{ "Event": { "analysis": "1", "date": "2026-03-17", "extends_uuid": "", "info": "[Threat Intel] Minecraft: Dark Tale of Scams, Malware & Extortion", "protected": false, "publish_timestamp": "1774245905", "published": true, "threat_level_id": "3", "timestamp": "1774245905", "uuid": "5c253da7-8c64-4508-98f5-2515c24aeeb7", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#6af4de", "local": false, "name": "misp-galaxy:producer=\"G DATA\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#da180c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bootkit - T1542.003\"", "relationship_type": "" }, { "colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#f4a1a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing Policy Modification - T1553.006\"", "relationship_type": "" }, { "colour": "#8ed4a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773889219", "to_ids": false, "type": "link", "uuid": "5abec413-3479-4636-a5f7-ec57cf7195db", "value": "https://blog.gdatasoftware.com/2026/03/38390-minecraft-mod-sugarsmp-malware" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773889219", "to_ids": false, "type": "text", "uuid": "dd029e90-55d7-4b47-a452-1ac3442c005b", "value": "The article exposes a sophisticated scam targeting Minecraft players through fake 'grief-free' server communities. The SugarSMP website, promising a safe gaming experience, was found to distribute malware-infected mod packs. The malware, named Spark stealer, steals sensitive data including Discord tokens, browser credentials, and crypto wallet information. The threat actors employ social engineering tactics to maintain their fake community's reputation and remove warnings about their activities. Multiple similar websites were discovered, all hosting various types of malware. The scam's persistence mechanisms and social engineering techniques are detailed, along with remediation steps for affected users." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773889219", "to_ids": false, "type": "text", "uuid": "c2922635-dee7-4be3-a41f-833e257ec8eb", "value": "Name: Minecraft: Dark Tale of Scams, Malware & Extortion\nAuthor: AlienVault\nAdversary: \nTags: [\"minecraft\", \"scam\", \"mod packs\", \"stealer\", \"discord\", \"malware\", \"social engineering\", \"spark stealer\", \"sugarsmp\", \"data theft\"]\nTgtd countries: []\nMlwr families: [\"Spark stealer\"]\nAttack_ids: [\"T1053.005\", \"T1056.001\", \"T1059.007\", \"T1542.003\", \"T1555\", \"T1219\", \"T1553.006\", \"T1555.003\", \"T1552.001\", \"T1547.001\", \"T1027\"]\nIndustries: []" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235178", "to_ids": true, "type": "sha256", "uuid": "b7a78df5-307d-4e81-a71c-38f27aa1e19d", "value": "4c52f12b45f5c0afb3684647222419332c1627ea95af03553fdd9e3a509d272b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235180", "to_ids": true, "type": "sha256", "uuid": "2acff6df-413b-4e09-9f8b-e3c9777409d6", "value": "54f00324f7070a9a7308fdea9eaaa58e96e96273608a75db5bacdd410f50f0c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235181", "to_ids": true, "type": "sha256", "uuid": "98ef9e8a-0945-4101-a799-4f470f62c2b9", "value": "8e79a1a6e6df1f622fbbd2bde9fe19f93340da2bd1be6d70b91fd62dce5e74e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235183", "to_ids": true, "type": "sha256", "uuid": "021d018b-6312-45a2-b2b7-9360aef59d78", "value": "ca48b83c93875285dd66ba33e11a5483b193d605da924b126e96cf4034c28e67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235185", "to_ids": true, "type": "sha256", "uuid": "d5e1aaf9-16b5-4eec-baca-88d115d03f88", "value": "d9ad0330531ddf455438714192de9b3c7755d50acf939cb4de97ba6fb39fb1ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235187", "to_ids": true, "type": "sha256", "uuid": "24d7aad4-7c77-4f2a-bcbf-3ceec014d738", "value": "dfef4a07800ad08e09390291647e4cf50c77d1a83e076c181103f25a77dd5697", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235188", "to_ids": true, "type": "sha256", "uuid": "ffa94207-17b0-4406-8c85-ada733bec9bb", "value": "f45a28e7a6d64bfb4e74d6ffed115e79afb005d5c33dfcd1045b068c03b0e480", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774235189", "to_ids": true, "type": "sha256", "uuid": "bd272157-bec6-481b-8fc8-364818d39644", "value": "f8002a0a621bf26d562c8cca86acb490084648379a8f9340f3329eeaa9124685", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240751", "to_ids": true, "type": "domain", "uuid": "496cc2e7-7749-4998-8364-166581c16e5c", "value": "bunnycraft.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240773", "to_ids": true, "type": "domain", "uuid": "7da00926-08f8-4a68-8c8e-2af6d8942aad", "value": "cherriecraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240794", "to_ids": true, "type": "domain", "uuid": "d025c68f-eec2-4a68-b81d-e1c71651feab", "value": "cutiecraft.network", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240816", "to_ids": true, "type": "domain", "uuid": "6614888d-5eb0-4eed-8983-fc6e3c9ac3f1", "value": "cutiemc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240839", "to_ids": true, "type": "domain", "uuid": "58c33dc8-99df-4c4b-a157-8cb1026027b3", "value": "cutiesmc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240861", "to_ids": true, "type": "domain", "uuid": "6212dae3-8603-4e36-9a32-9adff0ff56d8", "value": "cuttiescraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240883", "to_ids": true, "type": "domain", "uuid": "57bc1c97-70e7-475e-9307-0ab4c2a8f35c", "value": "cuttiesmp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240906", "to_ids": true, "type": "domain", "uuid": "0cba722e-2163-46f3-b40c-20ea245625b1", "value": "greatsmp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240928", "to_ids": true, "type": "domain", "uuid": "3ab875c4-2d79-4ed4-b7d5-d48277f57a5a", "value": "hellocraft.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240950", "to_ids": true, "type": "domain", "uuid": "d236f1e4-7339-47fb-9880-09bd5ad7a268", "value": "hellokittycraft.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240972", "to_ids": true, "type": "domain", "uuid": "e1c32e6a-aed5-4708-9935-e6a9370ec2c8", "value": "hellokittymc.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774240994", "to_ids": true, "type": "domain", "uuid": "8442cf36-00a8-4a9c-afb0-5183c03fe668", "value": "hellopink.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241016", "to_ids": true, "type": "domain", "uuid": "e2da0ba1-9da8-4d7a-83c5-f28fbcdb8d15", "value": "kitllycraft.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241038", "to_ids": true, "type": "domain", "uuid": "9ad0facf-dd7e-4578-81cb-d7006713420c", "value": "kitlycraft.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241060", "to_ids": true, "type": "domain", "uuid": "94e6e789-8110-4ec5-9f51-77174d80f508", "value": "kitseramc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241082", "to_ids": true, "type": "domain", "uuid": "1c4f4cad-4699-4f7f-83aa-16699b5f381e", "value": "kitten-smp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241105", "to_ids": true, "type": "domain", "uuid": "72fab095-8022-4a61-a5f1-0e4759f563aa", "value": "kittenclient.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241127", "to_ids": true, "type": "domain", "uuid": "39042200-e6b6-4030-bd33-276c91e725b5", "value": "kittenmc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241149", "to_ids": true, "type": "domain", "uuid": "eb22dcc4-2dc4-48c5-bf02-f94a2c9897ee", "value": "kittensmc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241172", "to_ids": true, "type": "domain", "uuid": "6efb51d8-69b6-45d0-94c8-3404865e6778", "value": "kittiemc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241194", "to_ids": true, "type": "domain", "uuid": "2f8ab53b-e16b-4889-82e0-dc954b483e1f", "value": "kittieslandmc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241216", "to_ids": true, "type": "domain", "uuid": "97a1c61c-9f9c-4746-a8b2-eb35481abb14", "value": "kittiysmc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241238", "to_ids": true, "type": "domain", "uuid": "4d7efa75-e8fc-40fc-ba4c-29ffa02b7609", "value": "kittlycraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241260", "to_ids": true, "type": "domain", "uuid": "02c8d907-ac81-4994-a92e-0f90c5b5fb3b", "value": "kittlycraft.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241282", "to_ids": true, "type": "domain", "uuid": "1c4829d1-ae90-4d07-b6ad-6ca08b70bff3", "value": "kittycraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241304", "to_ids": true, "type": "domain", "uuid": "85fdf972-62ae-48bb-a7d0-a02737d63ca7", "value": "kittycraft.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241326", "to_ids": true, "type": "domain", "uuid": "a31f7126-e325-4194-be69-cb15ef32866a", "value": "kittycraft.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241348", "to_ids": true, "type": "domain", "uuid": "30b61c1b-8229-4474-aed5-dc307d9f075c", "value": "kittypinkiecraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241370", "to_ids": true, "type": "domain", "uuid": "ab7dbd15-4946-4d06-ad9d-76710688baf6", "value": "kittypixel.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241392", "to_ids": true, "type": "domain", "uuid": "e62df7f8-138c-42d1-9e50-02ac93fd0f14", "value": "kittyscrafts.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241414", "to_ids": true, "type": "domain", "uuid": "e2f69634-188a-4b72-ac46-4dc4f77f57e1", "value": "kittysmp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241436", "to_ids": true, "type": "domain", "uuid": "412ed95d-c27b-45ad-8aa9-f6785bd3318f", "value": "kuromicraft.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241458", "to_ids": true, "type": "domain", "uuid": "2815bfec-e0a7-40c0-a165-b0125390f8bd", "value": "lanchemc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241480", "to_ids": true, "type": "domain", "uuid": "663b4b74-e521-490b-9053-d8db1774061c", "value": "minicraft.world", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241502", "to_ids": true, "type": "domain", "uuid": "b13bda3e-0560-4dd5-b070-69dcc6cf073b", "value": "mysticraftsmp.fun", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241525", "to_ids": true, "type": "domain", "uuid": "888a20dd-0edc-47ae-9ae9-e32e8126762f", "value": "neekocraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241547", "to_ids": true, "type": "domain", "uuid": "1eaaedcf-a33b-4f6b-ab8e-741375d29b91", "value": "owocraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241569", "to_ids": true, "type": "domain", "uuid": "7b851c08-b03f-4ceb-a5fe-b1239889045f", "value": "pinkcraftmc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241591", "to_ids": true, "type": "domain", "uuid": "d1c06927-ed9b-4dc3-b14f-af1c33a1e146", "value": "pinkiecraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241613", "to_ids": true, "type": "domain", "uuid": "66a8a996-8a33-4c48-b6d4-11fc9e7b87a9", "value": "playpinkycraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241635", "to_ids": true, "type": "domain", "uuid": "6c62ce37-358f-46e9-82d4-032d7d4a9b8c", "value": "playsweetcraft.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241657", "to_ids": true, "type": "domain", "uuid": "cf9c29bb-4c8e-41b2-bfa2-bfcd663e8d45", "value": "ponyrise.