{ "Event": { "analysis": "1", "date": "2026-03-02", "extends_uuid": "", "info": "[Threat Intel] Funnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain Attacks", "protected": false, "publish_timestamp": "1772807246", "published": true, "threat_level_id": "3", "timestamp": "1772807246", "uuid": "5f6961f8-c331-45ec-8c6b-641fafa71986", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#08de5a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Cloud Compute Infrastructure - T1578\"", "relationship_type": "" }, { "colour": "#047df6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Target - T1608.004\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#e8825f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": "" }, { "colour": "#474886", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic Linker Hijacking - T1574.006\"", "relationship_type": "" }, { "colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#d596aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"", "relationship_type": "" }, { "colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": "" }, { "colour": "#1cf78c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Install Root Certificate - T1553.004\"", "relationship_type": "" }, { "colour": "#e22a4a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credential API Hooking - T1056.004\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120046", "local": false, "name": "rectifyq:sub-category=\"infra-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593208", "to_ids": false, "type": "link", "uuid": "363be53a-8841-4fcb-ad24-52a4e6f29a1b", "value": "https://blog.xlab.qianxin.com/funnull-resurfaces-exposing-ringh23-arsenal-and-maccms-supply-chain-attacks/", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772593208", "to_ids": false, "type": "text", "uuid": "bb4baf7d-d5c6-4e94-af7f-85f692ac3b96", "value": "The report details the resurgence of the Funnull cybercriminal group, now utilizing a new arsenal called RingH23. It exposes their tactics, including compromising GoEdge CDN nodes, poisoning the MacCMS supply chain, and deploying sophisticated malware components like Badredis2s, Badnginx2s, and Badhide2s. The group has expanded its operations to inject malicious JavaScript, hijack cryptocurrency transactions, and redirect traffic to fraudulent sites. The campaign's impact is estimated to affect millions of users daily. The report also highlights Funnull's use of a suspicious new CDN infrastructure, CDN1.AI, likely created to evade detection." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772593208", "to_ids": false, "type": "text", "uuid": "9833b390-2216-43d4-8a2c-8eeb18c798c1", "value": "Name: Funnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain Attacks\nAuthor: AlienVault\nAdversary: Funnull\nTags: [\"v2deck\", \"supply chain attack\", \"badredis2s\", \"badhide2s\", \"cryptocurrency theft\", \"cdn poisoning\", \"badnginx2s\", \"ringh23\", \"traffic hijacking\", \"maccms\"]\nTgtd countries: [\"China\"]\nMlwr families: [\"RingH23\", \"Badredis2s\", \"Badnginx2s\", \"Badhide2s\", \"V2deck\"]\nAttack_ids: [\"T1133\", \"T1578\", \"T1608.004\", \"T1140\", \"T1195\", \"T1190\", \"T1036\", \"T1055\", \"T1112\", \"T1505.003\", \"T1574.006\", \"T1070\", \"T1078\", \"T1571\", \"T1027\", \"T1195.002\", \"T1102.002\", \"T1553.004\", \"T1056.004\"]\nIndustries: [\"Technology\", \"Telecommunications\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1772593208", "to_ids": false, "type": "threat-actor", "uuid": "fd8861cc-0821-4643-a52b-fdae346f2ec1", "value": "Funnull" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765783", "to_ids": true, "type": "md5", "uuid": "de4121b2-8123-49c7-8c97-c696dd457670", "value": "22f0d58bc482d413a5cc8922c7f79378", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765783", "to_ids": true, "type": "md5", "uuid": "4054a0c8-248b-456f-9ebc-07cfc1efe231", "value": "296318b90bc9d01ab045da042b0ecb21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765784", "to_ids": true, "type": "md5", "uuid": "2f9722d7-67ae-442e-973b-45e2fc319758", "value": "51830656b0825b22703e4fcf31aec84c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765785", "to_ids": true, "type": "md5", "uuid": "ee6af62e-98df-4367-9029-f3a71fecd081", "value": "563f5e605ebf1db8065fd41799e71bf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765786", "to_ids": true, "type": "md5", "uuid": "762d56b6-9adb-4c93-9c74-49bd8a30662b", "value": "663706d4f3948417d05c11bbfa6cdbc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765787", "to_ids": true, "type": "md5", "uuid": "73e2f80b-4fad-4a8d-9143-c0cf58cce2d4", "value": "6e14853a6ad5e752a516290bf586d700", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765788", "to_ids": true, "type": "md5", "uuid": "b3c302cc-93c7-430a-9742-dc354a1ec707", "value": "85cdf5139f0a0a0f7e378bc2029d662b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765789", "to_ids": true, "type": "md5", "uuid": "ed5ced3f-85e7-4b2a-b7b4-2ed0a72dfbaa", "value": "b5a5d93cfc443ecbd3b52cfe485b738c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765790", "to_ids": true, "type": "md5", "uuid": "714aa6b5-ef59-4ea2-9e49-416742370843", "value": "b5dfe88131fb1b3622a487df96be84e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765790", "to_ids": true, "type": "md5", "uuid": "543ccfd5-7b56-47bb-b0f5-caadd0ace108", "value": "b8239ce64c07e39ae7bed9ae8f5f3d2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772765792", "to_ids": true, "type": "sha1", "uuid": "ae47b344-8b99-4bc5-964d-69dcfe8002a5", "value": "7d1d49a8d8c1fa7b4b743ed551fa338c112268e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765813", "to_ids": true, "type": "ip-dst", "uuid": "03df6239-43eb-461c-b00e-82005cdc9594", "value": "8.139.6.156", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765835", "to_ids": true, "type": "url", "uuid": "7b0160a8-d7aa-4bbd-9e09-dad209796e28", "value": "http://api.bdustatic.com/jquery.min-4.0.12.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765857", "to_ids": true, "type": "url", "uuid": "3cd8f41e-10cf-4024-9ffc-ad5d6d5e4bbe", "value": "http://cdn.jsdelivr.vip/jquery.min-3.7.0.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765878", "to_ids": true, "type": "url", "uuid": "a44cda94-44a9-4897-9c6b-8f7d15c172d0", "value": "http://cdnjs.jsdclivr.com/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css?v=3.7.8.2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765899", "to_ids": true, "type": "url", "uuid": "68a30807-6652-4469-b2dd-181f8298f753", "value": "http://code.jquecy.com/jquery.min-3.6.8.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765920", "to_ids": true, "type": "url", "uuid": "2cbeb79d-d287-461f-bdca-473d50e34012", "value": "http://static.bytedauce.com/ajax/libs/bootstrap/5.3.3/css/bootstrap-grid.min.css", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765942", "to_ids": true, "type": "url", "uuid": "0f31769e-b131-4848-aaea-36937dc6257d", "value": "http://union.macoms.la/jquery.min-4.0.2.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765963", "to_ids": true, "type": "url", "uuid": "67d34e35-d7f9-4607-afca-8d8b9db7ba96", "value": "https://3snzh72om4.apifox.cn", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772765984", "to_ids": true, "type": "url", "uuid": "8bb14a45-cff8-4d09-91ef-f3bb66ce1464", "value": "https://az-blob.110.nz/update/init", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766006", "to_ids": true, "type": "url", "uuid": "dc6b0bca-7a6c-4dcb-828a-550f0f7f5c10", "value": "https://az-blob.110.nz/update/s1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766028", "to_ids": true, "type": "url", "uuid": "7bbc069c-3873-492f-87f4-4d80fbe43436", "value": "https://az-blob.110.nz/update/s2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766049", "to_ids": true, "type": "url", "uuid": "f08fb996-8d86-49fe-8721-eda4006861e4", "value": "https://az-blob.110.nz/update/s3", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766070", "to_ids": true, "type": "url", "uuid": "9709e253-ba1f-4289-9c3e-44e3fa134c20", "value": "https://az-blob.110.nz/update/s4", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766091", "to_ids": true, "type": "url", "uuid": "b33161a3-2ee8-478e-a696-6a5087c0c868", "value": "https://az-blob.110.nz/update/s7", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766112", "to_ids": true, "type": "url", "uuid": "628c1019-4d84-4093-ab13-8c0bda0e991d", "value": "https://az-blob.110.nz/update/s9", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766134", "to_ids": true, "type": "url", "uuid": "e1833c52-ec98-43f7-a428-50498c968d8a", "value": "https://bucket.service.generate.110.nz/2025-12-19/7d1d49a8d8c1fa7b4b743ed551fa338c112268e1/kernel.so", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766155", "to_ids": true, "type": "url", "uuid": "c4bfcd66-93ea-438c-be96-2dec0be82fa0", "value": "https://bucket.service.generate.110.nz/2025-12-19/7d1d49a8d8c1fa7b4b743ed551fa338c112268e1/module.so", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766176", "to_ids": true, "type": "url", "uuid": "5c7d0b5e-6858-42cb-bd8f-e64ffea3ce4e", "value": "https://bucket.service.generate.110.nz/2025-12-19/7d1d49a8d8c1fa7b4b743ed551fa338c112268e1/udev.rules", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766197", "to_ids": true, "type": "url", "uuid": "7b2ae775-f5c0-4a4d-9892-f3f9f1c8c244", "value": "https://bucket.service.generate.110.nz/udev.