{ "Event": { "analysis": "1", "date": "2026-05-13", "extends_uuid": "", "info": "[Threat Intel] Thus Spoke\u2026The Gentlemen", "protected": false, "publish_timestamp": "1779547378", "published": true, "threat_level_id": "2", "timestamp": "1779547378", "uuid": "60c42d6c-2f80-48b1-bb63-f22d18770621", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#5dfed4", "local": false, "name": "misp-galaxy:producer=\"Check Point\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#d4fd6f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#b25e1b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Use Alternate Authentication Material - T1550\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": "" }, { "colour": "#7adb57", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation of Remote Services - T1210\"", "relationship_type": "" }, { "colour": "#00f752", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#3970d7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"the gentlemen\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778756444", "to_ids": false, "type": "link", "uuid": "799fdb92-abf0-4334-98dc-adb5c6320a04", "value": "https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778756444", "to_ids": false, "type": "text", "uuid": "f1152be1-1eba-4fc2-9811-60ddf2af1b04", "value": "On May 4th, 2026, The Gentlemen RaaS administrator acknowledged that an internal backend database called Rocket had been leaked, exposing nine accounts including zeta88, the program's effective administrator. The leak revealed internal discussions detailing initial access methods through Fortinet and Cisco edge appliances, NTLM relay, and credential logs, along with the group's role divisions and toolsets. Evidence shows evaluation of CVEs including CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Leaked ransom negotiations showed a successful payment of 190,000 USD. The group reused stolen data from a UK software consultancy to attack a Turkish company, employing dual-pressure tactics during negotiations. Analysis of ransomware samples identified eight distinct affiliate TOX IDs, indicating the administrator actively participates in infections alongside managing the RaaS program." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778756444", "to_ids": false, "type": "text", "uuid": "ec5ca5a1-d07c-48ae-9cdd-c1b522be42e0", "value": "Name: Thus Spoke\u2026The Gentlemen\nAuthor: AlienVault\nAdversary: The Gentlemen\nTags: [\"cve-2025-32433\", \"raas\", \"systembc\", \"cisco\", \"cryptocurrency\", \"cve-2024-55591\", \"fortinet\", \"data-leak\", \"ntlm-relay\", \"the gentlemen\", \"affiliate-program\", \"ransomware-as-a-service\", \"tox-ids\", \"cve-2025-33073\"]\nTgtd countries: [\"United Kingdom of Great Britain and Northern Ireland\"]\nMlwr families: [\"The Gentlemen\", \"SystemBC\"]\nAttack_ids: [\"T1003\", \"T1133\", \"T1489\", \"T1562\", \"T1190\", \"T1219\", \"T1550\", \"T1560\", \"T1021\", \"T1070\", \"T1083\", \"T1049\", \"T1210\", \"T1048\", \"T1566\", \"T1078\", \"T1068\", \"T1486\", \"T1018\", \"T1490\"]\nIndustries: [\"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778756444", "to_ids": false, "type": "threat-actor", "uuid": "094b0ae9-e606-447d-b40d-ea8191f980e3", "value": "The Gentlemen" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778756444", "to_ids": false, "type": "vulnerability", "uuid": "c4e569c0-f7ba-44a4-9aa3-98e479d3548d", "value": "CVE-2024-55591" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778756444", "to_ids": false, "type": "vulnerability", "uuid": "4702c9d2-a377-442a-b225-bc9d603dea70", "value": "CVE-2025-32433" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778756444", "to_ids": false, "type": "vulnerability", "uuid": "43d2777a-7c29-4a64-86e9-7d290894bc9d", "value": "CVE-2025-33073" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547320", "to_ids": true, "type": "sha256", "uuid": "cb165c32-9781-4933-84d3-0c083d31475b", "value": "c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547322", "to_ids": true, "type": "sha1", "uuid": "1c51d6da-43df-4d3b-a77d-6b9fb220a629", "value": "f1025bb2f147c01742f263bc0b8d462af9728a22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547324", "to_ids": true, "type": "md5", "uuid": "e64fb439-3f97-4898-8198-b3ce495a4b6b", "value": "03860d116701cdc9d9bf9c45099bb3d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547326", "to_ids": true, "type": "md5", "uuid": "a9bac22f-bd12-4e18-8512-c85adb116459", "value": "11e7baca7e652995b2364fdab0d362b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547328", "to_ids": true, "type": "md5", "uuid": "479aacd8-f2a2-4d6c-ab51-d46d578563ea", "value": "2cd4eb358c45ca783a20ec854a5a860c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547329", "to_ids": true, "type": "md5", "uuid": "f8935f67-baa4-4bd3-ae2a-acd83c41e9ee", "value": "2e5d1a352885a6efd84dbc0387cbc79e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547331", "to_ids": true, "type": "md5", "uuid": "d6c15b8f-9c6a-49a4-92d1-2ff055f7f26a", "value": "3b7b4f2d33bdfb8a31b480d0eb2815cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547333", "to_ids": true, "type": "md5", "uuid": "3b672df3-3d8d-44f4-81d4-4cfdf507a938", "value": "4a94d2b730a5a63e6cd54a9b0bb4ea71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547335", "to_ids": true, "type": "md5", "uuid": "e56381b7-e4be-4255-ba6c-be5f3cc05ff2", "value": "4e0c37cbf4dde9683943c8a738e5b00a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547337", "to_ids": true, "type": "md5", "uuid": "c1ff30b8-1af6-4400-9d02-6d5d90431531", "value": "51dec3e170f8a181cc9aea8dcc90c7ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547338", "to_ids": true, "type": "md5", "uuid": "a2ae60cb-230a-4ab6-8085-5d6e8a8b5c7b", "value": "583fe1c1a39f6b873a5c0997bea1f657", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547340", "to_ids": true, "type": "md5", "uuid": "006da0e0-b12f-4e38-9a5a-c37e61cd1a9c", "value": "697f182826495662427ca49edbb345fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547342", "to_ids": true, "type": "md5", "uuid": "4926167f-bb36-421a-b823-5c423175073f", "value": "71d503709af88821c183a1d0b7ae06ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547344", "to_ids": true, "type": "md5", "uuid": "ff7cd100-747a-43e2-be4f-b1cb5613a249", "value": "721606b3659f2c2d80a196ed3cd60053", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547346", "to_ids": true, "type": "md5", "uuid": "3495a38b-1772-4d79-9390-65735dcb02f4", "value": "735069890a414869f0113de820ba9afb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547347", "to_ids": true, "type": "md5", "uuid": "ea902a56-8a40-4753-9600-c5255a39f4db", "value": "74ea100b581ec32ea6c2ac2a0030a9f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547348", "to_ids": true, "type": "md5", "uuid": "8bb62b66-67e4-44ff-9248-70c096bd5d5c", "value": "776e86c13433747299a4e5f9f22e3415", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547350", "to_ids": true, "type": "md5", "uuid": "513560d6-25bc-46d7-ad92-a89da124ee86", "value": "7aae8fd9187c88dd0292cce1abd050e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547352", "to_ids": true, "type": "md5", "uuid": "78e8879e-c7f7-4d59-a38e-1057884f3497", "value": "81a578e065da1ccd8c81a8e90c309275", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547354", "to_ids": true, "type": "md5", "uuid": "9cf719bb-e366-4688-b175-f055139af30e", "value": "82160a7da5fc4c935e6f48d38a5aaaa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547356", "to_ids": true, "type": "md5", "uuid": "edae7347-6b8a-4003-8bb3-3dbe186f1874", "value": "893f735e9a8cc9814dc6eccd5579561c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547357", "to_ids": true, "type": "md5", "uuid": "b9ca7826-729a-4725-9783-18b32511e53b", "value": "8fceea4fd9ce32dd620ccd580297c7c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547359", "to_ids": true, "type": "md5", "uuid": "9dde6775-1fe6-4637-b883-e4df1a527a4b", "value": "92d8bd2a6ee7f6d5c84e037066ce0539", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547361", "to_ids": true, "type": "md5", "uuid": "6cc89649-0ae0-4e8b-ad2e-ec8e2eefffb8", "value": "a023a6b15419600dc3f6b93e11761dfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547363", "to_ids": true, "type": "md5", "uuid": "310d502b-5555-4a8b-98a7-94fc1e3ca067", "value": "a73526d89e5fb7b57f50d8da340e53e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547364", "to_ids": true, "type": "md5", "uuid": "935fbad8-062c-4de0-8bec-93cd4f82a83a", "value": "abd11823ddcc3d746ad8621e677a93eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547366", "to_ids": true, "type": "md5", "uuid": "a5915bbd-cb15-4ad3-a49a-34bec7e269f3", "value": "b5b42ac289581b3387ebf120129a19a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547368", "to_ids": true, "type": "md5", "uuid": "da43de40-b9e6-40a8-9b6d-77a652eb8763", "value": "b68e019efb39b85f5a0326e22fd4498a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547370", "to_ids": true, "type": "md5", "uuid": "3b16f3cf-4ef5-4981-9a17-463a84b4adf4", "value": "bc6b87c79bc71a78da623d031ec1a958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547372", "to_ids": true, "type": "md5", "uuid": "e3dcf911-493f-425a-83d3-5db19fe72ae8", "value": "d75246d230f22b1da6bbf5fceeed2ef2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547373", "to_ids": true, "type": "md5", "uuid": "48624bdc-5162-4fc9-aa4d-8feb685932a5", "value": "da9cff1b478b64d47b68d50330e96c60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547374", "to_ids": true, "type": "md5", "uuid": "b00d8ea9-8d21-49a6-b97e-8a41c3588b23", "value": "ead0d7a8ae0a6ffb7f0a5873fec4ff5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547376", "to_ids": true, "type": "sha256", "uuid": "48547b33-59ca-48c5-bf6b-0b7ef9f3ac3a", "value": "3c2182cb0bc7528829ef03f1b1745a92bcc47d917eb8870862488f21fdf1a6d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779547377", "to_ids": true, "type": "sha256", "uuid": "a2076fd4-ac85-4897-b70a-ca29540feb10", "value": "6a3ab9e984a759d55af4e84487d1fc44683065cc9a1089d5aa4ad1c0e4e84a63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1778980961", "uuid": "22f27eff-af52-4624-b69f-f0e2019a3df6", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1778980961", "to_ids": false, "type": "text", "uuid": "7d5369e0-0da9-4ebc-b41c-7e754f1d076a", "value": "thegentlemen_ransomware" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1778980961", "to_ids": false, "type": "comment", "uuid": "fdfc042b-f39c-4d22-9cdc-92a650d0b62a", "value": "The Gentlemen Ransomware written in GO" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1778980961", "to_ids": true, "type": "yara", "uuid": "6d235766-0e52-48d0-bf19-e5abc14e8776", "value": "rule thegentlemen_ransomware\r\n{\r\n meta:\r\n author = \"@Tera0017/Check Point Research\"\r\n description = \"The Gentlemen Ransomware written in GO.\"\r\n strings:\r\n $string1 = \"Silent mode (don't rename files)\" ascii\r\n $string2 = \"Encrypt only mapped and UNC network shares\" ascii\r\n $string3 = \"README-GENTLEMEN.txt\" ascii\r\n $string4 = \"gentlemen.bmp\" ascii\r\n $string5 = \"gentlemen_system\" ascii\r\n $string6 = \"[+] Encryption started. Going background...\" ascii\r\n $string7 = \"[+] FULL Encryption started\" ascii\r\n condition:\r\n uint16(0) == 0x5A4D and 4 of them\r\n}" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547244", "uuid": "60a4fb39-be49-4ca8-ae1e-fc0a1592cf2e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547243", "to_ids": true, "type": "md5", "uuid": "6404c527-08ed-450b-bd2a-f6cb29355bbf", "value": "adf675ffc1acb357f2d9f1a94e016f52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547243", "to_ids": true, "type": "sha1", "uuid": "f89aff6b-c935-41c5-b63b-c7c9f1652057", "value": "2cd15d5d4cc58d06cfb6be5eabc681925d0ce5ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547244", "to_ids": true, "type": "sha256", "uuid": "581eb194-9b89-43b8-b7e2-a48285f095e9", "value": "51b9f246d6da85631131fcd1fabf0a67937d4bdde33625a44f7ee6a3a7baebd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997929", "to_ids": true, "type": "ssdeep", "uuid": "4180637d-4fb7-47be-aba4-3693106471b1", "value": "196608:0aXETABIUswT55RNYi9t4M/ovDL8j7askQSrR2vPJzsb20RQbJxF9:0oBI6vRyihUY7atHYvPZZR9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997929", "to_ids": false, "type": "size-in-bytes", "uuid": "8a9d358b-d904-4706-86de-6a5afe2747a8", "value": "14911488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997929", "to_ids": true, "type": "vhash", "uuid": "064d1bfc-d5af-4a3f-af67-e4a6a29865c1", "value": "0170c6050d05050d0504cz1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997929", "to_ids": true, "type": "filename", "uuid": "b0aca716-f152-4078-bd57-7afe84a1311e", "value": "51b9f246d6da85631131fcd1fabf0a67937d4bdde33625a44f7ee6a3a7baebd2.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997929", "to_ids": false, "type": "text", "uuid": "648ee9ae-d46f-4a7c-b9b0-a93cde2ff227", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:53/71\nFirst Submission:2025-07-17T12:27:07.000000+00:00\nLast Submission:2026-05-15T16:57:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547247", "uuid": "49a56851-6ffc-4de0-ad40-2e9e58e48a33", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547246", "to_ids": true, "type": "md5", "uuid": "771f11cf-ffb1-4a71-80b4-450f18660dea", "value": "4200b46a93c6ab059e2b34ce200c4a5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547246", "to_ids": true, "type": "sha1", "uuid": "38a92578-f194-452a-bda4-c26de42f5786", "value": "42bcc743c71a9ea083c1c750a398110582796762", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547247", "to_ids": true, "type": "sha256", "uuid": "dffd21f9-b047-4588-847b-d165aedd8240", "value": "3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997950", "to_ids": true, "type": "ssdeep", "uuid": "bb5da42e-c967-4157-a101-7d95a653df1c", "value": "49152:Dl5LxQaoySboC9C5ZtPzKgv5bQgZ3tA5m25ElcY:DHS3EX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997950", "to_ids": false, "type": "size-in-bytes", "uuid": "efda1721-9019-46e7-a651-285625fb11ae", "value": "2962944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997950", "to_ids": true, "type": "vhash", "uuid": "4dacfc3f-0ca3-4bf2-bdd3-6ecebf9d0854", "value": "026086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997950", "to_ids": true, "type": "filename", "uuid": "30429005-9b26-464e-9e96-bb55b74878e3", "value": "3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997950", "to_ids": false, "type": "text", "uuid": "69452049-e8fd-4172-b246-c586d50deff3", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:55/71\nFirst Submission:2025-10-19T16:58:34.000000+00:00\nLast Submission:2026-05-15T13:53:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547249", "uuid": "41e883c7-43bb-4225-98d3-ea87edc9ddc1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547249", "to_ids": true, "type": "md5", "uuid": "c57fded5-b9e4-428f-a7ff-7c6bb2b9065d", "value": "de1a114a2c5552387a1bbb61501bf129", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547249", "to_ids": true, "type": "sha1", "uuid": "8bc11cb4-43e9-443d-9c58-5bc3924e3d8d", "value": "d6aaed67606d6dab0f652c755d3d363025f60adb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547249", "to_ids": true, "type": "sha256", "uuid": "55606a15-00a4-4ae7-816e-c669a1ccf234", "value": "62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997972", "to_ids": true, "type": "ssdeep", "uuid": "33198ada-f4d5-4631-8cca-6918e2f26f44", "value": "49152:NZOwuHOMjxbtjNE9EJv9Jh1bPgZDts5mm5ElcY:NCxH/EX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997972", "to_ids": false, "type": "size-in-bytes", "uuid": "dd5b515f-25e9-43f9-bd62-04275eab94fa", "value": "3280900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997972", "to_ids": true, "type": "vhash", "uuid": "cffd0864-7e08-4d01-8c02-f6c246385d4d", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997972", "to_ids": true, "type": "filename", "uuid": "5912c6e5-746a-46f9-8bca-51262c975719", "value": "6bxljka.