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241679", "to_ids": true, "type": "domain", "uuid": "622938ae-b24d-4262-a166-ab081646d131", "value": "ragnacook.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241701", "to_ids": true, "type": "domain", "uuid": "ebd96242-2883-4ea4-9f85-689da7b3c52d", "value": "sanriocraft.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241723", "to_ids": true, "type": "domain", "uuid": "28bdc362-332c-493c-885e-fbe6d74b58de", "value": "sanriomc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241745", "to_ids": true, "type": "domain", "uuid": "d2c9bda2-1edc-48e1-a292-a01069580626", "value": "sanriomc.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241767", "to_ids": true, "type": "domain", "uuid": "99bacc29-083f-40b8-a183-75eaab036511", "value": "softiecraft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241789", "to_ids": true, "type": "domain", "uuid": "a6dc9b60-7ee5-448d-b5e6-a878ef349bb3", "value": "sugarsmp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241812", "to_ids": true, "type": "domain", "uuid": "c42a15b1-76b6-4a5c-bde7-0d91334a80ca", "value": "sweetcraft.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241834", "to_ids": true, "type": "domain", "uuid": "0169eb26-e2a4-4fc7-9ea3-aa79e134f1d1", "value": "sweetiecraft.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774241856", "to_ids": true, "type": "domain", "uuid": "8af74e85-94e5-4291-92e6-2a1336e49d58", "value": "uwucraft.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774241878", "uuid": "2f254686-7c8c-496a-8dbd-fe05cb84afb1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774241878", "to_ids": true, "type": "md5", "uuid": "5ab20ebd-de45-4ce6-998a-f99ac63b767b", "value": "b8c846eb5cdceeb1006f8f48f36bc684", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235086", "to_ids": true, "type": "sha1", "uuid": "59cc837b-aed8-4333-954c-89c3398bb011", "value": "6c629cd9487c0602560a56713dc198a7ea7e3e95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235086", "to_ids": true, "type": "sha256", "uuid": "ecc26509-2734-4063-9a7c-1ab5a0650dd5", "value": "69cfd3024bb89fc2f7fdeb87c77b35bf8216e31c2146161f0b3dfaec25da771f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233433", "to_ids": true, "type": "ssdeep", "uuid": "0a5578fd-3412-4350-906a-c6490665e330", "value": "1572864:x4gPXMo27b5TQlSRDHo10TlOAON6MlY8Ihjg9qkfXulN7:x4Acdb5lRDHomMHTlYPh1kfXulN7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233433", "to_ids": false, "type": "size-in-bytes", "uuid": "c64300c3-90de-4238-8898-cea748fb1ef0", "value": "67991723" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233433", "to_ids": true, "type": "vhash", "uuid": "09773beb-7b77-44d6-be4e-475df03f6610", "value": "067056655d1c0570d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233433", "to_ids": true, "type": "filename", "uuid": "9cca7568-4714-45e1-9544-338d52214626", "value": "KittyCraft.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 16/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233433", "to_ids": false, "type": "text", "uuid": "e3ac9c0b-b253-42b6-bc96-3cce50453c67", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:18/70\nFirst Submission:2026-02-15T12:43:15.000000+00:00\nLast Submission:2026-03-06T07:07:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774241899", "uuid": "60014a3e-2820-4b79-a426-9e68d0b4fa8b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774241899", "to_ids": true, "type": "md5", "uuid": "b5bb82df-26f0-453a-a72b-96220857ed65", "value": "e9b529e13872429c9354a3944fcb10a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235088", "to_ids": true, "type": "sha1", "uuid": "f4ca1bb4-b356-4eea-a461-c36491b54dcc", "value": "b3da70827ce7667945e4f0e8e86f7f3cd2ef3207", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235089", "to_ids": true, "type": "sha256", "uuid": "d6bf6f92-5afb-4ed5-ac8f-6b72d87a41a8", "value": "90b6a76843e74362c92ef691a0d078a5cc0cdc2a396ecf1b63eae7291215faff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233456", "to_ids": true, "type": "ssdeep", "uuid": "7a6a17ca-4a85-4152-94e2-8e4ac857b69c", "value": "393216:HjroSByJ2qa6ydg8lviacQb8ZM2LtgON89/ipG1mgcildCC8mByWko:DEtJRa6ydjKQfEYipG1mgci2QvH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233456", "to_ids": false, "type": "size-in-bytes", "uuid": "4c281b9f-f605-478f-9fd4-e536af59451f", "value": "20207338" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233456", "to_ids": true, "type": "vhash", "uuid": "29be559e-be93-4908-8950-c9fbed54feab", "value": "fa0f5c413a1aefb717178bccb4f20807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233456", "to_ids": true, "type": "filename", "uuid": "a4077fa6-73b4-4655-8712-23875f13fe12", "value": "90b6a76843e74362c92ef691a0d078a5cc0cdc2a396ecf1b63eae7291215faff.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233456", "to_ids": false, "type": "text", "uuid": "82a6e8e3-7b63-4daf-aeef-1a72bea9d9fa", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:2/67\nFirst Submission:2026-02-16T13:44:46.000000+00:00\nLast Submission:2026-03-17T14:39:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774241921", "uuid": "680c62f5-8cf9-4fa2-a33c-0c61d4d438a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774241921", "to_ids": true, "type": "md5", "uuid": "e2233d17-03a0-4836-9644-8a6fd2bdc403", "value": "edcc3636602c6ab944bfa6d5372649d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235090", "to_ids": true, "type": "sha1", "uuid": "e30edeb4-a0ca-46ec-80fc-62657bbb1413", "value": "8431d25f8e5ae6070c369769628b96580d1a2c51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235091", "to_ids": true, "type": "sha256", "uuid": "603d8e70-b821-4e74-af7f-053672125609", "value": "0221d06009b9848a3e1be34405fef1d586b84d115f10109de8f9c2e4806b6f40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233480", "to_ids": true, "type": "ssdeep", "uuid": "be5d9654-a977-4955-a690-5c8caf442aea", "value": "393216:tDLHD4oru3NKMYfFZLDLnF5YERMIPDKu2T2vvKM9EY:tD/4OudKbrLDLF5HJB2TQrn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233480", "to_ids": false, "type": "size-in-bytes", "uuid": "8dec4f18-1dbd-46da-b063-c93486cb81a3", "value": "17906007" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233480", "to_ids": true, "type": "vhash", "uuid": "bb211582-eb85-44a9-8738-2c6565cc9324", "value": "e081b9f1ed8c5c18b15e4b62c2e2c7fe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233480", "to_ids": true, "type": "filename", "uuid": "a9d2130c-fb97-41a6-b208-f636d2b6f21a", "value": "0221d06009b9848a3e1be34405fef1d586b84d115f10109de8f9c2e4806b6f40.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233480", "to_ids": false, "type": "text", "uuid": "1c8a5e6e-ee68-426b-a2d8-c4d2896849ce", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:4/67\nFirst Submission:2026-02-17T00:00:30.000000+00:00\nLast Submission:2026-03-17T17:42:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774241944", "uuid": "43853ac7-1486-4355-99e4-273f931a11b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774241944", "to_ids": true, "type": "md5", "uuid": "40692e87-0dfa-494e-982b-f6bf5062b807", "value": "0342e5f56a1d38e75738abd76510bc95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235092", "to_ids": true, "type": "sha1", "uuid": "a1871456-9308-4a80-b615-f847fc71f344", "value": "f9cc7fb0b17cf675fa2eae9a1afb3d91434351b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235092", "to_ids": true, "type": "sha256", "uuid": "823435a4-2001-4bcb-aeb8-5d5cc9ee7cea", "value": "060ed0ec27a0a4ad7b55425ed56d8ef0c55aa61b499d4884d1679f18d518ddf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233504", "to_ids": true, "type": "ssdeep", "uuid": "29b171c7-c0e1-40cb-ab0a-21033968024c", "value": "393216:QYz3t9TxLbuAzKlQwev0Tck/hRWzT2kQu4/zBJgijLmUPEt+Fcj5CkwZYGpQFY:hd9TxLMEv0Tck/mz6NLg1UiAm5mZYGh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233504", "to_ids": false, "type": "size-in-bytes", "uuid": "1eed1560-6126-4166-9f5f-f5267229c0e0", "value": "21438178" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233504", "to_ids": true, "type": "vhash", "uuid": "0bba196e-c31f-42d3-b3fa-f3fab557b5ca", "value": "85cab66a313664e0c4229ba2ef9988d1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233504", "to_ids": true, "type": "filename", "uuid": "0abf1d36-849b-4d8c-8022-5cab818cb072", "value": "060ed0ec27a0a4ad7b55425ed56d8ef0c55aa61b499d4884d1679f18d518ddf3.zip" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 23/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233504", "to_ids": false, "type": "text", "uuid": "012e79ca-8aff-4217-83e7-d83cd6ccf118", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:3/67\nFirst Submission:2026-02-04T02:27:14.000000+00:00\nLast Submission:2026-03-17T17:38:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774241966", "uuid": "7f63e60f-3699-45ad-9cc2-33deefa7b221", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774241966", "to_ids": true, "type": "md5", "uuid": "5d0938b9-8423-4c5c-bef9-c8bb102d9530", "value": "7d8024d6a05879dc3769af4d9d1b54a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235095", "to_ids": true, "type": "sha1", "uuid": "5f9cb5a2-4cce-4da8-99cc-8e2a88033cc5", "value": "d6dbe549fd643a925045f982b30756de6ed6970d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235095", "to_ids": true, "type": "sha256", "uuid": "d98023e0-a263-4604-b8ec-41f70ddd7db0", "value": "06e12e4393c9554c81bd087446e32890a45fc77ab6f048e0dd0db1d4cc010f1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233528", "to_ids": true, "type": "ssdeep", "uuid": "65acd901-8ead-44b0-ac2e-07a398b86db3", "value": "393216:xvz1eFMpJ2a69qoB0JdmocildCC8mByWTpog96E3P0BBsuQ3n8iskcc31:dz3JD+B0J0oci2QvFV6w077En6bcl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233528", "to_ids": false, "type": "size-in-bytes", "uuid": "751de98f-5cc3-4657-a5c7-0a1db359e5d3", "value": "21813158" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233528", "to_ids": true, "type": "vhash", "uuid": "7919bf8d-a93e-4a66-8b21-6b07e2cbda8d", "value": "8eab127275efbb4c204846e356b38403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233528", "to_ids": true, "type": "filename", "uuid": "1305ddc4-a5a9-493f-bcdf-a1cada930944", "value": "06e12e4393c9554c81bd087446e32890a45fc77ab6f048e0dd0db1d4cc010f1f.