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766219", "to_ids": true, "type": "url", "uuid": "90c885e2-e913-4fc9-879e-8bdfbaa5c521", "value": "https://cdnjs.clondflare.com/jquery.min-3.7.8.1.js", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766240", "to_ids": true, "type": "url", "uuid": "16eefe56-d971-4811-aaa8-cd57680e59aa", "value": "https://cdnjs.jsdclivr.com/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css?v=3.7.8.2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766261", "to_ids": true, "type": "url", "uuid": "5779df45-a98d-42b9-950b-a305b8bc2fdc", "value": "https://download.joymeet.top/app/2PG/00056321.mobileconfig", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766283", "to_ids": true, "type": "url", "uuid": "51359355-4300-4f9c-86df-1af260619d28", "value": "https://dowoxox.gfewr.com/B9.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766304", "to_ids": true, "type": "url", "uuid": "2a89d32d-8fef-4499-8f50-d81c7a134254", "value": "https://plist.ztyfv.com/d/4F48MCiqtsjDCS7QOWs3KU.plist", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766325", "to_ids": true, "type": "domain", "uuid": "72cb6279-ca65-4789-91f0-ba80fb2f0466", "value": "9688hopeeasy.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766346", "to_ids": true, "type": "domain", "uuid": "615ee2c1-ed10-43cb-bab6-71c32ede72c7", "value": "ailyun-oss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766368", "to_ids": true, "type": "domain", "uuid": "936f10e4-985b-42f9-bbc8-0f252c0ffe7e", "value": "ailyunoss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766390", "to_ids": true, "type": "domain", "uuid": "715f1c9d-9f55-4804-8f52-851bd3ec7fae", "value": "aqyaqua.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766412", "to_ids": true, "type": "domain", "uuid": "faf637e9-dcf7-4b63-b9bc-f7e7f811dae5", "value": "bdustatic.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766433", "to_ids": true, "type": "domain", "uuid": "74e26042-951a-4180-bd2f-2f697be547cb", "value": "bytedauce.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766454", "to_ids": true, "type": "domain", "uuid": "960cf58c-2a35-44ab-bd06-ba83c9cdaf21", "value": "clondflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766475", "to_ids": true, "type": "domain", "uuid": "c077b6e9-4054-4f14-acdf-cff95f1cb761", "value": "debianhacks.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766497", "to_ids": true, "type": "domain", "uuid": "74eac8f0-43f7-4bd9-9b23-d163a6edc441", "value": "fedoraforums.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772766518", "to_ids": true, "type": "domain", "uuid": "1b81e065-a312-45c3-968d-44ed8c249010", "value": "firelategg.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804416", "to_ids": true, "type": "domain", "uuid": "d85b9d69-5840-4387-b1ed-1416a8c428e6", "value": "flysky55.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804438", "to_ids": true, "type": "domain", "uuid": "e2b3290e-6da1-4e7b-aee1-3849e4fe9170", "value": "gadlkd1.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804460", "to_ids": true, "type": "domain", "uuid": "354a16ad-2478-4833-b37f-4feda5ba81f1", "value": "goyppg06.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804483", "to_ids": true, "type": "domain", "uuid": "8e36e9e1-f253-4ee8-9578-688c99ad3dda", "value": "jsdclivr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804505", "to_ids": true, "type": "domain", "uuid": "096fcbca-3cb4-424c-8606-fb4f57d8d000", "value": "jsdelivr.vip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804527", "to_ids": true, "type": "domain", "uuid": "334c371f-5535-41e0-91e6-1d35d78bd077", "value": "linuxdistro.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804549", "to_ids": true, "type": "domain", "uuid": "4b506619-2d09-40df-9c66-4406b3dcf0ec", "value": "lucycally.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804571", "to_ids": true, "type": "domain", "uuid": "fc0f880b-6061-430c-9d64-8578d71d1c4e", "value": "maccmsp.la", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804593", "to_ids": true, "type": "domain", "uuid": "673864d0-fb84-45e2-be1d-6b23669d6a3b", "value": "moxymodiy.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804615", "to_ids": true, "type": "domain", "uuid": "da71efbc-1892-45a9-91af-931f76f604b1", "value": "realfake909.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804637", "to_ids": true, "type": "domain", "uuid": "66b2c15b-cc20-4788-abb1-ae70b3f30b72", "value": "tutupytua.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804659", "to_ids": true, "type": "domain", "uuid": "cb7c9132-a0f9-4c6a-ab48-586f463fb5cf", "value": "ubuntucommands.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804682", "to_ids": true, "type": "domain", "uuid": "7f9519ae-a6ce-4b8f-9d2f-c3be5801642e", "value": "zybbzlast.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804704", "to_ids": true, "type": "hostname", "uuid": "2231221c-e7ed-4d05-a358-9ab79d29734b", "value": "3snzh72om4.apifox.cn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804726", "to_ids": true, "type": "hostname", "uuid": "080562f3-c218-4e76-ad39-16340330a119", "value": "a.plusedns.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804748", "to_ids": true, "type": "hostname", "uuid": "353ed254-aabb-48c0-b92f-41d291651b7f", "value": "api.bdustatic.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804771", "to_ids": true, "type": "hostname", "uuid": "ce1387ee-5de4-4b7f-8f7f-58e2ac0835bc", "value": "apk.aqyaqua.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804794", "to_ids": true, "type": "hostname", "uuid": "04dbd69a-8138-4c4b-bf60-ce60e3267e32", "value": "az-blob.110.nz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804815", "to_ids": true, "type": "hostname", "uuid": "abce0a67-0c61-4739-8bba-934eed2801a1", "value": "b.plusedns.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804838", "to_ids": true, "type": "hostname", "uuid": "af121691-978c-40f0-bb90-212c395ff33b", "value": "bucket.service.generate.110.nz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804861", "to_ids": true, "type": "hostname", "uuid": "7d2c6c2f-37e5-443a-85b6-c6eabead6e50", "value": "cdn.jsdclivr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804883", "to_ids": true, "type": "hostname", "uuid": "4f2487e0-bdbe-4b70-8245-30f12c9d381a", "value": "cdn.jsdelivr.vip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804905", "to_ids": true, "type": "hostname", "uuid": "c69965fb-8228-4a3a-a5cb-588518a62203", "value": "cdnjs.clondflare.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804928", "to_ids": true, "type": "hostname", "uuid": "0c2bb7e7-3d3f-459c-9867-a66068affbaa", "value": "cdnjs.jsdclivr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804950", "to_ids": true, "type": "hostname", "uuid": "2f6790d8-0f7a-4fff-a292-51bb04e791b4", "value": "client.110.nz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804972", "to_ids": true, "type": "hostname", "uuid": "613cfd1e-5c64-4c05-b43e-024486697c3b", "value": "cn.js.mirrors163.