{ "Event": { "analysis": "1", "date": "2026-04-16", "extends_uuid": "", "info": "[Threat Intel] Iranian APT Seedworm Targets Global Organizations via Microsoft Teams", "protected": false, "publish_timestamp": "1776783228", "published": true, "threat_level_id": "2", "timestamp": "1776783228", "uuid": "617420e0-aa0b-4a84-ad7a-5ab343d40b2b", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#7eb739", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Msiexec - T1218.007\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#98f3da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776740421", "to_ids": false, "type": "link", "uuid": "3fe0854a-3094-40dc-8d14-f5bf2d551387", "value": "https://www.cyberproof.com/blog/iranian-apt-seedworm-targets-global-organizations-via-microsoft-teams/", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776740421", "to_ids": false, "type": "text", "uuid": "d28631cc-3f7e-45a4-a85c-3ecd8f7e25da", "value": "In late February 2026, following escalating Middle East tensions and coordinated military actions, Iranian APT group Seedworm launched sophisticated social engineering attacks via Microsoft Teams. Attackers impersonated IT support personnel using deceptive Microsoft 365 tenant domains to convince victims to execute malicious MSI installers. The campaign deployed a custom backdoor called Dindoor, which leveraged legitimate Deno runtime to execute obfuscated payloads in-memory, minimizing detection. The operation included multiple components for persistence, command-and-control communications, and data exfiltration. Infrastructure overlapped with previously reported MuddyWater operations. The attack demonstrates the group's evolution in using collaboration platforms as initial access vectors while combining dual-use tooling with living-off-the-land techniques to bypass traditional security controls." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776740421", "to_ids": false, "type": "text", "uuid": "1dfb592e-5ddd-464d-ab22-94cd8476be3c", "value": "Name: Iranian APT Seedworm Targets Global Organizations via Microsoft Teams\nAuthor: AlienVault\nAdversary: MuddyWater\nTags: [\"muddywater infrastructure\", \"in-memory execution\", \"seedworm\", \"microsoft teams\", \"dindoor\", \"social engineering\", \"dindoor backdoor\", \"iran apt\", \"deno runtime\", \"dinodance\"]\nTgtd countries: []\nMlwr families: [\"Dindoor\", \"DINODANCE\"]\nAttack_ids: [\"T1204.002\", \"T1082\", \"T1218.007\", \"T1106\", \"T1140\", \"T1036\", \"T1055\", \"T1036.004\", \"T1204\", \"T1041\", \"T1059.001\", \"T1547.001\", \"T1566\", \"T1571\", \"T1027\", \"T1132\", \"T1071.001\", \"T1059.005\", \"T1105\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1776740421", "to_ids": false, "type": "threat-actor", "uuid": "8d59c356-c06a-4486-b8f8-a88c53ef5f85", "value": "MuddyWater" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776775553", "to_ids": true, "type": "domain", "uuid": "443f6cd5-eb19-4e18-90bd-283ec07e8256", "value": "serialmenot.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776773639", "to_ids": true, "type": "sha256", "uuid": "2f7add40-0381-4942-9fb5-33b31724602f", "value": "3916604ebd3eab1dec27e4ad904e3a0d50c671ee1559c35ae116975338197f2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776775574", "to_ids": true, "type": "url", "uuid": "18d456ad-c24e-4878-9efa-0d9ddb7f3bc5", "value": "https://dd3.filedwnl.top", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776775595", "to_ids": true, "type": "url", "uuid": "a0d5093f-b5ba-4309-ab79-384ad3334d51", "value": "https://dd4.filedwnl.top", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776775616", "to_ids": true, "type": "hostname", "uuid": "bb17b07a-7e91-4b7b-a2f0-21ff75c6e4fe", "value": "dd3.filedwnl.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776775637", "to_ids": true, "type": "hostname", "uuid": "fff5d426-07ff-4224-84f0-5c6142a59a60", "value": "dd4.filedwnl.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776775658", "to_ids": true, "type": "domain", "uuid": "553b96cb-c7fb-451a-b752-f9d364adb9f2", "value": "deno.land", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776775679", "to_ids": true, "type": "ip-dst", "uuid": "564787b9-827a-4f7a-acba-beb197571f9b", "value": "140.82.18.48", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775701", "uuid": "5851da39-f45b-44f6-b5d9-c6a67c41a78b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775701", "to_ids": true, "type": "md5", "uuid": "269dc7f6-46d4-456f-a8f8-4d02af3f03a5", "value": "e6fafcb72f2f315692218182ba84e0ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773611", "to_ids": true, "type": "sha1", "uuid": "a4603acd-95b1-4a8b-baa1-c132144c455b", "value": "9c5cc25e80df75f91873bf31a6269e7bdab7c6d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773612", "to_ids": true, "type": "sha256", "uuid": "68eb775e-a0c9-470b-a4af-6ab7793de659", "value": "2b7d8a519f44d3105e9fde2770c75efb933994c658855dca7d48c8b4897f81e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772708", "to_ids": true, "type": "ssdeep", "uuid": "a23fc93f-9deb-4b31-b24b-028ed5eeecfe", "value": "1572864:h6sZA+TMMdh0OWzeRxhsyw1CvawblHmTJGGrxLPXBNGA72PWDt+wzN7R2:h6smSjdhbWzKxhsh1CvaeGNGGrxjXBN2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772708", "to_ids": false, "type": "size-in-bytes", "uuid": "565d88bc-02e9-4ae3-9965-867015403754", "value": "87211504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772708", "to_ids": true, "type": "vhash", "uuid": "39ce895e-22d1-417b-99f7-efbe4c010f22", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772708", "to_ids": true, "type": "filename", "uuid": "512d9c55-52f2-48eb-83e5-77902cff227d", "value": "installer" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772708", "to_ids": false, "type": "text", "uuid": "c1bf664b-ca44-4f3b-bef0-67df991a948f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:41/70\nFirst Submission:2026-02-11T21:50:28.000000+00:00\nLast