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997972", "to_ids": false, "type": "text", "uuid": "1e5b91da-bc80-4c2f-be25-431cc3922fbb", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:49/71\nFirst Submission:2025-12-01T15:12:54.000000+00:00\nLast Submission:2025-12-01T15:12:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547252", "uuid": "15452070-d387-4010-90e3-1c7f8dc8e55a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547251", "to_ids": true, "type": "md5", "uuid": "8be9f57f-9524-4a98-8af1-6a6427325878", "value": "0b33a1a23b044beb5c9a63aafd35595c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547252", "to_ids": true, "type": "sha1", "uuid": "0e835899-3eda-4707-bbb6-f96c79525b63", "value": "00ff099e3cf7b548a7a0260cde8ac2f24a746da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547252", "to_ids": true, "type": "sha256", "uuid": "2ba35a10-6e8a-4978-bfa0-b8274fff8324", "value": "860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778997994", "to_ids": true, "type": "ssdeep", "uuid": "94945c86-1d99-4632-a9f3-616695ff0c7d", "value": "49152:8zsqmpUIjZ89DZWWI4Zr4CkdQoUjhdZmGfi4gNJoX3kw5ElcYB9nwPDC7bODth5a:8z7mDhd5KX3kCEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778997994", "to_ids": false, "type": "size-in-bytes", "uuid": "61a78f20-8aac-47f4-8439-3ceacd01a4d7", "value": "3971072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778997994", "to_ids": true, "type": "vhash", "uuid": "ddfb9be5-4ce2-46b2-8379-761d1eedba6a", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778997994", "to_ids": true, "type": "filename", "uuid": "1dbf5c38-3c99-451c-96db-239c05d7fc1a", "value": "2026-02-11_0b33a1a23b044beb5c9a63aafd35595c_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778997994", "to_ids": false, "type": "text", "uuid": "a98c3e29-1651-4d93-a3fc-295ca70636ff", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SH!MTB\nVT Total Detection:55/71\nFirst Submission:2026-02-07T19:02:20.000000+00:00\nLast Submission:2026-02-11T01:48:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547254", "uuid": "f8fd9f6e-385d-4965-847f-01b2f039d46c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547254", "to_ids": true, "type": "md5", "uuid": "8476a07b-f396-4c82-9a68-05fd38d00d5e", "value": "b1254b99d30873de20ea99fbca371ac3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547254", "to_ids": true, "type": "sha1", "uuid": "0d82e003-da09-49d5-8bde-96ac7a9e3b80", "value": "4424138cf5a6770ab54132208a6bfed7ceb32beb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547254", "to_ids": true, "type": "sha256", "uuid": "babef872-3cbf-4be1-a1e6-9c5e3e388f43", "value": "8aa0cb69ca2777001e0f4ba0eaab0841592710e4cc5ccd6b0b526d78bbd8bfba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998015", "to_ids": true, "type": "ssdeep", "uuid": "66481a07-5374-4be6-bd4d-8d4c8c9d7afb", "value": "196608:T6nD6/WcJegn6N/8IA97lzzDZD3qNBQw5aF2lh5juTJ9C2F07J6yoAsg/qKkah:unD6/LJwszfZ8T9h5jI8gygAsgJd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998015", "to_ids": false, "type": "size-in-bytes", "uuid": "f24e930b-2ebc-46b7-89e3-5a5e1b1633c5", "value": "13509120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998015", "to_ids": true, "type": "vhash", "uuid": "731de609-cfba-4cdd-8b8b-8439f8467f11", "value": "0170c6050d05050d0504cz1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998016", "to_ids": true, "type": "filename", "uuid": "4b0bff43-898b-4390-9b86-5d818c302e13", "value": "donavmp.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998016", "to_ids": false, "type": "text", "uuid": "d2783fd9-440c-4e07-99de-0cdadf2a190a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:49/71\nFirst Submission:2025-12-01T05:41:52.000000+00:00\nLast Submission:2025-12-09T03:15:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547257", "uuid": "f8aa560f-d124-44d1-96be-0b755c1bfb0c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547256", "to_ids": true, "type": "md5", "uuid": "6076648d-8cdf-442f-a34f-9cfa20c82745", "value": "8ee42d16a9381d726591ddc551863931", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547257", "to_ids": true, "type": "sha1", "uuid": "247f51c1-e593-4c23-b1c8-77f63b422159", "value": "908b39041bab41aef7b2d4d7ffdb72bb5b1e3437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547257", "to_ids": true, "type": "sha256", "uuid": "8b5c3009-5455-43f8-9058-e8f148dbb08c", "value": "788ba200f776a188c248d6c2029f00b5d34be45d4444f7cb89ffe838c39b8b19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998037", "to_ids": true, "type": "ssdeep", "uuid": "bcc40d95-9626-49b5-ae22-240d3b046b56", "value": "49152:agNcFQktmDTZlmh7uUMyqgRhAa56cV05Eu:agNsLGavCEu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998037", "to_ids": false, "type": "size-in-bytes", "uuid": "a93b3c79-c14e-49fa-b2a2-d8b020740c16", "value": "2510996" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998037", "to_ids": true, "type": "vhash", "uuid": "770a6564-dca0-4280-a2c2-3cbd9f74294d", "value": "a32d859bd1256dc8d6bca18d4f8c19bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998037", "to_ids": true, "type": "filename", "uuid": "a028335f-d708-41bc-8270-1c4cd07e414b", "value": "2x6d30i2u.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998037", "to_ids": false, "type": "text", "uuid": "a7bc5241-c892-4761-8885-5313b0dccc49", "value": "Type Description: ELF\nMicrosoft: PUA:Linux/Maltiverza\nVT Total Detection:25/65\nFirst Submission:2026-01-04T16:13:14.000000+00:00\nLast Submission:2026-01-04T16:13:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547260", "uuid": "1a129150-be74-463c-a7be-3687e668e052", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547259", "to_ids": true, "type": "md5", "uuid": "8173fc93-6caf-4b25-a34a-b9a540ba3274", "value": "30b49ae2f685d4403d3013410f80c2e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547259", "to_ids": true, "type": "sha1", "uuid": "50ce0233-9da8-41ed-ab8f-413d1b492f62", "value": "68225c5613afe2174ed46e074147676b0f9a3915", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547260", "to_ids": true, "type": "sha256", "uuid": "2781761a-3474-4d5a-931c-c01c7d7b0040", "value": "8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998059", "to_ids": true, "type": "ssdeep", "uuid": "e7c4e16d-c18a-4474-a235-8972eb2c4479", "value": "49152:dI2C9Fgt/jn6UxasuojbX6VpW1KdeC8bQPUVAn5ElcYc:Gr9FgZ6UQiX6XPz5EXc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998059", "to_ids": false, "type": "size-in-bytes", "uuid": "dde02017-fe1a-42f9-af93-f4210f6d6000", "value": "3128320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998059", "to_ids": true, "type": "vhash", "uuid": "60a6c69a-0fb0-4e2e-9689-6bc943aaa2be", "value": "036066655d7d15641az2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998059", "to_ids": true, "type": "filename", "uuid": "ebf228b6-9eae-4c58-a76f-f9a82995254a", "value": "12d00z4y.