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772804994", "to_ids": true, "type": "hostname", "uuid": "22949d2d-f1d9-43b4-8c9c-1ad5937438aa", "value": "code.jquecy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805017", "to_ids": true, "type": "hostname", "uuid": "788529f9-b023-4016-bbf6-0a2e18899997", "value": "download.joymeet.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805039", "to_ids": true, "type": "hostname", "uuid": "1c062612-59c0-4851-ba7f-1b6b60da810d", "value": "dowoxox.gfewr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805061", "to_ids": true, "type": "hostname", "uuid": "89d7cc56-d2c6-4f4a-b1cd-ff5351c8efa4", "value": "h2.debianhacks.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805083", "to_ids": true, "type": "hostname", "uuid": "dc6ea7aa-e80f-4ab4-9c4a-4fd45d928ce4", "value": "j6.linuxdistro.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805105", "to_ids": true, "type": "hostname", "uuid": "38a38ba9-c2fb-4108-b115-e42436ad162f", "value": "js.mirrors163.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805126", "to_ids": true, "type": "hostname", "uuid": "48683257-aa7f-4772-ad4d-8cc844b32a6d", "value": "js.ntp.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805148", "to_ids": true, "type": "hostname", "uuid": "0737d7fd-1e17-4a14-8af2-b2790591b7b8", "value": "js.ntporg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805170", "to_ids": true, "type": "hostname", "uuid": "cf845350-b04e-42db-a546-b69df046fca4", "value": "js.sbindns.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805194", "to_ids": true, "type": "hostname", "uuid": "01dc25dc-a1b4-4bb3-a3ef-12eda2e71032", "value": "js2.ntporg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805216", "to_ids": true, "type": "hostname", "uuid": "b8baf029-9bc6-4060-a08e-dfdb75114d76", "value": "mobileconfig.aqyaqua.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805238", "to_ids": true, "type": "hostname", "uuid": "aecca1b7-5545-40bd-a2f0-cf0c8a2058dc", "value": "nsj6.linuxdistro.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805261", "to_ids": true, "type": "hostname", "uuid": "0b194ace-5000-4285-9a08-dddabc00d436", "value": "plist.ztyfv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805283", "to_ids": true, "type": "hostname", "uuid": "68a0b158-aa25-4477-9b7f-55e4c88ffc78", "value": "s.aqyaqua.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805305", "to_ids": true, "type": "hostname", "uuid": "645c7fab-7b7d-44b2-8b37-930e5a4ad86c", "value": "s10.ntporg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805327", "to_ids": true, "type": "hostname", "uuid": "38e69c38-3830-4cc1-894f-88e2453671b7", "value": "s11.ntporg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805349", "to_ids": true, "type": "hostname", "uuid": "7518b81c-71b6-440a-b78e-5a7348e5c7b0", "value": "service.client.110.nz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805372", "to_ids": true, "type": "hostname", "uuid": "41546d11-8ffe-4a72-9ed1-9655bf680cd2", "value": "static.bytedauce.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805394", "to_ids": true, "type": "hostname", "uuid": "d0fdead7-ce81-44e1-8698-230c1b543f86", "value": "union.macoms.la", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805417", "to_ids": true, "type": "hostname", "uuid": "10338d95-4981-453e-ba36-073a6d3e0465", "value": "update.maccms.la", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805440", "to_ids": true, "type": "hostname", "uuid": "e0706766-60f0-492b-b0cb-919db07aba4d", "value": "update.ntporg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Badredis2s C2", "deleted": false, "disable_correlation": false, "timestamp": "1772805462", "to_ids": true, "type": "domain", "uuid": "06f4a7ef-17b2-43e8-81ce-2889d72c75c4", "value": "ntp.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Badredis2s C2", "deleted": false, "disable_correlation": false, "timestamp": "1772805484", "to_ids": true, "type": "domain", "uuid": "505cc81d-a7af-48e3-915d-974e60a5d39d", "value": "ntporg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Badredis2s C2", "deleted": false, "disable_correlation": false, "timestamp": "1772805505", "to_ids": true, "type": "domain", "uuid": "b6518512-7884-4cb3-8760-7520e588f777", "value": "sbindns.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Badredis2s C2", "deleted": false, "disable_correlation": false, "timestamp": "1772805528", "to_ids": true, "type": "domain", "uuid": "a9f1b466-1806-4076-9801-ac800bbaee64", "value": "plusedns.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Badredis2s C2", "deleted": false, "disable_correlation": false, "timestamp": "1772805550", "to_ids": true, "type": "domain", "uuid": "cc37982b-614d-4956-9099-2586df28eafe", "value": "mirrors163.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805572", "to_ids": true, "type": "url", "uuid": "49d82fc4-9be4-425b-b371-ad45f75855cf", "value": "https://node.blob.core.windows.net/update/a1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805595", "to_ids": true, "type": "url", "uuid": "bdf1f425-406f-4ce1-a754-376af88fd875", "value": "https://node.blob.core.windows.net/update/a2", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805617", "to_ids": true, "type": "url", "uuid": "ab903d1f-0bdb-4fcd-9a1e-fd631433a8be", "value": "https://node.blob.core.windows.net/update/s7", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805639", "to_ids": true, "type": "url", "uuid": "da331066-7225-439a-becb-23ae7cf16dc8", "value": "https://node.blob.core.windows.net/update/s10", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805662", "to_ids": true, "type": "url", "uuid": "302e9558-fa25-4145-a78b-d4c54aef8b19", "value": "https://node.blob.core.windows.net/update/s11", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805685", "to_ids": true, "type": "url", "uuid": "eae9d6cc-9965-4851-a28e-fa065a3e8645", "value": "https://node.blob.core.windows.net/update/s14", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805707", "to_ids": true, "type": "url", "uuid": "6717a993-40fb-4289-8453-d78044767dd6", "value": "https://node.blob.core.windows.net/update/h2.debianhacks.net/online", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805730", "to_ids": true, "type": "url", "uuid": "dee5501f-8571-4284-be3c-b1fce4dbabda", "value": "https://node.blob.core.windows.net/update/j6.linuxdistro.net/online", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805752", "to_ids": true, "type": "domain", "uuid": "3efc7a6e-2f2e-4eb3-92dc-54cd77f1f2ec", "value": "bobolickp92.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805774", "to_ids": true, "type": "ip-dst", "uuid": "1c3a176f-332f-4698-b6dd-fd7f347683f0", "value": "54.46.13.139", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805796", "to_ids": true, "type": "ip-dst", "uuid": "8a253b68-2b18-493d-b3f8-f777ae404c98", "value": "18.167.103.220", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805818", "to_ids": true, "type": "ip-dst", "uuid": "2ad5fc77-6848-4f4c-a6c4-5995362d75b1", "value": "18.163.102.174", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805841", "to_ids": true, "type": "ip-dst", "uuid": "ee3290ab-098c-4ec2-926d-f0dc7e552091", "value": "16.163.50.192", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805863", "to_ids": true, "type": "ip-dst", "uuid": "6fc89e5e-3b79-4ad7-94b5-41157933e572", "value": "43.199.147.209", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805884", "to_ids": true, "type": "ip-dst", "uuid": "ed4e4848-2f81-4d25-81ab-09efbdcea557", "value": "13.251.54.69", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805907", "to_ids": true, "type": "ip-dst", "uuid": "47bab354-6873-47c5-9263-22e3e1d5c078", "value": "43.199.133.158", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805929", "to_ids": true, "type": "ip-dst", "uuid": "cd34c1ca-ff0e-46e3-8ab3-4fcca8bbc09a", "value": "18.166.58.136", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805951", "to_ids": true, "type": "ip-dst", "uuid": "db852e9f-b538-4ff6-96c0-8d318ca8c4a6", "value": "16.162.25.97", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805973", "to_ids": true, "type": "ip-dst", "uuid": "9262358c-8780-489a-8ade-d2411c119194", "value": "52.221.206.136", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