Submission:2026-04-06T16:00:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775722", "uuid": "3d7c1992-c853-430f-90f1-486a6b784bc1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775722", "to_ids": true, "type": "md5", "uuid": "f7ac10ac-7496-49a3-be4d-a052ce1068b0", "value": "29953b2e46aeaf0157d487c13c4a0643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773613", "to_ids": true, "type": "sha1", "uuid": "49996dbd-4254-4905-af21-92ff5f876505", "value": "429efcf0370b53cc3c455b634dc066b1d08b568d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773613", "to_ids": true, "type": "sha256", "uuid": "bb17fcfc-ee2e-478e-92cc-5dc0343ccabd", "value": "077ab28d66abdafad9f5411e18d26e87fe43da1410ee8fe846bd721ab0cb52de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772729", "to_ids": true, "type": "ssdeep", "uuid": "6607c49b-ee19-4d82-926e-c726b4b5f185", "value": "1572864:tpQL+rJ/Lu+bSBscfv7pGHe/zA6wa8iV/dU0pk39/kHE+au0brozD/N0in1OUWjO:tpQCrJ/Lu8DcnFG+/h8KdXk9/kHxaum4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772729", "to_ids": false, "type": "size-in-bytes", "uuid": "d1d0e779-f2bb-4b74-b746-d1ec6eb219ef", "value": "75387632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772729", "to_ids": true, "type": "vhash", "uuid": "699eae43-5eef-476e-9737-9f33a29f1c79", "value": "077056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772729", "to_ids": true, "type": "filename", "uuid": "5b7e4894-cc43-40b0-b22b-6f2f2b41db28", "value": "setup" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772729", "to_ids": false, "type": "text", "uuid": "15aa9b4a-6cba-402f-9552-ae16405dc65f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:26/70\nFirst Submission:2026-02-24T20:59:20.000000+00:00\nLast Submission:2026-04-06T15:50:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775743", "uuid": "41c89c79-06fe-4a32-a0f2-a37c4bcaf89a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775743", "to_ids": true, "type": "md5", "uuid": "fe1ed8ff-c882-47f8-a0c6-11d5ac47612a", "value": "56a4b425aba37ef886bdfbd8343a1bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773614", "to_ids": true, "type": "sha1", "uuid": "bc49da8f-98e7-4cdc-ae34-7fb98691afff", "value": "3ab3fee4daac90bb7bee470b5b2de8ee0d6bec8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773614", "to_ids": true, "type": "sha256", "uuid": "dc5028ed-7daf-4fbe-96c7-49d7c2d0162c", "value": "4aef998e3b3f6ca21c78ed71732c9d2bdcc8a4e0284f51d7462c79d446fbc7be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772751", "to_ids": true, "type": "ssdeep", "uuid": "549a77c1-a52d-40cc-a725-4fdb7310e14c", "value": "1572864:3Zcy/5CmaOQKGk55K5QWn50nfM81pzdBfGuJQXGGTqK6eV1+Jd8Cv5qPV:3ZJFH3WninE81pfDoGGTJVYhv5qN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772751", "to_ids": false, "type": "size-in-bytes", "uuid": "8af541f7-7b86-43e2-af75-f2bb21be3cc8", "value": "88529896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772751", "to_ids": true, "type": "vhash", "uuid": "3319c67e-b7ac-45d1-a450-2894f3180189", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772751", "to_ids": true, "type": "filename", "uuid": "02748f7e-c9d4-4d28-a098-d3b121a41bf4", "value": "setup" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772751", "to_ids": false, "type": "text", "uuid": "6754a768-cb64-4626-b73d-51ea11ff693b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:38/68\nFirst Submission:2026-02-26T13:17:17.000000+00:00\nLast Submission:2026-04-06T15:54:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775764", "uuid": "3d64f968-5cf8-4fc2-bdac-4e5dc3148d9d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775764", "to_ids": true, "type": "md5", "uuid": "038d9b60-58f7-4442-aaed-f304d35d51d2", "value": "591aae15106147bdb5bc7b26049b943f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773615", "to_ids": true, "type": "sha1", "uuid": "bc7d956f-d0d1-443e-ad4d-42cd3ebaf9cd", "value": "cecf87d582b4df4323eaef04c9a648d43325043a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773615", "to_ids": true, "type": "sha256", "uuid": "b6924326-f7f4-4198-89cb-6d038e99d35d", "value": "ddceade244c636435f2444cd4c4d3dc161981f3af1f622c03442747ecef50888", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772773", "to_ids": true, "type": "ssdeep", "uuid": "6f6f8d68-aa95-48fa-be39-efbd05e8dece", "value": "1572864:BZcy/5CmaOQKGk55K5QWn50nfM81pzdBfGuJQXGGTqK6eV1+Jd8Cv5qPZ:BZJFH3WninE81pfDoGGTJVYhv5qR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772773", "to_ids": false, "type": "size-in-bytes", "uuid": "9784bed4-00d6-43cc-a834-9c6c18f570d4", "value": "88529904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772773", "to_ids": true, "type": "vhash", "uuid": "aa46f6cd-328b-4204-a210-f48b4221f2a3", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772773", "to_ids": true, "type": "filename", "uuid": "0e6de144-d939-43ae-b0b7-1d6f38025ce4", "value": "setup" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772773", "to_ids": false, "type": "text", "uuid": "e485902c-2848-472f-ad06-d8bf56e241e6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:37/70\nFirst Submission:2026-02-23T21:22:46.000000+00:00\nLast Submission:2026-04-06T15:51:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775786", "uuid": "2a472edf-8ae9-4e0d-ac19-8ea3944a4de4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775786", "to_ids": true, "type": "md5", "uuid": "bf831514-9929-4955-a021-08aa4d2fc960", "value": "7a4119e116ecdefe0a1017110e250e61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773616", "to_ids": true, "type": "sha1", "uuid": "4e294d9f-167e-404f-b8a0-f7b10e75c6b7", "value": "be3c8f93e9d7f42ec1133ab36f555b104b23fe1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773616", "to_ids": true, "type": "sha256", "uuid": "5c3cc205-a948-4ac6-835f-39e53cc909fe", "value": "a4bd1371fe644d7e6898045cc8e7b5e1562bdfd0e4871d46034e29a22dec6377", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772795", "to_ids": true, "type": "ssdeep", "uuid": "49324434-f8bf-43da-ac11-ac7a8e8c9ff6", "value": "1572864:SpQL+rJ/Lu+bSBscfv7pGHe/zA6wa8iV/dU0pk39/kHE+au0brozD/N0in1OUWjr:SpQCrJ/Lu8DcnFG+/h8KdXk9/kHxaumh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772795", "to_ids": false, "type": "size-in-bytes", "uuid": "9f620e7a-255b-4f0e-9dff-4b2c8ffb7cda", "value": "75387624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772795", "to_ids": true, "type": "vhash", "uuid": "4d4f69a4-d11b-429f-9707-10e81b21f2f5", "value": "077056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772795", "to_ids": true, "type": "filename", "uuid": "c0fcacfd-32a7-4c90-af88-0e8833667e20", "value": "setup" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 