{ "Event": { "analysis": "1", "date": "2026-03-13", "extends_uuid": "", "info": "[Threat Intel] New backdoor targeting Ukrainian entities with possible links to Laundry Bear", "protected": false, "publish_timestamp": "1774245843", "published": true, "threat_level_id": "2", "timestamp": "1774245842", "uuid": "5a4b14b9-f2cc-475d-b2fb-0314bd1c99d2", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#4e4e0a", "local": false, "name": "misp-galaxy:producer=\"Lab52\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#3eb869", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Void Blizzard\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773802821", "to_ids": false, "type": "link", "uuid": "4bdac4a0-73a3-491f-b4a9-c5f95a2649e8", "value": "https://lab52.io/blog/drillapp-new-backdoor-targeting-ukrainian-entities-with-possible-links-to-laundry-bear/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773802821", "to_ids": false, "type": "text", "uuid": "518c7342-6fe7-406c-8463-fabc1c9454f2", "value": "A new campaign targeting Ukrainian entities has been identified, attributed to actors linked to Russia. The campaign uses judicial and charity-themed lures to deploy a JavaScript-based backdoor called DRILLAPP, which runs through the Edge browser. This backdoor enables various actions including file manipulation, microphone access, and webcam capture. Two variants of the campaign have been observed, with the second variant introducing additional capabilities. The attackers utilize the browser's capabilities to evade detection and gain access to sensitive resources. The campaign shares tactics with a previously reported Laundry Bear operation, leading to a low-confidence attribution to this group." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773802821", "to_ids": false, "type": "text", "uuid": "4b0a5e91-eab9-4bff-90bb-f12a3ee12fc7", "value": "Name: New backdoor targeting Ukrainian entities with possible links to Laundry Bear\nAuthor: AlienVault\nAdversary: Laundry Bear\nTags: [\"websocket\", \"drillapp\", \"backdoor\", \"cpl files\", \"edge browser\", \"ukraine\", \"javascript\", \"russia\", \"lnk files\"]\nTgtd countries: [\"Ukraine\"]\nMlwr families: [\"DRILLAPP\"]\nAttack_ids: [\"T1113\", \"T1033\", \"T1056.001\", \"T1059.007\", \"T1074.001\", \"T1082\", \"T1005\", \"T1083\", \"T1057\", \"T1547.001\", \"T1071.001\", \"T1105\", \"T1204.001\"]\nIndustries: [\"Government\", \"Defense\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1773802821", "to_ids": false, "type": "threat-actor", "uuid": "59f9f058-b538-43be-a0e9-7779c5526895", "value": "Laundry Bear" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237023", "to_ids": true, "type": "ip-dst", "uuid": "3c7463aa-151d-420a-b2c0-15d91086caea", "value": "188.137.228.162", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237045", "to_ids": true, "type": "ip-dst", "uuid": "d361b39f-3835-4ae5-86ac-eee8aa325321", "value": "80.89.224.13", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237068", "to_ids": true, "type": "url", "uuid": "40a0a4cf-d5ba-48d9-93ac-9c4d31625df0", "value": "https://pastefy.app/f69UjsFE/raw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237090", "to_ids": true, "type": "url", "uuid": "0fe01f79-07a5-4add-bd11-4ff22a9c1ba0", "value": "https://pastefy.app/nkjTcFw3/raw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237112", "to_ids": true, "type": "url", "uuid": "68cebf65-b764-4fb2-a2e4-0fdf629ea980", "value": "https://short-link.net/ZVMEq", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237134", "to_ids": true, "type": "url", "uuid": "c1d9aaef-17fd-4992-89fd-b33707e05184", "value": "https://short-link.net/KCVTt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237156", "to_ids": true, "type": "url", "uuid": "54b6f061-110c-40d9-a6bc-4d5f9fe50512", "value": "https://iili.io/fphPR3b.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237178", "to_ids": true, "type": "url", "uuid": "cee5f405-fff9-4999-ad32-3409cc9d2751", "value": "https://short-link.net/HdviE", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237200", "to_ids": true, "type": "url", "uuid": "c9e5e1dd-4852-40a8-933c-542e66782653", "value": "https://iili.io/q995YYu.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237222", "to_ids": true, "type": "url", "uuid": "d2e4d86e-12db-48e2-9b52-764aeb16b75e", "value": "https://iili.io/q995zhl.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237244", "to_ids": true, "type": "url", "uuid": "0d6d8539-880d-4b5f-913d-099ed341272a", "value": "https://iili.io/q995IQ2.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774237267", "to_ids": true, "type": "url", "uuid": "2b14a40f-e048-4e8a-855f-4f62466345ee", "value": "https://iili.io/qKOFGe4.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237289", "uuid": "2d3ad48c-bb0d-48bd-bbdc-6734da1870b5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237289", "to_ids": true, "type": "md5", "uuid": "0b402f27-8b46-4f1f-8da9-1540487e5a30", "value": "0931c9edff01d16474d858f170662655", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234983", "to_ids": true, "type": "sha1", "uuid": "32d4b5eb-a10c-417b-8730-d1b1b6e1af20", "value": "63521be6b3131f8ee4304eb91bb75292ecf56a39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234984", "to_ids": true, "type": "sha256", "uuid": "8131ff12-618e-4914-a8dd-ccb0ae11e3b8", "value": "993d55f60414bf2092f421c3d0ac6af1897a21cc4ea260ae8e610a402bf4c81c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232379", "to_ids": true, "type": "ssdeep", "uuid": "435815a1-6992-40a9-a5d1-04e6604ed8b1", "value": "3072:SYCYUaKfmSGrxnLDpbKrrq4u1PwDjFNo3:HC0Kfm7FtbKvLA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232379", "to_ids": false, "type": "size-in-bytes", "uuid": "293d611f-9edd-4958-9354-2291baa2d728", "value": "126464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232379", "to_ids": true, "type": "vhash", "uuid": "aee66869-43d9-44c6-aeef-bc3ab909078b", "value": "115076655d155d05155018z4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232379", "to_ids": true, "type": "filename", "uuid": "0572a181-d6eb-4126-8f70-4e722ad4e189", "value": "\u0424\u043e\u0442\u043e__\u0437\u0431\u0440\u043e\u0407_2.