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233528", "to_ids": false, "type": "text", "uuid": "fb135e19-e01d-4e59-a01d-3795777a97e1", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:1/68\nFirst Submission:2026-01-31T22:09:08.000000+00:00\nLast Submission:2026-03-18T09:59:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774241988", "uuid": "89e4051d-5de3-452b-b01c-1029e7b4fa06", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774241988", "to_ids": true, "type": "md5", "uuid": "c150ee1e-e0ab-4f4c-b3b4-c2a97cb14b12", "value": "91cc4d5282cbce3978046c51fa538bf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235096", "to_ids": true, "type": "sha1", "uuid": "c37d560a-ea41-4217-8b05-a77a8a321753", "value": "7246f907e077361dbc96f6acca4e6bcc1a35ea6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235096", "to_ids": true, "type": "sha256", "uuid": "b6c47e27-9d6d-4002-a27d-bc1ad7f33288", "value": "16ca5165e297c6c20003186943571394173249f10e376f4d1c085304f5cca087", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233553", "to_ids": true, "type": "ssdeep", "uuid": "21c9ac95-755d-4aea-9ebc-68350578df53", "value": "393216:HjroSByJ2qa6ydg8lviacQb8ZM2LtgOZ8o5ud85cildCC8mByWjm:DEtJRa6ydjKQfEwo5ud2ci2QvS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233553", "to_ids": false, "type": "size-in-bytes", "uuid": "7da8f106-3f0b-4234-8e37-3f3ed27345b9", "value": "20292624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233553", "to_ids": true, "type": "vhash", "uuid": "e411ee33-aa7d-43eb-b341-043e0dffccc1", "value": "fa0f5c413a1aefb717178bccb4f20807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233553", "to_ids": true, "type": "filename", "uuid": "80ebd2ab-45ca-49c0-a38b-5e48d05802af", "value": "16ca5165e297c6c20003186943571394173249f10e376f4d1c085304f5cca087.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233553", "to_ids": false, "type": "text", "uuid": "ca3cc35d-9216-4a53-8349-16bf3ef701cd", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:2/67\nFirst Submission:2026-02-16T23:38:21.000000+00:00\nLast Submission:2026-03-17T14:00:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242010", "uuid": "3841cf59-dd5e-43f4-b75c-bd94207f3cbd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242010", "to_ids": true, "type": "md5", "uuid": "6e6f2d14-ceb1-454a-adbd-39cd0ef4e07a", "value": "0bb3f99441a5669f119c84e32eeb2222", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235099", "to_ids": true, "type": "sha1", "uuid": "d62dd69c-4756-459c-9ee6-3cffe4f1490a", "value": "89bb685f37a4cc8c05a33dc1f75d56253cbfef5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235099", "to_ids": true, "type": "sha256", "uuid": "e82e0b82-8e95-432c-bef0-195dd5d1cc4d", "value": "19645fc596fd49196581f751f9217030d5bec9eb10d1d836668407e0304730aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233577", "to_ids": true, "type": "ssdeep", "uuid": "46bf51ff-fd87-419b-92e6-6a8e1af9a3f2", "value": "3145728:A6Ax/CLn2GmuxhBA8pAKac5TM3oxhOoVCT1sidFOgtSXb:ZAALnbxzRpHtmsibOOsb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233577", "to_ids": false, "type": "size-in-bytes", "uuid": "e8910c59-c04e-4841-88cb-ea00ffa0adf9", "value": "112501051" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233577", "to_ids": true, "type": "vhash", "uuid": "b42b497f-14e0-4dad-8f08-9d77467febf0", "value": "6aac0d33a71658ec12681563b9541912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233577", "to_ids": true, "type": "filename", "uuid": "65fc45d2-8cd1-4266-a22f-630ba81f33f0", "value": "Cuttie.zip" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233577", "to_ids": false, "type": "text", "uuid": "c99bcb5a-385b-472a-9b2c-8f098031f1a6", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:0/67\nFirst Submission:2026-03-06T05:13:24.000000+00:00\nLast Submission:2026-03-06T06:35:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242032", "uuid": "d66bc4eb-3666-4b2e-ad57-bf1350a18e81", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242032", "to_ids": true, "type": "md5", "uuid": "13ba6764-27ac-4da4-8c40-61f8d48521b4", "value": "023096e9e2a1bdb53a39664a462d9bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235102", "to_ids": true, "type": "sha1", "uuid": "9a3aae14-5e97-49cc-a5dc-b5b5f7ef7d13", "value": "627752c78f890ac35636b13a3a4d70720e86802b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235103", "to_ids": true, "type": "sha256", "uuid": "eb8e0648-5945-4e82-804c-76f0d0ba6b18", "value": "1a6bceaf9e4efe70144984dc76be7c9d0ffcfaaeb76325a4394f6eb14e3a5135", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233602", "to_ids": true, "type": "ssdeep", "uuid": "f6d7738a-9cd4-4a3a-b8ce-8c8023cc30ea", "value": "393216:xvz1eFMpJ2at9qKBgn6dmocildCC8mByWTpog96E3P0BBsuQ3n8iskcc3s:dz3JDLBr0oci2QvFV6w077En6bc8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233602", "to_ids": false, "type": "size-in-bytes", "uuid": "f553f953-d476-4e48-89a8-b1264d9195e1", "value": "22023596" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233602", "to_ids": true, "type": "vhash", "uuid": "69152d15-8c69-4786-bea9-1a8fc4e15bc0", "value": "8eab127275efbb4c204846e356b38403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233602", "to_ids": true, "type": "filename", "uuid": "16303101-c696-4b1b-96c7-13b7119dfce6", "value": "1a6bceaf9e4efe70144984dc76be7c9d0ffcfaaeb76325a4394f6eb14e3a5135.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 23/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233602", "to_ids": false, "type": "text", "uuid": "7eddba4f-0deb-441f-a563-dab54dd14125", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:4/68\nFirst Submission:2026-02-03T13:04:00.000000+00:00\nLast Submission:2026-03-17T14:16:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242054", "uuid": "fb3150fd-7c41-4235-88ff-8ef81de11a54", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242054", "to_ids": true, "type": "md5", "uuid": "09f5b191-a730-4770-9a85-7598a5d76d3a", "value": "7c2cca1ce6110586ada3b6bab9088ac0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235104", "to_ids": true, "type": "sha1", "uuid": "9b4319b1-2052-4002-840b-39848463c9b3", "value": "763322daab71db780b2e0fa010c5c081d144c179", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235104", "to_ids": true, "type": "sha256", "uuid": "928cd36c-14cb-4d95-83ac-8885081bf05a", "value": "225f57aba3250d648e7bc4ad51b533552a3a0e0425817d02b1d3b668fddf78bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233627", "to_ids": true, "type": "ssdeep", "uuid": "29102f76-72b4-4c61-8a5d-f0a91868e5f1", "value": "1572864:yYACvDQIBnCv4WH7Pd+7EDB4iS8a4SuBmKIpQeCdb2E8E4nSit:yYAODBCv4WHh+7iB4iSRfuBmKIpQeG2H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233627", "to_ids": false, "type": "size-in-bytes", "uuid": "ff7e5d52-5cfb-423c-b548-772f0089880e", "value": "58697369" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233627", "to_ids": true, "type": "vhash", "uuid": "8c9714bd-17cc-4a4a-992f-9296623d4633", "value": "55b9c917d1942b4711c30efc09c82466" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233627", "to_ids": true, "type": "filename", "uuid": "af732b9f-e384-4470-a998-098a48b53186", "value": "KittyPinkieMinecraft.zip" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233627", "to_ids": false, "type": "text", "uuid": "2c8c1370-9859-48a2-8721-338f9a29cfeb", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:4/68\nFirst Submission:2026-03-11T04:07:26.000000+00:00\nLast Submission:2026-03-11T06:29:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242076", "uuid": "928d0cc3-678b-4bb9-8a0c-3a7ca35246cb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242076", "to_ids": true, "type": "md5", "uuid": "bab37dfb-106e-4c3a-a9df-d19ed5d90d7d", "value": "d759554d958e0263a54d162e45b534fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235106", "to_ids": true, "type": "sha1", "uuid": "a12ff7c5-3828-4e85-8de2-a1917b64ff07", "value": "4f95bc8ac96266e99c43bb83ea35aa276894478e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235106", "to_ids": true, "type": "sha256", "uuid": "af1da5bd-4e62-4239-b5e3-731be334e92c", "value": "28a03d29e99c75fc9603b9e5193f97feca561bdc6db4271cdb2d522b9d5b2ae3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233651", "to_ids": true, "type": "ssdeep", "uuid": "d41f5233-2b92-4822-9259-db48088c1042", "value": "786432:FlqX5at3HSbfHsUN+YQxkRNZFLib79CmHikffu/JnuBmmGNzUyNIixlsBVSx6aCJ:Fl6kXSTs2W6Dq9iofuY49OwHx6a/R1SP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233651", "to_ids": false, "type": "size-in-bytes", "uuid": "0624a37a-63a2-4e33-aa3d-3668312c75ee", "value": "59924161" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233651", "to_ids": true, "type": "vhash", "uuid": "acd73c66-e302-4edf-86ed-829530cf0f8e", "value": "8eb9e6d555ab2fe4c95943e606aff9a5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233651", "to_ids": true, "type": "filename", "uuid": "868beeb9-63e6-49c2-aa1b-308e69177bcf", "value": "PinkieCraft.zip" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233651", "to_ids": false, "type": "text", "uuid": "c2fb3a68-ea5e-4906-86c9-7a50cc5802b2", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Suschil!rfn\nVT Total Detection:28/67\nFirst Submission:2026-02-25T20:40:45.000000+00:00\nLast Submission:2026-03-11T06:44:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242099", "uuid": "31fe41fe-8caa-42e2-bf19-8347feddd8a5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242099", "to_ids": true, "type": "md5", "uuid": "878fefa6-6087-471a-9e84-0e95856bbced", "value": "0a6ac0f02332f180f39e23c7f9e5d8f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235108", "to_ids": true, "type": "sha1", "uuid": "dfd9a249-fd46-4036-ac80-0755181a5823", "value": "0b2fb329639d735f4039b0c57642e3d9df4bc6d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235109", "to_ids": true, "type": "sha256", "uuid": "cb031df8-20b8-4643-b1bb-56ffb02b2ccf", "value": "2a4ee7edcd12ea727af4eec78ae4e15620678cb9a53b53630acb7144097efb11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233674", "to_ids": true, "type": "ssdeep", "uuid": "eb084ce3-c1c0-43fd-9d81-a461577d61b0", "value": "393216:xLw1kGw2/d/MlULkGEwvXcXKl4qO0ldk+zSrsRiPQmcldEg8mBLz6N8:NEbwcPzvXcal4YuQS4UPQmcAOnz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233674", "to_ids": false, "type": "size-in-bytes", "uuid": "5fcbde30-fa4f-4687-bd13-5ebfb126bf05", "value": "19144460" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233674", "to_ids": true, "type": "vhash", "uuid": "8646b12c-0a10-4075-8aab-e6cb240db3e8", "value": "d1716ce223490e15b5317bcdec571c88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233674", "to_ids": true, "type": "filename", "uuid": "b2a62a4c-b082-4160-acf7-70a4ec9ccf27", "value": "2a4ee7edcd12ea727af4eec78ae4e15620678cb9a53b53630acb7144097efb11.