08/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772795", "to_ids": false, "type": "text", "uuid": "9b97f4c6-2b94-42ee-b22c-f9a1655ff2ba", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:34/68\nFirst Submission:2026-02-22T21:25:10.000000+00:00\nLast Submission:2026-04-06T15:57:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775807", "uuid": "c394b7f4-6e79-4f89-aa21-b5b70ebc5c7e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775807", "to_ids": true, "type": "md5", "uuid": "816151f5-7bac-477c-8794-074bf8f0c9d8", "value": "76c59282e44a461105dc5739a6ba7c33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773617", "to_ids": true, "type": "sha1", "uuid": "6c72bfbf-4c0b-4e0d-a844-3ce278a933e2", "value": "7a8963d123918ca86727649492cd1ff4e020cb72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773617", "to_ids": true, "type": "sha256", "uuid": "b09e2902-1b2f-44fa-aff9-81239ae51981", "value": "64cf334716f15da1db7981fad6c81a640d94aa1d65391ef879f4b7b6edf6e7f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772816", "to_ids": true, "type": "ssdeep", "uuid": "32158947-bc31-44a2-b12d-8a1fcab9e446", "value": "1572864:S6sZA+TMMdh0OWzeRxhsyw1CvawblHmTJGGrxLPXBNGA72PWDt+wzN7RX:S6smSjdhbWzKxhsh1CvaeGNGGrxjXBNX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772816", "to_ids": false, "type": "size-in-bytes", "uuid": "b81fc1de-361b-46f8-b11e-da980d174d39", "value": "87211504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772816", "to_ids": true, "type": "vhash", "uuid": "4f3ab474-8053-478c-82eb-4053ea94174e", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772816", "to_ids": true, "type": "filename", "uuid": "b4409ca6-4d44-4c42-871d-31ad2380ec25", "value": "installer" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772816", "to_ids": false, "type": "text", "uuid": "59fe5435-b741-464c-ba17-ce3e59ee1fc4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:38/70\nFirst Submission:2026-02-16T03:14:20.000000+00:00\nLast Submission:2026-04-06T15:48:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775828", "uuid": "8c3e6604-a01c-4e7f-bdc4-ee60801d3913", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775828", "to_ids": true, "type": "md5", "uuid": "c4933fcd-9a69-4643-bb72-1e57306f919a", "value": "e2bcc41ddea5cf9d759380701d14f258", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773618", "to_ids": true, "type": "sha1", "uuid": "b71697ad-1097-4f60-a297-12e6293a42cc", "value": "a42b4914b0c8dc47a3a5f8114d0fcbef02d84e0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773618", "to_ids": true, "type": "sha256", "uuid": "d4156abb-d059-42b6-a221-0c2b3e7e97bd", "value": "74db1f653da6de134bdc526412a517a30b6856de9c3e5d0c742cb5fe9959ad0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772838", "to_ids": true, "type": "ssdeep", "uuid": "bd31950d-9c94-46f7-afd8-9893571b70d0", "value": "1572864:+IKIeltfvHDKox83cPm8Jyvd0eLGxH9pZbgjiQYp7Mrs/whah9NwExmbP0Hy:+IKIe7HjXO8Mvd0eLG59pGj+Eof2Exof" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772838", "to_ids": false, "type": "size-in-bytes", "uuid": "866b8ef5-c2e0-41a3-9aba-b5c3bfc8762d", "value": "86805232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772838", "to_ids": true, "type": "vhash", "uuid": "7b598ddb-320f-4851-99d2-40b7b0bda32d", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772838", "to_ids": true, "type": "filename", "uuid": "ebae4db9-a7d6-4a45-b1ac-b3810264b851", "value": "setup" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772838", "to_ids": false, "type": "text", "uuid": "5b50ed2c-0332-4392-ae18-1d2a9a564830", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:38/70\nFirst Submission:2026-02-27T00:37:08.000000+00:00\nLast Submission:2026-04-06T15:56:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775849", "uuid": "6c473dd5-52d5-4180-bf67-d9e3773a7228", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775849", "to_ids": true, "type": "md5", "uuid": "6ea1c148-fd9b-4faf-a043-00e7c1db0df4", "value": "439c0a0a46627bd166e08436f383ad56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773619", "to_ids": true, "type": "sha1", "uuid": "5906e373-d8c0-4631-91fc-f1ab5f677938", "value": "c16099c29ccdb34764e4d15b1dab2d141d159950", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773619", "to_ids": true, "type": "sha256", "uuid": "cfdbeb72-9e0f-4976-adfe-94cd17cde262", "value": "24857fe82f454719cd18bcbe19b0cfa5387bee1022008b7f5f3a8be9f05e4d14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772860", "to_ids": true, "type": "ssdeep", "uuid": "d9904677-dbda-43a4-aa33-1906c8115dc0", "value": "3072:+LSMqpdvXugbMnvqYhYBCDOh4zUdORB4mRD8wT6T9yRT6Wml5jbxaq1Ta:+WVplAnrYBdYRBZmxaqla" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772860", "to_ids": false, "type": "size-in-bytes", "uuid": "0a6c0d69-91a4-41f2-abe9-45c7fc4c141d", "value": "307656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772860", "to_ids": true, "type": "vhash", "uuid": "d7185a28-32ab-4d3f-86c8-315d80218a4b", "value": "035056655d15156018z4fhz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772860", "to_ids": true, "type": "filename", "uuid": "fe9de07a-620c-4243-8ba7-9b396b63b026", "value": "DIDS.