772805995", "to_ids": true, "type": "ip-dst", "uuid": "aa6adadc-018c-4d37-93bb-a98e42429a75", "value": "43.198.221.151", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806017", "to_ids": true, "type": "ip-dst", "uuid": "3eb5d17b-97a6-49cf-a506-1ea068780f3a", "value": "43.198.137.198", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806039", "to_ids": true, "type": "ip-dst", "uuid": "023f4d56-e89f-41c5-9164-37f67f941a4c", "value": "43.198.73.3", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806062", "to_ids": true, "type": "ip-dst", "uuid": "172f5a63-9536-4850-a80d-32e84bd9458d", "value": "16.163.58.55", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806084", "to_ids": true, "type": "ip-dst", "uuid": "8fb6c3fe-f90a-433a-909d-e2098557f0e5", "value": "20.6.129.16", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806106", "to_ids": true, "type": "ip-dst", "uuid": "3b4ea858-9a2a-447e-b14b-127e2eddde78", "value": "20.205.25.192", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806129", "to_ids": true, "type": "ip-dst", "uuid": "a3a72128-071c-4556-9a57-8c57998d0f8f", "value": "35.75.5.45", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806151", "to_ids": true, "type": "ip-dst", "uuid": "0dcac178-2013-4dfb-aee7-31089abd9799", "value": "52.195.191.106", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806173", "to_ids": true, "type": "ip-dst", "uuid": "0208ab16-a297-44d7-80dc-471c0055feb3", "value": "52.195.7.27", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806195", "to_ids": true, "type": "ip-dst", "uuid": "d2f940c3-3f3d-44ad-b973-a853b6b80b07", "value": "52.196.178.89", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806216", "to_ids": true, "type": "ip-dst", "uuid": "42fb9a7b-b555-4093-95b9-d01bc8690a05", "value": "52.194.222.58", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806239", "to_ids": true, "type": "ip-dst", "uuid": "0708237e-c411-46f2-9252-aaef0ee8d9d0", "value": "13.231.108.219", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806261", "to_ids": true, "type": "ip-dst", "uuid": "f5e92afc-eb39-444a-aa6c-d90614397a84", "value": "13.114.119.159", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806284", "to_ids": true, "type": "ip-dst", "uuid": "441c310e-6820-43ee-a2e8-8248ea1ca4a2", "value": "3.112.67.113", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806306", "to_ids": true, "type": "ip-dst", "uuid": "f9351a2a-fec4-4de7-b0b0-e1f66b2509fe", "value": "54.46.1.220", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806328", "to_ids": true, "type": "domain", "uuid": "77308105-6c54-41c7-b77d-ba7e0a02d7ff", "value": "jquecy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806349", "to_ids": true, "type": "domain", "uuid": "04c63abe-2e7a-4585-85bc-60de282bda34", "value": "macoms.la", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806371", "to_ids": true, "type": "url", "uuid": "cdd57d95-eebc-4adf-b242-8b806bf5a367", "value": "https://code.jquecy[.com/jquery.min-3.6.8.js", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806393", "to_ids": true, "type": "url", "uuid": "5c341e4e-8451-492a-9414-d8c5c064aa78", "value": "https://cdnjs.clondflare[.com/jquery.min-3.7.8.1.js", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806415", "to_ids": true, "type": "url", "uuid": "05a3e166-bd5f-471b-baea-f08b7b8d0b8b", "value": "https://cdnjs.jsdclivr[.com/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css?v=3.7.8.2", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806436", "to_ids": true, "type": "url", "uuid": "394315f3-3116-46f0-ab22-88c3b9dc177c", "value": "https://static.bytedauce[.com/ajax/libs/bootstrap/5.3.3/css/bootstrap-grid.min.css", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806458", "to_ids": true, "type": "url", "uuid": "0fa5a215-a106-470c-9d6a-a2a940540dd3", "value": "https://union.macoms[.la/jquery.min-4.0.2.js", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806481", "to_ids": true, "type": "url", "uuid": "29d4b1eb-0a35-4541-bbcd-a8d4fd156837", "value": "https://cdn.jsdelivr[.vip/jquery.min-3.7.0.js", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806503", "to_ids": true, "type": "url", "uuid": "7fc9a504-d7a3-4517-b9f7-7bc31952d9d7", "value": "https://api.bdustatic[.com/jquery.min-4.0.12.js", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806525", "to_ids": true, "type": "url", "uuid": "3c57763a-3c4a-492f-b8ba-5874ea8a49d6", "value": "http://download.zhw.sh/wK4QYDIRFV/init", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806547", "to_ids": true, "type": "url", "uuid": "593fd9b1-3c7d-417a-b8aa-be6cce1014c1", "value": "http://download.zhw.sh/9aE5EFdJoS/init", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772806569", "to_ids": true, "type": "url", "uuid": "02599d8f-2da0-415f-bd62-29c202a9549a", "value": "https://oss2025-6f57.obs.ap-southeast-1.myhuaweicloud.com/%E5%B9%BF%E5%91%8A_1.ts", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772760768", "to_ids": true, "type": "filename", "uuid": "097cce25-f9c0-489a-a7e9-995a5bd23a49", "value": "*kernel.so" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772760768", "to_ids": true, "type": "filename", "uuid": "ed80d8e0-d3af-4cc0-8d5b-99487da58d0a", "value": "*module.so" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806591", "uuid": "7ba2a764-347b-41f1-88eb-4dac00697d07", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806591", "to_ids": true, "type": "md5", "uuid": "c3e42303-4b50-4745-97b9-e34d784d99fa", "value": "112e2eb2a57129ef175c3f64bccbac04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765759", "to_ids": true, "type": "sha1", "uuid": "f08679d2-9cdf-4c36-8e8c-57ec1b80dd97", "value": "152fbaae6a1a4525868583e0caad23d2e9ecbcb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765759", "to_ids": true, "type": "sha256", "uuid": "a8dabbeb-f980-4a8a-95a6-ac3e7cf2af5c", "value": "bda1f5ceff6c4ec9ab2a9fd661f0c5e0113e418cab9a4358bd3e9926de13737a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764589", "to_ids": true, "type": "ssdeep", "uuid": "1d682aad-a7c8-4ef0-add7-874095933905", "value": "6144:oxfvk6l/ZKMeyN0mgqjodr2FacoJxLS02sJkbd:oxfvkRmgqjJFacoPkEkb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764589", "to_ids": false, "type": "size-in-bytes", "uuid": "d5dab5d6-ccfb-4cb7-8669-a03cd8a416db", "value": "294120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764589", "to_ids": true, "type": "vhash", "uuid": "4b37793a-d39d-4e1d-9c3b-90c17547b50f", "value": "590062607f2c189c3707f80c8fab8054" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764589", "to_ids": true, "type": "filename", "uuid": "b949eeef-2a7d-4315-96fe-c429fedf98bc", "value": "module.so" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764589", "to_ids": false, "type": "text", "uuid": "f3b89a4a-85d1-4dd0-943c-b2809353a458", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:1/65\nFirst Submission:2025-06-29T06:53:55.000000+00:00\nLast Submission:2025-06-29T06:53:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806613", "uuid": "7e4838e5-042f-4f4d-8e92-973cd0e7be11", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806613", "to_ids": true, "type": "md5", "uuid": "b94d626d-0f3a-482c-9b56-adea112ff4b8", "value": "18b699375c76328b433145bdac02ec49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765760", "to_ids": true, "type": "sha1", "uuid": "151bc895-2560-4aa6-8817-321ced4c04d8", "value": "0100bd14f6ace04cd6687fbaf3c308690af94362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765760", "to_ids": true, "type": "sha256", "uuid": "fd99979f-2c9e-49a4-be6f-71a9f93ae2ed", "value": "b49e03c9c759bbe8b45fe8bfa6b953fc381f5c8aa1dc56de1ae006815c0831a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764611", "to_ids": true, "type": "ssdeep", "uuid": "1904f1c2-4a56-447b-8d79-8a92e955c67b", "value": "196608:7t3uHJtH+vCPwwMtO9mPjgpaYMPEN/dIAOCEesBoOjzQBd:7t3uHJtH+vCPwwMhgpa7EJdIAOCEesBc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764611", "to_ids": false, "type": "size-in-bytes", "uuid": "06f5ed1b-fc59-45ca-9253-97c9dc0ae3dc", "value": "7274624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764611", "to_ids": true, "type": "vhash", "uuid": "e73db467-c4b3-4c86-8c14-fa83c2ea5bf7", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764611", "to_ids": true, "type": "filename", "uuid": "29014f48-72a6-46d5-9400-d21a4df0ce48", "value": "dq3xxkk.