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233674", "to_ids": false, "type": "text", "uuid": "eb417cc0-720d-4e4d-981a-5b0fa978145b", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:1/67\nFirst Submission:2026-02-19T23:01:27.000000+00:00\nLast Submission:2026-03-19T06:57:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242121", "uuid": "804268a7-0c41-4ff6-8062-cbb38c5efb94", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242121", "to_ids": true, "type": "md5", "uuid": "52201811-3c36-4e25-89dd-36709481b50e", "value": "397ecac3f0dd201b78761816d38c4937", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235110", "to_ids": true, "type": "sha1", "uuid": "b52b3213-0edb-4197-855a-be7071c2b520", "value": "66935bb7687c08acd274d2954f4bd362b35adfe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235110", "to_ids": true, "type": "sha256", "uuid": "5e3b2e32-83bd-4e5d-bb15-2c775650144e", "value": "2c5fb4e1b75c2a26e9e186069d61e8204c7dc8752d3b9b95087b19b1020df691", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233699", "to_ids": true, "type": "ssdeep", "uuid": "60352051-ae39-4fc0-be70-392af847a731", "value": "6291456:I2j9W2j9t9rYcExMoJllrKw67LUMP8//7bGzhYcExMoJLwaUP/xMhwSCXL9+boQ/:7ptpt982oRHYuM+2oGaUP/WhwSuLMoG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233699", "to_ids": false, "type": "size-in-bytes", "uuid": "d8a62061-6c9f-45e0-8bf6-cf33376cb9ed", "value": "413897211" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233699", "to_ids": true, "type": "filename", "uuid": "14d61fc4-6f81-4d31-b424-aac25c07ea9b", "value": "KittenMC-VoiceChat-Client.rar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233699", "to_ids": false, "type": "text", "uuid": "9aba20c8-05b9-4cb5-a700-f99f5ba5f335", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:0/59\nFirst Submission:2026-03-05T01:57:34.000000+00:00\nLast Submission:2026-03-05T01:57:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242143", "uuid": "fbcaa24b-93bb-429c-b404-5789a1b586c9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242143", "to_ids": true, "type": "md5", "uuid": "353ccf68-5ff1-4d61-bed0-c85dedb92337", "value": "43fc07759c8cd3798d863e1f785ff176", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235112", "to_ids": true, "type": "sha1", "uuid": "640f494b-79c1-4c9c-87b2-6b57ffdfffd7", "value": "5bd67bca22bd44a09338520cbac7950928ed68d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235112", "to_ids": true, "type": "sha256", "uuid": "8f73370d-974d-47fd-8516-bd2b02fe4545", "value": "38c55481911e7f789fc68628c7b9d9a2f8139524ac2deffe85ffe3ac9dce8178", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233723", "to_ids": true, "type": "ssdeep", "uuid": "6511eb27-7b6b-47e9-a1f1-7fe5b82aacc5", "value": "1572864:Dy2um4Ndc20ujnJag5CFZtJttVyt7UQnhoDO2wGuMqtlPw2VjtvdaKOb:DyTm4Pquj9CH1yVN6DATMN6jFoj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233723", "to_ids": false, "type": "size-in-bytes", "uuid": "12d7ae43-951b-4dbc-80ba-1d8fe8dc1af3", "value": "78000072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233723", "to_ids": true, "type": "vhash", "uuid": "d3497e07-a81d-4df7-8b59-3b24a1ed7588", "value": "077056655d1c0570d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233723", "to_ids": true, "type": "filename", "uuid": "e0043249-6456-4b8b-a263-b491c9377061", "value": "UwULauncherInstaller.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233723", "to_ids": false, "type": "text", "uuid": "bb4e497b-a768-450f-85cc-355562090244", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:12/70\nFirst Submission:2026-03-08T11:49:39.000000+00:00\nLast Submission:2026-03-22T22:12:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242165", "uuid": "c98d828e-d39a-4605-ac75-8038f4242f95", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242165", "to_ids": true, "type": "md5", "uuid": "1fc86634-9e1d-40fc-baca-760224dabe64", "value": "6007bffd4005daaf926fc3d8def5dfff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235113", "to_ids": true, "type": "sha1", "uuid": "558b402e-8b95-4b84-bfbd-2c95ec1f8e3f", "value": "5ea0a6723a9bcdd185bc5a3ba754303beb5d1c5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235114", "to_ids": true, "type": "sha256", "uuid": "f33162e3-ff5c-40ad-9190-c9608fee1afd", "value": "424a1ab33890d6c6448dfc25507ac17d48e7d406caf287c62082225ef1c5358d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233747", "to_ids": true, "type": "ssdeep", "uuid": "c49bf277-7362-49fc-bf1e-4da4ee64624e", "value": "393216:xvz1eFMpJ2at9qKBRq7XmocildCC8mByWTpog96E3P0BBsuQ3n8iskcc3f:dz3JDLBRq6oci2QvFV6w077En6bcv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233747", "to_ids": false, "type": "size-in-bytes", "uuid": "227cc59f-17ff-4e97-aea5-5264fac97299", "value": "22014527" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233747", "to_ids": true, "type": "vhash", "uuid": "fb508541-b3e7-49ee-a086-b3b210d1b4b4", "value": "8eab127275efbb4c204846e356b38403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233747", "to_ids": true, "type": "filename", "uuid": "7a1739d8-ce32-4e6d-bbce-ccc2feea5c19", "value": "424a1ab33890d6c6448dfc25507ac17d48e7d406caf287c62082225ef1c5358d.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 23/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233747", "to_ids": false, "type": "text", "uuid": "51c550db-80ae-47e7-bca3-bff6bac7a533", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:3/68\nFirst Submission:2026-02-03T12:26:48.000000+00:00\nLast Submission:2026-03-17T14:08:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242187", "uuid": "ebcd6aaa-a6b1-4e33-8c46-e0b69d09764b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242187", "to_ids": true, "type": "md5", "uuid": "4236a981-747c-4b28-9800-c208cb8948ef", "value": "a8ff0a2380d0e41700e8e7ae2a3c1f52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235116", "to_ids": true, "type": "sha1", "uuid": "7e8a00fc-e1c6-4e2c-9945-3c13418f24b3", "value": "07db39918931ae960ac28b99aecf26b78ce867ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235116", "to_ids": true, "type": "sha256", "uuid": "4fc891a1-02ab-41bd-8d32-91a4a6b7aa4b", "value": "495d1d500afc5ec700a0a15bf34862973e8e0152f9346b322a468cbe6e7c9d1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233771", "to_ids": true, "type": "ssdeep", "uuid": "dcb61f57-a830-471d-a9e2-1c66ed880768", "value": "393216:xvz1eFMpJ2a69qBBAvKUPimocildCC8mByWTpog96E3P0BBsuQ3n8iskcc3D:dz3JDPBiJoci2QvFV6w077En6bcz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233771", "to_ids": false, "type": "size-in-bytes", "uuid": "9e0bcda8-573f-4668-8a6b-10952a13c4c5", "value": "21917613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233771", "to_ids": true, "type": "vhash", "uuid": "f1cf6ce8-1477-4f2c-8598-f2e8219d91e4", "value": "8eab127275efbb4c204846e356b38403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233771", "to_ids": true, "type": "filename", "uuid": "b9edb276-4997-45b4-bd78-1c030c16138b", "value": "495d1d500afc5ec700a0a15bf34862973e8e0152f9346b322a468cbe6e7c9d1e.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233771", "to_ids": false, "type": "text", "uuid": "db08aac4-2f52-44fe-864f-5b14747d92d4", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:2/68\nFirst Submission:2026-01-31T21:45:50.000000+00:00\nLast Submission:2026-03-17T14:08:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242209", "uuid": "ef89daa9-4b89-4845-a789-1286f6b19db7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242209", "to_ids": true, "type": "md5", "uuid": "69c6d09c-5c8b-401b-b56d-2924d3b47399", "value": "25b13780c8b3ecb45ec9a678036bdfb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235117", "to_ids": true, "type": "sha1", "uuid": "be4d7586-db6a-4af8-a5e9-5e324afd1ef5", "value": "8fb882326b75c37db40b6eeecd4434fb2817fc8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235118", "to_ids": true, "type": "sha256", "uuid": "66763c3b-f01c-402b-9555-4a22be241ce7", "value": "52601d295b5468aa9e2db1802fe55dab437128584df4f20e9bac164ac4ec8ec3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233817", "to_ids": true, "type": "ssdeep", "uuid": "0f5681ed-1303-4a4d-bcab-5716bc5e26b8", "value": "3145728:oY2GYqdgkcBD2GGVnlA9eZiY3GbVLPiG9C6ZHVxa5aLh+jCzR08:F11MqrXA9/xfZHVw5Oh+jCzRj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233817", "to_ids": false, "type": "size-in-bytes", "uuid": "487a6026-120c-45bb-85a7-e70fedb68581", "value": "156050877" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233817", "to_ids": true, "type": "vhash", "uuid": "a4272b4e-96c2-4d79-a5e9-8f2d249f2bc6", "value": "018056655d1c0550d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233817", "to_ids": true, "type": "filename", "uuid": "5b867c11-0711-4c6c-bd0d-9f0f6b2a882b", "value": "HelloKitty-Launcher (1).exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233817", "to_ids": false, "type": "text", "uuid": "dca30b59-e051-452f-80db-3fd9bd64d901", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/70\nFirst Submission:2026-03-05T23:18:08.000000+00:00\nLast Submission:2026-03-15T23:49:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242231", "uuid": "1b9ccb53-0452-422c-8531-02a819454a1e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242231", "to_ids": true, "type": "md5", "uuid": "09e0bd20-47ca-4545-a4fe-4811097d23a3", "value": "a5482ce657fbc88532997ae1eea99149", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235119", "to_ids": true, "type": "sha1", "uuid": "c013cd6a-e7ca-4644-a2bf-e41017fca56c", "value": "fc833e0a96dc41a5686faa7307d26e3c2a9e7346", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235120", "to_ids": true, "type": "sha256", "uuid": "cec8f73c-a15d-4f2c-b9df-8770865c6498", "value": "53e059cab287674515454b51f4dda281d0812a51fff2c9c7f9b077d3a475600a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233842", "to_ids": true, "type": "ssdeep", "uuid": "be49fbec-9e1c-49eb-86ce-875555fcaaa2", "value": "3145728:8d0RYNSMBzJb3IMZy6ApLoNhr4avgg/ylgJZA1KJc49xKVvZMlelu2og:5QVBF0MUXghdvv/yGLA1/VvDu2og" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233842", "to_ids": false, "type": "size-in-bytes", "uuid": "f355985c-36cf-49f5-9763-c2b23eca55c4", "value": "180507988" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233842", "to_ids": true, "type": "vhash", "uuid": "7d744ddb-2b30-4a7b-9ffb-366dfc9d22fe", "value": "018056655d1c0570d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233842", "to_ids": true, "type": "filename", "uuid": "790bdfc4-99fc-46e1-9991-e0d100ad2c06", "value": "Cuties Network.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 10/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233842", "to_ids": false, "type": "text", "uuid": "aa11f0cc-4239-4b09-9a91-a8636535f13f", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/71\nFirst Submission:2026-03-10T15:31:36.000000+00:00\nLast Submission:2026-03-10T15:31:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242253", "uuid": "4611e674-b102-4c1d-94d2-acf8bb354fa6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242253", "to_ids": true, "type": "md5", "uuid": "46522f8f-75bb-43bb-a6e6-11a09a6182b3", "value": "7189e99f650365a0a3ce58db6c63033c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235122", "to_ids": true, "type": "sha1", "uuid": "e4c3519e-8ef7-416a-bd3e-52940a46a250", "value": "a30865c03a17eb24407aa1e56216c6c7d745e2f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235122", "to_ids": true, "type": "sha256", "uuid": "4471e1f1-69dc-4145-9bdb-8f3029fb2037", "value": "5620216dc128a3d9292defee29b7f295c33eda97e5be9a0eede777d9d70efae5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233888", "to_ids": true, "type": "ssdeep", "uuid": "ad90c6a0-3a11-4eff-8e01-29f52c3d8b48", "value": "1572864:bDe4hdV6xfBHI7M0zLr1X3OznfxySo3RPqSluhmAW9W:bDe4DoxfJI7vl385ySorOWc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233888", "to_ids": false, "type": "size-in-bytes", "uuid": "050755e9-350d-494c-b795-58df52e8366d", "value": "76383009" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233888", "to_ids": true, "type": "vhash", "uuid": "ad705c30-68b0-4c9e-9c6f-71493a10a397", "value": "077056655d1c0510d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233888", "to_ids": true, "type": "filename", "uuid": "70a305d8-d4e6-4466-bc22-462e9a56afef", "value": "5620216dc128a3d9292defee29b7f295c33eda97e5be9a0eede777d9d70efae5.