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772860", "to_ids": false, "type": "text", "uuid": "99039982-1d08-415b-a810-e6f44db27756", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:44/72\nFirst Submission:2026-02-18T18:50:37.000000+00:00\nLast Submission:2026-04-06T15:53:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775871", "uuid": "032f726b-8e1f-4dd8-ad4f-c913fc69f612", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775871", "to_ids": true, "type": "md5", "uuid": "c4c987d5-860e-432a-b866-5e9f3802bdaa", "value": "838c8fd4ae7e3c4972adc8800db44929", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773620", "to_ids": true, "type": "sha1", "uuid": "0cd9d0f2-0264-496a-a279-e7f82c169a52", "value": "2b781b3a352db44db67ad56e8477e6a1016b2597", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773620", "to_ids": true, "type": "sha256", "uuid": "a50b6230-9d2b-417d-a979-c69e0fdb15a4", "value": "64263640a6fdeb2388bca2e9094a17065308cf8dcb0032454c0a71d9b78327eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772882", "to_ids": true, "type": "ssdeep", "uuid": "8d1e58ac-bae4-4f02-b91a-8ade25d4301f", "value": "1572864:pwKJPDvHypeHbTLgt8WOw+7JPQ4+hC3N1Fq5FGHMR8UVHML+9m6/nZ/9UjAJB:pwKNvypccaFlD+c3DaGHOsL+9m6/Z/95" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772882", "to_ids": false, "type": "size-in-bytes", "uuid": "e67ecfc6-10c4-4f47-8af0-2dfe9d626eae", "value": "86800256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772882", "to_ids": true, "type": "vhash", "uuid": "e99e8d6b-f094-4af4-8be5-96372a220ead", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772882", "to_ids": true, "type": "filename", "uuid": "72f790f7-6bf4-4d36-9c79-321163202300", "value": "setup" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 07/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772882", "to_ids": false, "type": "text", "uuid": "633e6f69-3882-4257-a689-84e087f7f5f4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:43/69\nFirst Submission:2026-03-02T18:31:33.000000+00:00\nLast Submission:2026-04-06T15:47:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775893", "uuid": "dd5f3ac8-03db-4416-8adc-67d7323b1262", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775893", "to_ids": true, "type": "md5", "uuid": "378d5353-e0a2-4dbc-b932-1c05a8b697c0", "value": "2115e69f71d9f51a6c6c2effdaee2df2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773621", "to_ids": true, "type": "sha1", "uuid": "84f5c34a-f7f4-4418-9cad-db7c773f3afd", "value": "559052799a52d1b29ac7e87935e9a0c80df5fb16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773622", "to_ids": true, "type": "sha256", "uuid": "4e820231-add7-4591-b3d8-d62b0a473ec2", "value": "3df9dcc45d2a3b1f639e40d47eceeafb229f6d9e7f0adcd8f1731af1563ffb90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772904", "to_ids": true, "type": "ssdeep", "uuid": "01d1ac9b-2e7f-48a1-9c09-d5d08f223fa1", "value": "12288:xX2c7RgrjQGUoIoK/xibSzbQPvUjw5ebbb8bHmb4Ab/NFbOmb45bQxbDabnLlvUt:IcRw8GUoIUq5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772904", "to_ids": false, "type": "size-in-bytes", "uuid": "b83107fb-5725-4aa0-bd69-e3ac72a10b9a", "value": "1032704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772904", "to_ids": true, "type": "vhash", "uuid": "98a12cd4-eacf-4eb7-9dfd-100bc442b47f", "value": "016076655d555515155073z22z6a1z23z3015z11z11afz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772904", "to_ids": true, "type": "filename", "uuid": "68c904b1-63d6-46e0-a3f2-2130945d333f", "value": "WebView2.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 15/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772904", "to_ids": false, "type": "text", "uuid": "12a580fd-b8db-4798-8170-eb170691c728", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:46/72\nFirst Submission:2026-03-02T21:14:34.000000+00:00\nLast Submission:2026-03-06T20:35:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775914", "uuid": "d3119728-193f-43aa-859d-b2b751832368", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775914", "to_ids": true, "type": "md5", "uuid": "edda5a18-4746-4341-86c9-30323adc1714", "value": "f8560b9a893eeb2130fc7159e9c1b851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773624", "to_ids": true, "type": "sha1", "uuid": "a7fc9493-ca64-4406-84cc-c8ff6236259a", "value": "4a54b7237dc9fdd745d0d19083a1ce4857c91de4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773624", "to_ids": true, "type": "sha256", "uuid": "33da7dc9-20f9-401b-883c-f1ac66221a7c", "value": "1319d474d19eb386841732c728acf0c5fe64aa135101c6ceee1bd0369ecf97b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772926", "to_ids": true, "type": "ssdeep", "uuid": "b1eeef08-d288-476c-bace-e3c6d409255e", "value": "24576:Bi6W8RNckKMmUwcn9YB2Vt4Q7ateRHjKwz2psZhGxAdh5j5oSfGQCE2mkDOiIRvT:B0nUnVt4YFHjKKsubdhZKUX2mk3GV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772926", "to_ids": false, "type": "size-in-bytes", "uuid": "8f0defe3-6dc0-4697-a2ee-6b1859c655b6", "value": "6919680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772926", "to_ids": true, "type": "vhash", "uuid": "880e9b8e-5eac-4843-be49-6458edc51ad9", "value": "0660a6551d15551d15151071z20209008b7zd085z504024afz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772926", "to_ids": true, "type": "filename", "uuid": "9a8282e5-591f-4848-84b8-b3dc0f0bdbc9", "value": "visualwincomp.