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232379", "to_ids": false, "type": "text", "uuid": "0563c410-16c5-403a-a9fb-689f6c751283", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:43/72\nFirst Submission:2026-02-23T11:58:07.000000+00:00\nLast Submission:2026-02-24T12:34:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237311", "uuid": "01df2ca2-1ce6-43d9-a2b3-98fc99fb7205", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237311", "to_ids": true, "type": "md5", "uuid": "1b6d003c-6050-420e-bff6-1db34a8cdf48", "value": "2fd16e8c5cc95469ee34117b499beb81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234986", "to_ids": true, "type": "sha1", "uuid": "65e46b71-5bda-48fa-a180-f02686a01276", "value": "3e524eea80139f4afaf998b27a1182fb2194c8e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234986", "to_ids": true, "type": "sha256", "uuid": "38c98fa1-2db6-43ba-845f-1e4ec5183524", "value": "a545908c931ec47884b5ccfb1f112435f5d0cdac140e664673672c9df9016672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232402", "to_ids": true, "type": "ssdeep", "uuid": "10052b44-9e13-4c6b-a775-46c0af28aad4", "value": "3072:MR3iF/csSWYzV10svtVjuP9yNFPQBdZMRyq2jIGf2DcsdMsUA1Ie6wHVp:q+PSWYQsvtQVuRCjIr5Ijq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232402", "to_ids": false, "type": "size-in-bytes", "uuid": "d6e881b4-9d1f-4e09-8a60-25628aa97245", "value": "241152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232402", "to_ids": true, "type": "vhash", "uuid": "8b816abf-0386-4964-859b-4afe579be4e9", "value": "125076655d155d05155018z59?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232403", "to_ids": true, "type": "filename", "uuid": "f5b7cc01-066e-450f-b48e-af9947cdd679", "value": "per_gener_site.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232403", "to_ids": false, "type": "text", "uuid": "5fb396ae-4d16-4fe0-95f8-279b67882537", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:49/72\nFirst Submission:2026-03-10T09:43:17.000000+00:00\nLast Submission:2026-03-10T09:43:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237333", "uuid": "502e6e65-c96f-4962-a278-b7c0a9eb1aca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237333", "to_ids": true, "type": "md5", "uuid": "04e61688-168e-4269-9d0e-acc7c5c06c76", "value": "3080e3341220ff532706dfb2d6b7e8eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234988", "to_ids": true, "type": "sha1", "uuid": "29fe6f80-0300-4b20-b8ed-5b37dd225c5c", "value": "6135b621f7f8d1f32c7cc99bd4b99012d46bacbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234988", "to_ids": true, "type": "sha256", "uuid": "178094b4-e47d-4b40-b0ca-f817dcdc2f76", "value": "76eb713e38f145ee68b89f2febd8f9a28bbb2b464da61cb029d84433a0b2c746", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232426", "to_ids": true, "type": "ssdeep", "uuid": "64187639-d87a-4ff1-8259-24d859c2afde", "value": "3072:BVWl2NheSWAcvGJx7TvGpSBDnrmnj07RmdeVQ43ohPTkgu7:BVWl2NheSEGf7MSBDrmnQ1ynkWLkX7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232426", "to_ids": false, "type": "size-in-bytes", "uuid": "c86e4f97-dbb9-4f5d-bbf9-7ba1f5fa8191", "value": "251281" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232426", "to_ids": true, "type": "filename", "uuid": "890728b0-6d4f-488e-a56d-38a3d239964e", "value": "76eb713e38f145ee68b89f2febd8f9a28bbb2b464da61cb029d84433a0b2c746.js" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232426", "to_ids": false, "type": "text", "uuid": "2f663189-39ff-424c-91ca-5631626716ef", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/Vigorf.A\nVT Total Detection:24/62\nFirst Submission:2026-02-03T11:49:03.000000+00:00\nLast Submission:2026-03-14T11:03:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237355", "uuid": "0511bfd8-834e-4f28-b83e-701152402672", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237355", "to_ids": true, "type": "md5", "uuid": "b798ae76-7a2e-473b-a075-ff942dcdc1c4", "value": "3be54a5eb71e0c45e144253d29f9532d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234990", "to_ids": true, "type": "sha1", "uuid": "84608811-77f5-4aa6-8090-97abf7ce56c1", "value": "4a463351d7bbff714e60a068822fbc495b982407", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234990", "to_ids": true, "type": "sha256", "uuid": "381fcff0-c48e-412f-8da4-12e067b69a9c", "value": "e20831cecd763d0dc91fb39f3bd61d17002608c5a40a6cf0bd16111f4e50d341", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232450", "to_ids": true, "type": "ssdeep", "uuid": "9b5c0a61-e122-498e-8dbb-4ef526d0f41e", "value": "48:8Wl6G4vzvYWe4yeC4/CyjMztdlPvCOGW44MI/X:8qv4Lvt9C0MzflP7GWw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232450", "to_ids": false, "type": "size-in-bytes", "uuid": "329db506-2cae-47b1-ae8a-3288e3904980", "value": "2721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232450", "to_ids": true, "type": "vhash", "uuid": "4d8059ac-c858-4c7f-abe8-31b97c5d9286", "value": "6ae0b1035e6ea0d5d741e01d3c3626bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232450", "to_ids": true, "type": "filename", "uuid": "e0872d42-6bf6-4b29-966c-83637927c633", "value": "dogovir.lnk" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232450", "to_ids": false, "type": "text", "uuid": "ac427916-6134-4eaf-9753-a93f52a3166d", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/DrillApp.DA!MTB\nVT Total Detection:30/63\nFirst Submission:2026-02-03T16:25:07.000000+00:00\nLast Submission:2026-02-03T16:25:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237377", "uuid": "af1850e8-cc3a-43da-8459-79883c12e487", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237377", "to_ids": true, "type": "md5", "uuid": "b12d7f42-a158-4496-9413-fbf0bff966e1", "value": "591784a7c54046569b7b8bcc9f519044", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234991", "to_ids": true, "type": "sha1", "uuid": "89cf47e7-f11e-415e-9f9d-4642dadf87d2", "value": "4891841b406a00b445a11db1852d9c67287be316", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234992", "to_ids": true, "type": "sha256", "uuid": "f13698a1-1779-474d-af2a-244d3d2fb63f", "value": "21fefc3913d3d2dfde7f0dff54800ca7512eb5df9513b1a457a2af25fdd51b26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232473", "to_ids": true, "type": "ssdeep", "uuid": "ca840881-bfd3-43ac-b7f6-a61171ca435a", "value": "3072:cT6Eq1vFZyWDx/HctT7Jhm3xyN2/iLNpKosR4Nv9zObcszTDdUvy6f+N:DbDyWDFctTKhum6KuvRff+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232473", "to_ids": false, "type": "size-in-bytes", "uuid": "be4115a3-778d-4770-adbc-6ce7363e3ba2", "value": "241152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232473", "to_ids": true, "type": "vhash", "uuid": "33aed44c-d598-4abb-93b7-ce54acbd4ae1", "value": "125076655d155d05155018z59?