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998059", "to_ids": false, "type": "text", "uuid": "9c4db8b4-f23c-4cb0-8c06-de57ef9acfcb", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:50/71\nFirst Submission:2025-12-02T04:39:29.000000+00:00\nLast Submission:2025-12-02T04:39:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547263", "uuid": "61ee2efa-2628-4781-bcf3-75a9b513a93e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547262", "to_ids": true, "type": "md5", "uuid": "ab7f4965-cfbd-4239-bd06-993f28a854c7", "value": "5f5bf7fc7a9ac89ce0bbb07bd1160078", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547262", "to_ids": true, "type": "sha1", "uuid": "e7ac2c5f-9c29-4186-95da-f8397e5ea8d8", "value": "5264a94271d875675336a503c94ece0baceb58c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547263", "to_ids": true, "type": "sha256", "uuid": "002cd33b-c576-4c22-b797-e41fe868a582", "value": "ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998081", "to_ids": true, "type": "ssdeep", "uuid": "23a7a789-905c-40ae-8fbe-b119aeaaff79", "value": "49152:x4No/UEhL6jSHeHGvvYOXmkxm3DL7TiiddCj2oHMv6kw512d5ElcY:x4AnTm3DL7Tiidd/hEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998081", "to_ids": false, "type": "size-in-bytes", "uuid": "d0154c3b-097a-4a13-9256-9451f02b5a64", "value": "3214336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998081", "to_ids": true, "type": "vhash", "uuid": "54322c39-bfc2-41f3-969e-f3b0aa647050", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998081", "to_ids": true, "type": "filename", "uuid": "bf77015b-6c42-49d6-beab-350f33b8b9f0", "value": "pac.dll" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998081", "to_ids": false, "type": "text", "uuid": "b6e14f9e-e9d7-4a0c-bbf7-e250044d2bca", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:52/71\nFirst Submission:2025-11-18T16:41:55.000000+00:00\nLast Submission:2025-12-04T08:01:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547265", "uuid": "f244237f-1699-4adc-8102-3dd0751d3702", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547264", "to_ids": true, "type": "md5", "uuid": "30e9b1ce-5e68-4bd0-a64c-75237de9463a", "value": "6ae7c9a7ea0b8c40a64225734f6bd01d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547265", "to_ids": true, "type": "sha1", "uuid": "2a948fbc-56ec-419d-b142-632be25a6b09", "value": "8468cb5888fb383d25f9144c2b2f61c414cea3f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547265", "to_ids": true, "type": "sha256", "uuid": "4338e7ca-6fcd-4911-a3f1-913c09560935", "value": "c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998103", "to_ids": true, "type": "ssdeep", "uuid": "001f81e8-e4b5-4b66-be31-9f51ae8bf194", "value": "49152:ailDmmQw2iK2EY2spo4/ODIujYaqZGwfh4gpvTeE5EbAk6+cJz9nwPDC7bODth5a:aiFGvbSre2EU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998103", "to_ids": false, "type": "size-in-bytes", "uuid": "88e92015-515e-449e-bc76-4c2e5f4dcea7", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998103", "to_ids": true, "type": "vhash", "uuid": "256c1209-7704-4418-a175-4c85ce2ae19b", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998103", "to_ids": true, "type": "filename", "uuid": "73241b4c-3822-4269-94d1-ac7b1d35527b", "value": "4jp2foriy.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998103", "to_ids": false, "type": "text", "uuid": "704512cb-4525-492a-929f-0fe5044b4cf1", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-03T11:22:28.000000+00:00\nLast Submission:2026-04-03T11:28:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547267", "uuid": "9db3a0a1-7a33-4d5d-ad36-22ae046bd997", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547266", "to_ids": true, "type": "md5", "uuid": "5e07ce28-1a1e-4ddd-91db-54841e6dc385", "value": "c9d004384de06bbc53724b1431dc0fde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547267", "to_ids": true, "type": "sha1", "uuid": "abfa7dd6-d227-40dd-9da9-e0e9799f4fd9", "value": "8cdfedf9416ef9e50548f02e5dfa5dd5aa38c586", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547267", "to_ids": true, "type": "sha256", "uuid": "da54d531-d1cb-497a-a5d4-fda11c1acda1", "value": "1eece1e1ba4b96e6c784729f0608ad2939cfb67bc4236dfababbe1d09268960c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998125", "to_ids": true, "type": "ssdeep", "uuid": "33ba83db-d967-4ef8-8c2b-1636f4256581", "value": "768:/TH8eORh52N43WIykizkxpR8XgXJ7cuzg4M9iRtHpaWmoSfOtICuKw/:/7ORhA4WwpOXS7cuTpTY7ht" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998125", "to_ids": false, "type": "size-in-bytes", "uuid": "1c981e5b-4ed2-43ab-bdcc-ea468e2305b8", "value": "36424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998125", "to_ids": true, "type": "vhash", "uuid": "97ccfa28-4b28-4c95-b91f-779f6762dbae", "value": "5b918728384a365cf6305fe6683495b7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998125", "to_ids": true, "type": "filename", "uuid": "734d4d3e-eaff-49bc-99fa-59c605cb9956", "value": "cooff4.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998125", "to_ids": false, "type": "text", "uuid": "a2e3f95d-bb62-4dd8-82fe-78ec117f4785", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:31/64\nFirst Submission:2025-12-24T10:20:36.000000+00:00\nLast Submission:2025-12-24T11:25:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547270", "uuid": "ca55eca2-4cd3-4a02-ba5e-0e7c3f66cebf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547269", "to_ids": true, "type": "md5", "uuid": "2a252192-b6be-4ae7-b0fd-85c11657a4f0", "value": "7f11809925adc6657e84165fdf780816", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547269", "to_ids": true, "type": "sha1", "uuid": "2d9c528b-37e2-438d-82bd-e3ef278814c1", "value": "54a207ed34d83d1f71d34d4ad538e8221ffba259", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547270", "to_ids": true, "type": "sha256", "uuid": "d71127b4-124f-4415-a523-79bc4004987e", "value": "025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998146", "to_ids": true, "type": "ssdeep", "uuid": "05a2243e-edee-4d96-92a2-ff3c0c1d7537", "value": "49152:0ZOwuHOMjxbtjNE9EJv9Jh1bPgZDts5mj5ElcY:0CxHeEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998146", "to_ids": false, "type": "size-in-bytes", "uuid": "10c88b2d-14d2-4396-8320-8ccdab1fa96f", "value": "2963456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998146", "to_ids": true, "type": "vhash", "uuid": "c054311f-8c0e-4b18-bdd5-82cff62210ad", "value": "026086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998146", "to_ids": true, "type": "filename", "uuid": "43d8461b-f461-4d9a-b092-ddb294221dcc", "value": "dona.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998146", "to_ids": false, "type": "text", "uuid": "4a0983b2-4c2f-4b66-a746-67f2dc4e7913", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte!MTB\nVT Total Detection:47/71\nFirst Submission:2025-12-01T05:36:36.000000+00:00\nLast Submission:2025-12-09T03:19:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547272", "uuid": "cc70a8b3-009b-4738-8f1d-d6749d380b35", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547272", "to_ids": true, "type": "md5", "uuid": "f7738ad2-ad06-47d6-9d17-38dcccedfa45", "value": "7a262d4cbbc4808932b6af42c4041f06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547272", "to_ids": true, "type": "sha1", "uuid": "2dadd5dd-76b7-4120-bb18-299ae88c83c3", "value": "9e951cf2f868b71aaaa05966d8eb96d333b80106", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547272", "to_ids": true, "type": "sha256", "uuid": "905ddab1-df48-4e09-88ec-381661d4eb13", "value": "22b38dad7da097ea03aa28d0614164cd25fafeb1383dbc15047e34c8050f6f67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998168", "to_ids": true, "type": "ssdeep", "uuid": "734dc8ad-9ed7-4981-94e0-7d13d4cfe971", "value": "49152:xC1TqFUxvYE/VmotXIMj4tPjn2HMvIdGwg/z8A5ElcYB9nwPDC7bODth5yx30GB:xCBqX3HEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998168", "to_ids": false, "type": "size-in-bytes", "uuid": "bb2e49de-3cf1-4cfc-a9b4-2ffcf350a39b", "value": "3952640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998168", "to_ids": true, "type": "vhash", "uuid": "7b4032c2-708b-432b-97c2-27fd794a1be3", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998168", "to_ids": true, "type": "filename", "uuid": "aa1cd56d-15dc-4968-8a59-51ef49accb93", "value": "v6jif.