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 17/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772926", "to_ids": false, "type": "text", "uuid": "2aeaab49-8909-4b50-b04a-9d71ba303c53", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:39/72\nFirst Submission:2026-02-19T09:43:05.000000+00:00\nLast Submission:2026-03-06T04:21:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775935", "uuid": "407d7963-3d55-4fc9-be9b-1b44e6d32515", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775935", "to_ids": true, "type": "md5", "uuid": "ebe2aa10-7a8e-4817-852c-9f0af5f067bf", "value": "7f3c8a7fe78d3d05b6022df3ea0c15fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773625", "to_ids": true, "type": "sha1", "uuid": "2858dfc6-ab31-4d30-b8df-6c9d0fc22f57", "value": "0ba2306ec15f7124fafc7615e81f34c7986ba9a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773625", "to_ids": true, "type": "sha256", "uuid": "c8c5c195-91d3-4a45-bb61-e4acc9e67a6c", "value": "a92d28f1d32e3a9ab7c3691f8bfca8f7586bb0666adbba47eab3e1a8faf7ecc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772947", "to_ids": true, "type": "ssdeep", "uuid": "4c2ba57f-c483-42d9-8328-be6b701714b6", "value": "3072:eLSMqpdvXugbMnvqYhYBCDOh4zUdORB4mRD8wT6T9yRT6Wml5jbxaq1Ta:eWVplAnrYBdYRBZmxaqla" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772947", "to_ids": false, "type": "size-in-bytes", "uuid": "56469b19-d411-4dc1-8219-9d9f4a503716", "value": "307656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772947", "to_ids": true, "type": "vhash", "uuid": "3b82441b-0f14-469f-b79c-cc8b7bfea444", "value": "035056655d15156018z4fhz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772947", "to_ids": true, "type": "filename", "uuid": "02071f15-fa43-41ef-83e0-1d8062f2c557", "value": "DIDS.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772947", "to_ids": false, "type": "text", "uuid": "7fa1baa2-f40c-4404-b108-aabc87b66ff1", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:49/72\nFirst Submission:2026-03-03T06:35:22.000000+00:00\nLast Submission:2026-04-06T15:49:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775956", "uuid": "d3a38978-67fe-4a96-a6c9-0aafdf411611", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775956", "to_ids": true, "type": "md5", "uuid": "78f2a039-3d5d-4734-b247-f62446fdc902", "value": "4860758863fd040a8c809ce53cb7fb37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773626", "to_ids": true, "type": "sha1", "uuid": "c4559406-a6cb-439b-8627-fb71762127d5", "value": "fa49d1fd5a938b3de0840759db62867e6382cea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773626", "to_ids": true, "type": "sha256", "uuid": "a7942345-81a6-4b8f-b03a-194a6b5aef88", "value": "94f05495eb1b2ebe592481e01d3900615040aa02bd1807b705a50e45d7c53444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772969", "to_ids": true, "type": "ssdeep", "uuid": "f3459f81-2f1d-4534-ae15-e42e1bbc1e5b", "value": "1572864:LPfZUrpoBrPO0+qPnsnaqQKomkK3OvM7x6ZnPGlBBp9nPxTuYyig0fjTJ:LPfCruBrP/x/YQXmoNNebb9x5ywj9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772969", "to_ids": false, "type": "size-in-bytes", "uuid": "6a6ecc8c-7434-4cf3-a120-48b24c15297b", "value": "106536312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772969", "to_ids": true, "type": "vhash", "uuid": "b98001b2-2509-44ed-89d1-8a0cc154d1f3", "value": "018056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772969", "to_ids": true, "type": "filename", "uuid": "1ce3138e-15d3-428a-95b5-0000d2e0f83e", "value": "setup" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772969", "to_ids": false, "type": "text", "uuid": "c9b18681-ea0b-4d6f-a5be-671a480252c3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:32/70\nFirst Submission:2026-02-27T21:18:48.000000+00:00\nLast Submission:2026-03-10T07:07:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775977", "uuid": "8343f7ef-4224-41f1-b490-ba0af9e2010a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775977", "to_ids": true, "type": "md5", "uuid": "fce811df-c778-405c-9a99-975dcb5f5c2c", "value": "8d8aa0be8f82d22deab96f96d9af34b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773627", "to_ids": true, "type": "sha1", "uuid": "7fd528a1-eb9d-4263-b0de-6028f6eca212", "value": "42111d2ebcd42fa1fa7069560401db736c483776", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773627", "to_ids": true, "type": "sha256", "uuid": "eb37eb26-4c30-4c09-ba14-87f733533efd", "value": "0f9cf1cf8d641562053ce533aaa413754db88e60404cab6bbaa11f2b2491d542", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776772991", "to_ids": true, "type": "ssdeep", "uuid": "f6b3f6dd-df02-4e8d-9686-053345f27ae9", "value": "24576:mNOmTRC/KmPbeqL+FnXvO9+f1KUw+T/s/N:mOmVv+bD+1X29WKwE/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776772991", "to_ids": false, "type": "size-in-bytes", "uuid": "5b0b15ce-6b27-403b-8618-60f180a2aa76", "value": "1080832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776772991", "to_ids": true, "type": "vhash", "uuid": "36bf215d-5a01-4d5d-a46b-dc8608750cb8", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776772991", "to_ids": true, "type": "filename", "uuid": "8572a46e-808e-4883-be6c-21ab4ed92b46", "value": "0f9cf1cf8d641562053ce533aaa413754db88e60404cab6bbaa11f2b2491d542.msi" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 02/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776772991", "to_ids": false, "type": "text", "uuid": "55e7a6c6-0073-40ee-947b-87e0942b66bd", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/Malgent!MTB\nVT Total Detection:33/61\nFirst Submission:2026-02-13T10:30:01.000000+00:00\nLast Submission:2026-03-08T03:15:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776775998", "uuid": "a006cde8-b4ca-41e6-b800-b644014c6940", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776775998", "to_ids": true, "type": "md5", "uuid": "798279cc-d4fa-4867-83a0-a454d4c4dd7b", "value": "41c19fc6c8a8687988f28fc487048bf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773628", "to_ids": true, "type": "sha1", "uuid": "d37e3e6f-8343-4e91-a9a9-56ac93711f75", "value": "3de597e3237d5c7e7cc66ecb58b9ea2af149afa1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773628", "to_ids": true, "type": "sha256", "uuid": "08f5c5f6-e07b-48e0-9b98-8386cd2d01bf", "value": "1d984d4b2b508b56a77c9a567fb7a50c858e672d56e8cf7677a1fca5c98c95d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773013", "to_ids": true, "type": "ssdeep", "uuid": "c5d9280a-472e-4856-8ebd-5dd11e737b15", "value": "384:zY6bsWacfMey3M5UC0qEXddGSo78p+vV5F5gd/aj:zAxcUeWMmCgFzd/a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773013", "to_ids": false, "type": "size-in-bytes", "uuid": "8607176a-478e-4260-9d75-db2c65543f42", "value": "22528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773013", "to_ids": true, "type": "vhash", "uuid": "90b7e8e6-2fac-4231-86ec-58b78a40115e", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773013", "to_ids": true, "type": "filename", "uuid": "55c94b91-3225-4c2e-b7e5-49d62f52d4b2", "value": "1d984d4b2b508b56a77c9a567fb7a50c858e672d56e8cf7677a1fca5c98c95d1.msi" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 