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764611", "to_ids": false, "type": "text", "uuid": "29eaf553-5d9d-4eb5-bb26-64f5d320ad59", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:26/65\nFirst Submission:2025-12-22T10:24:30.000000+00:00\nLast Submission:2025-12-22T10:24:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806636", "uuid": "82356a14-f71d-4108-ad94-2b954436f8ac", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806636", "to_ids": true, "type": "md5", "uuid": "1a9580bb-2ca5-4a3c-9d1b-a7802ca02a88", "value": "2e7a42c9be6fc3840df867cb19c7afa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765762", "to_ids": true, "type": "sha1", "uuid": "b9454298-140b-489c-b741-a98c26e2c576", "value": "3b208b0a411b8e97be2d9239abf87a3905e0b46e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765762", "to_ids": true, "type": "sha256", "uuid": "44745745-fabe-4e05-88d9-e6414cfc6c07", "value": "4d71e92ca46e3f3fa74ebee8f4cab5d0ef214d63d1df880d5a17db94ac101dfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764675", "to_ids": true, "type": "ssdeep", "uuid": "94c97146-c0f8-4924-9a8d-d59ba1fb1e2f", "value": "196608:7t3uHJtH+vCPwwMtO9mPjgpaYMPEN/dIAOCEesBoOjzQBI:7t3uHJtH+vCPwwMhgpa7EJdIAOCEesBd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764675", "to_ids": false, "type": "size-in-bytes", "uuid": "627399d5-b323-4462-bdf6-c489a07b6448", "value": "7274624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764675", "to_ids": true, "type": "vhash", "uuid": "51cd99f6-ef95-4e78-ba0f-941cc2c5916e", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764675", "to_ids": true, "type": "filename", "uuid": "438e89be-830f-4888-a3e0-7389b0932217", "value": "2kyn8f.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764675", "to_ids": false, "type": "text", "uuid": "ece47afa-a7cd-467d-809f-0c4f9f29d3fa", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:20/66\nFirst Submission:2025-11-19T09:36:59.000000+00:00\nLast Submission:2025-11-19T09:36:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806658", "uuid": "c479458d-57c7-4f81-b9ca-0f5c8fe64ada", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806658", "to_ids": true, "type": "md5", "uuid": "a40874ac-28c4-482d-99e8-de1006380c1a", "value": "3bff298be46f8817862bce2ac0be3176", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765763", "to_ids": true, "type": "sha1", "uuid": "a5954d11-c277-411e-9627-1cf1df309dd2", "value": "c878c962c1d92f6dfb61e47ee3117460ae7b96c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765763", "to_ids": true, "type": "sha256", "uuid": "bc827502-27e6-44cd-9346-ee7eee8de1fd", "value": "ca1099a8a3f37abddda438f83743465186c36917347c4b53d2b793d827fd3cf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764697", "to_ids": true, "type": "ssdeep", "uuid": "80614d85-2e45-46b1-9fd6-af527a7605db", "value": "384:5jAyieug4kT5yI7KC8oUcEZVzneXhqNyE20ET7WbTA3+BlltN:Cy+gkclmxwhq31ETybTVL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764697", "to_ids": false, "type": "size-in-bytes", "uuid": "c7dc2e07-8e59-4cf0-bf57-95f7b0155e0c", "value": "33752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764697", "to_ids": true, "type": "vhash", "uuid": "54a2d044-33b5-4d2a-916a-5f8c680403ad", "value": "b039101146b4c3f6ca200d89b252e82e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764697", "to_ids": true, "type": "filename", "uuid": "e6b8675a-92c1-4353-a156-2d2f38628d98", "value": "bvwf6um.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764697", "to_ids": false, "type": "text", "uuid": "9759736b-418d-4a70-a016-134fb0e80435", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:14/65\nFirst Submission:2025-08-06T08:12:54.000000+00:00\nLast Submission:2025-08-06T08:12:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806680", "uuid": "ab9b1dca-236f-439e-a4fa-dc52f319aca8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806680", "to_ids": true, "type": "md5", "uuid": "a0ae5157-7118-4f2b-a845-d52d603e21f8", "value": "5d6c33bf931699805206b00594de5e71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765764", "to_ids": true, "type": "sha1", "uuid": "2c575b48-41a2-406a-9c79-497cab67df2b", "value": "40217756653636176e55720b6ec7cc351b5e99de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765764", "to_ids": true, "type": "sha256", "uuid": "eb7b6c87-dd4e-490f-b128-4f849e7b2de7", "value": "a95b17ba5a419451b66e13e93baa1f7281d127cd8039ff20143df681dfb9cb0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764761", "to_ids": true, "type": "ssdeep", "uuid": "bc92eccb-04e4-420e-abd4-0ba3cdfb95e7", "value": "196608:K/6Kq9NjdRY6kqIJAD3ipayvjCAUJ24UM/AH0:KujdjBIJAqjCAUVy0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764761", "to_ids": false, "type": "size-in-bytes", "uuid": "06dd588c-e177-4b3f-9ce7-6bc46cd145bf", "value": "7276300" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764761", "to_ids": true, "type": "vhash", "uuid": "c2cb9703-2fd2-4332-b288-49383a58ca77", "value": "8188af59d9cb84a352ccad89166a5c15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764761", "to_ids": true, "type": "filename", "uuid": "3b9e2968-b176-4265-aba3-6e89fcf0509b", "value": "init" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764761", "to_ids": false, "type": "text", "uuid": "7279bb16-a26a-4f0d-b96d-a59be6fcb6ad", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:1/65\nFirst Submission:2025-07-08T16:36:22.000000+00:00\nLast Submission:2025-07-08T16:36:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806702", "uuid": "afdcc090-5289-4df8-990a-d6e1215eb52d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806702", "to_ids": true, "type": "md5", "uuid": "50603727-65eb-428a-bc14-74c696aa5163", "value": "5f34cd492c5af9f56f3c38e72320cc49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765765", "to_ids": true, "type": "sha1", "uuid": "0328c069-7306-43eb-b75f-e161c267736f", "value": "5056873e574951d2511429cb6bc3bce606aecf2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765765", "to_ids": true, "type": "sha256", "uuid": "f5ceb3fc-ce33-4ce4-bb31-8843bc4f6e0d", "value": "4e7a204fb07d1b2b367b360be1f71046c60a00d360fe443f45809f1b47d78f3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764783", "to_ids": true, "type": "ssdeep", "uuid": "5c2e55ea-b1ea-47cf-9c61-cee487a1438a", "value": "768:PSevk0CHXaoAiOfUIjGGz2ttXdNl5IcqliT98pT5pnU:6wk0CHnIjGGz2PscR94T5pU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764783", "to_ids": false, "type": "size-in-bytes", "uuid": "2ac4ba03-689e-414c-9e35-2f65820e4be3", "value": "30528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764783", "to_ids": true, "type": "vhash", "uuid": "58d0553e-9072-4a21-9fe4-abb298afec38", "value": "eaa6b85fd5df8768d4c5a13e007bf846" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 17/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764783", "to_ids": false, "type": "text", "uuid": "2b774fc0-e416-46a4-a74b-0795833fccc8", "value": "Type Description: HTML\nMicrosoft: None\nVT Total Detection:0/62\nFirst Submission:2025-11-17T07:58:47.000000+00:00\nLast Submission:2025-11-17T07:58:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806724", "uuid": "e8976982-4cd4-4b5e-8342-00330de9b1fc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806724", "to_ids": true, "type": "md5", "uuid": "a87bac06-727a-4ebc-bd7b-ecb99579a347", "value": "65ac2839ab2790b6df8e80022982a2c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765766", "to_ids": true, "type": "sha1", "uuid": "79e0a0fc-a0a6-4ccc-9d6c-935693c31969", "value": "54cf891fbdebecff2ed28ccbc72f701445c14e37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765766", "to_ids": true, "type": "sha256", "uuid": "2d0ee44e-cb16-492b-bedb-72b67a38fb0a", "value": "44810a9c726690e38abeca7edc62325317ce4e7b8c8fff3401a3180d184d8767", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764805", "to_ids": true, "type": "ssdeep", "uuid": "59c3e2ca-feec-4db3-8161-a3b707e86603", "value": "98304:d+QkhBJH7INolJmOZw5Pfw5ZMKGUHbNniQma:draBt3XmOcPfwYUSa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764805", "to_ids": false, "type": "size-in-bytes", "uuid": "a330a6af-4b4a-40a9-8cba-baf5ad853df3", "value": "3160140" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764805", "to_ids": true, "type": "vhash", "uuid": "e5485363-a0da-4cd3-b678-10e9c0dc7ec3", "value": "8188af59d9cb84a352ccad89166a5c15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764805", "to_ids": true, "type": "filename", "uuid": "01bc468d-ce9b-4c0e-9238-504d7ec8fc90", "value": "init" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764805", "to_ids": false, "type": "text", "uuid": "812ad117-df4b-4867-94da-f7c36c226017", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:3/65\nFirst