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998168", "to_ids": false, "type": "text", "uuid": "0d961333-7efe-490e-982a-049d554c55cc", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:50/71\nFirst Submission:2026-03-02T19:03:40.000000+00:00\nLast Submission:2026-03-02T19:03:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547275", "uuid": "4ba677f1-fd63-4439-9042-99cbf38293b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547274", "to_ids": true, "type": "md5", "uuid": "2d851abf-c4c9-4d28-955b-82a8093501bb", "value": "0a454a07e071971832985701bc6e9164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547275", "to_ids": true, "type": "sha1", "uuid": "059fe1fb-a38d-4dc4-94c8-71fa4468dfee", "value": "d875d7e99f45c87e667dbebb8d8596182bdb94df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547275", "to_ids": true, "type": "sha256", "uuid": "4c362cb7-0976-43f0-9edc-a3632f55c7eb", "value": "2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998190", "to_ids": true, "type": "ssdeep", "uuid": "f815030a-95c1-4ac7-87d7-3f6105bbbbd9", "value": "49152:JZOwuHOMjxbtjNE9EJv9JhRbPgZDts5me5ElcY:JCx7HEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998190", "to_ids": false, "type": "size-in-bytes", "uuid": "5681da68-b509-4a6b-82fa-097e85980287", "value": "3280900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998190", "to_ids": true, "type": "vhash", "uuid": "ce8cc907-f1dd-40be-b55c-06345ce2beb0", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998190", "to_ids": true, "type": "filename", "uuid": "7adea34c-b73d-4772-9482-d8cb35b81f6e", "value": "4fcyaik.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998190", "to_ids": false, "type": "text", "uuid": "fe9ef603-2532-45a8-b852-49a34451a5b0", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:55/71\nFirst Submission:2025-12-15T20:09:45.000000+00:00\nLast Submission:2025-12-15T20:09:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547278", "uuid": "0fb2510b-4bd1-4f55-8042-ccb136aa3afd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547277", "to_ids": true, "type": "md5", "uuid": "523845af-937b-4324-a1d7-24b77598b818", "value": "7a89b347beb55f63dbcbcfc0beedbe43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547277", "to_ids": true, "type": "sha1", "uuid": "b441b39b-274e-495f-96f7-f3a4276c6630", "value": "716e39bbc93fd4b394d9e6ef7c29aef1adc7dcb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547278", "to_ids": true, "type": "sha256", "uuid": "892d9080-b8f2-4685-a326-c03faa74fa7c", "value": "48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998211", "to_ids": true, "type": "ssdeep", "uuid": "11b26d7b-a421-4c01-9ffe-ea62269f9da6", "value": "49152:UPb8MvCRH682J9ikm3SYMQHRZ8jrVVZNwfx14gGvmF+5ElcYB9nwPDC7bODth5yz:UPYBL15XFUEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998211", "to_ids": false, "type": "size-in-bytes", "uuid": "e7aca4eb-27d8-428a-bec3-3da99178e2c4", "value": "3963904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998211", "to_ids": true, "type": "vhash", "uuid": "de5b383b-efca-4f42-afa0-07c6481ff02c", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998211", "to_ids": true, "type": "filename", "uuid": "fb5705e4-b104-469c-bf34-804929426267", "value": "win.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998211", "to_ids": false, "type": "text", "uuid": "ee72addd-6165-423a-9188-47c46d931e71", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:52/71\nFirst Submission:2026-03-03T00:07:19.000000+00:00\nLast Submission:2026-03-03T06:38:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547280", "uuid": "79603c49-6cfd-402c-968b-5251cdc3ee06", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547279", "to_ids": true, "type": "md5", "uuid": "3f3fb683-216b-4b54-b69c-8899293dff15", "value": "0f9cd505df07e4ebfff3fe61b689e527", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547280", "to_ids": true, "type": "sha1", "uuid": "dcf1da35-5fc2-4bb3-a021-e1339219fc01", "value": "5d4ae46c14371e20d99b42cc0a683f8d5ec326ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547280", "to_ids": true, "type": "sha256", "uuid": "5958e5f1-6c9d-4562-ae8b-c587570e0ffb", "value": "5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998233", "to_ids": true, "type": "ssdeep", "uuid": "ce5c96f4-2c5f-4300-973b-e645293de83b", "value": "768:DTH8eORh52N43WIykizkxpR8XgXJ7cuzg4M9iRtHpaWmonfhtICuKw/:D7ORhA4WwpOXS7cuTpTY0ut" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998233", "to_ids": false, "type": "size-in-bytes", "uuid": "ed805c37-c84b-4c14-9290-3e3cb7c26754", "value": "36424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998233", "to_ids": true, "type": "vhash", "uuid": "e7a3f2d2-8850-4d9b-a1dc-f050f9432e5b", "value": "5b918728384a365cf6305fe6683495b7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998233", "to_ids": true, "type": "filename", "uuid": "7129e07d-3228-441c-a643-5632db35bede", "value": "epuucrwbo.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998233", "to_ids": false, "type": "text", "uuid": "539a520d-1bad-401d-ba75-9e67adfcf991", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:32/64\nFirst Submission:2026-01-10T15:08:17.000000+00:00\nLast Submission:2026-01-10T15:08:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547283", "uuid": "41c8e5f9-31a5-4bdd-a311-a49bac4e7e89", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547282", "to_ids": true, "type": "md5", "uuid": "dea5c988-5a33-425f-884c-3f4ff2f9f9c8", "value": "05e9d6d239ea29f0427b02a9bc903be7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547282", "to_ids": true, "type": "sha1", "uuid": "e33efa52-136e-4519-b1d7-24da6bc472f5", "value": "23a468d7277902384875d4167a81164bc2bf6e72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547283", "to_ids": true, "type": "sha256", "uuid": "5a1d0890-90f3-4c19-82e6-c3cd840955a7", "value": "87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998255", "to_ids": true, "type": "ssdeep", "uuid": "a815527d-f112-44b0-8f41-1bc8d78f7eb8", "value": "49152:linqC+tAonu2oY4RpGe/nhYj37pZFwfH4gpvAuh5EbAk6+cJz9nwPDC7bODth5yX:liqlbUIuXEU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998255", "to_ids": false, "type": "size-in-bytes", "uuid": "707c169a-6448-458a-a4a9-bbd1ae9a3560", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998255", "to_ids": true, "type": "vhash", "uuid": "687713d5-8679-42ff-9d54-210db7bf591a", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998255", "to_ids": true, "type": "filename", "uuid": "635a26a2-17e9-45de-bed6-e394ec5414da", "value": "gp9g29x.