15/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773013", "to_ids": false, "type": "text", "uuid": "51a1743b-f627-4af4-bb71-f5fcc6b45474", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:30/62\nFirst Submission:2026-02-05T20:09:05.000000+00:00\nLast Submission:2026-03-06T11:59:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776019", "uuid": "cfcd7441-94a9-462f-8526-b6b335c9e967", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776019", "to_ids": true, "type": "md5", "uuid": "5c0b6d3a-8291-4d0e-ab98-035a3317832b", "value": "64e4b0ffd8bed9307eb50b541b1d8fdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773629", "to_ids": true, "type": "sha1", "uuid": "f5722ceb-3a2a-44fc-abaf-92fa60896845", "value": "58af8d0e3e77f8d16a5a42fc173ebccb5ecb1cd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773629", "to_ids": true, "type": "sha256", "uuid": "ddc76457-d1e9-4279-9772-1d21cf4daedc", "value": "2a00705cfd3c15cf8913e9eb4e23968efd06f1feceaef9987d26c5518887d043", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773035", "to_ids": true, "type": "ssdeep", "uuid": "c2643996-7bc4-426c-9a16-cde540c1103a", "value": "192:eL+k3OedC9ZeNpGk+9P2WT42fjkG8hQ4mlRZHLaZcSZWBNhU:ed3JC3ecdvJfjkv7ml3HXBNhU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773035", "to_ids": false, "type": "size-in-bytes", "uuid": "6107c957-ab7f-4d17-b324-c28ac698029d", "value": "9960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773035", "to_ids": true, "type": "filename", "uuid": "b45ac3e8-a07a-48e9-8d69-3ea2972271b1", "value": "2a00705cfd3c15cf8913e9eb4e23968efd06f1feceaef9987d26c5518887d043.ps1" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773035", "to_ids": false, "type": "text", "uuid": "527c1d3b-2b4b-412e-9dd1-a758fbd482c2", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:33/62\nFirst Submission:2026-02-12T20:13:41.000000+00:00\nLast Submission:2026-03-04T14:04:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776041", "uuid": "28654fe2-be98-49e0-820f-3a64852f7d68", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776041", "to_ids": true, "type": "md5", "uuid": "71de0f3d-45ec-41bd-b340-ac8902948e38", "value": "5c057af2f358fc10107d5ccdb39938ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773630", "to_ids": true, "type": "sha1", "uuid": "197f3949-9db7-4d4b-a782-0d7261ae6084", "value": "e2e8516b4f275e8c636620b7377ee3b9f9f47bb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773630", "to_ids": true, "type": "sha256", "uuid": "3ff38bbc-55a4-4ea4-bf9d-eae1e4d15e91", "value": "2a09bbb3d1ddb729ea7591f197b5955453aa3769c6fb98a5ef60c6e4b7df23a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773056", "to_ids": true, "type": "ssdeep", "uuid": "fb370df8-2545-4b52-a006-5cd1075c5761", "value": "24576:5NOmTRC/KmPbeqL+FnXvO9+f1KUw+T/s/e:vOmVv+bD+1X29WKwE/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773056", "to_ids": false, "type": "size-in-bytes", "uuid": "082000cc-e4f0-44c7-a18b-2cad363d99a5", "value": "1096704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773056", "to_ids": true, "type": "vhash", "uuid": "b1c6589c-ac7b-4c17-860b-e8673a7021af", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773056", "to_ids": true, "type": "filename", "uuid": "83edcf16-58ee-4b97-82af-1cc055f3b959", "value": "2a09bbb3d1ddb729ea7591f197b5955453aa3769c6fb98a5ef60c6e4b7df23a5.msi" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 12/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773056", "to_ids": false, "type": "text", "uuid": "d569d3cc-9370-4e43-82ba-d658cc09f807", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:35/62\nFirst Submission:2026-02-13T11:10:02.000000+00:00\nLast Submission:2026-03-02T14:07:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776062", "uuid": "14df02cd-96c5-4778-b6bc-8bec1ca52d56", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776062", "to_ids": true, "type": "md5", "uuid": "51724d42-9f6d-4fe6-8898-ab70693272e1", "value": "6d1d4e938ed1e46210375308ef3bcb08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773631", "to_ids": true, "type": "sha1", "uuid": "9b0ba612-7cdf-4f1d-aba0-408550e78273", "value": "4ebfa2d967ce7983790b77a3987cb1c5d1b868f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773631", "to_ids": true, "type": "sha256", "uuid": "29999e89-9671-452f-a41a-7b5d1e430b09", "value": "42a5db2a020155b2adb77c00cbe6c6ad27c2285d8c6114679d9d34137e870b3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773078", "to_ids": true, "type": "ssdeep", "uuid": "146693ef-868e-4ec3-af6b-0d16f2de8349", "value": "96:iIyz6jwkYrK5ST4JQ81/yory2/5D8M6tRqY4j:iIKkg14fNyAy2H6t4Y4j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773078", "to_ids": false, "type": "size-in-bytes", "uuid": "9c9c6018-e7d9-4ec0-aff4-f14ec5c74c56", "value": "3181" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773078", "to_ids": true, "type": "vhash", "uuid": "5fc4be1b-6cfa-4951-887e-d2f882fa72a9", "value": "6fdd02d262e0e5091946bbc9a02b9591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773078", "to_ids": true, "type": "filename", "uuid": "3001af5b-ec81-4622-9ac7-35795e7b05ee", "value": "Ps1File" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773078", "to_ids": false, "type": "text", "uuid": "799886b1-9506-4932-8366-87fbb4628eb4", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Malgent!MSR\nVT Total Detection:35/62\nFirst Submission:2026-02-12T15:51:53.000000+00:00\nLast