329459baa9625b71fb6f4b7e8f33c6ccce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776010000", "to_ids": true, "type": "ssdeep", "uuid": "08ea0384-a014-45a2-b3d5-e38304500d94", "value": "48:vpgEGF+7kD8yOaheurrEqCGLW4tCJRyXBQMZPsJajDL4xzKgY:Bf+OfaheuPDfLW4tC2RJDL4xmv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776010000", "to_ids": false, "type": "size-in-bytes", "uuid": "f74a1dc3-a145-4d92-869a-1b5e27ffdd4a", "value": "4096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776010000", "to_ids": true, "type": "vhash", "uuid": "759531cd-97cb-406c-94eb-7384a5d003f0", "value": "143046551d051.z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776010000", "to_ids": true, "type": "filename", "uuid": "d3286de6-f43c-490a-9af4-a4888beb3ed0", "value": "cnmpaui.dll" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776010000", "to_ids": false, "type": "text", "uuid": "7f462479-489d-4ce7-8140-405645d77188", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Korplug.GZF!MTB\nVT Total Detection:44/72\nFirst Submission:2025-09-30T03:41:12.000000+00:00\nLast Submission:2026-04-07T11:15:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047680", "uuid": "a8a3226d-acc8-4515-9c2c-4e55bfc3312d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047680", "to_ids": true, "type": "md5", "uuid": "59e35882-34c0-48f6-8898-85849d5be983", "value": "e7cb954f4bbdbadbd2c0206577621683", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018344", "to_ids": true, "type": "sha1", "uuid": "2f1cf6a1-3040-4031-9155-e4d20afa412c", "value": "f06da8e29c3f0fafabfc3a524ae8b21730b57ed3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018344", "to_ids": true, "type": "sha256", "uuid": "f089972e-a657-4856-8557-e593bc540266", "value": "8421e7995778faf1f2a902fb2c51d85ae39481f443b7b3186068d5c33c472d99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776010022", "to_ids": true, "type": "ssdeep", "uuid": "818741de-4251-4225-aac0-9201af922624", "value": "12288:4PIk8PsSPsHPj+aREi6AcE9sOrePwzbRTdUqRbu/jvt3yOMe1+X4C65H6vr:iEM/sOrePOdecu/zt3cZX3wu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776010022", "to_ids": false, "type": "size-in-bytes", "uuid": "820855fd-54ed-4e03-9466-6183c646497f", "value": "943696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776010022", "to_ids": true, "type": "vhash", "uuid": "1239c16e-f9aa-406b-937f-39be160ad7d8", "value": "095056655d55156188z887zb09013z102001gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776010022", "to_ids": true, "type": "filename", "uuid": "29991f54-77ba-4d52-9faa-ac8d3f4636c0", "value": "AVK.exe" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776010022", "to_ids": false, "type": "text", "uuid": "e167c210-acf4-4918-975f-052f729fb31f", "value": "Type Description: Win32 EXE\nFile distributed by: ['G DATA CyberDefense AG', 'G DATA']\nData sources: ['gdata', 'monitor_gdata']\nVerdict filename: ['AVK.exe']\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2025-07-01T15:30:50.000000+00:00\nLast Submission:2026-04-03T03:21:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047701", "uuid": "daa61070-f0eb-425d-9c77-ad06a574f52d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047701", "to_ids": true, "type": "md5", "uuid": "028f0d65-68e4-45f3-948b-bad641a66afe", "value": "f15c9d7385cffd1d04e54c5ffdb76526", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018345", "to_ids": true, "type": "sha1", "uuid": "0cb3ee18-7dd9-4521-be4c-b712bacf9045", "value": "f9dd7f8846dc10164b348cfdf878a611c79e4c00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018345", "to_ids": true, "type": "sha256", "uuid": "126dafb4-2d5d-465a-9a9a-c0f548319236", "value": "262a1003a2cd04993b29e687686eba573d6202fea8611c437ecbd6312802677a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776010045", "to_ids": true, "type": "ssdeep", "uuid": "88c295c1-f7f9-4f14-a7b7-e42f437109d7", "value": "24576:/fdJECRsEUrQFZUVqZLCd3r0PwO7EpMKWSD9ug2V:/VJlRsE2QfLCh0Pw85cZF2V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776010045", "to_ids": false, "type": "size-in-bytes", "uuid": "4a952025-7311-42cf-9cf5-e87fc34ebc63", "value": "1062295" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776010045", "to_ids": true, "type": "vhash", "uuid": "7b9866a6-8ae6-4f2d-a7b5-4d0470a0840d", "value": "061845065b8aba2f6ad659c3851252cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776010045", "to_ids": true, "type": "filename", "uuid": "609a3007-a46b-4408-8a79-31252e7bdd2e", "value": "xjr8rdt.exe" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776010045", "to_ids": false, "type": "text", "uuid": "0798033d-c482-4cf0-a756-618003c4e6e2", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:32/67\nFirst Submission:2025-10-28T08:07:14.000000+00:00\nLast