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233888", "to_ids": false, "type": "text", "uuid": "05246ee5-08ef-4e5b-b08f-aaa10cfd812e", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:5/69\nFirst Submission:2026-03-06T09:06:41.000000+00:00\nLast Submission:2026-03-20T16:38:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242274", "uuid": "d7d6a0d0-9b81-41da-a928-0769868d2774", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242274", "to_ids": true, "type": "md5", "uuid": "c4e1e594-388c-48ea-8f0a-1b1e57fb8a30", "value": "ff7a39165bdf039d0692ae57b4c953a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235125", "to_ids": true, "type": "sha1", "uuid": "918870b2-6b09-45de-aadf-6139d65d8e56", "value": "9121ada83bf018df8e0a862779265206298b8d0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235125", "to_ids": true, "type": "sha256", "uuid": "591f3858-2f0d-489f-9c0f-c283c7688612", "value": "5b573de08c6980957556c94666e81544cdb0d084e9e880cb32c937a851274930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233911", "to_ids": true, "type": "ssdeep", "uuid": "23971762-211b-4885-98c7-f264f06f01eb", "value": "393216:KKk3pLij1JldZv8mBK4AdE65yvWId2z4YasB7OP:KKk5Lij1JtblAdE6AWIdC4a7q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233911", "to_ids": false, "type": "size-in-bytes", "uuid": "f1d9b8e0-ff04-4a5d-a3f4-527290fea76a", "value": "19168262" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233911", "to_ids": true, "type": "vhash", "uuid": "e59040e0-a8c3-4ebb-90c3-a98ab2584527", "value": "e081b9f1ed8c5c18b15e4b62c2e2c7fe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233911", "to_ids": true, "type": "filename", "uuid": "7bcfebcf-287d-4c59-8f78-9342780c335f", "value": "5b573de08c6980957556c94666e81544cdb0d084e9e880cb32c937a851274930.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 23/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233911", "to_ids": false, "type": "text", "uuid": "97cd9b97-6f64-4f52-8415-ec3d8d63504c", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:5/67\nFirst Submission:2026-02-16T23:56:07.000000+00:00\nLast Submission:2026-03-18T09:58:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242296", "uuid": "07849fbb-21fd-4865-bc7b-ff5e27888c1d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242296", "to_ids": true, "type": "md5", "uuid": "a6b2c58e-f817-41d2-9901-6ca68b6369bc", "value": "035fb2540b2b2bd93b8ef000ee61299e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235127", "to_ids": true, "type": "sha1", "uuid": "9c1b60b1-66d2-4677-acb3-6680f4985beb", "value": "dbd8f910d1c080ffc252d889bda33ec1e91c2185", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235127", "to_ids": true, "type": "sha256", "uuid": "7e500866-16ae-4ef8-99bd-8867426e8735", "value": "62528f64a6515df67129ca7bea4cca43b01146d2d166cc3b0bd890f27efc38ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233935", "to_ids": true, "type": "ssdeep", "uuid": "b86c8593-5989-4bb5-bffb-53feda71e473", "value": "192:Eju9vyDZzU7JY84eGkStfZ0WZvMwkiZIGdwKjdE5d3G:EacVzU7BptWCk93dE/G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233935", "to_ids": false, "type": "size-in-bytes", "uuid": "fcac490e-361d-41f9-a8e6-99a961b4da7d", "value": "9529" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233935", "to_ids": true, "type": "vhash", "uuid": "3e1cabe2-2967-4056-a490-091057667b09", "value": "3ac682ba5c376ae53d8dacf01e723e26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233935", "to_ids": true, "type": "filename", "uuid": "b72ecf00-a63b-4ee1-b422-0dbd5276e176", "value": "MysticCraftModPack.zip" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233935", "to_ids": false, "type": "text", "uuid": "47ecb60b-ba78-4536-8a0f-1e5f48037458", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:2/66\nFirst Submission:2026-02-28T18:26:52.000000+00:00\nLast Submission:2026-03-07T09:25:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242318", "uuid": "6b979352-6365-493f-bf01-d9e23fd80509", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242318", "to_ids": true, "type": "md5", "uuid": "fb4e5316-8162-44ff-97f3-b41b737f7e51", "value": "8bdae92ac7d862e0f419ee0b9002292a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235129", "to_ids": true, "type": "sha1", "uuid": "3f7e8179-950c-40e3-988a-b4185c81ea35", "value": "6cc68c026e46531726cb377c67445791146658af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235130", "to_ids": true, "type": "sha256", "uuid": "384cc534-d725-42d1-b949-619a0eb3e517", "value": "67e3dbde303c8fc70020ee94c0036a1499f34d029655f6f1d156fbe002125470", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233958", "to_ids": true, "type": "ssdeep", "uuid": "8462ef8e-39fa-413b-a2c6-f10509509496", "value": "393216:xvz1eFMpJ2at9qDBxbGummocildCC8mByWTpog96E3P0BBsuQ3n8iskcc3N:dz3JDSBIOoci2QvFV6w077En6bc9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233958", "to_ids": false, "type": "size-in-bytes", "uuid": "72772376-5c0d-4449-b6d4-36b45523fff9", "value": "22177661" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233958", "to_ids": true, "type": "vhash", "uuid": "d588babf-6d83-4d79-b410-79b96ebce4b1", "value": "402c78d9cc46d53fc4347b1d869f0856" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233958", "to_ids": true, "type": "filename", "uuid": "f936901e-b818-4221-9b71-f0c36217b701", "value": "67e3dbde303c8fc70020ee94c0036a1499f34d029655f6f1d156fbe002125470.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233958", "to_ids": false, "type": "text", "uuid": "9cffeaa9-ad28-4d69-b433-dc848830afb2", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:2/68\nFirst Submission:2026-02-03T19:51:39.000000+00:00\nLast Submission:2026-03-17T14:16:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242340", "uuid": "6fc353d4-68bd-4b9b-9d27-ce11eb699d0b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242340", "to_ids": true, "type": "md5", "uuid": "b12f5cc2-ba8e-458f-953f-db472ba5c0d1", "value": "aba37c80e26d9de01186af8208106e0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235132", "to_ids": true, "type": "sha1", "uuid": "106cce03-1844-4ef4-abec-1ca0f831cf6b", "value": "641129fcd7c74b97069239177f7379621c56968d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235132", "to_ids": true, "type": "sha256", "uuid": "0ccd4898-c743-4346-b38e-d9d16d3c4eb1", "value": "6961710721e74d9b3f28dd595b01abc7ee71f0d8339b4cf95679435601302ae6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774233983", "to_ids": true, "type": "ssdeep", "uuid": "82196b51-3898-412b-8455-77566b554c19", "value": "1572864:KejOYfFD0RbOuZy3B2OCTXMNo2EBQ2WZPOryvRCW7zjI4Q2Gdr9k211rPg7:K4aB8O2EBQ2NzW/jI4GdW21xI7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774233983", "to_ids": false, "type": "size-in-bytes", "uuid": "fc8e8f94-a9a9-4c9f-bf88-9c0bc421ae61", "value": "96883483" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774233983", "to_ids": true, "type": "vhash", "uuid": "131e4a2b-d715-497f-9618-69e604b40e43", "value": "097056655d1c0510d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774233983", "to_ids": true, "type": "filename", "uuid": "4ba74ebd-bf57-4003-baf3-7eeb1e70451b", "value": "HelloPink.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774233983", "to_ids": false, "type": "text", "uuid": "9edef14b-df91-4e48-9bff-ad51083c6d04", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/70\nFirst Submission:2026-02-27T02:38:31.000000+00:00\nLast Submission:2026-03-01T13:07:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242362", "uuid": "9ecb5ed2-5a3f-49e4-88f2-17094c7a66d8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242362", "to_ids": true, "type": "md5", "uuid": "b2470d35-56fc-4f55-bbff-d3ab86c3c1b3", "value": "bd010e884bbc5255873e9923a4abcc8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235134", "to_ids": true, "type": "sha1", "uuid": "9e744a92-3788-44eb-984f-0a3b4c4eb72e", "value": "fcb798d26e37c6379034350ef82ec25a286c4b09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235134", "to_ids": true, "type": "sha256", "uuid": "6d2ff38b-50db-4bd3-b375-9fe88092f397", "value": "6e843f82431acbcb35dffcb1a5ae40ef4c1127e9ae6f2e5f738e7355d3a89ceb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234007", "to_ids": true, "type": "ssdeep", "uuid": "2b141f0f-fc59-4504-a09f-b1718328c114", "value": "48:hYpR3sHLEFaLnVf3XOvzByjRuQmE/mCd8Oz3Sg:hYpRcSaxYkVuQmE/nD3N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234007", "to_ids": false, "type": "size-in-bytes", "uuid": "59b4ab67-482c-44e0-b190-572bb34e3764", "value": "2325" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234007", "to_ids": true, "type": "filename", "uuid": "efe3479b-213a-47ce-941d-f34fec2246eb", "value": "Pinkcraft Setup 2.1.1.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 22/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234007", "to_ids": false, "type": "text", "uuid": "82f2bd80-cd5c-4912-b805-0c513afe85ab", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:7/63\nFirst Submission:2026-03-11T15:45:19.000000+00:00\nLast Submission:2026-03-18T13:55:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242384", "uuid": "425b5680-59a5-416d-aab2-d073cea45ac1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242384", "to_ids": true, "type": "md5", "uuid": "731d7d3d-5090-4be0-986b-1e5a8bfd3724", "value": "9953a08fa3f20c46141346b3f3c803c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235136", "to_ids": true, "type": "sha1", "uuid": "7e1d430d-238e-44b0-bd9e-08b5e8563c41", "value": "77ef97f429234acf7af870c619047d546e1b6614", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235136", "to_ids": true, "type": "sha256", "uuid": "3eaa014a-89c6-444d-9e1a-4116d2d79cb5", "value": "7115dcd7a17c6d5f4e01d72a7056a6f7e9a9ea7556b6f8fce02be0b97f632ddf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234031", "to_ids": true, "type": "ssdeep", "uuid": "6a9b0d01-481d-4987-874a-536116dd78d7", "value": "393216:xvz1eFMpJ2aL9qKB/YVY0MmocildCC8mByWTpog96E3P0BBsuQ3n8iskcc3v:dz3JD5B/aY0Toci2QvFV6w077En6bc/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234031", "to_ids": false, "type": "size-in-bytes", "uuid": "099ffad8-dc23-4549-8627-20df9d6646c3", "value": "22011811" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234031", "to_ids": true, "type": "vhash", "uuid": "401668a2-7ea9-4cb0-b330-93f005ac9c2d", "value": "8eab127275efbb4c204846e356b38403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234031", "to_ids": true, "type": "filename", "uuid": "5c664a36-90cf-4a6d-95d7-1c6bc2338b5e", "value": "7115dcd7a17c6d5f4e01d72a7056a6f7e9a9ea7556b6f8fce02be0b97f632ddf.