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998255", "to_ids": false, "type": "text", "uuid": "3801c8ef-c049-420f-8023-18d06dbadda2", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:56/71\nFirst Submission:2026-03-31T15:00:48.000000+00:00\nLast Submission:2026-04-03T21:23:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547285", "uuid": "852e7e3a-9a5b-4439-8908-f71d51bdb024", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547284", "to_ids": true, "type": "md5", "uuid": "682fca88-d708-4608-a673-5a37c295010a", "value": "1e0f4cd09aa4464179933769b5009251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547285", "to_ids": true, "type": "sha1", "uuid": "ef26dc50-fa2a-44f4-84a5-e277e5d4e3e5", "value": "124b943f6e82135b4d680df111ce121a200606dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547285", "to_ids": true, "type": "sha256", "uuid": "76a6a4e8-8cf9-487e-abdb-d7f37189965b", "value": "91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998276", "to_ids": true, "type": "ssdeep", "uuid": "1ac0dc8b-77d0-4927-92b6-d4d6456f4d5e", "value": "49152:1yQzHUkALMZtfx2EASYrHynjNhHMvIhwx/Sgv5ElcYB9nwPDC7bODth5yx30GoP:1y+q4AEXBFwPD+8th5z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998276", "to_ids": false, "type": "size-in-bytes", "uuid": "e6dcb217-ded6-4fba-9c2f-2f1743b9093d", "value": "3957760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998276", "to_ids": true, "type": "vhash", "uuid": "02ef3a1d-d8df-4ba5-a5bc-d826dd8ebad7", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998276", "to_ids": true, "type": "filename", "uuid": "46bcc735-037f-478f-b80e-f09689493c79", "value": "2026-02-08_1e0f4cd09aa4464179933769b5009251_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998276", "to_ids": false, "type": "text", "uuid": "d85293d0-4607-4fd6-a45c-c1d451497628", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:56/71\nFirst Submission:2026-01-14T09:02:48.000000+00:00\nLast Submission:2026-02-08T03:25:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547288", "uuid": "2a4e6177-feca-4855-8a72-b130af6a6765", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547287", "to_ids": true, "type": "md5", "uuid": "73263d65-e53e-4b47-ba2e-e72f612edb59", "value": "4609cbac6772a6c61fcf2745cd3b4362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547287", "to_ids": true, "type": "sha1", "uuid": "61bff4d1-50fb-46b9-beee-af65ababb98e", "value": "af4066ca0ae65ac63de6af60f46a9b23bb6dbfee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547288", "to_ids": true, "type": "sha256", "uuid": "d5352124-fb92-4211-9aff-99d36aa282a9", "value": "994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998298", "to_ids": true, "type": "ssdeep", "uuid": "0c5cbfeb-e300-4751-8aae-ab439be68abf", "value": "49152:TQvWgP5dF2vDnaERiMeojrX6qpW1KdeC8bQPUVA35ElcYE:ELdFIaEICX6cPzpEXE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998298", "to_ids": false, "type": "size-in-bytes", "uuid": "5ff1d643-a8d1-4f47-a7a4-eb176e17ab41", "value": "3293188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998298", "to_ids": true, "type": "vhash", "uuid": "f010bbaa-890b-4394-8078-12b1d4146c63", "value": "036066655d6d5564bz2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998298", "to_ids": true, "type": "filename", "uuid": "c5e4928b-e06a-4676-95bf-672d825d7f7d", "value": "y859yn1.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998298", "to_ids": false, "type": "text", "uuid": "ce73ac35-2997-48b0-9677-37572bb14b09", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:45/71\nFirst Submission:2025-12-02T06:52:44.000000+00:00\nLast Submission:2025-12-02T06:52:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547290", "uuid": "62ba0636-e57c-4e32-87b7-4a9a9c8cf95d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547290", "to_ids": true, "type": "md5", "uuid": "593ac90c-4203-41af-b590-163e60fd1b5b", "value": "ed18c524e930cd1c34614f7cc3051dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547290", "to_ids": true, "type": "sha1", "uuid": "8b992a0c-1b8e-41cb-b763-b8fc28bb1247", "value": "ef4b60f8162dfe20cb96dcae865a912e52459bb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547290", "to_ids": true, "type": "sha256", "uuid": "20ebe673-20c8-421c-8071-ccf1156da669", "value": "9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998320", "to_ids": true, "type": "ssdeep", "uuid": "df969f30-c699-4e31-a2e6-1e55e8d926dc", "value": "49152:54No/UEhL6jSHeHGvvYOXmgnj6SHMv6kw512h5ElcY:54An+ZEX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998320", "to_ids": false, "type": "size-in-bytes", "uuid": "8e6ab8cd-2eb2-47fd-838b-dffd23863ae6", "value": "3534852" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998320", "to_ids": true, "type": "vhash", "uuid": "99bb87e2-daf7-4424-8113-78a8b053d299", "value": "036086655d55551d1554bz2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998320", "to_ids": true, "type": "filename", "uuid": "346fa1a7-a130-450a-8bbe-8a16c721a54d", "value": "fdjhkspz.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998320", "to_ids": false, "type": "text", "uuid": "b02a78f8-e1f0-4f14-a122-aaea17ef8b46", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:45/71\nFirst Submission:2025-11-20T02:56:03.000000+00:00\nLast Submission:2025-11-20T02:56:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547293", "uuid": "b2d33de4-be71-4c3d-a4b6-ac94f31d7e97", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547292", "to_ids": true, "type": "md5", "uuid": "b9626e6a-d4f9-4b18-b970-1a43c3ed743f", "value": "1cc9ae55b1856e4e9796c73f94c2e683", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547292", "to_ids": true, "type": "sha1", "uuid": "8b079ea1-ec38-493b-9826-0140e4315aa6", "value": "ebddc99a00bd7a5dcaf7b73349309d970e5c69b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547293", "to_ids": true, "type": "sha256", "uuid": "478aaaff-0f37-4417-9978-f94e2a7d013a", "value": "a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998342", "to_ids": true, "type": "ssdeep", "uuid": "23576763-eed8-4954-95ab-f42130bef990", "value": "49152:QuoWiWA8g8iwfnVqKC9YVjvVqjsLHMvI9wt/eyP5ElcYB9nwPDC7bODth5yx30G7:QuTPdGEXBFwPD+8th5M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998342", "to_ids": false, "type": "size-in-bytes", "uuid": "601d3f6f-9ac3-41fe-8cd3-d357f24571d3", "value": "3954688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998342", "to_ids": true, "type": "vhash", "uuid": "816e8cee-9afb-4355-b2d8-efd8e9ac4d69", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998342", "to_ids": true, "type": "filename", "uuid": "e497aabf-cf54-41b4-a17c-63f326101e82", "value": "2026-04-07_1cc9ae55b1856e4e9796c73f94c2e683_amadey_coinminer_dosia_frostygoop_glassworm_hive_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998342", "to_ids": false, "type": "text", "uuid": "27ce56ec-c836-40ba-9e3f-5cc2b511cc0f", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:47/71\nFirst Submission:2026-01-05T15:10:32.000000+00:00\nLast Submission:2026-04-07T04:34:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547295", "uuid": "5f14f504-ccd2-4e7d-93ac-859c78d0fd61", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547295", "to_ids": true, "type": "md5", "uuid": "e9cc7fef-f6d0-4262-9b31-1037552a4525", "value": "3b46a729db7ae6af8b19711c9452194d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547295", "to_ids": true, "type": "sha1", "uuid": "90655eb6-2b5a-421b-baf3-8e0880db8387", "value": "5aea74bf3e70f38eb596f8002b3c02514daee4f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547295", "to_ids": true, "type": "sha256", "uuid": "2bb5d931-178d-42ba-9fd2-6344a834a26f", "value": "b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998364", "to_ids": true, "type": "ssdeep", "uuid": "27cfb22c-4d0b-4eed-b425-8ea790e71109", "value": "49152:ailDmmYw2i62EYW0po4/2m3jeXiZ+wfN4gpv5eP5EbAk6+cJz9nwPDC7bODth5yX:aiFO34ReBEU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998364", "to_ids": false, "type": "size-in-bytes", "uuid": "d9225024-ab75-4d93-ad54-8ff2b7248eaf", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998364", "to_ids": true, "type": "vhash", "uuid": "13da181a-35dc-4ab0-92df-3f0c6a419fac", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998364", "to_ids": true, "type": "filename", "uuid": "782cdaea-c278-4425-b307-676ec699223f", "value": "kis4vm0jd.