Submission:2025-07-17T10:39:19.000000+00:00\nLast Submission:2025-07-17T10:39:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806746", "uuid": "93fd0129-c500-4710-af09-bf8bb60d05fc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806746", "to_ids": true, "type": "md5", "uuid": "644c77f7-1b72-42bd-8ccc-5fe72d858079", "value": "6acb8bbcad3b8403f4567412cc6aa144", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765767", "to_ids": true, "type": "sha1", "uuid": "0e14c79a-aa7b-4b65-809f-bb0cef8048e4", "value": "6b8e837a9728721ba15d55b79765caaf2b6e9e52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765767", "to_ids": true, "type": "sha256", "uuid": "8cdbc880-a3cc-4842-b4f8-3dc9a53db6fb", "value": "e6d046b8e25a7f6df2c7b03ff152747538dcff4110351d127c7793d9f8587552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764848", "to_ids": true, "type": "ssdeep", "uuid": "3c07a0e6-05c0-428c-9305-6ee676aa4a46", "value": "384:BVFNiN+uUIJW4z/JsoEFU5FCA7qMjgEU9V2FaGGDItXMKRlltN:ZNq+UW0c23jvUr2IfIzb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764848", "to_ids": false, "type": "size-in-bytes", "uuid": "d0a8c75a-e1f6-4ff1-9089-5740211c6365", "value": "33752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764848", "to_ids": true, "type": "vhash", "uuid": "b1637b06-e46c-42c1-b098-b36bb22cbebd", "value": "b039101146b4c3f6ca200d89b252e82e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764848", "to_ids": true, "type": "filename", "uuid": "635396ff-70c7-441b-8eb3-a4ee6f4fe2ca", "value": "4nr5sezl0.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764848", "to_ids": false, "type": "text", "uuid": "d7273db6-3036-465b-9525-86854aba9f18", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:15/65\nFirst Submission:2025-08-18T16:25:59.000000+00:00\nLast Submission:2025-08-18T16:25:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806768", "uuid": "55d9e341-559f-41f1-84af-734fe0cd2f97", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806768", "to_ids": true, "type": "md5", "uuid": "3b96d499-8595-4d32-bd82-ce5d39a66a76", "value": "79c492bfd8a35039249bacc6a31d7122", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765768", "to_ids": true, "type": "sha1", "uuid": "4cba42c8-4be2-4f5d-a8f7-faff9e5aa03c", "value": "f423420e320eb29d43cd675e59fd3636a1bec758", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765768", "to_ids": true, "type": "sha256", "uuid": "a2361409-bfe3-41e3-a9c6-b858be09c021", "value": "568e137a510520acf7c84e151ded90803f83fe5561e29348caa8ae7c8514e96d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764890", "to_ids": true, "type": "ssdeep", "uuid": "293a9aec-c5a2-4c18-bccf-86579e371b8b", "value": "196608:7t3uHJtH+vCPwwMtO9mPjgpaYMPEN/dIAOCEesBoOjzQBb:7t3uHJtH+vCPwwMhgpa7EJdIAOCEesB+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764890", "to_ids": false, "type": "size-in-bytes", "uuid": "75091913-f839-4351-926e-085c12acffa3", "value": "7274624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764890", "to_ids": true, "type": "vhash", "uuid": "d9517f6b-4d7e-4cc1-864b-f3a3be5e9dae", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764890", "to_ids": true, "type": "filename", "uuid": "b655b037-5ceb-40ff-bd49-30899a259eef", "value": "mgn75oigi.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764890", "to_ids": false, "type": "text", "uuid": "041c8731-d69d-473f-9f06-802c47065ea0", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:30/65\nFirst Submission:2025-12-04T07:10:12.000000+00:00\nLast Submission:2025-12-04T07:25:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806790", "uuid": "b14e151f-abea-447f-b859-8d5555115ec3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806790", "to_ids": true, "type": "md5", "uuid": "bf8d29b1-c41f-4429-a750-39958e7bc8a2", "value": "85f3d29a8fd59e00fec83743664fb2b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765769", "to_ids": true, "type": "sha1", "uuid": "c90f6bf4-24e9-44e1-8b67-3e757afda3b4", "value": "5d33149d9846eab781340347c418ab4610cbdb58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765770", "to_ids": true, "type": "sha256", "uuid": "cb7c30fe-c869-48a0-9b8d-8b2c77373441", "value": "077d6aed18d71c5fc08cbd2a52f963178189cdcedae21a2cf812560e3355c40a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764933", "to_ids": true, "type": "ssdeep", "uuid": "25a1a106-df43-40f8-ae1f-893ec217fd6a", "value": "196608:9t3uHJtH+vCPwwMtVDt/6aviW+8CLHRrC/dIAcCONwBoOjzQBT:9t3uHJtH+vCPwwMnJziW+rLRUdIAcCO/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764933", "to_ids": false, "type": "size-in-bytes", "uuid": "f5e86e74-5436-4e18-9fa1-ec11567b163e", "value": "6961312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764933", "to_ids": true, "type": "vhash", "uuid": "e3b5ce7c-d569-4be7-9aab-92f5db3867d8", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764933", "to_ids": true, "type": "filename", "uuid": "6a9aab31-2b75-48c5-997b-1a04ff1831e0", "value": "ring04h_office_bin" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764933", "to_ids": false, "type": "text", "uuid": "d483b01c-ab8e-4d2d-8b8c-b66cde85cab5", "value": "Type Description: ELF\nMicrosoft: Program:Linux/Multiverze!rfn\nVT Total Detection:22/65\nFirst Submission:2025-07-31T07:59:18.000000+00:00\nLast Submission:2025-09-02T03:40:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806812", "uuid": "553d5397-e286-4a22-967a-90a4082d2c7d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806812", "to_ids": true, "type": "md5", "uuid": "25818641-4a5b-4827-ae0f-d0fd2fd4a6d9", "value": "92c630062f0fe207c628b95fade34b96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765771", "to_ids": true, "type": "sha1", "uuid": "13dc24f0-ffa3-415c-9eb4-64e076cea619", "value": "c61d90a0c0dd9e9bc7162bada4f8762ad4806b5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765771", "to_ids": true, "type": "sha256", "uuid": "2a08290b-ad24-4c67-9760-cb50594239a9", "value": "09b0503f6eee217e5b9c41773b8b22a90e640f2f7c5a44adc48c5b70b50a4137", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764955", "to_ids": true, "type": "ssdeep", "uuid": "ce1af5e3-a002-4b4e-a28b-402c42f5744b", "value": "384:yO18uO/jzkbpsm7LY0ieKAkTYhkyw/fkx6yv+RpeHfd3:yg1OHkFsqc0imkTYhkyMI6yv+RE/d3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764955", "to_ids": false, "type": "size-in-bytes", "uuid": "8d8f44d0-0874-4435-8ac5-e9a47ee322ee", "value": "28800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764955", "to_ids": true, "type": "vhash", "uuid": "7fea4d63-1cc6-40b2-b44c-d77021aae604", "value": "31c62828fd86996263de81062d9c7a4b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764955", "to_ids": true, "type": "filename", "uuid": "04751071-4be4-4e7d-b7b8-479a4e64b6f7", "value": "libutilkeybd.so.0" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764955", "to_ids": false, "type": "text", "uuid": "c536700c-9324-4469-bec1-475105444dc2", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:1/65\nFirst Submission:2025-06-22T05:31:05.000000+00:00\nLast Submission:2025-06-22T05:31:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806834", "uuid": "0a8218d7-5246-4afc-9e1f-a1b0d1b4a064", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806834", "to_ids": true, "type": "md5", "uuid": "01816cf9-7ec3-4ff3-aa9f-701c460955fd", "value": "946606977dd177347122867750244ae2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765772", "to_ids": true, "type": "sha1", "uuid": "bb46fbd2-ede7-48bd-9501-36a6fa9f1228", "value": "714d15eb4f4c82d3c72f2528c41c7f6377eeff27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765772", "to_ids": true, "type": "sha256", "uuid": "13f2d1d4-c7df-412a-aa0c-667b68daee7d", "value": "25ccfc77e6d938e2874f9948e6a081f1a51aa11935f9969247a7a4e09328e4e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764977", "to_ids": true, "type": "ssdeep", "uuid": "d60933af-16ae-445b-89ca-304e83a06ff2", "value": "384:9eDPaZjiXAYZWIrICt50lkDYVV2pQnmTnqWSvk32BZ/kTfMdvt1fUlltN:2aZjqPpEIMqDTqWSvcsZ/kaDf6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764977", "to_ids": false, "type": "size-in-bytes", "uuid": "7ca8369b-33ea-4ca4-80de-771e173bd7a9", "value": "33784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764977", "to_ids": true, "type": "vhash", "uuid": "ba7a2579-6764-4a58-b814-b335c629bb8b", "value": "b039101146b4c3f6ca200d89b252e82e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764977", "to_ids": true, "type": "filename", "uuid": "45409671-98c3-4c30-b65b-e52449720fd4", "value": "xz8lmsrbv.