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232473", "to_ids": true, "type": "filename", "uuid": "31ddfd84-e2d5-4ab6-8864-2d33257c6cfd", "value": "per_gener__site.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232473", "to_ids": false, "type": "text", "uuid": "b12ee8d2-5a9c-4e09-97f3-373571d65359", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:45/72\nFirst Submission:2026-03-04T12:13:19.000000+00:00\nLast Submission:2026-03-04T12:13:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237399", "uuid": "c9f0ad5e-6306-4f12-8a14-c8288c4d03d8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237399", "to_ids": true, "type": "md5", "uuid": "dec3defe-d755-4266-a05f-bcc1a6442f48", "value": "61e4d994bdbd97ab6fe017924aa67c05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234994", "to_ids": true, "type": "sha1", "uuid": "6f0f9602-4814-4d28-9862-02dd630d6ee7", "value": "f28249f9436a9d7f511cdc39858eaaa755eccf29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234994", "to_ids": true, "type": "sha256", "uuid": "7bcf3dcd-d743-4878-a701-306093a40a3b", "value": "c6905bae088982a2b234451b45db742098f2e2ab4fd6ca62c8f4e801160552aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232496", "to_ids": true, "type": "ssdeep", "uuid": "c844551a-8c72-4fd9-8e6d-9c85da6f9b5b", "value": "3072:7RliF/csSWYzV10svtVjuP9yNFPQBdZMRyq2jIGf2DcsFMsUA1Ie6wHVp:18PSWYQsvtQVuRCjIb5Ijq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232496", "to_ids": false, "type": "size-in-bytes", "uuid": "195b0c3e-a321-4905-bba3-eb8642b406bb", "value": "241152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232496", "to_ids": true, "type": "vhash", "uuid": "86c22c2c-41d6-41ae-88bc-d1c5a8783f56", "value": "125076655d155d05155018z59?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232496", "to_ids": true, "type": "filename", "uuid": "397d6871-0d27-48a4-a0d5-d3a2bd9ba3d9", "value": "zayavka_ua.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232496", "to_ids": false, "type": "text", "uuid": "80078e3d-4109-48fe-8944-294a1319a4b9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:48/72\nFirst Submission:2026-03-10T09:43:17.000000+00:00\nLast Submission:2026-03-10T09:43:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237421", "uuid": "a1b902cb-e8b9-4a56-ba1a-5102aeba68a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237421", "to_ids": true, "type": "md5", "uuid": "e088ddbf-1d8d-4ead-8911-3e4938a29757", "value": "77e068e1a172217a8ceeb02837d4627a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234996", "to_ids": true, "type": "sha1", "uuid": "4a806f58-8c51-4128-adec-3e2109bb035e", "value": "45204fb72243d1d8626e861f14981590b0055d9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234996", "to_ids": true, "type": "sha256", "uuid": "4ebe58a6-a1af-4074-87bd-c72b06ca2386", "value": "ee90b01b16099e0bb23d4653607a3a559590fc8d0c43120b8456fb1860d2e630", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232519", "to_ids": true, "type": "ssdeep", "uuid": "23b48bd8-3e1b-40a9-8533-9cd871037f04", "value": "48:8WxbZ7qvYre4yeC4/CyjMztdlPvXQGW44MI/X:8kbZ7qvU9C0MzflPIGWw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232519", "to_ids": false, "type": "size-in-bytes", "uuid": "026fb589-9e2c-4455-be5c-3eb68208a1fd", "value": "2719" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232519", "to_ids": true, "type": "vhash", "uuid": "49d5df14-a74d-4b45-8f49-3e67ae3d5d6a", "value": "6ae0b1035e6ea0d5d741e01d3c3626bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232519", "to_ids": true, "type": "filename", "uuid": "f842f98b-531c-4678-b92c-477c06ff22ad", "value": "ee90b01b16099e0bb23d4653607a3a559590fc8d0c43120b8456fb1860d2e630.lnk" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232519", "to_ids": false, "type": "text", "uuid": "71550f36-2bad-40b0-a64b-e05004384706", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Znyonm!rfn\nVT Total Detection:33/63\nFirst Submission:2026-02-10T10:47:02.000000+00:00\nLast Submission:2026-02-10T13:08:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237443", "uuid": "eb82c646-3b49-4967-b26d-fed823367be8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237443", "to_ids": true, "type": "md5", "uuid": "5b7bcbb5-6d67-4f80-aed3-15cabe55963d", "value": "85b28710c665fbf98b7f928d1d2d9815", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774234999", "to_ids": true, "type": "sha1", "uuid": "a2886de6-bec4-46db-8ed1-12852ce0d112", "value": "afcbe5c98eb7cb9d8199055f42729bb049a0b7d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774234999", "to_ids": true, "type": "sha256", "uuid": "06d97d37-a659-4e34-8cd7-46bea5f24863", "value": "b891fa118db5190f07b18be46eb9bc10677f9afab1406a7d52ce587522ab3d28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232543", "to_ids": true, "type": "ssdeep", "uuid": "8a34b29f-35e1-4188-98b2-5431b0dcbec7", "value": "3072:pHIJfrBUJPgA9mH7XDv4HhKAH/YcUcjsYOx+Vq0:pHeBUJP7wL4HowYcBJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232543", "to_ids": false, "type": "size-in-bytes", "uuid": "6443f8bf-78c5-419f-a3c1-5b0a1072e69c", "value": "122880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232543", "to_ids": true, "type": "vhash", "uuid": "ec47f6e0-e04d-4308-a686-4bd55abf417c", "value": "115076655d155d05155018z4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232543", "to_ids": true, "type": "filename", "uuid": "76f08fd9-8071-4aa6-ba55-42ba16017bb8", "value": "zayavka_ua.