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998364", "to_ids": false, "type": "text", "uuid": "77748e0e-ab8d-4a6b-a3e7-0cca5d5e2f5a", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-01T12:09:24.000000+00:00\nLast Submission:2026-04-03T10:06:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547298", "uuid": "4497500a-6744-4bc7-a5f1-bbcbc5b02e01", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547297", "to_ids": true, "type": "md5", "uuid": "fef82545-0548-4e70-a5cc-4f04e90cb428", "value": "a2a13b8da7370f5f4753d81c7958dfcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547298", "to_ids": true, "type": "sha1", "uuid": "1473ac38-81d2-4a51-b927-d244a18039a9", "value": "143cb70aede3ba09ae54e1da55c69f0129991f48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547298", "to_ids": true, "type": "sha256", "uuid": "020bb308-53d1-4653-8217-531c634f4989", "value": "efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998406", "to_ids": true, "type": "ssdeep", "uuid": "09b1c649-d9f2-4825-a3f9-b40703425d49", "value": "49152:Y6OykI7cUakFLqFWEacsxBixaEji4ZQGf504gDJo1J55ElcYB9nwPDC7bODth5yX:Y3gfFOW41JvEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998406", "to_ids": false, "type": "size-in-bytes", "uuid": "85a6f852-1a89-4ccc-9ded-8a05536fdf0d", "value": "3956224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998406", "to_ids": true, "type": "vhash", "uuid": "02a199d5-47f9-4a5d-9013-b5f2ac550e3c", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998406", "to_ids": true, "type": "filename", "uuid": "7b25986e-9627-434b-85ad-a3f43311fd93", "value": "2026-02-06_a2a13b8da7370f5f4753d81c7958dfcb_amadey_coinminer_dosia_frostygoop_glassworm_knight_luca-stealer_njrat_quasar-rat_salatstealer_sliver_smoke-loader" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998406", "to_ids": false, "type": "text", "uuid": "95519072-112d-4dda-9da5-b07ed252b7ed", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:53/71\nFirst Submission:2026-01-16T11:38:04.000000+00:00\nLast Submission:2026-02-06T10:43:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547301", "uuid": "689b3b4e-21ed-4297-be6d-95494499ddbe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547300", "to_ids": true, "type": "md5", "uuid": "118ca9c9-cabc-4571-b3db-1d575f35b867", "value": "ffb6011e7c82355046988166dd896930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547300", "to_ids": true, "type": "sha1", "uuid": "3f6f091a-4488-4a7a-a6ba-adf0bf3e938d", "value": "83c6c1bb37c9071e569aa4b247e54ab763bbf5da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547301", "to_ids": true, "type": "sha256", "uuid": "c7404545-6aae-4198-86bf-4e9cfeb430e4", "value": "f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998428", "to_ids": true, "type": "ssdeep", "uuid": "0774d759-3609-47c5-b2f4-0816ae305245", "value": "49152:tOXpvfSEikgYDG+EqVkJ4CkdFjUwZ5GfQ4gNJ4w3ka5ElcYB9nwPDC7bODth5yxF:tO58U3dVGw3kwEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998428", "to_ids": false, "type": "size-in-bytes", "uuid": "349958a1-3c22-4df8-8784-61316fc641af", "value": "3971072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998428", "to_ids": true, "type": "vhash", "uuid": "7ffbec54-3cd2-4d45-9822-87a5263987a6", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998428", "to_ids": true, "type": "filename", "uuid": "27b7d13e-fa99-4f4a-af0e-3f6ec774dbe1", "value": "amd.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998428", "to_ids": false, "type": "text", "uuid": "6de56c20-4ce2-4046-a238-728821422054", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:54/71\nFirst Submission:2026-02-19T02:42:26.000000+00:00\nLast Submission:2026-02-19T05:01:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547303", "uuid": "50648a1b-a194-4a7b-a4e5-b910505ad411", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547302", "to_ids": true, "type": "md5", "uuid": "6a7064ee-d311-4d72-8a55-b215cbcaa409", "value": "7b885b446bbd9b450146c88f84c64f30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547303", "to_ids": true, "type": "sha1", "uuid": "3b6dc1d0-dca9-4dd2-b8b1-1b1d4b1eefb9", "value": "bd79aec521aa9f0cec374d57692b540b7b5a6ea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547303", "to_ids": true, "type": "sha256", "uuid": "89b88426-6cf5-43a4-a564-4675e5951c20", "value": "fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998450", "to_ids": true, "type": "ssdeep", "uuid": "3312c4b7-e310-4f79-bb50-2888f090174a", "value": "49152:Kj6+4dnfoiSEct2xaSUPDdP/7SsjHE4Z0wfs4gcvpG15ElcYB9nwPDC7bODth5yX:KjHodwdImGLEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998450", "to_ids": false, "type": "size-in-bytes", "uuid": "75fee749-3b6f-4708-ba20-97b3a8f94520", "value": "3968512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998450", "to_ids": true, "type": "vhash", "uuid": "309b2a53-ba72-488a-bcca-d9a25d5dab24", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998450", "to_ids": true, "type": "filename", "uuid": "f0f08ba6-cf32-4b3d-a3b0-92813f6ef6e2", "value": "rxeh0zn3w.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998450", "to_ids": false, "type": "text", "uuid": "673f2f76-cfe3-428e-9aca-3bee88affc94", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:53/71\nFirst Submission:2026-03-31T06:45:07.000000+00:00\nLast Submission:2026-03-31T06:45:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547306", "uuid": "5c26eebf-8f24-47ec-962f-0620609c59cc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547305", "to_ids": true, "type": "md5", "uuid": "96c6b9f6-7dd9-4d69-9eae-1530734767e3", "value": "6f1ece39f46345ff8f0327a93af2312b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547305", "to_ids": true, "type": "sha1", "uuid": "2308231e-f912-43f2-800f-62b91930e250", "value": "de8e1859412cc7b0ea81d7c6461267b079059dda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547306", "to_ids": true, "type": "sha256", "uuid": "0dfd8e51-9b02-4192-bcf1-c078361a1366", "value": "4a175eed927c0a477eafb8aa35a93c191748acaa78ac7aecd8ea3c4cd868887c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778998704", "to_ids": true, "type": "ssdeep", "uuid": "db53d9b0-969f-4bcf-9c2f-21be7815f35c", "value": "49152:x5LLCG6KUeXFZna0GYB/VbPMAEl5juZHZFwf04g8vDbn5E2kT9nwPDC7bODth5yX:x5yOzbHMb5E3TFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778998704", "to_ids": false, "type": "size-in-bytes", "uuid": "cc699d4c-3f66-4249-a00d-7bf31c68f138", "value": "3966464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778998704", "to_ids": true, "type": "vhash", "uuid": "bcc9761b-e64e-4ae0-8551-0237ab77c919", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778998704", "to_ids": true, "type": "filename", "uuid": "8fb415e9-5068-468f-a2a9-8c6c3125f2e4", "value": "zprphynie.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778998704", "to_ids": false, "type": "text", "uuid": "8d9c948b-2f43-4562-b332-53460a48ee13", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:45/71\nFirst Submission:2026-04-23T06:31:53.000000+00:00\nLast Submission:2026-04-23T06:31:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547308", "uuid": "ea4cacb3-ada2-4e3d-82ce-4f3783f9353c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547307", "to_ids": true, "type": "md5", "uuid": "4f614abc-97c8-4948-b6d8-40a7aee843ff", "value": "b8683f466e936e45a5ca715c2845563c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547308", "to_ids": true, "type": "sha1", "uuid": "50d2d33b-934c-47c9-9f71-d828d8ab194c", "value": "f1ca6f9eb8f41dd0940683747d8926ac485ae40e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547308", "to_ids": true, "type": "sha256", "uuid": "67d6f969-a8a3-484b-97e5-c21196903c0c", "value": "dfe696ff713318c53fb17731bd4a6585a02c085b590149b19847990b324a0be6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999064", "to_ids": true, "type": "ssdeep", "uuid": "fa12ee1c-0eec-43b3-92f8-a4317ebec304", "value": "49152:/Rc3tUpzSL5y2VDy7hTFg/79jKSIZgwfi4gxvueQ5ElcYB9nwPDC7bODth5yx30G:/RUtAT42eiEXBFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999064", "to_ids": false, "type": "size-in-bytes", "uuid": "2aae83c4-bace-4b68-a9c5-b853fa398171", "value": "3972608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999065", "to_ids": true, "type": "vhash", "uuid": "acf1eaa1-781c-4aa8-b28f-0d37b470d664", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999065", "to_ids": true, "type": "filename", "uuid": "553224e9-3859-4eca-aff1-a58833b727f3", "value": "bvxbekfp4.