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764977", "to_ids": false, "type": "text", "uuid": "859ed09b-dedc-45ed-8e5b-a3065dcc733a", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:30/65\nFirst Submission:2025-10-30T05:00:37.000000+00:00\nLast Submission:2025-10-30T05:00:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806856", "uuid": "070218bc-d311-4111-844e-131795ce9461", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806856", "to_ids": true, "type": "md5", "uuid": "8833d8ba-788d-4cc0-afdc-0ec4e64301a3", "value": "a688afd342cee9feb74c61503fb0b895", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765773", "to_ids": true, "type": "sha1", "uuid": "0f5f9d2a-82b3-44a2-8a45-74f7d98d4a07", "value": "1b87e14ad5b7f825f28e092a277e67baf79cec1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765773", "to_ids": true, "type": "sha256", "uuid": "2ea2d733-94b5-4153-b33d-fef63ba5b367", "value": "27cb410b59e83b3f5274a6d80e0a572d0ef85a7a5d3606815ed71c1271be1123", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772764999", "to_ids": true, "type": "ssdeep", "uuid": "5ca52107-a4e7-4e27-acd8-553a33070c83", "value": "196608:9t3uHJtH+vCPwwMtVDt/6aviW+8CLHRrC/dIAcCONwBoOjzQBg:9t3uHJtH+vCPwwMnJziW+rLRUdIAcCOM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772764999", "to_ids": false, "type": "size-in-bytes", "uuid": "97aaecc0-322d-4f96-9089-97ab0dbdcbc2", "value": "6961312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772764999", "to_ids": true, "type": "vhash", "uuid": "b38217a8-e5e6-4494-8c83-0c59074d2042", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772764999", "to_ids": true, "type": "filename", "uuid": "dcd1b1fc-e481-48c3-8e43-1bd8dfa04b20", "value": "c0sk164j.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772764999", "to_ids": false, "type": "text", "uuid": "d711377e-6696-462e-9e2b-2a87e6edda1e", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:28/65\nFirst Submission:2025-08-06T09:47:59.000000+00:00\nLast Submission:2025-08-06T09:47:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806878", "uuid": "d8082f7b-1ece-4ffd-b8ff-2a5f18b1843d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806878", "to_ids": true, "type": "md5", "uuid": "db27b37d-c75a-4694-939f-0ba1ca7bef32", "value": "ae0de7034c4866556675740f6647bfcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765774", "to_ids": true, "type": "sha1", "uuid": "a6b4936c-c3d7-40fb-8524-ff507c02d420", "value": "e4834f368d75b0eb8b4d819227bbf7c5caa58e93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765774", "to_ids": true, "type": "sha256", "uuid": "ac7920a4-f3db-4225-af00-f27e1c333d48", "value": "fa56934135f091101105f41bbece072c43e6b6cc75675c30b7f909b2327da53f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772765021", "to_ids": true, "type": "ssdeep", "uuid": "a5fbb036-f131-43c6-b3c7-00d949ad3833", "value": "196608:jt3uHJtH+vCPwwMtO9mPjgpaYMPEN/dIAOCEesBoOjzQB:jt3uHJtH+vCPwwMhgpa7EJdIAOCEesBy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772765021", "to_ids": false, "type": "size-in-bytes", "uuid": "1155e6a3-23c2-4637-8280-f2169c4de6c5", "value": "7255528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772765021", "to_ids": true, "type": "vhash", "uuid": "4704025b-3758-49bc-af30-bfbc7610e794", "value": "1dc47a08086b0de7a4c52d8406fd8a41" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772765021", "to_ids": true, "type": "filename", "uuid": "74141e09-6b0e-4068-9f27-edd22504e7c7", "value": "memfd:694e0302 (deleted)" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772765021", "to_ids": false, "type": "text", "uuid": "7b8d1b49-9498-49fa-8635-21be3b97d977", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:24/66\nFirst Submission:2025-10-29T00:54:31.000000+00:00\nLast Submission:2025-10-29T00:54:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806900", "uuid": "588eb2ba-2ff4-421a-8f0e-813138c59314", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806900", "to_ids": true, "type": "md5", "uuid": "7b5f8672-9a22-4e88-8dee-f5c093b0d91c", "value": "b06b9f13505eb49d6b3f4bddd64b12ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765775", "to_ids": true, "type": "sha1", "uuid": "d997dfd8-f55f-4b35-b908-d22a4f20c31b", "value": "e8f46e141c74341abdeec7edf0fed9a35f8c06ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765775", "to_ids": true, "type": "sha256", "uuid": "a3656304-2981-454d-9fd2-537de2246a7c", "value": "6da988eddf7e7be66c42e54bf781b554bbb81bf16767c47b617f634c48442aa4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772765042", "to_ids": true, "type": "ssdeep", "uuid": "95ff6753-f85f-4ba6-ac1b-d2ffeb9c8498", "value": "768:OE+smodNUrDswRq+i9m4lZSVLkxnBSv5uXdvlhk105AuCFhmZlqCBQ5DXQD69KyV:v+smodNUrDswRq+i9moaLonBSv4Xdvl4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772765042", "to_ids": false, "type": "size-in-bytes", "uuid": "3cbd577d-dc82-4645-9110-9c2644659fc5", "value": "43246" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772765042", "to_ids": true, "type": "filename", "uuid": "6cf3c61e-ff6f-4afd-bbd9-34cdb85c12b6", "value": "active.php" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772765042", "to_ids": false, "type": "text", "uuid": "46baf322-c672-4f1e-83a5-f0b579b16380", "value": "Type Description: PHP\nMicrosoft: None\nVT Total Detection:2/62\nFirst Submission:2025-10-11T16:55:53.000000+00:00\nLast Submission:2025-12-22T11:41:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806922", "uuid": "d518eaf5-ae64-45e4-8f15-59207aa8f700", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806922", "to_ids": true, "type": "md5", "uuid": "1f943dd5-ee9e-43d9-a23b-6e144e55bcaa", "value": "cd36ec10f71b89dc259eb8825e668ae3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765776", "to_ids": true, "type": "sha1", "uuid": "47d66970-168e-4938-acb5-903c68f58606", "value": "1c9303a558593153361dacb2e69cdfe90d5d5c43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765777", "to_ids": true, "type": "sha256", "uuid": "9b1cea2b-cf8d-4336-9fe9-087736bf2dc0", "value": "a324e95450eaa5e23fcdb66c056a4ef7c80a521da75751a0fb4c3cc542de0d4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772765128", "to_ids": true, "type": "ssdeep", "uuid": "1ba1f090-d076-48fc-963c-03b273cb97db", "value": "6144:gilvk6l/ZKMeyN0mgqjodr2FacoJxLS02sJkbd/w:gGvkRmgqjJFacoPkEkbK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772765128", "to_ids": false, "type": "size-in-bytes", "uuid": "6fb72723-db37-4a47-99c7-17192476f98c", "value": "305408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772765128", "to_ids": true, "type": "vhash", "uuid": "5a9d2f5b-090e-4d0a-86fc-badf0aa92ff8", "value": "beb0a042c9e1a7ac46055998af09f2a8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772765128", "to_ids": true, "type": "filename", "uuid": "f1c68a26-429a-4ef4-8df6-d0eef24dd868", "value": "c39wpctv.