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234031", "to_ids": false, "type": "text", "uuid": "346fcb9c-c5bc-4ef3-8d6c-2c7450d878d5", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:1/68\nFirst Submission:2026-02-01T18:55:31.000000+00:00\nLast Submission:2026-03-17T14:06:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242406", "uuid": "3f5815ca-55eb-4c58-9fb4-c8563a825b8a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242406", "to_ids": true, "type": "md5", "uuid": "cb4e86e3-4fea-4674-b8d9-80a2319001f5", "value": "2df6fbc48087b9999cf52e19f61f773a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235138", "to_ids": true, "type": "sha1", "uuid": "334a0e6b-130c-4ce7-b064-89648c9a8d6d", "value": "900f513df61fd95c620020bd4411ebdb7de28d7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235138", "to_ids": true, "type": "sha256", "uuid": "cf3d4379-12b3-4da1-8d61-3253ea6b8079", "value": "7365bb5c74edcbf71977b31280d69aed7e6a49c8a80ab8076fef84f138df98e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234055", "to_ids": true, "type": "ssdeep", "uuid": "0cb6d0b3-f54a-482d-82d1-0326b6140795", "value": "393216:xvz1eFMpJ2al9qKB4BPxMmocildCC8mByWTpog96E3P0BBsuQ3n8iskcc33:dz3JDjB4BPxToci2QvFV6w077En6bcH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234055", "to_ids": false, "type": "size-in-bytes", "uuid": "bce187dd-2b9a-4c10-93ec-2caebeb8f56a", "value": "22032911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234055", "to_ids": true, "type": "vhash", "uuid": "00577aa4-096f-4483-bc1e-88aee14ab9c6", "value": "402c78d9cc46d53fc4347b1d869f0856" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234055", "to_ids": true, "type": "filename", "uuid": "7d9a9de8-6c14-4ccd-9b64-09b6c8aeafd7", "value": "appleskin-fabric-mc1.21.3-3.0.6.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234055", "to_ids": false, "type": "text", "uuid": "d6436e02-295b-4094-a613-de7d811b3ac8", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:2/68\nFirst Submission:2026-02-04T02:28:42.000000+00:00\nLast Submission:2026-03-17T14:13:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242428", "uuid": "3f06f031-9d51-4fa5-8a6b-c14c37919150", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242428", "to_ids": true, "type": "md5", "uuid": "9487e2f5-d16d-4123-90d0-edff322697a5", "value": "659855d9969f8c95ffaedaf38ce2883c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235140", "to_ids": true, "type": "sha1", "uuid": "36c7ba83-e53e-408f-a54c-27fe3eb34533", "value": "4bf31bfef947ebfba92ea7327c1b9de0ce56f465", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235140", "to_ids": true, "type": "sha256", "uuid": "567cac36-41f5-468b-b0b1-6578ab426c64", "value": "74064d191ab454bbf75e899e4097332d4a8897b13c448db02022c662135e8405", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234079", "to_ids": true, "type": "ssdeep", "uuid": "988c9e34-f871-47ec-b2ab-fe858c827f71", "value": "393216:6QlzbuaD7I2kvoiwalFxr0myHHbTu8p0JZ52VeEUyl0WS1s2ldUB8mBIOMWyt:P9D7I64FF0Pnfu8WJZsVUWS1s2YN1E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234079", "to_ids": false, "type": "size-in-bytes", "uuid": "0b1f3a76-c588-462e-832a-3941d128408b", "value": "23057759" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234079", "to_ids": true, "type": "vhash", "uuid": "c96ec905-d9e6-4769-b38a-427d7016ffdf", "value": "5982fae5b5887f0d00664eafe876b6b1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234079", "to_ids": true, "type": "filename", "uuid": "dbad901a-d1da-4ee7-aa29-763f8ed0e34e", "value": "74064d191ab454bbf75e899e4097332d4a8897b13c448db02022c662135e8405.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234079", "to_ids": false, "type": "text", "uuid": "ede2f626-ff2d-4ef2-b668-04cbe38d3b4e", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:1/67\nFirst Submission:2026-02-16T21:23:03.000000+00:00\nLast Submission:2026-03-17T14:30:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242450", "uuid": "eadfe0e9-40f5-4353-a543-a4e5bbc61321", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242450", "to_ids": true, "type": "md5", "uuid": "0388a582-e6bc-4443-b667-c3186ea4a66f", "value": "9f1bac79eb1ffbc814e31cbdcb6b1594", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235142", "to_ids": true, "type": "sha1", "uuid": "d6ae9221-e053-471e-871f-c252f1020559", "value": "efd101ba1ebb1812fdb0e75c8da7a1466ea36364", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235142", "to_ids": true, "type": "sha256", "uuid": "ee6165e0-424c-490b-8476-1e081cc19b07", "value": "7b9b75d7febf015003ac167e122b0cdfc561883b725252d593a85a42eba4b6bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234103", "to_ids": true, "type": "ssdeep", "uuid": "67798948-c635-4066-8bb9-eb0a48dd5729", "value": "1572864:xejOYf1/ff9bMVJrw75FoSZYuiS3EgHXeWHrW+7itHTcHatU011rPT7:x4t/9bcQMAYcEItrWD1cb01xL7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234103", "to_ids": false, "type": "size-in-bytes", "uuid": "746112f4-c640-48d3-bb17-ace0979bc49e", "value": "99426424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234103", "to_ids": true, "type": "vhash", "uuid": "236244a4-8cee-4105-b4bb-cbba8f069d9f", "value": "097056655d1c0570d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234103", "to_ids": true, "type": "filename", "uuid": "06e03e02-b7b3-42fa-a1f7-54ced559053f", "value": "KitllyClient.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 23/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234103", "to_ids": false, "type": "text", "uuid": "9422b315-0b91-4649-8c6c-c77fd5234d4d", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/70\nFirst Submission:2026-03-06T05:37:39.000000+00:00\nLast Submission:2026-03-06T06:44:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242473", "uuid": "fceb2c87-5e92-4b49-8a0b-974447cde07a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242473", "to_ids": true, "type": "md5", "uuid": "d8052cb7-2e5a-4b2f-ba4f-d8c49c993a19", "value": "7e27ba87e141827a0688fd9a3fbda882", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235144", "to_ids": true, "type": "sha1", "uuid": "ed14a9e0-75eb-4904-be06-ddebbd8bb83d", "value": "41f5df25474f15072e1518b5efe343032e6e52da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235144", "to_ids": true, "type": "sha256", "uuid": "fd69ed13-ea28-422c-b432-7883923861e9", "value": "7e7c533bd42d386d95e6bd299efc1ad3ef5ea58e69c08bdd2d02fc97e89e0e53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234127", "to_ids": true, "type": "ssdeep", "uuid": "11d0d858-9700-4cbf-98e2-cb1d3665c2e4", "value": "3145728:0M0RYNtaAzJb3IMZy6ApLoNhcwsGyGKBUcWh3PAilcSH/exKVvZMlelu2oI:UQtLF0MUXghj9y7UfRPAeTHtVvDu2oI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234127", "to_ids": false, "type": "size-in-bytes", "uuid": "1a7fbc4f-d4ef-4452-9582-e844787d5819", "value": "181371902" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234127", "to_ids": true, "type": "vhash", "uuid": "5e32a20f-37e4-4f5e-b900-039926e3d47c", "value": "018056655d1c0560d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234127", "to_ids": true, "type": "filename", "uuid": "3f9f0bdb-2010-4a73-a022-f61b3ef805ea", "value": "neekoclient.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234127", "to_ids": false, "type": "text", "uuid": "457b0f67-b948-495b-a1d0-df86dd52f39e", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/71\nFirst Submission:2026-03-07T15:24:48.000000+00:00\nLast Submission:2026-03-10T18:08:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242495", "uuid": "658f6f31-c231-46d1-b62d-c70be1a98231", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242495", "to_ids": true, "type": "md5", "uuid": "a6d3b9fc-43d2-433a-8033-50c5cbfc896f", "value": "67dcbedcb7792ac9630fbe3a3dfcaa9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235145", "to_ids": true, "type": "sha1", "uuid": "74f9512a-bccb-4b9b-b2b6-d8677f71569a", "value": "d150466ebce1e8b49ee44ebde1f25bbf4bc900e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235146", "to_ids": true, "type": "sha256", "uuid": "9223b52f-6759-4755-97f4-60b7334961ac", "value": "7ec97405aeb271c73a7bbb9d466f755c18921f16403dab581e79d1096aadfd03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234151", "to_ids": true, "type": "ssdeep", "uuid": "481ffb97-1f7d-4f62-b8e9-1530c42d55f1", "value": "393216:Rc4+cCD8m3mcxOldus8mBgLfpGg96TaP0XBsGQ3K82sk0c4GDw9j9G:Rc4eZWcxOK6gRH6Y0xjEK6XcXIjA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234151", "to_ids": false, "type": "size-in-bytes", "uuid": "fc389bca-61f8-4b9c-89a0-63c2d4bcc660", "value": "20112376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234151", "to_ids": true, "type": "vhash", "uuid": "ddfe06ec-48ce-4895-ba1d-04c0c2f33648", "value": "ba9d1c514dab21c267ded258748e470c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234151", "to_ids": true, "type": "filename", "uuid": "758df09a-160f-43ba-8450-a58d4c12ec10", "value": "7ec97405aeb271c73a7bbb9d466f755c18921f16403dab581e79d1096aadfd03.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234151", "to_ids": false, "type": "text", "uuid": "99c46aa5-28ea-4976-aa71-7a828b2602b2", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:5/67\nFirst Submission:2026-01-31T12:13:30.000000+00:00\nLast Submission:2026-03-19T06:57:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242516", "uuid": "63d67e2a-f55c-42d9-a85a-aab3dedace0c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242516", "to_ids": true, "type": "md5", "uuid": "d4261a0e-546a-4804-b46e-d47016581645", "value": "7d6973dc368b72617e469034a869cd92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235148", "to_ids": true, "type": "sha1", "uuid": "235748bb-c310-49f7-8bc4-3fea8b037d85", "value": "d6dde6d5744833706f4a09af809a763039d2c171", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235148", "to_ids": true, "type": "sha256", "uuid": "4c4b7092-91a9-4eb9-b019-b8a2bb91de9d", "value": "7f239306e6e32246a07818b3600932c1ad85a42e9902370d98d9fc0f1b120ec7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234174", "to_ids": true, "type": "ssdeep", "uuid": "96570846-46e4-4a07-ba18-4bcb324e8240", "value": "1572864:2I2um44HieJ6udAefzg1pMHG3cv4JW4/KMYAMvJmiftzjrj6j2ghX4z9ScriXy0O:2ITm4veUkYJo+sUifljMBhIz9jv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234174", "to_ids": false, "type": "size-in-bytes", "uuid": "cec62b37-f09f-41d7-b65b-e59a24155520", "value": "91284014" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234174", "to_ids": true, "type": "vhash", "uuid": "2b15351b-68e1-4677-8667-185a6b075e94", "value": "097056655d1c0570d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234174", "to_ids": true, "type": "filename", "uuid": "4962000b-3d25-43b7-a4be-64c83956ed40", "value": "BunnyClient_Setup.