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999065", "to_ids": false, "type": "text", "uuid": "ae1940d1-948f-4783-8a75-68de5392cad4", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:46/71\nFirst Submission:2026-04-12T00:30:37.000000+00:00\nLast Submission:2026-04-12T17:51:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547311", "uuid": "a8743b0e-d412-44a4-bd46-0c74cc869fbe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547310", "to_ids": true, "type": "md5", "uuid": "d42b3b05-189c-4ffa-a97d-56ace7a97d79", "value": "736a6b312fe80efea9bc2e482629be06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547310", "to_ids": true, "type": "sha1", "uuid": "1e273942-064c-426c-bd96-6750307ee075", "value": "9887bc4eed59173d94f5340ef7c09e8ea68cd824", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547311", "to_ids": true, "type": "sha256", "uuid": "50d909ca-5ca1-47f0-99b6-3e589ba31f97", "value": "1334f0189a8e6dbc48456fa4b482c5726ab7609f7fa652fcc4c1a96f2334436f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999171", "to_ids": true, "type": "ssdeep", "uuid": "47b0dfa6-c359-410a-a84f-255932e05a68", "value": "49152:6NlDmmYw29T2QYpEpod/0jSjjlQNZqwfE4gpvBeo5EbAk6+cJz9nwPDC7bODth5a:6NFOc6a5eaEU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999171", "to_ids": false, "type": "size-in-bytes", "uuid": "bdafa502-e987-4bdc-acc1-bda6680a8e33", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999171", "to_ids": true, "type": "vhash", "uuid": "f172ac70-fc54-4b88-8b1c-f2b5e3587e7f", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999171", "to_ids": true, "type": "filename", "uuid": "541484ba-9074-4f41-931e-df0156463196", "value": "win.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999171", "to_ids": false, "type": "text", "uuid": "b1d7c96c-0ae9-45f8-800d-6d893f229318", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:54/71\nFirst Submission:2026-04-14T13:23:45.000000+00:00\nLast Submission:2026-05-12T12:47:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547313", "uuid": "298e13ce-1e7a-4d6d-ad9d-089a184508e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547312", "to_ids": true, "type": "md5", "uuid": "20332e1f-e498-4c50-8014-cc52b461a3a7", "value": "10ca9a4040001560d053b7e7885c1b95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547313", "to_ids": true, "type": "sha1", "uuid": "1a0f24c5-23ce-45f2-a435-b26e586206a0", "value": "e7cc7b32d844ec6a2f41f0efbc64a0783afb56e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547313", "to_ids": true, "type": "sha256", "uuid": "6c41a8a2-8f0d-4a94-b9fe-012a4206a9be", "value": "1af419b36a5edefef387409e2b3248c9223f7dc49a4f7b15ea095d371c3a70b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999193", "to_ids": true, "type": "ssdeep", "uuid": "7b4a6f0b-1692-4ad9-8bb7-83f4cd1f38c5", "value": "49152:kx5UADyeQaU9IK4l3jVoH6dhE3axvkup4r4ISI5ElcYB9nwPDC7bODth5yx30G3a:WDDyeQMK4l5IrpEXBFwPD+8th5S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999193", "to_ids": false, "type": "size-in-bytes", "uuid": "3c5be666-77d6-4ae4-9c1c-626bf9415a37", "value": "3885056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999193", "to_ids": true, "type": "vhash", "uuid": "73686cf6-26e9-4b6b-9bce-93461cd02b98", "value": "036066655d7d15641az2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999193", "to_ids": true, "type": "filename", "uuid": "70a18cd0-3d0e-4345-a47d-bf9990eb7896", "value": "uh5a4lt6i.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999193", "to_ids": false, "type": "text", "uuid": "e7a477ae-463e-484f-8ccc-0a471fcf2d3d", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/BlackByte.SZ!MTB\nVT Total Detection:42/71\nFirst Submission:2026-04-09T17:47:08.000000+00:00\nLast Submission:2026-04-09T17:47:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547316", "uuid": "e97f3113-878a-40e8-8dde-c8347997a1f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547315", "to_ids": true, "type": "md5", "uuid": "a2fcfe84-79f2-4160-8b7c-a0e769b0e4af", "value": "1b6d9c7cb4ad65da282fc48a9a30f97e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547315", "to_ids": true, "type": "sha1", "uuid": "099e2bb8-679e-4d26-a023-1278f328a62f", "value": "f8058e687f75a13a7874b569bf885f9097629271", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547316", "to_ids": true, "type": "sha256", "uuid": "9d55e24b-68ca-4453-9b2c-db5bc4382609", "value": "24ac3588fb8cfbff63b7fdfcbc7dec1f3c60e54e6f949dd69d68e89e0c89d966", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999214", "to_ids": true, "type": "ssdeep", "uuid": "b521691c-8052-4d57-93db-799b7453073c", "value": "49152:aClDmmQw2iK2EY2spo4/QnJjbXBZZwfH4gpvSe35EbAk6+cJz9nwPDC7bODth5yX:aCFGvWKepEU2WzFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999214", "to_ids": false, "type": "size-in-bytes", "uuid": "d5ee6f3d-3ec8-4525-9851-2348320f8ef3", "value": "3975680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999214", "to_ids": true, "type": "vhash", "uuid": "b9758208-a74c-48b1-b6ef-fced7516d5d8", "value": "036086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999214", "to_ids": true, "type": "filename", "uuid": "342cd8b8-db8d-4bd9-ace3-9c6725ef8fa1", "value": "BlackByte.SZ!MTB' in file 'locker_yi13jz_windows_amd64.exe', preventing attempted open by 'ntoskrnl.exe'" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999214", "to_ids": false, "type": "text", "uuid": "d83b5d7b-da3c-45a7-971e-13920d20e161", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/FilecoderGentlemen!MSR\nVT Total Detection:47/71\nFirst Submission:2026-04-14T03:07:12.000000+00:00\nLast Submission:2026-04-14T05:57:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779547318", "uuid": "b4ac0259-e3cc-4f0e-b606-4624b686c0e1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779547317", "to_ids": true, "type": "md5", "uuid": "deb18875-944b-4f63-920d-212c8491f4f5", "value": "698ce57e5f0ecda7b41d2c6c1e7ca177", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779547318", "to_ids": true, "type": "sha1", "uuid": "6e97e533-69f1-4575-ab5c-a24ef0485fc5", "value": "9e9cfecdae356761795f5c5f5655d1ec306e39d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779547318", "to_ids": true, "type": "sha256", "uuid": "c12a7e9f-77b2-4634-af7b-067fee2043b1", "value": "dce2e5cc00eff2493f8ced546dc51f9d5ef78c5ee56805906ec642dfa77a1c70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778999278", "to_ids": true, "type": "ssdeep", "uuid": "a9c8adec-72a2-450e-995d-662ddf2dbb99", "value": "49152:5qHzah/RgrT4p0wqIst442iZyDIj6qZB9fV4gRhes5E2kT9nwPDC7bODth5yx30G:5qTrtgug+E3TFwPD+8th5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778999278", "to_ids": false, "type": "size-in-bytes", "uuid": "9163cf67-7b7d-493b-bf78-d87329775554", "value": "4065792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778999278", "to_ids": true, "type": "vhash", "uuid": "4f5a801d-9647-4aa2-9d07-217ce84a5469", "value": "046086655d75551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778999278", "to_ids": true, "type": "filename", "uuid": "dc94940e-f04c-4831-b8c4-16e877b2cff9", "value": "7rm7p736k.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 14/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778999278", "to_ids": false, "type": "text", "uuid": "6bf509f3-5757-4dc4-ba06-b2fb82a24c86", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win64/Gentlemen.SH!MTB\nVT Total Detection:49/71\nFirst Submission:2026-05-01T15:12:40.000000+00:00\nLast Submission:2026-05-01T15:12:40.000000+00:00" } ] } ] } }