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772765128", "to_ids": false, "type": "text", "uuid": "9479d5c0-ff3e-4c2e-87cf-d41c12a42d36", "value": "Type Description: ELF\nMicrosoft: None\nVT Total Detection:1/66\nFirst Submission:2025-12-22T10:10:36.000000+00:00\nLast Submission:2025-12-22T10:10:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806943", "uuid": "a5581f33-f53a-4f02-a87f-1cbf6052874e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806943", "to_ids": true, "type": "md5", "uuid": "734a12dd-141a-472e-bf57-627fdef006e9", "value": "d3b0b6496747ee77ab15e5f5d9583a67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765778", "to_ids": true, "type": "sha1", "uuid": "ef0babe8-ffad-4cf5-a951-e74e8f08cc4c", "value": "a5cc1e1c59d9d058e9e7aa2b555b10ee5f2162f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765778", "to_ids": true, "type": "sha256", "uuid": "04c7a69d-adb6-4cd1-9cd1-8f2ec8f31e99", "value": "e829040cac2fbccdffe23024b9f8c64af77037f941b010d4727c2c292bbc3665", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772765150", "to_ids": true, "type": "ssdeep", "uuid": "a32a8918-b764-41b3-8ad9-8c162908afbd", "value": "196608:7t3uHJtH+vCPwwMtO9mPjgpaYMPEN/dIAOCEesBoOjzQBd:7t3uHJtH+vCPwwMhgpa7EJdIAOCEesBI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772765150", "to_ids": false, "type": "size-in-bytes", "uuid": "6d51e79f-2f97-453d-b3cb-6e74d3588381", "value": "7274624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772765150", "to_ids": true, "type": "vhash", "uuid": "3d601c59-dfcb-4291-b7cd-e18075fde479", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772765150", "to_ids": true, "type": "filename", "uuid": "b5189f47-f2ed-47be-bf1c-34659653a0a8", "value": "ring04h_office_bin" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772765150", "to_ids": false, "type": "text", "uuid": "ce6c9909-afe0-4491-a20f-1aaa8c49863d", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:23/65\nFirst Submission:2025-10-29T00:46:54.000000+00:00\nLast Submission:2025-10-29T00:46:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806965", "uuid": "d9e49fbf-31b0-41a9-aa96-781b0ae2b166", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806965", "to_ids": true, "type": "md5", "uuid": "c8e32458-da30-4e4b-b3d3-0ca7ab44698e", "value": "da594309691161f6e999984c26e1a10f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765779", "to_ids": true, "type": "sha1", "uuid": "6ef8ab60-2049-449e-ae75-0163e0444931", "value": "63803c1c5915107154b10edf333b522aa47440d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765779", "to_ids": true, "type": "sha256", "uuid": "2da202c1-9efa-4b5f-a60d-a0489d090693", "value": "a61ab901f3644db457fa87852a9f69890f42b0bfa263415ddecde04b8c569617", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772765171", "to_ids": true, "type": "ssdeep", "uuid": "1fd8403a-5f0e-4f2b-88a5-e955e5700644", "value": "196608:7t3uHJtH+vCPwwMtO9mPjgpaYMPEN/dIAOCEesBoOjzQBI:7t3uHJtH+vCPwwMhgpa7EJdIAOCEesB9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772765171", "to_ids": false, "type": "size-in-bytes", "uuid": "45e6672f-7aca-4bfb-979c-80e4ebee92d9", "value": "7274624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772765171", "to_ids": true, "type": "vhash", "uuid": "92c41361-7862-4f0c-bc69-dcc3d4ae69eb", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772765171", "to_ids": true, "type": "filename", "uuid": "7b7b6f78-4c62-4feb-9e00-abde9b94ec40", "value": "zpyyn.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772765171", "to_ids": false, "type": "text", "uuid": "18123cec-eca2-4a56-970b-b4fe50d595df", "value": "Type Description: ELF\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:24/65\nFirst Submission:2025-12-26T03:36:37.000000+00:00\nLast Submission:2025-12-26T03:36:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772806987", "uuid": "8576e8db-b26a-4109-8f12-8e8b4620f3ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772806987", "to_ids": true, "type": "md5", "uuid": "41b337f4-f3da-48f2-8490-620ec8d55fe8", "value": "dfd1fbf0a98e0984da9516311ccc1f05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765780", "to_ids": true, "type": "sha1", "uuid": "dc5f8de5-4468-4a9b-9041-42175835729c", "value": "c4157764a5d62ed35e7035a2506624a65ce54c79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765780", "to_ids": true, "type": "sha256", "uuid": "30795511-ffcf-4d7e-9796-cc431386ac28", "value": "43427b5742bfcc51c9382e6fe64b74a0148188010ef80de36359951e49d172a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772765193", "to_ids": true, "type": "ssdeep", "uuid": "b567db9c-d5f1-4253-a84c-6ef0f2686644", "value": "196608:gt3uHJtH+vCPwwMtC2ERU7ca7KIWzErUdIANCW+etc7jzQD4:gt3uHJtH+vCPwwM4W7cax4EgdIANCW+h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772765193", "to_ids": false, "type": "size-in-bytes", "uuid": "1db950cd-9489-4bf0-b999-21900e7cd2b7", "value": "6956608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772765193", "to_ids": true, "type": "vhash", "uuid": "17c75368-92c5-4c8a-8a27-b73dd14b8c4d", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772765193", "to_ids": true, "type": "filename", "uuid": "650d5e4a-e269-4d3f-80ed-b87fa851ece8", "value": "8vxv77c.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772765193", "to_ids": false, "type": "text", "uuid": "2431ca5f-4813-4ad8-b99c-8465ea71b774", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:21/65\nFirst Submission:2025-11-06T12:39:51.000000+00:00\nLast Submission:2025-11-06T12:39:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772807009", "uuid": "65cb4312-94ed-41e1-a844-a86430e0b783", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772807009", "to_ids": true, "type": "md5", "uuid": "a3ab450b-e571-46cc-8cab-ce688ba979b7", "value": "eb03db7ac9f10af66a1e2b16185fcadc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765781", "to_ids": true, "type": "sha1", "uuid": "d57db7c3-9980-4ff2-a9a1-d061d04cc958", "value": "8a4e6bc2c424564488a0a7199677f5c2fdcb4d94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765781", "to_ids": true, "type": "sha256", "uuid": "a7f7ea63-44d1-4f8a-9703-b0bf8e531a9c", "value": "75e1366c54d9803e97c69234f31d7d1d0a0a1165fef9bd72f9fe8aa13955c11c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772765215", "to_ids": true, "type": "ssdeep", "uuid": "55ca028c-bdd6-4efc-97c3-d9f29d5c5cf8", "value": "768:DxG/3CcOH/UTDDZSVLkKFJrZZ+Jz6G+6jU/97q:Q/3CdHcDaLKi7q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772765215", "to_ids": false, "type": "size-in-bytes", "uuid": "f1d7d05f-8453-4900-a34a-06a0936c1263", "value": "29017" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772765215", "to_ids": true, "type": "filename", "uuid": "9057f665-509c-412c-a6a1-f7cf27691a5d", "value": "addons.php" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772765215", "to_ids": false, "type": "text", "uuid": "124fb1c1-2811-4bbb-a0b0-b4185daef8c6", "value": "Type Description: PHP\nMicrosoft: None\nVT Total Detection:2/62\nFirst Submission:2025-06-17T06:21:50.000000+00:00\nLast Submission:2025-07-09T07:02:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772807031", "uuid": "6df319cc-421f-466b-99cd-66201930d009", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772807031", "to_ids": true, "type": "md5", "uuid": "a534075b-9797-42df-8b48-048677aa52ee", "value": "fef497841554fff318b740dff7df3a49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772765782", "to_ids": true, "type": "sha1", "uuid": "cb43e97e-7a72-49b3-b2c8-5538c09175b1", "value": "d0108b40685f3ac12bec23290291789484d1de50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772765782", "to_ids": true, "type": "sha256", "uuid": "7220876a-be6e-4a2c-86fe-4f17b8b66ee9", "value": "30340b0a9b7ee100909cb7fc8a0d65bdc249cecea5c078f464a17b3022104e62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772765237", "to_ids": true, "type": "ssdeep", "uuid": "c2b70723-63ea-490e-9064-bb0308edfeeb", "value": "196608:7t3uHJtH+vCPwwMtO9mPjgpaYMPEN/dIAOCEesBoOjzQB3:7t3uHJtH+vCPwwMhgpa7EJdIAOCEesB6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772765237", "to_ids": false, "type": "size-in-bytes", "uuid": "552444de-4116-4376-a705-70006aa8322d", "value": "7274624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772765237", "to_ids": true, "type": "vhash", "uuid": "f9d418e1-04bd-4836-987d-27e45083f799", "value": "4f15c104e6c3f06964073e984308d8f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772765237", "to_ids": true, "type": "filename", "uuid": "17b4a220-ebc1-48d5-9780-d0d7e9604c81", "value": "demo" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772765237", "to_ids": false, "type": "text", "uuid": "3c1c8086-a5a4-46b4-8674-10ecc5583345", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:30/65\nFirst Submission:2025-10-30T04:49:51.000000+00:00\nLast Submission:2025-11-20T22:25:36.000000+00:00" } ] } ] } }