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232543", "to_ids": false, "type": "text", "uuid": "3cdf2284-72f5-43fe-b9ad-6d33967621bf", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:45/72\nFirst Submission:2026-02-26T14:56:17.000000+00:00\nLast Submission:2026-02-26T14:56:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237465", "uuid": "e9fc9cfa-a15f-41e2-8935-0dead63002e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237465", "to_ids": true, "type": "md5", "uuid": "78dbf5ed-2d22-4d2b-b68d-a636fefea5ec", "value": "93a640f2a33850810431b4db6d05d0df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235000", "to_ids": true, "type": "sha1", "uuid": "4a0d9dcf-a7ba-4ec2-882e-b046e6b276c9", "value": "74990b49353a96ef15e0dbf8ffddc94e0113b87f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235001", "to_ids": true, "type": "sha256", "uuid": "81ab8c89-f02b-4423-a500-96efb9e589f9", "value": "886df55794cbca146de96dcc626471b3c097a5c20ba488033b24f4347aa20a14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232566", "to_ids": true, "type": "ssdeep", "uuid": "2ef18817-5de6-4ed4-9eed-cbbc2c24baf7", "value": "3072:ekHx1+xH+24x/HctT7Jhm3xyN2/iLNpKosR4N9zObcshVjdUPafYN:FGxe24FctTKhum6KuIfY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232566", "to_ids": false, "type": "size-in-bytes", "uuid": "e8796fdc-58dd-41d4-874f-28580bbd3fb6", "value": "241152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232566", "to_ids": true, "type": "vhash", "uuid": "4fd95924-9bd9-4b39-8961-68fc2f23c8aa", "value": "125076655d155d05155018z59?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232566", "to_ids": true, "type": "filename", "uuid": "467de597-5134-4d71-b787-01b571b700b5", "value": "6w7k2.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232566", "to_ids": false, "type": "text", "uuid": "5dfc02b2-a1cb-4cfb-a67a-4b278648978f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:45/72\nFirst Submission:2026-02-26T12:54:39.000000+00:00\nLast Submission:2026-02-26T16:30:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237487", "uuid": "42f27b01-0424-4871-a77e-5a16456a2952", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237487", "to_ids": true, "type": "md5", "uuid": "496fb1e5-d0d1-4909-a409-98b958b64115", "value": "9e2f9fa5acd379c07b54d65c220b46fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235002", "to_ids": true, "type": "sha1", "uuid": "4f797a7c-c589-4853-83e7-558cd6a12d7b", "value": "588635b3cb1d7e6709d5ce837172c14faa31b2ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235002", "to_ids": true, "type": "sha256", "uuid": "d527778e-b1dc-4128-a04b-f15bf3bf031a", "value": "6178b1af51057c0bac75a842afff500a8fa3ed957d79a712a6ef089bec7e7a8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232589", "to_ids": true, "type": "ssdeep", "uuid": "e5d9514b-c0cb-47bf-8f7c-cd1f64f1029a", "value": "48:8WH6G4vzvYWe4yeC4/CyjMztdlPvCFGW44MI/X:8Yv4Lvt9C0MzflPQGWw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232589", "to_ids": false, "type": "size-in-bytes", "uuid": "5e5bc9fd-5f87-43e2-90c3-cf72db505ebb", "value": "2721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232589", "to_ids": true, "type": "vhash", "uuid": "93f7a533-a230-4d6d-9055-afef88960ac6", "value": "6ae0b1035e6ea0d5d741e01d3c3626bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232589", "to_ids": true, "type": "filename", "uuid": "5d17850a-38ba-471e-9ad1-f603d01bdb51", "value": "Perelick.lnk" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232589", "to_ids": false, "type": "text", "uuid": "ed60cc79-7ea1-48e7-9264-8ab7dfa77493", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/DrillApp.DA!MTB\nVT Total Detection:29/63\nFirst Submission:2026-02-03T16:25:07.000000+00:00\nLast Submission:2026-02-03T16:25:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237508", "uuid": "c6c755d7-19e8-4c26-861d-046948ea620b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237508", "to_ids": true, "type": "md5", "uuid": "51300e4d-1e90-46f5-a14f-8c508041e461", "value": "a4ec609ae0d54bbd2121d6f8fa372c85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235004", "to_ids": true, "type": "sha1", "uuid": "fcc76385-4d48-4a56-983d-9200e81051f4", "value": "d34051b38ab0807798e85e8cda1bbf5a2ab9a4eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235004", "to_ids": true, "type": "sha256", "uuid": "853d6e59-a470-443e-88f1-63b428c9739f", "value": "66a7828bc8c6c783b2ffa3c906d53f6dae1bbddc019283cc369d7d73247c5181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232612", "to_ids": true, "type": "ssdeep", "uuid": "8b219b45-940c-4440-906f-8a1843b208bd", "value": "3072:/kXx1+xH+24x/HctT7Jhm3xyN2/iLNpKosR4N9zObcsvKjdUPafYN:MWxe24FctTKhum6KuXfY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232612", "to_ids": false, "type": "size-in-bytes", "uuid": "6cf8cb52-d974-4eb2-b711-903f19dbd200", "value": "241152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232612", "to_ids": true, "type": "vhash", "uuid": "95d1e004-68f8-4541-8a29-6f9daab47910", "value": "125076655d155d05155018z59?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232612", "to_ids": true, "type": "filename", "uuid": "6f8670a2-6581-4857-b207-cf56f8595340", "value": "\u0424\u043e\u0442\u043e__\u0437\u0431\u0440\u043e\u0407.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232612", "to_ids": false, "type": "text", "uuid": "e244a20f-ce92-4bec-ba4e-6fbab65005c3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:47/72\nFirst Submission:2026-02-26T12:54:39.000000+00:00\nLast Submission:2026-03-03T15:18:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237530", "uuid": "ee2f0a03-e06e-4df9-9805-5244a1115f1c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237530", "to_ids": true, "type": "md5", "uuid": "09e44b44-6c45-4037-b878-22b7dafb7aa7", "value": "a53ea1be69a2c45db4dddb815dd79c9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235007", "to_ids": true, "type": "sha1", "uuid": "35640adf-1eec-4b74-b058-3081d15a70f9", "value": "6c390b6635b35db5505669276e1c6db774eae263", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235007", "to_ids": true, "type": "sha256", "uuid": "f5139e09-9d38-43ac-a08c-841bc328e133", "value": "801c47550799831bfb1ac6c5c3fd698be95da19fc85bd65f5d8639f26244d2a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232635", "to_ids": true, "type": "ssdeep", "uuid": "10adfc5b-f2d2-430e-a6d0-0da300344bc0", "value": "3072:9T6Sq1vFZyWDx/HctT7Jhm3xyN2/iLNpKosR4Nv9zObcsTTDdUvy6f+N:Y5DyWDFctTKhum6Kuvpff+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232635", "to_ids": false, "type": "size-in-bytes", "uuid": "27c58f11-25a0-48ca-923b-0bb35b4d96d6", "value": "241152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232635", "to_ids": true, "type": "vhash", "uuid": "65336767-0d9d-4c32-9f81-3cd0d5145aec", "value": "125076655d155d05155018z59?