Submission:2026-03-04T14:04:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776083", "uuid": "22c9b8a3-4d4e-43f6-9eba-f2c02bfe7f97", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776083", "to_ids": true, "type": "md5", "uuid": "8285ca4b-0448-4203-b76d-b0b041716838", "value": "3962bfa78c7acd8d85b3700e99ae8d24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773632", "to_ids": true, "type": "sha1", "uuid": "80b498f0-3919-4c74-9802-016ad1a45014", "value": "5e9d1be3cc70d617cba3953cc901e304951ea8cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773632", "to_ids": true, "type": "sha256", "uuid": "d6288c5a-8548-4b1d-b4a8-9a3b07ce2f5c", "value": "7467f326677a4a2c8576e71a832e297e794ea00e9b67c4fcbe78b5aec697cec4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773101", "to_ids": true, "type": "ssdeep", "uuid": "3dee4c58-995c-473d-bb3d-7841a5b42bf6", "value": "384:6K51zzHDKc2qMey3M5UC0qEXdWSoJ8p+tLLrZgd/aI:6u1/DKcGeWMmCIPd/a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773101", "to_ids": false, "type": "size-in-bytes", "uuid": "84fbcdf6-0847-4fc2-ada1-fd1c04680372", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773101", "to_ids": true, "type": "vhash", "uuid": "7b6144fc-d47d-424c-810b-9f0ea8d403ce", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773101", "to_ids": true, "type": "filename", "uuid": "f051772d-ddd4-42d9-a700-1cdd6b53f0fd", "value": "7467f326677a4a2c8576e71a832e297e794ea00e9b67c4fcbe78b5aec697cec4.msi" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 06/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773101", "to_ids": false, "type": "text", "uuid": "a6255339-ea28-498e-89e7-c65d5e9686b8", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:34/62\nFirst Submission:2026-03-02T02:38:57.000000+00:00\nLast Submission:2026-03-04T14:24:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776104", "uuid": "9faf66a1-d814-4a8c-86a5-142dfb722897", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776104", "to_ids": true, "type": "md5", "uuid": "f10f8c34-a2e4-4f7c-8fae-ed644388e86e", "value": "c23fc7b74370d590223d962727e67907", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773633", "to_ids": true, "type": "sha1", "uuid": "89fdab02-600c-4816-9890-cc665c9e502b", "value": "2e1cc87d974aa7f07a8911c631a191dc00535b36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773633", "to_ids": true, "type": "sha256", "uuid": "1550e3ae-d229-40a0-a1fa-be19ebc750f3", "value": "7c30c16e7a311dc0cdb1cdfd9ea6e502f44c027328dbe7d960b9bcd85ccf5eef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773124", "to_ids": true, "type": "ssdeep", "uuid": "1137f627-cd68-4d20-9b2f-28ff5726a4cb", "value": "384:GY6bAWacfMey3M5UC0qEXddGSo78p+vV5F5gd/aj:GMxcUeWMmCgFzd/a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773124", "to_ids": false, "type": "size-in-bytes", "uuid": "edbd92ca-e412-46be-bc4b-5a9ea476c1ac", "value": "22528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773124", "to_ids": true, "type": "vhash", "uuid": "7eb20038-0d2f-4882-af4f-187579db767f", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773124", "to_ids": true, "type": "filename", "uuid": "9214eb57-af99-43ef-bbc0-7a3015e6b442", "value": "7c30c16e7a311dc0cdb1cdfd9ea6e502f44c027328dbe7d960b9bcd85ccf5eef.msi" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773124", "to_ids": false, "type": "text", "uuid": "f558b7a4-44cd-4163-830f-c0cb4d70431b", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:33/62\nFirst Submission:2026-02-06T07:42:07.000000+00:00\nLast Submission:2026-03-04T14:24:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776126", "uuid": "e668335a-bcd3-42b1-b360-455f0c7fcd47", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776126", "to_ids": true, "type": "md5", "uuid": "62e5cadb-8eb5-4d2f-b0de-8fed14bc8bc1", "value": "7236f1a51da141e422d553e36ef6c9d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773633", "to_ids": true, "type": "sha1", "uuid": "10d5a613-bd5c-4566-b42b-dd8573883ad0", "value": "3f441a009a907af55bd6d52b0f0f06b601c961dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773634", "to_ids": true, "type": "sha256", "uuid": "9a30fedf-976a-49da-b514-b8498457ea25", "value": "b0af82de672d81f3c2f153977923b3884a8a9e7045b182c2379b19a1996931a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773146", "to_ids": true, "type": "ssdeep", "uuid": "3df3e0ba-b7bc-4af3-9584-658cbedf5ab4", "value": "96:iIyz6jwkYrK5ST4JQ81/yoryaijOtIN+g:iIKkg14fNyAyDj+IN+g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773146", "to_ids": false, "type": "size-in-bytes", "uuid": "0caa6024-4b29-4689-9707-ab37c5c243f7", "value": "3125" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773146", "to_ids": true, "type": "vhash", "uuid": "3dd44560-5be8-40cb-9c0f-ce3be6df1714", "value": "6fdd02d262e0e5091946bbc9a02b9591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773146", "to_ids": true, "type": "filename", "uuid": "38a0498d-17d6-4dcc-b698-407231119947", "value": "Ps1File" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773146", "to_ids": false, "type": "text", "uuid": "5fb6ef5e-2ceb-4f72-a94f-03a6581fc490", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Malgent!MSR\nVT Total Detection:32/62\nFirst Submission:2026-02-06T12:41:38.000000+00:00\nLast Submission:2026-03-04T14:19:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776148", "uuid": "74663e24-762c-43f8-a7ce-2d99153d52c8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776148", "to_ids": true, "type": "md5", "uuid": "d0b2ad24-f0b1-43f6-8aa8-c30cfec5e387", "value": "ca37e31d651bbd5bbddef3ea716b8b4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773634", "to_ids": true, "type": "sha1", "uuid": "ed9466f7-e136-4b9f-aa13-02c8b7677ce8", "value": "de9707a8505683930fccf5536e311242425d420a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773634", "to_ids": true, "type": "sha256", "uuid": "1938fb01-2faa-437a-99e8-3120addb20b5", "value": "bd8203ab88983bc081545ff325f39e9c5cd5eb6a99d04ae2a6cf862535c9829a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773167", "to_ids": true, "type": "ssdeep", "uuid": "e67ebf04-7abd-4ab7-ae96-3aadec85beab", "value": "384:6P7h9nyZJMey3M5UC0qEXdeSo5y8p+e6LrZgd/aI:6P/smeWMmCdXbd/a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773167", "to_ids": false, "type": "size-in-bytes", "uuid": "a56372f9-a7de-457f-8372-56c20ec0983f", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773167", "to_ids": true, "type": "vhash", "uuid": "0f14d2d3-e158-489a-9814-97f971421d65", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773167", "to_ids": true, "type": "filename", "uuid": "fd2c2e94-17f8-418e-852b-7d19085ef822", "value": "2353695e.msi" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 