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234174", "to_ids": false, "type": "text", "uuid": "614cbe44-2d6a-459d-86f6-c4d27eac9f16", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/70\nFirst Submission:2026-03-09T13:18:26.000000+00:00\nLast Submission:2026-03-09T13:18:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242538", "uuid": "9d5d61bb-8879-4271-851d-eec0c3dce095", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242538", "to_ids": true, "type": "md5", "uuid": "6919fa23-eceb-4463-93ae-3eced1857ca2", "value": "c0b55df55e1a8e48dc2e22fa54b05792", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235151", "to_ids": true, "type": "sha1", "uuid": "2c4e1a78-1abb-4419-bfa9-af5bb77751df", "value": "dc3e519c78c8c09be1b3409204957f6bd18acacc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235151", "to_ids": true, "type": "sha256", "uuid": "700031d4-5765-4680-8035-eb9a83f06637", "value": "85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234198", "to_ids": true, "type": "ssdeep", "uuid": "2dbbea2a-eee8-4b8c-8359-9495840c55be", "value": "393216:hZBwa8uEEfmZ9ZmWxOldus8mBgLNv6zmgiJuP8Zkw9jHSCR:hZBwagE6YWxOK6gF6i7dZkIjHj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234198", "to_ids": false, "type": "size-in-bytes", "uuid": "f50a67d1-5171-458b-9d4d-0fa1909c7739", "value": "22534391" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234198", "to_ids": true, "type": "vhash", "uuid": "aaedf955-07ad-4587-907b-c58035b586bb", "value": "673173698bb7ef23b368508a61d71ea2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234198", "to_ids": true, "type": "filename", "uuid": "5efb0bd6-ea4f-45df-a0ef-78a62c08f2ef", "value": "85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234198", "to_ids": false, "type": "text", "uuid": "59da7a5c-4ade-43fd-85c9-ee22996b88a4", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:4/67\nFirst Submission:2026-02-17T00:12:10.000000+00:00\nLast Submission:2026-03-17T14:00:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242560", "uuid": "ec50dc98-915a-48aa-957f-343f7cdbeb5c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242560", "to_ids": true, "type": "md5", "uuid": "8d997add-4543-4a15-88de-d0ffac8d09e3", "value": "d974723382f2f77aeecfdfdd8af754c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235153", "to_ids": true, "type": "sha1", "uuid": "fab1b1de-b672-4a7c-9aea-10831d42165e", "value": "e0dfa2a90c0238f3bb276efe126eec8e3fc8ba87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235153", "to_ids": true, "type": "sha256", "uuid": "d6f04520-69ef-4c7c-8ff1-49a2152cabfb", "value": "85892a04d28e1962511c2aa4ffd5e9ef3e34e4280a2022427d617d884fa1e774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234222", "to_ids": true, "type": "ssdeep", "uuid": "d6528b39-e82d-4071-9a98-24581c4036ce", "value": "393216:H1U4OhweRCWWO6yMpJ2gbL3muvnak9q1w3rdIornfQ9zyzcildCC8mByW8:O4OWe4WWbJvbL3iBqdIorfNzci2Qv8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234222", "to_ids": false, "type": "size-in-bytes", "uuid": "80f9e9a8-16b2-45fb-8726-0d4f64e4d69f", "value": "24320442" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234222", "to_ids": true, "type": "vhash", "uuid": "f447ba92-a932-4df6-b10c-dd9f42bf151f", "value": "05e0f4b0f74e887b8c31e11c6b7387e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234222", "to_ids": true, "type": "filename", "uuid": "7e5ab8cc-687c-4aee-aa21-aa14966e385d", "value": "85892a04d28e1962511c2aa4ffd5e9ef3e34e4280a2022427d617d884fa1e774.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234222", "to_ids": false, "type": "text", "uuid": "9b083367-8e67-45fb-b51c-1e0204064d7e", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:1/67\nFirst Submission:2026-02-16T23:21:11.000000+00:00\nLast Submission:2026-03-18T09:59:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242582", "uuid": "330f86fa-5336-44b5-a5e4-964a57b4807e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242582", "to_ids": true, "type": "md5", "uuid": "445a3d76-c58b-4d69-a092-b9e4a3587c58", "value": "f850c796a4ed2a8ea07f73f545f48f96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235155", "to_ids": true, "type": "sha1", "uuid": "60d60c5c-2faa-4411-8fcc-f7c82ff00efb", "value": "0013b06e1859a75221fa25f0cf1bab4bf86d7ed9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235156", "to_ids": true, "type": "sha256", "uuid": "6e7f0fa3-20d2-44d4-a59c-ad594844a186", "value": "8c2c4ff54b48631d324b643a333ae08161a091f439cfcb684cdf2157a42c9912", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234247", "to_ids": true, "type": "ssdeep", "uuid": "a9769aa9-f070-4df6-ab06-bd80e61f6dfc", "value": "393216:djscKncNA3NKMjsfG8TL0xSBcunzY0pMp5QVvIxRDc:djkn4AdKcl8TLgSWuip5QQg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234247", "to_ids": false, "type": "size-in-bytes", "uuid": "0b6637ce-1bf3-4fb6-99bd-a74b5d544ac5", "value": "17906098" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234247", "to_ids": true, "type": "vhash", "uuid": "34b86c9a-1c2e-4cd9-b680-aaef2bed454a", "value": "e081b9f1ed8c5c18b15e4b62c2e2c7fe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234247", "to_ids": true, "type": "filename", "uuid": "32d0ec35-71f1-46e2-b5a8-7b915f1e1daf", "value": "8c2c4ff54b48631d324b643a333ae08161a091f439cfcb684cdf2157a42c9912.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234247", "to_ids": false, "type": "text", "uuid": "83aab075-e2a6-48c9-8c69-010c68e5504d", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:3/67\nFirst Submission:2026-02-16T23:39:53.000000+00:00\nLast Submission:2026-03-18T09:57:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242604", "uuid": "67de0cdb-7544-4365-9f82-4d1ea02d692d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242604", "to_ids": true, "type": "md5", "uuid": "876191d6-8012-44f2-8da6-050727d88b1f", "value": "5220db019773aac9f3b4ef9ce0895dbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235158", "to_ids": true, "type": "sha1", "uuid": "62fe8358-191a-43de-99a6-4dbdc5a96232", "value": "6db3efddaf364503ec02cdc631a4da6761af627b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235158", "to_ids": true, "type": "sha256", "uuid": "f90f5db8-5521-4c0b-9ca3-89ed4ed4cf9c", "value": "997f7449d7b98aa08ad37c7953a51ad3f95e7532824959b7eba3953b30e76475", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234293", "to_ids": true, "type": "ssdeep", "uuid": "ed9e40b3-5a7f-47bb-ac04-f7d9d35ea578", "value": "1572864:A+d+tjmub20nB3cEeqo26Q5MlPRO7rYkDcy:A/tjmAcEeqoG5McD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234293", "to_ids": false, "type": "size-in-bytes", "uuid": "183075cc-4843-4eb7-848e-c73d4f8f1d1d", "value": "90451968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234293", "to_ids": true, "type": "vhash", "uuid": "9e98bbd6-028f-477b-a6f4-137a0c0b8672", "value": "097086556d15556565755263z92z89fz57z32z235z36" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234293", "to_ids": true, "type": "filename", "uuid": "f7aa6be0-dae2-4d92-833e-3af71f2a8415", "value": "CuttiesCraft Launcher.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234293", "to_ids": false, "type": "text", "uuid": "cdfd65d5-511e-4d77-8803-40211f5b43c3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:13/70\nFirst Submission:2026-03-06T18:09:08.000000+00:00\nLast Submission:2026-03-09T08:41:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242626", "uuid": "ff45dac1-fbed-48d5-89bf-0a5f1d5a6b28", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242626", "to_ids": true, "type": "md5", "uuid": "4898d5cf-d7f2-4aad-936e-1e69a89391f7", "value": "28f5c1b13dd399952211ee0ddb45b1bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235159", "to_ids": true, "type": "sha1", "uuid": "1e81f832-41cb-484a-ac78-f0872264ce42", "value": "2e62935e5c0a3f1017df8bb7838efb007abe2fc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235160", "to_ids": true, "type": "sha256", "uuid": "79d2d455-329f-4aa2-bdc3-2938c69a59ae", "value": "a3e88f95484965f7c9a34731ffca42fcaea25e917f5a6d70ab86c941cf23b832", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234316", "to_ids": true, "type": "ssdeep", "uuid": "2d91f5b9-4ccb-4289-8693-5772398af67c", "value": "3145728:tzhJyzWZtinrxLxOktj2YjAuKGTZS9+z3vVLOeJWpmAp+2Iz:PJxZtGlOktj2KKGM9+ROCAtIz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234316", "to_ids": false, "type": "size-in-bytes", "uuid": "0f9db734-dc4d-4fbf-b632-349cd48eaeaa", "value": "125538454" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234316", "to_ids": true, "type": "filename", "uuid": "ecedc722-c05f-4e79-aae9-8a4202c42fe9", "value": "MiniCraftLauncher.rar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234316", "to_ids": false, "type": "text", "uuid": "86b5614f-83f8-457a-bc6b-dd8ce5c64d9a", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:0/60\nFirst Submission:2026-03-06T07:20:22.000000+00:00\nLast Submission:2026-03-06T07:22:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242648", "uuid": "e1b15e3b-ef76-4248-97c9-924b97f044e1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242648", "to_ids": true, "type": "md5", "uuid": "0411ef0d-8943-441b-a800-027cf34c328a", "value": "21db146acb58c37fd2ae6a67d4687f8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235163", "to_ids": true, "type": "sha1", "uuid": "fd81bc15-ff6d-461d-8fc9-09e2d8bb2d96", "value": "642e56eeb418fc24ec3159ef4acf88a91065897d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235163", "to_ids": true, "type": "sha256", "uuid": "5d7f95d2-0cf9-48aa-b18c-8b0f4c49f1f3", "value": "b59ded7da641637ec3a95fe78b8b1c69d7a85bb9a70351e80f26b334fe452699", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234340", "to_ids": true, "type": "ssdeep", "uuid": "e244c5f0-e048-4ef6-85fb-20a690ce251b", "value": "393216:CQRsrE0B2p1kuxAQln/cbkbQ6h8Z9gKCcq3fBRRldxH8mBiMd6:fmrxBChdnlQc8XgKCcMfBRRlTFg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234340", "to_ids": false, "type": "size-in-bytes", "uuid": "fa8cf487-446c-4ca1-9401-e5e860ba500a", "value": "19059395" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234340", "to_ids": true, "type": "vhash", "uuid": "202ffdcb-e61c-4b04-bbb5-88cf7f80a88f", "value": "d1716ce223490e15b5317bcdec571c88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234340", "to_ids": true, "type": "filename", "uuid": "d9a99ea5-920f-4d01-90a3-290889a10476", "value": "b59ded7da641637ec3a95fe78b8b1c69d7a85bb9a70351e80f26b334fe452699.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234340", "to_ids": false, "type": "text", "uuid": "92b3215a-5abb-40fc-99eb-fcf3c3316d48", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:2/67\nFirst Submission:2026-02-15T22:25:25.000000+00:00\nLast Submission:2026-03-19T06:56:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242670", "uuid": "77e1d3bb-38de-4f22-ba84-dd0c7d15217a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242670", "to_ids": true, "type": "md5", "uuid": "8893054c-c697-4761-a37d-5b740e260432", "value": "b38e99aa6130a2d60ecd2e31f627521f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235164", "to_ids": true, "type": "sha1", "uuid": "8366c971-0e77-43ea-b23b-bc10e41e0e9d", "value": "17da58d9a2afb00ef192213edf9531109d7cebb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235165", "to_ids": true, "type": "sha256", "uuid": "a10ce35d-1da2-4ed1-807f-3cac7b4bb80b", "value": "c08c9be47baddbb62f69b70932221d89f8a9984c778b762212676c470ba329cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234363", "to_ids": true, "type": "ssdeep", "uuid": "82b673cc-dd34-4ebb-bd80-5c067b299ddf", "value": "1572864:9VDG5MiP2aVxUXuKnof+z+KoL+1iJKO+pfWo/AfOtZhhz8WtAsi:9VDG5NVyuoFK6MM9fWo0ahzfAsi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234363", "to_ids": false, "type": "size-in-bytes", "uuid": "5378f97e-1385-4f57-bf94-8f701f785be7", "value": "133695350" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234363", "to_ids": true, "type": "vhash", "uuid": "a2efe650-07b9-4b47-a1b4-22ac9ba96e04", "value": "018076656d156d05555263z92zff7z17z13z93z12c4z11z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234363", "to_ids": true, "type": "filename", "uuid": "a2606255-48d0-41d3-9769-e92cc8f2b473", "value": "build-pzbd2olk6xtub3g.