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232635", "to_ids": true, "type": "filename", "uuid": "bd979002-187c-4c0b-ab51-e62c6c30d830", "value": "zayavka__ua.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232635", "to_ids": false, "type": "text", "uuid": "ac94d420-c66d-4f0f-b32c-214bae2e9da1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:49/72\nFirst Submission:2026-03-04T12:14:03.000000+00:00\nLast Submission:2026-03-04T12:14:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237552", "uuid": "dd2245a8-4153-4014-8177-1544bb14b66f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237552", "to_ids": true, "type": "md5", "uuid": "c03c82b1-ebd7-45a8-9652-bf64d3bc3b67", "value": "bdfb29a28bfca6583bd6bfaa96a8b65b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235009", "to_ids": true, "type": "sha1", "uuid": "44690521-2c35-4a46-b757-9d25bed5625e", "value": "b143d890080b8bdbeaf0ea3c5e0673cf6624cac7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235009", "to_ids": true, "type": "sha256", "uuid": "7784b86c-6ce2-4e24-99d3-3803544985e7", "value": "8c6ea44ce7f4ed4e4e7e19e11b3b345d58785c93b33aa795ddd1b0d753236b05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232658", "to_ids": true, "type": "ssdeep", "uuid": "977264c7-5cc9-4c94-8da2-0026c4720ca6", "value": "3072:Mkxx1+xHO24x/HctT7Jhm3xyN2/iLNpKosR4N9zObcsvPjdUPafYN:Lcxu24FctTKhum6Ku8fY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232658", "to_ids": false, "type": "size-in-bytes", "uuid": "77777043-8ee0-4a4e-86e7-d4a5117bab62", "value": "241152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232658", "to_ids": true, "type": "vhash", "uuid": "a8bf62b4-5a35-4261-aae3-fae738a06dfd", "value": "125076655d155d05155018z59?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232658", "to_ids": true, "type": "filename", "uuid": "bb8ed89e-47c1-4d1d-9a77-4fa20441d60c", "value": "\u0424\u043e\u0442\u043e__\u0437\u0431\u0440\u043e\u0407_2.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232658", "to_ids": false, "type": "text", "uuid": "faa53c84-ecea-451e-953a-028c01a88ac1", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:46/72\nFirst Submission:2026-02-26T12:54:39.000000+00:00\nLast Submission:2026-03-03T15:19:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237574", "uuid": "2992953a-6421-47c0-abd3-d75bd7225b96", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237574", "to_ids": true, "type": "md5", "uuid": "2a937db8-d3ba-403d-aa4b-ce02fc448cfd", "value": "befb27c65c7c30cad66936a62f0b6ab7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235011", "to_ids": true, "type": "sha1", "uuid": "1deb6434-01e1-4b64-8b46-b65e8465c6a9", "value": "6bc452f0ec9b2bc06603b97d5f04b975406e282f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235011", "to_ids": true, "type": "sha256", "uuid": "ed273662-a405-4f8b-b6e0-14ee08519332", "value": "107b2badfc93fcdd3ffda7d3999477ced3f39f43f458dd0f6a424c9ab52681c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232681", "to_ids": true, "type": "ssdeep", "uuid": "c6df82ab-a660-4f68-bb05-ab8a5d110cbe", "value": "3072:Mu6a9/XPH34mB7lXwH7KA03rU1951nsp:MLyf/3lD6zx2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232681", "to_ids": false, "type": "size-in-bytes", "uuid": "4c6f5020-a298-4152-b284-42594550f0d2", "value": "140288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232681", "to_ids": true, "type": "vhash", "uuid": "05ec2464-e710-430e-919d-d102a0a97537", "value": "115076655d155d05155018z4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232681", "to_ids": true, "type": "filename", "uuid": "2961dc5b-9ef9-42b1-a3b6-9d7a934817db", "value": "22-14-111-\u0456.img.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232681", "to_ids": false, "type": "text", "uuid": "6a54b022-2cb1-4c22-bb09-a205ec4aa165", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:38/72\nFirst Submission:2026-03-09T17:51:28.000000+00:00\nLast Submission:2026-03-09T17:51:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237596", "uuid": "54174279-1fa6-4500-a93b-2ee80bdb440b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237596", "to_ids": true, "type": "md5", "uuid": "e1d56ce3-b873-4b36-bbe8-fa0ed7f432dd", "value": "f332226c4d424951a7690bb4f9504575", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235013", "to_ids": true, "type": "sha1", "uuid": "af9c2c44-06f5-4e7c-985b-6dcca3fa49bb", "value": "af9b062bac22e8686d76be7865c1033957d39599", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235013", "to_ids": true, "type": "sha256", "uuid": "3bb823e4-54b7-4b6c-8371-7721dcc3ecb3", "value": "9367f4b4d2775ff47279d143dd9a0ef544ddff81946aab33da9350a49f14e1e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232704", "to_ids": true, "type": "ssdeep", "uuid": "f6960bbc-fc9c-438e-929f-c9572f7018f7", "value": "3072:sWIJfrBUJPgA9mH7XDv4HhaQH/YcUcjsY9x+Vn0:sWeBUJP7wL4HYAYcBW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232704", "to_ids": false, "type": "size-in-bytes", "uuid": "069692cf-0078-4475-b78b-b342ff8d1880", "value": "122880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232704", "to_ids": true, "type": "vhash", "uuid": "c4dc0b6b-3958-4e78-bd08-ddd45c7b0345", "value": "115076655d155d05155018z4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232704", "to_ids": true, "type": "filename", "uuid": "f4322f01-47e1-42bf-8622-b5860b9e2e16", "value": "per_gener_site.