15/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773167", "to_ids": false, "type": "text", "uuid": "e118e5f2-1322-4bdc-b4d0-2cfd41d020ed", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/Wacatac\nVT Total Detection:35/62\nFirst Submission:2026-02-05T14:58:17.000000+00:00\nLast Submission:2026-03-31T06:40:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776170", "uuid": "515cab1a-db94-49c5-a258-64388b32413c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776170", "to_ids": true, "type": "md5", "uuid": "34dfa77c-d152-40b6-8ce9-c70182db8878", "value": "c0a52cd5dd35bf9d5d08c7eb12cfa422", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773635", "to_ids": true, "type": "sha1", "uuid": "3756182e-c759-40e9-8815-30bae14fa9d2", "value": "6b186f2881729a977beb6aecb61ac0fe83c5777d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773635", "to_ids": true, "type": "sha256", "uuid": "61caaba0-0cbd-4f61-a7c1-fd901927ac80", "value": "c7cf1575336e78946f4fe4b0e7416b6ebe6813a1a040c54fb6ad82e72673478e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773189", "to_ids": true, "type": "ssdeep", "uuid": "f5918fee-0980-4a1e-87f4-2ab71fc402d1", "value": "96:iIyz6jwkYrK5ST4JQ81/yory2/5D8M6tRqqZt+j:iIKkg14fNyAy2H6t4qOj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773189", "to_ids": false, "type": "size-in-bytes", "uuid": "7fd4ff0b-bba0-4779-9963-7681f24af214", "value": "3181" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773189", "to_ids": true, "type": "vhash", "uuid": "5ae311a5-ea6a-41a7-91b4-41c6597d6c69", "value": "6fdd02d262e0e5091946bbc9a02b9591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773189", "to_ids": true, "type": "filename", "uuid": "669e0070-30f0-42df-b542-09fb66fea164", "value": "Ps1File" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773189", "to_ids": false, "type": "text", "uuid": "d8594a43-16a1-4ee7-8617-f753c3f5db1f", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Malgent!MSR\nVT Total Detection:36/62\nFirst Submission:2026-03-02T02:44:18.000000+00:00\nLast Submission:2026-03-04T14:04:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776191", "uuid": "23ed01bc-978c-4bcc-a393-1acd78c2c165", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776191", "to_ids": true, "type": "md5", "uuid": "1eee9b10-da47-4671-bb7b-dcfe679d0f96", "value": "5e75d0983c2627612c55f7a36a58e7c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773637", "to_ids": true, "type": "sha1", "uuid": "e3f5970e-af33-4a73-a2e1-06c43a6afff5", "value": "825677c54d14752a5765886e8f829fc0185bb78e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773637", "to_ids": true, "type": "sha256", "uuid": "1be060ad-0f73-495f-8e4b-496435f9b1c4", "value": "500ee77471669175b359bf57384291cab791200191d0e5a5bb190da53ccb30ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773232", "to_ids": true, "type": "ssdeep", "uuid": "d3aecfbc-abbe-41fa-9946-35ecfe25e129", "value": "1572864:AUbzofBzWqmuSDiy1OpaIR6FI9S2ASkYuYG7kLpoe:Agz60qmuo1yjSaZLp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773232", "to_ids": false, "type": "size-in-bytes", "uuid": "37f0d233-32ef-4e68-bad2-6710db73f5a8", "value": "50635264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776773232", "to_ids": true, "type": "vhash", "uuid": "30fbd566-6d6c-4049-963d-9449fd32dd5b", "value": "a358b5762e38b67c66a08fc811f4eee1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773232", "to_ids": true, "type": "filename", "uuid": "7daf57cc-f07c-4320-a20a-f10592f1d021", "value": "413374b.msi" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773232", "to_ids": false, "type": "text", "uuid": "5067d843-fecd-469e-9297-3ece6908785f", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/Malcert\nVT Total Detection:17/62\nFirst Submission:2026-04-01T10:11:16.000000+00:00\nLast Submission:2026-04-01T10:11:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776776212", "uuid": "8bec0c87-9f13-495a-a43b-3d50576bacdf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776776212", "to_ids": true, "type": "md5", "uuid": "989c1d7a-f6d4-4dda-acbf-0595fef82251", "value": "d6d5823fbddaaa243ac8413aed4d6d9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776773638", "to_ids": true, "type": "sha1", "uuid": "225e0542-8ca6-4719-9115-cc19dcd97cb3", "value": "09ad79bb8bda0335d132489edae39388bec1c512", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776773638", "to_ids": true, "type": "sha256", "uuid": "c492d22a-d737-4d22-961a-a76a47db8d67", "value": "ddf75e118db8a5614483ee7e7528a3e2621901059899a8a497335bdef2fba437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776773254", "to_ids": true, "type": "ssdeep", "uuid": "321fb617-5544-4d30-88d4-51389c37e5ec", "value": "96:Nq4f7jz2u/u83uJHXsgaiOt695pP/dyky:Nq4fvCE3uJ3slPg95x/dXy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776773254", "to_ids": false, "type": "size-in-bytes", "uuid": "0012f433-996f-4135-b023-f262fb5c6813", "value": "3468" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776773254", "to_ids": true, "type": "filename", "uuid": "8b7c57d4-0738-441b-9a7b-622a0d82b0e8", "value": "Ps1File" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776773254", "to_ids": false, "type": "text", "uuid": "4550872f-400f-4f1e-b8a6-566f2e207e9a", "value": "Type Description: Powershell\nMicrosoft: Trojan:JS/MuddyWater.DC!ams\nVT Total Detection:11/62\nFirst Submission:2026-04-14T07:55:06.000000+00:00\nLast Submission:2026-04-14T07:55:06.000000+00:00" } ] } ] } }