Submission:2025-10-31T06:27:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047723", "uuid": "197ff77b-2d2b-479d-bbec-65c66bbfa71a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047723", "to_ids": true, "type": "md5", "uuid": "a808a078-840e-4fe6-8468-93a8fcc41a6f", "value": "f331af4c164a40d13b24def0818e0198", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018346", "to_ids": true, "type": "sha1", "uuid": "3b63b5b8-d58a-49c7-a94e-3c88dd17a082", "value": "0913be3e99bc53232db6c5213a578e999c70deb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018346", "to_ids": true, "type": "sha256", "uuid": "9b534e38-aaab-4460-b821-8a12b60efddf", "value": "8c0051a83b3611ff2b669b670aa005633f3d9e844454a112b31d2a4bc944a234", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776010066", "to_ids": true, "type": "ssdeep", "uuid": "da071739-823d-4de4-84c9-4f47b892055d", "value": "6144:cFvUlgBUTr9Mu05gSi9B9tx4t+8YOaFW+m0R3CVaAOKCER0u+GIIIIIIIhIIIII6:UvAgeOu0aSCB2t+1Hm00cCm5Rka" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776010066", "to_ids": false, "type": "size-in-bytes", "uuid": "f19017a1-c58d-4ae3-8eb2-2cf2f1422edf", "value": "619104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776010066", "to_ids": true, "type": "vhash", "uuid": "e8f477e4-ba72-4375-b6e6-61eea9ce2370", "value": "065056656d15556az71bz13z12z13ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776010066", "to_ids": true, "type": "filename", "uuid": "8d6e4e3a-b37c-483b-a30e-bcef945b28fe", "value": "steam_monitor.exe" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776010066", "to_ids": false, "type": "text", "uuid": "c684b949-a565-4a38-a7c7-aca58e40fdc7", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2025-06-30T21:17:07.000000+00:00\nLast Submission:2026-03-17T15:53:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047744", "uuid": "5fb29b98-55b8-44d8-a33b-0f002091e314", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047744", "to_ids": true, "type": "md5", "uuid": "4a448d0d-fd41-44ae-9683-0301715dec4d", "value": "fa107167ff9303c06c8c7c518a7a1923", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018348", "to_ids": true, "type": "sha1", "uuid": "e3a75eaa-bde9-4ac0-8e1a-13ac969114ef", "value": "7d5c92191b9857a708fdebc996cc6f10cf5ed7e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018348", "to_ids": true, "type": "sha256", "uuid": "8a27dca6-e730-41a5-ac4f-07d9ad28e0df", "value": "1df74ce45aa9320c48858eddce3f46f5687fbfdcfd497d92a1e17476e7a2951e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776010110", "to_ids": true, "type": "ssdeep", "uuid": "ce412610-1355-47c9-bb36-1aa9c7d4027d", "value": "48:8nvQ2OrAjlxzkPaxctpgf3HR4/mlMqnqKY7CvWONF0jW1W6IBWbeV0b3:8vQ2OGkPaxmpgv7oKuoF0IK0b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776010110", "to_ids": false, "type": "size-in-bytes", "uuid": "39895116-6d4f-407e-af8f-50b957bd549b", "value": "2741" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776010110", "to_ids": true, "type": "vhash", "uuid": "f5726205-4d92-4da2-9c88-9474e3e467cf", "value": "1aa659e046d1121325e44aed44bb27f4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776010110", "to_ids": true, "type": "filename", "uuid": "13f00c97-39d3-4283-bd1b-4e8f13bb2588", "value": "OECD_Update_on_implications_for_energy_markets_of_events_in_the_Middle_East.lnk" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776010110", "to_ids": false, "type": "text", "uuid": "a54d6af8-1c42-4c52-abe5-6a1caa82bbe3", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:32/63\nFirst Submission:2026-03-19T10:03:48.000000+00:00\nLast Submission:2026-03-19T10:03:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776047765", "uuid": "14f387e5-f6ad-4901-9f50-e557d083a465", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776047765", "to_ids": true, "type": "md5", "uuid": "032a0d74-3405-446b-8828-4e0a876fb3ca", "value": "fb56f1d79d491a2557112d072baf5ab2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018348", "to_ids": true, "type": "sha1", "uuid": "5e526400-ffbc-46be-bcd6-2f049ae302af", "value": "88889d7a7ca00f7a4f4611b5c4db51a1f744fcf6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018348", "to_ids": true, "type": "sha256", "uuid": "abbb6868-444f-4508-88a0-08445b05c39b", "value": "79e0ab17e761a00ad12b9848f1f07b507f57db532fa2df8c722693e14feb17c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776010131", "to_ids": true, "type": "ssdeep", "uuid": "011bfd5d-71da-4d1e-ad93-2255ab7a7e4d", "value": "24576:/LCZxe/qxJehl5ztil7uLXkeXcYSJ9ww+m6BJKoXMfmnN+DQ8L+tia+:SQqGDmhesYK9wRjKoXemNwLaL+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776010131", "to_ids": false, "type": "size-in-bytes", "uuid": "ffd7da8b-f981-43db-9bec-81070e05014e", "value": "2179363" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776010131", "to_ids": true, "type": "filename", "uuid": "0fd63291-f923-4ad7-ad44-5e127dae1012", "value": "vysZcjNT" }, { "category": "Other", "comment": "Checked: 12/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776010131", "to_ids": false, "type": "text", "uuid": "604482ff-6e92-4f36-aa6b-543ab0462c7b", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:4/63\nFirst Submission:2026-02-09T03:23:51.000000+00:00\nLast Submission:2026-02-09T03:23:51.000000+00:00" } ] } ] } }