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232704", "to_ids": false, "type": "text", "uuid": "1c5a2513-43b3-44c5-9fdc-faa098a33832", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:45/72\nFirst Submission:2026-02-26T14:56:17.000000+00:00\nLast Submission:2026-02-26T14:56:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237618", "uuid": "3df6dd42-1b5f-494b-af73-712dd72ca3d2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237618", "to_ids": true, "type": "md5", "uuid": "caaa422f-d3bf-4021-bc1d-f7ed950c51fd", "value": "f4834d63d2816f25cca1646f81cf4dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235015", "to_ids": true, "type": "sha1", "uuid": "bb21d405-1fcb-40ac-a50d-d511f6161ad7", "value": "44a3bf54a2d802fa57ce574851986db42414f123", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235015", "to_ids": true, "type": "sha256", "uuid": "ced63278-248d-4a1d-9e1e-5b61998f22f0", "value": "32973ef02e10a585a4a0196b013265e29fc57d8e1c50752f7b39e43b9f388715", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232728", "to_ids": true, "type": "ssdeep", "uuid": "2f3d20af-b538-4d85-bf23-efded73a7292", "value": "48:8WL6G4vzvYWe4yeC4/CyjMztdlPvCmGW44MI/X:8Ev4Lvt9C0MzflPDGWw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232728", "to_ids": false, "type": "size-in-bytes", "uuid": "ac79e197-ef69-4339-b2ad-a25f8d67b13d", "value": "2721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232728", "to_ids": true, "type": "vhash", "uuid": "dea1af00-66f7-40b0-b5eb-f42ab0e59c9d", "value": "6ae0b1035e6ea0d5d741e01d3c3626bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232728", "to_ids": true, "type": "filename", "uuid": "e74e274b-03c2-4d42-83e4-cadc4430c8f2", "value": "dovirenist.lnk" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232728", "to_ids": false, "type": "text", "uuid": "9003e154-6ad9-474c-876b-1faf43351649", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/DrillApp.DA!MTB\nVT Total Detection:28/63\nFirst Submission:2026-02-03T16:25:09.000000+00:00\nLast Submission:2026-02-03T16:25:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237640", "uuid": "0f28408c-a6c1-4ca9-8266-ab4567b3605e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237640", "to_ids": true, "type": "md5", "uuid": "dd70214f-ef51-4cb7-9051-d755e3dfbe5f", "value": "ff4bf8a76b57603af601005ecc001fd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235016", "to_ids": true, "type": "sha1", "uuid": "ec2b080b-adc9-4555-b4d6-de61b25eece6", "value": "c07624993bde44e2bdd1d0c9f0eae0c1d046cf8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235017", "to_ids": true, "type": "sha256", "uuid": "7febf1f6-18a3-4c0b-acf0-7d8259ea44c6", "value": "2b5d8f8db5fd38ae1c34807dcba35b057cffa61eb14ba3b558f82eb630480c3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232751", "to_ids": true, "type": "ssdeep", "uuid": "42ce4ce3-113e-4b86-bdeb-e1896c312515", "value": "3072:vdCHmGkHrlbK5IKHKDhuJrlVbvzQ4u1/jq5uvFp/UW:vdUuHro5OVel5v75gp/U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232751", "to_ids": false, "type": "size-in-bytes", "uuid": "a78f9d2c-dba3-4aa3-bcee-46a97081b195", "value": "127488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232751", "to_ids": true, "type": "vhash", "uuid": "7bc7f642-5d91-47dc-921d-ba1f33481c42", "value": "115076655d155d05155018z4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232751", "to_ids": true, "type": "filename", "uuid": "c55ffa2a-445e-4a5d-a762-e7e8def3df4a", "value": "2mbyr8.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232751", "to_ids": false, "type": "text", "uuid": "9c3dfa77-c6a5-48d6-affa-7a7df74a5057", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:47/72\nFirst Submission:2026-02-25T11:50:49.000000+00:00\nLast Submission:2026-02-25T11:50:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237662", "uuid": "15eff8ab-aa44-414a-adde-0dcd5bb40a7b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237662", "to_ids": true, "type": "md5", "uuid": "9e58ccb4-a5c9-4f40-94d3-9a5a610049aa", "value": "c36e802dc9533a36f9f2928af14b20b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235019", "to_ids": true, "type": "sha1", "uuid": "59c666c9-7dde-4873-97f6-9433f078d2b5", "value": "733b98a188293d72b7a3bfaf1b254eb1dcfed93f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235019", "to_ids": true, "type": "sha256", "uuid": "6761b8c5-a951-400f-ac24-159dcc8f26d5", "value": "352f34ea5cc40e2b3ec056ae60fa19a368dbd42503ef225cb1ca57956eb05e81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232774", "to_ids": true, "type": "ssdeep", "uuid": "adc1d8eb-d2fa-4ee4-8af1-b76a02702524", "value": "3072:/VmOubur2YeSauWygw48zyg3rU1cxjqFs5Ht:/VCar2dn16y8j5H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232774", "to_ids": false, "type": "size-in-bytes", "uuid": "390ffc53-0563-481f-91e7-2215d8cab379", "value": "140800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232774", "to_ids": true, "type": "vhash", "uuid": "44d02cb1-6887-4e9d-902e-2552c0622199", "value": "115076655d155d05155018z4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232774", "to_ids": true, "type": "filename", "uuid": "2058b8e2-34e2-4970-9cfc-ec0311e65ea7", "value": "352f34ea5cc40e2b3ec056ae60fa19a368dbd42503ef225cb1ca57956eb05e81.dll" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232774", "to_ids": false, "type": "text", "uuid": "f35bca99-e595-4904-8cc6-e0ddf505f8f3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:45/72\nFirst Submission:2026-03-10T09:43:44.000000+00:00\nLast Submission:2026-03-10T11:25:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237684", "uuid": "99494d4f-a589-4355-a71e-6a3c2f0a321a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237684", "to_ids": true, "type": "md5", "uuid": "0714915f-385a-4900-880d-0043bb721563", "value": "6d31a599fd6e9326d3b7b14a83ce8cf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235021", "to_ids": true, "type": "sha1", "uuid": "0c135bf2-1108-4f79-bb4e-ed602beb6127", "value": "c1d7731174d1a8f4e3799a06c7854844a835980a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235021", "to_ids": true, "type": "sha256", "uuid": "5c7ef037-db78-417f-8749-970984c657af", "value": "51e86408904c0ca3778361cde746783a0f2b9fd2a6782aa7e062aa597151876e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232797", "to_ids": true, "type": "ssdeep", "uuid": "fe658f8c-603b-4a59-8ad5-13e4f3fe5579", "value": "3072:hYCYUaKfmSGrxnLDpbKrrq4u1P6DjFNo3:SC0Kfm7FtbKv9A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232797", "to_ids": false, "type": "size-in-bytes", "uuid": "20942157-00d0-4538-a826-65b7f5337cfa", "value": "126464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232797", "to_ids": true, "type": "vhash", "uuid": "afc2b5f4-ae5b-4ea9-855d-7192db4f3ffc", "value": "115076655d155d05155018z4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232797", "to_ids": true, "type": "filename", "uuid": "336a8465-9f06-4da9-b14a-ad562d75b010", "value": "\u0424\u043e\u0442\u043e__\u0437\u0431\u0440\u043e\u0407.