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 14/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234363", "to_ids": false, "type": "text", "uuid": "f8a77e5f-0459-44bd-aaba-ccf9cb2a4ab2", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:9/71\nFirst Submission:2026-02-02T20:12:24.000000+00:00\nLast Submission:2026-02-06T15:42:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242692", "uuid": "aaed6a12-46ec-4120-ac38-44fd8d8f9a4c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242692", "to_ids": true, "type": "md5", "uuid": "02c6ab2c-defe-43a0-9081-aefddc12f7f9", "value": "209f4b442aa6aef7e686292eee5dad00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235167", "to_ids": true, "type": "sha1", "uuid": "70e18951-891b-4b98-8576-433459100e95", "value": "eaf32b42743d32431df236e7f8939690e52cc94b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235167", "to_ids": true, "type": "sha256", "uuid": "96901c58-522e-4dbd-a5f4-113dfb426570", "value": "c4fc36d968c0c190716ecefac4f8fdea92de88fd94080108ef85a96512eb6471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234387", "to_ids": true, "type": "ssdeep", "uuid": "ea605316-dbe3-423c-95dc-07df6227e301", "value": "3145728:+/0RYNCZImsVrSzJb3IMZy6ApLoNhcQ83flg9tbETyMIhoTXsxKVvZMlelu2oN:DQC9rF0MUXghxodg4eMI2TbVvDu2oN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234387", "to_ids": false, "type": "size-in-bytes", "uuid": "6fa2e8b7-59c2-4740-967e-0eb724e953e6", "value": "181285648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234387", "to_ids": true, "type": "vhash", "uuid": "e93237c7-840d-4e6c-b154-eb14d47245ba", "value": "018056655d1c0510d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234387", "to_ids": true, "type": "filename", "uuid": "a4a7062b-e862-4f8e-afdc-23878f2b407c", "value": "KittenClientLauncher.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234387", "to_ids": false, "type": "text", "uuid": "d2425f46-9122-4673-9dab-17c28be5f147", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:15/71\nFirst Submission:2026-03-09T14:48:20.000000+00:00\nLast Submission:2026-03-14T00:16:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242714", "uuid": "b0305c89-2acc-4781-974b-d6267e1e96b2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242714", "to_ids": true, "type": "md5", "uuid": "83c07798-2176-4833-aa93-a58780a35e46", "value": "8499eadc32955b81075383cb2c9bf247", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235168", "to_ids": true, "type": "sha1", "uuid": "2f2367b6-c185-4a62-900b-d3e3b1ad6b29", "value": "d6f6374b9a548949867fbbc4a956116d1065ade4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235169", "to_ids": true, "type": "sha256", "uuid": "2b62732c-7290-45c2-91cb-b3cbfc60f2ae", "value": "d6832ecc0d04a0621fbe1ed19311577f6a750bfb68460809bc9dfa571c222206", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234432", "to_ids": true, "type": "ssdeep", "uuid": "b13c72cd-c612-47af-a659-3e1c0b9c8dd9", "value": "393216:nuwn6pOT72BonVCU04tZAdZhnSmAXYp9LGc9jSPhxLW3VMWldgR8mBQ2fM:zeo7wnx4nAPdTkYplGkS3W3VMW09Nk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234432", "to_ids": false, "type": "size-in-bytes", "uuid": "08c29309-0523-40ce-85ea-e33d2f6df18d", "value": "23066609" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234432", "to_ids": true, "type": "vhash", "uuid": "bad44ce5-f003-4160-b41b-d48d1c095264", "value": "5982fae5b5887f0d00664eafe876b6b1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234432", "to_ids": true, "type": "filename", "uuid": "c8380338-e4cd-429b-a01a-b71d9de46eda", "value": "d6832ecc0d04a0621fbe1ed19311577f6a750bfb68460809bc9dfa571c222206.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234432", "to_ids": false, "type": "text", "uuid": "15f93bac-204a-4a77-bce7-342ca9ff2ff2", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:4/67\nFirst Submission:2026-02-16T21:29:12.000000+00:00\nLast Submission:2026-02-16T21:29:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242736", "uuid": "5e5ed9cb-234a-43dc-9a5c-1d795069ec05", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242736", "to_ids": true, "type": "md5", "uuid": "bb5e3310-cc18-40f7-8630-58273d03d530", "value": "bd77665d6a19db8cf4db28d3edc59f13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235170", "to_ids": true, "type": "sha1", "uuid": "91147124-54a9-4136-a8d9-cc5574955cad", "value": "d889cf5e1f8e4c78d88cbf00a0a8f454d51dd65c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235170", "to_ids": true, "type": "sha256", "uuid": "7777cf6a-426d-4677-bfde-9879c5031761", "value": "deef632b35470738485067d3c757d1fdb7e45393b59010ce170e69c23b3a092d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234478", "to_ids": true, "type": "ssdeep", "uuid": "67599f2d-0618-453b-9926-bd807cc0aec8", "value": "393216:5tU4OhweRCWWO6SMpJ2obL3muvnx9qqw3rdIosQi3qcildCC8mByWD:Q4OWe4WWXJrbL3pqdIosQAqci2QvD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234478", "to_ids": false, "type": "size-in-bytes", "uuid": "b3bd404d-df8f-4ccd-8b57-0819ceb1f312", "value": "23992905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234478", "to_ids": true, "type": "vhash", "uuid": "12f80a71-fd84-4ce0-9715-ffba98e9ba38", "value": "b00f9dd99682f5ecc69007d508cc0779" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234478", "to_ids": true, "type": "filename", "uuid": "d9e4695d-1e1d-4aba-8d16-0042d7de0f42", "value": "deef632b35470738485067d3c757d1fdb7e45393b59010ce170e69c23b3a092d.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234478", "to_ids": false, "type": "text", "uuid": "f6070faf-b296-4cec-8684-6a7770727fc7", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:1/67\nFirst Submission:2026-02-14T20:49:21.000000+00:00\nLast Submission:2026-03-17T14:16:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242758", "uuid": "6e9b9542-b98e-4198-bb3b-1d3532bede1e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242758", "to_ids": true, "type": "md5", "uuid": "3ee0afba-7e35-41d3-a86e-1ba47384bcfc", "value": "ded5d5a66f5d668d2411598f291c8801", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235172", "to_ids": true, "type": "sha1", "uuid": "1a1db19e-32bc-4109-b091-8c2a458de8eb", "value": "dd1f43d8222c1d1bbebe822b5716e8ee078939e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235172", "to_ids": true, "type": "sha256", "uuid": "b047d81c-ee4c-465b-a7f4-9f54e40db4c2", "value": "e340d345dfd492393971c8602fd4863583247fa46cd834fe5e87258d18fc2eac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234524", "to_ids": true, "type": "ssdeep", "uuid": "40304b0f-4698-4ff6-a3fd-b949342cae68", "value": "24576:FKeQTvZzNcdociH8DDzd5itBsKSpqWG6vpXqEEkMwrx/lb28u8rQiFFiOUjg5J3Z:YeuLTH8DjesKSpqWGUqmMqxfu8NFFiOZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234524", "to_ids": false, "type": "size-in-bytes", "uuid": "5590688a-d0c2-4443-88ab-c31aec8e7c95", "value": "1471253" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234524", "to_ids": true, "type": "vhash", "uuid": "3ecb0292-fac0-47de-b1db-ebf9724b5d9c", "value": "d841e1bac4021797b9e4d613b46cb2da" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234524", "to_ids": true, "type": "filename", "uuid": "3223c5c6-f33e-4034-a5bb-7c19ec5f5173", "value": "KittlyCraft.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 14/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234524", "to_ids": false, "type": "text", "uuid": "665053f0-89f0-47ec-a49e-5298003eea88", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:0/69\nFirst Submission:2026-03-13T16:28:08.000000+00:00\nLast Submission:2026-03-13T16:28:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242780", "uuid": "c1a2bf6a-038d-44c3-af2c-d0014893ef8b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242780", "to_ids": true, "type": "md5", "uuid": "6617bc65-d307-4073-b2e7-d01771f9a170", "value": "7d149acb9fad921dcfedf3f4b73671c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235174", "to_ids": true, "type": "sha1", "uuid": "2183f188-0d52-462b-b62f-c9f4e55d607a", "value": "6739cf94ff869a3b79b22db6689af63e4974677b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235174", "to_ids": true, "type": "sha256", "uuid": "61266ef2-0f0d-4908-8b40-29c500a83ad4", "value": "e4598c17b948526ccc3f586857363a75c95e695a5125d5b4fed088b27a58100e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234548", "to_ids": true, "type": "ssdeep", "uuid": "fad4dbef-4ad2-43d1-bbd9-20b2babca18a", "value": "393216:/2mEdet2jj8KKpl2uzceFcQPUhhy1mw5jmkmld2W8mBV5UKo:uxYtOUCuzeCahqmIjmkmq0v6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234548", "to_ids": false, "type": "size-in-bytes", "uuid": "7c6b6788-d1df-4b48-bf00-c7af8ae99a1d", "value": "19150716" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234548", "to_ids": true, "type": "vhash", "uuid": "162fb12f-eb7e-4b18-be12-717e9c3f5a5a", "value": "d1716ce223490e15b5317bcdec571c88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234548", "to_ids": true, "type": "filename", "uuid": "b8acc4b2-e017-4415-9164-5c0835995479", "value": "e4598c17b948526ccc3f586857363a75c95e695a5125d5b4fed088b27a58100e.jar" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234548", "to_ids": false, "type": "text", "uuid": "f2e7887a-7690-467f-8747-6407408f7df6", "value": "Type Description: JAR\nMicrosoft: None\nVT Total Detection:1/67\nFirst Submission:2026-02-16T23:28:32.000000+00:00\nLast Submission:2026-03-19T06:57:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774242803", "uuid": "713ce915-5dc5-47c3-8194-cf098106815b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774242803", "to_ids": true, "type": "md5", "uuid": "859ca3e2-912c-4851-90ce-07bfa2b3a014", "value": "799cd2caa25683da8199a7f90b95e1a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774235176", "to_ids": true, "type": "sha1", "uuid": "1523cab2-7102-4d8c-b63d-8e47bc85c7aa", "value": "71c06fb43905008a4ac2af0555ebb63780927307", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774235176", "to_ids": true, "type": "sha256", "uuid": "90a257fd-665a-48b6-8dac-2601a14aa2d7", "value": "fa2a590dfdbc9170be58764f8da6a27a81d551b00a21061a9dc03bfab78f9e63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774234615", "to_ids": true, "type": "ssdeep", "uuid": "0186027f-a114-48f2-854b-cde4e563e037", "value": "3145728:XIqkkgqjOYnC8M3kgRMANkHXUHrZg17Jpbc:zkpPEjELZg7bg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774234615", "to_ids": false, "type": "size-in-bytes", "uuid": "64f810f3-8888-484f-bc19-2eee73e1d95b", "value": "116129730" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774234615", "to_ids": true, "type": "vhash", "uuid": "7ebeb7b2-0bdf-4434-b82f-df5cba67dc0b", "value": "018056655d1c0560d043z800417z47z62z41fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774234615", "to_ids": true, "type": "filename", "uuid": "84a4a52b-1aa9-460b-8079-8627ac57941f", "value": "KittieMC.exe" }, { "category": "Other", "comment": "Checked: 23/03/2026\nLast-scan\t: 14/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774234615", "to_ids": false, "type": "text", "uuid": "77f6ff75-62ac-4792-9457-7a36c7d7b494", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/69\nFirst Submission:2026-03-10T15:27:46.000000+00:00\nLast Submission:2026-03-13T16:10:06.000000+00:00" } ] } ] } }