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232797", "to_ids": false, "type": "text", "uuid": "b042c95f-3e88-4a84-9543-1041b18a3834", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DrillAppz.NZ!MTB\nVT Total Detection:44/72\nFirst Submission:2026-02-23T11:58:08.000000+00:00\nLast Submission:2026-02-23T11:58:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237706", "uuid": "41c9f5c5-ce41-4696-8e8a-054c7c4d09f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237706", "to_ids": true, "type": "md5", "uuid": "924613dc-dffb-4618-9dff-be383bec54b9", "value": "eec47c9d459aed3438e45d0065d24749", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235023", "to_ids": true, "type": "sha1", "uuid": "d8343fa6-2d68-41d7-98d8-30d98f9966ff", "value": "d55127523addbe1e493d4e620e53792b4bbedf6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235024", "to_ids": true, "type": "sha256", "uuid": "1ea0c536-2ae7-47da-beba-987bc23a07fb", "value": "5b978cdc46afa28d83e532cd19622d9097bebedf87efc4c87bd35d8ffad9e672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232820", "to_ids": true, "type": "ssdeep", "uuid": "ef7534fc-8505-42dd-b1a7-b2fa9af2e3d2", "value": "24:8RJOLkCJ0c+PAp5J+/HcgFxX46eC43JZjCyjMzxLABh1i9hDpo25DveJWheW4Eqh:82Ld0PYHbe46eC4DCyjMztdlIW41iX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232820", "to_ids": false, "type": "size-in-bytes", "uuid": "a842aee0-3048-44bf-9c6e-689f73e4c2fb", "value": "1779" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232820", "to_ids": true, "type": "vhash", "uuid": "af3d3f1a-c474-4915-9d31-11b56f698352", "value": "f6e3a0204209cf76dba14a14e1c62af2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232820", "to_ids": true, "type": "filename", "uuid": "db44092f-7628-4455-94d9-708e1fe752ed", "value": "io.lnk" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232820", "to_ids": false, "type": "text", "uuid": "b0320535-983b-4fe6-9e16-893ad5171790", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/DrillApp.DA!MTB\nVT Total Detection:26/63\nFirst Submission:2026-01-28T21:03:06.000000+00:00\nLast Submission:2026-01-28T21:03:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237729", "uuid": "9bdf8157-e5b4-4d8c-a9d5-c2ce007dc245", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237729", "to_ids": true, "type": "md5", "uuid": "0eee5b56-c597-47a3-8377-5b3944d84c09", "value": "b7b4530d0eb2496bbff452ee5783df17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235026", "to_ids": true, "type": "sha1", "uuid": "db35b0b3-fb65-4484-accb-f6ab958a3984", "value": "1ca0b54705fccee21c1fe50784f80f77d875fba4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235026", "to_ids": true, "type": "sha256", "uuid": "f402d91b-a91b-4070-a351-6bbfef29690b", "value": "6fea579685d2433cedb1c32ef704575dcbc1d0a623769e824023ffccd0dedaae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232844", "to_ids": true, "type": "ssdeep", "uuid": "ea52fa52-3c96-44a6-9532-a9245c3f4440", "value": "6144:2L+mqR1qKP0I/F0LdXZ6UCwFPY7jwvJWIrhZrHgeJUWAK+PXObllrTDFt:2SmEkIQL1FPY7jGJdrHniOlNDn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232844", "to_ids": false, "type": "size-in-bytes", "uuid": "0f4d5b25-5191-4bdd-8ab3-7c050a45019d", "value": "310907" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232844", "to_ids": true, "type": "vhash", "uuid": "2d4b526d-6379-4566-b19f-0a929482532f", "value": "5e21f423ee2aad783a7b859f64232668" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232844", "to_ids": true, "type": "filename", "uuid": "c90ebf67-9e08-4830-9cd6-2991c78fbf78", "value": "6fea579685d2433cedb1c32ef704575dcbc1d0a623769e824023ffccd0dedaae.js" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232844", "to_ids": false, "type": "text", "uuid": "3db358cf-cb90-433b-89a8-3b2dc073f28e", "value": "Type Description: JavaScript\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:24/62\nFirst Submission:2026-02-26T21:49:44.000000+00:00\nLast Submission:2026-03-14T12:03:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237752", "uuid": "f2d05bd2-c61e-4b94-831c-c95b4714b7de", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237752", "to_ids": true, "type": "md5", "uuid": "62ad5cce-a19c-467e-8184-721ec088d592", "value": "b65e7388a2c6e268d7a3e1a4f2981141", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235028", "to_ids": true, "type": "sha1", "uuid": "56c1ef7e-8255-4d9a-b92c-33cc3211bb4d", "value": "013466f880721a1d3e464e0d14f87d538c4234e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235028", "to_ids": true, "type": "sha256", "uuid": "0a74f9fb-768b-4fb8-8fd7-66d239867dea", "value": "ac60eefc2607216f8126c0b22b6243f3862ef2bb265c585deee0d00a20a436b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232867", "to_ids": true, "type": "ssdeep", "uuid": "a7f6117f-b2c2-4875-8550-ae2c6b37511c", "value": "48:8WkI+vY3e4yeC4/CyjMztdlNGW44MI/X:87I+vw9C0MzflNGWw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232867", "to_ids": false, "type": "size-in-bytes", "uuid": "888e75ba-f0c2-4bfc-bc3f-e4c035b0f4b4", "value": "2647" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232867", "to_ids": true, "type": "vhash", "uuid": "f9e337ff-73f3-4c8f-82cf-63575ecf0d13", "value": "6ae0b1035e6ea0d5d741e01d3c3626bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232867", "to_ids": true, "type": "filename", "uuid": "ee4602ca-a302-4e8d-920a-6e1b010470dc", "value": "\u041f\u0435\u0440\u0435\u043b\u0456\u043a.lnk" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232867", "to_ids": false, "type": "text", "uuid": "7c052d17-570f-4220-b600-53233db9b064", "value": "Type Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/DrillApp.DA!MTB\nVT Total Detection:32/63\nFirst Submission:2026-02-03T09:21:58.000000+00:00\nLast Submission:2026-02-03T09:21:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237773", "uuid": "54efd185-fcdd-4258-b7f5-c88d30fbf1ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237773", "to_ids": true, "type": "md5", "uuid": "3af6663e-f49e-4763-a86a-558f50f48528", "value": "c605337feeb332550450cb6eb9f54851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235030", "to_ids": true, "type": "sha1", "uuid": "929dec3e-2d60-468a-908e-77fb9bc08811", "value": "b8278de9cae1b78912e309002fee4641dc67b1fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235030", "to_ids": true, "type": "sha256", "uuid": "513a2480-fb24-4c8e-8902-6b5d2e10649a", "value": "bad7c6f6ca25363a02eaceb3ed1e378218dc4a246a63d723cfcc5feee3af5056", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232890", "to_ids": true, "type": "ssdeep", "uuid": "b3d53de4-9f7c-4d63-abd2-34b6b09fb527", "value": "3072:sYqEKym1Qig7TjCf+H/kkgQykwkEY88jMdBakxUPT9ND+kFv4s+pzK6eRMUI:sYN0Qig3O+H8zfUEBcMJwHCUI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232890", "to_ids": false, "type": "size-in-bytes", "uuid": "1f32b13c-4331-47bd-bbcd-84d42a456dc2", "value": "249856" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232890", "to_ids": true, "type": "vhash", "uuid": "104b46db-c20b-422a-a943-c0f13aca8648", "value": "125076655d155d05155018z59?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232890", "to_ids": true, "type": "filename", "uuid": "f6ddf0c8-eac2-46df-bdeb-f7d5a70aba59", "value": "08-14-111-\u0456.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232890", "to_ids": false, "type": "text", "uuid": "8b70cd27-7756-43f3-87b9-4a24101a13a3", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:32/72\nFirst Submission:2026-03-02T13:08:56.000000+00:00\nLast Submission:2026-03-02T13:20:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237796", "uuid": "f0a475cb-979a-4b12-8d75-59c48777de84", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237796", "to_ids": true, "type": "md5", "uuid": "9d0fd657-5cc4-4d14-a0e3-6a905df294df", "value": "749b983d673e8c69ef5a758189d21bcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235032", "to_ids": true, "type": "sha1", "uuid": "df9493ad-2b8a-4a60-b504-159caab27026", "value": "d59c1dd495df22e98aa7a9bc35421619d8ddafb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235032", "to_ids": true, "type": "sha256", "uuid": "a455efd2-57db-47f3-8014-d20172ca8e2e", "value": "ccb7d999ee4d979e175b8c87e09ccda0cbc93b6140471283e3a1f1f9da33759d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232914", "to_ids": true, "type": "ssdeep", "uuid": "7b1534d3-36a1-445d-a043-94612d367497", "value": "3072:rYCYUaKfmSGrxnLDpbKrrq4u1PnDjFNo3:kC0Kfm7FtbKvcA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232914", "to_ids": false, "type": "size-in-bytes", "uuid": "b77eb1a3-eed4-4214-8959-ce1cc5e663b7", "value": "126464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232914", "to_ids": true, "type": "vhash", "uuid": "0be895c5-01f8-4e9f-9842-d6e43ae90e71", "value": "115076655d155d05155018z4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232914", "to_ids": true, "type": "filename", "uuid": "ebb0f192-1de0-4d08-8aa0-8f5d465fd6d2", "value": "\u043e\u043f\u0438\u0441__\u0440\u0435\u0447\u0435\u0439_i_\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442i\u0432.cpl" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232914", "to_ids": false, "type": "text", "uuid": "5fc05ce2-23b8-487e-bc8e-c2e3d3e2378a", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:42/72\nFirst Submission:2026-02-23T11:58:07.000000+00:00\nLast Submission:2026-02-23T11:58:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237818", "uuid": "5d2879e8-f945-43e0-8c4d-f2347806c247", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237818", "to_ids": true, "type": "md5", "uuid": "b75f73d5-5f8a-4c5b-9732-8da26807bacc", "value": "33ee2bc1423eb21de3d546d99e4b7c52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235034", "to_ids": true, "type": "sha1", "uuid": "625c3a4f-d82e-4002-9dcd-d69b3d643421", "value": "55bae08a17f6fca5bca800371614ba6982db4cb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235034", "to_ids": true, "type": "sha256", "uuid": "e7b3c3be-cda2-41f8-8b94-a7cae29779b4", "value": "eb9c1649e01db6a9a94d5d50373e54865d672b14ad6f221c98047c562d3cc0f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232937", "to_ids": true, "type": "ssdeep", "uuid": "e60d1fee-af3b-42de-b229-f4063b48bd05", "value": "3072:YdCHmGkHrlbK5IKHKDhuJrlVbvzQ4u1/7q5uvFp/UW:YdUuHro5OVel5vX5gp/U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232937", "to_ids": false, "type": "size-in-bytes", "uuid": "7c4daa81-358b-4a27-b561-3dc8bd3e6814", "value": "127488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232937", "to_ids": true, "type": "vhash", "uuid": "ccf222ac-941a-4bf4-9dcc-da1d5e07c81e", "value": "115076655d155d05155018z4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232937", "to_ids": true, "type": "filename", "uuid": "d7e1d81b-aa00-4d26-b0ee-cb492d7138be", "value": "d1moeg.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232937", "to_ids": false, "type": "text", "uuid": "91a8401e-2a9c-4eb1-a7af-5e2e6f7c0ab6", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:47/72\nFirst Submission:2026-02-25T11:50:37.000000+00:00\nLast Submission:2026-02-25T11:50:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774237840", "uuid": "1c77f3c2-1834-4b57-af7b-e71ae33da4af", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774237840", "to_ids": true, "type": "md5", "uuid": "ebc0aa88-7383-4b64-8656-a7f4dcb0c3a4", "value": "e9229da7e7379a73199e344b142a94ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235036", "to_ids": true, "type": "sha1", "uuid": "23e78d0f-9f55-4627-8986-570018dfec1a", "value": "4f89be0ce8dd7ea4c8c9a1497459d19cf637a0a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235036", "to_ids": true, "type": "sha256", "uuid": "3a3e05f8-e208-44d1-8246-44dffcba3262", "value": "fb16933b09a4fcca5beff93da05566e924017fb534a2f45caf57b57a633f43a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774232961", "to_ids": true, "type": "ssdeep", "uuid": "80d26a67-1122-4843-8404-42322dc91b54", "value": "3072:kdCHmGkHrlbK5IKHKDhuJrlVbvzQ4u1/Vq5uvFp/UW:kdUuHro5OVel5v15gp/U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774232961", "to_ids": false, "type": "size-in-bytes", "uuid": "370d22f1-27c7-4e99-9a1d-3f319e35d2bf", "value": "127488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774232961", "to_ids": true, "type": "vhash", "uuid": "f6e385c9-ba5c-4390-a6c6-43bb854059cb", "value": "115076655d155d05155018z4a?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774232961", "to_ids": true, "type": "filename", "uuid": "91a41381-16ed-45b8-931f-6c12905ebabc", "value": "3wwur.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774232961", "to_ids": false, "type": "text", "uuid": "c7cf0d64-fac2-43ce-a263-720c1e631095", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:46/72\nFirst Submission:2026-02-25T11:48:29.000000+00:00\nLast Submission:2026-02-25T11:48:29.000000+00:00" } ] } ] } }