{ "Event": { "analysis": "1", "date": "2026-04-10", "extends_uuid": "", "info": "[Threat Intel] CPU-Z & HWMonitor, cpuid.com, Watering Hole Attack", "protected": false, "publish_timestamp": "1776175463", "published": true, "threat_level_id": "2", "timestamp": "1776175463", "uuid": "66243018-84b9-4060-b7b2-520a9ca09c6a", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776078022", "to_ids": false, "type": "link", "uuid": "94f6804f-e6ef-4074-89f2-b2c82ed02bb1", "value": "https://securelist.com/tr/cpu-z/119365/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776078022", "to_ids": false, "type": "text", "uuid": "abb35193-5d43-41ff-b9c8-7ab76377122c", "value": "On April 9, 2026, the cpuid.com website was compromised in a watering hole attack lasting approximately 19 hours. Download URLs for legitimate system administration tools CPU-Z, HWMonitor, HWMonitor Pro, and Perfmonitor 2 were replaced with links to malicious sites distributing trojanized versions. The malicious installers contained legitimate signed executables paired with DLL files named CRYPTBASE.dll that exploited DLL sideloading for C2 communication and payload delivery. Attackers reused infrastructure and code from a March 2026 fake FileZilla campaign, including the STX RAT as the final payload. Over 150 victims were identified globally, primarily individuals but including organizations in retail, manufacturing, consulting, telecommunications and agriculture sectors. The attack demonstrated poor operational security with reused indicators enabling rapid detection." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776078022", "to_ids": false, "type": "text", "uuid": "33e17f51-949e-479b-a433-e1b11e1feb80", "value": "Name: CPU-Z & HWMonitor, cpuid.com, Watering Hole Attack\nAuthor: AlienVault\nAdversary: \nTags: [\"supply chain compromise\", \"dll sideloading\", \"cpu-z\", \"cryptbase.dll\", \"cpuid.com\", \"stx rat\", \"watering hole attack\", \"hwmonitor\"]\nTgtd countries: [\"Brazil\", \"Russian Federation\", \"China\"]\nMlwr families: [\"STX RAT\", \"CRYPTBASE.dll\"]\nAttack_ids: [\"T1033\", \"T1036.005\", \"T1204.002\", \"T1007\", \"T1082\", \"T1005\", \"T1055\", \"T1016\", \"T1059\", \"T1083\", \"T1049\", \"T1497\", \"T1057\", \"T1041\", \"T1547.001\", \"T1027\", \"T1189\", \"T1071.001\", \"T1518\", \"T1574.002\"]\nIndustries: [\"Retail\", \"Manufacturing\", \"Telecommunications\", \"Agriculture\"]" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:14/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776167025", "to_ids": true, "type": "md5", "uuid": "0ac825b0-71b1-43a8-baf2-b58694ae9dbe", "value": "45c2577dbd174292a02137c18e7b1b5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167912", "to_ids": true, "type": "url", "uuid": "23a07dd5-a975-4ec2-b833-e18334262919", "value": "http://welcome.supp0v3.com/d/callback", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167933", "to_ids": true, "type": "url", "uuid": "8efd190f-ccbe-4476-9fcc-088e6a660f7e", "value": "https://cahayailmukreatif.web.id/sw-content/template/hwmonitor/hwinfo_monitor_setup.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167954", "to_ids": true, "type": "url", "uuid": "eceede3e-2de6-419e-b84c-02252e9ba8f3", "value": "https://transitopalermo.com/config/hwmonitor-pro/hwmonitorpro_1.57_setup.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167976", "to_ids": true, "type": "url", "uuid": "742715cc-d8d6-4d6f-b723-8e5ee1190057", "value": "https://transitopalermo.com/config/hwmonitor/HWiNFO_Monitor_Setup.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167997", "to_ids": true, "type": "url", "uuid": "21c3974d-ba73-46b6-8136-843dc15ee791", "value": "https://transitopalermo.com/config/hwmonitor/hwmonitor_1.63.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168018", "to_ids": true, "type": "url", "uuid": "58f21137-c29d-4441-accd-1c65f1d9d6bc", "value": "https://vatrobran.hr/en-GB/info/cpu-z/cpu-z_2.19-en.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168039", "to_ids": true, "type": "url", "uuid": "a1ea3386-340a-43ae-822b-0e6d2a28778f", "value": "https://vatrobran.hr/en-GB/info/hwmonitor-pro/HWMonitorPro_1.57_Setup.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168061", "to_ids": true, "type": "url", "uuid": "a5aa133f-2278-4489-b842-27f3e053379d", "value": "https://vatrobran.hr/en-GB/info/hwmonitor/hwmonitor_1.63.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168082", "to_ids": true, "type": "url", "uuid": "253ca00a-9ed2-47f4-b3d8-60df5084717f", "value": "https://vatrobran.hr/en-gb/info/hwmonitor/hwinfo_monitor_setup.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168103", "to_ids": true, "type": "url", "uuid": "3e777103-1c9b-4fe8-b99b-f2e12f28cccd", "value": "https://welcome.supp0v3.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168124", "to_ids": true, "type": "url", "uuid": "0c3bd7ea-e1e9-43fe-bf27-634eb2806053", "value": "https://welcome.supp0v3.com/d/callback", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168145", "to_ids": true, "type": "domain", "uuid": "2ab878c3-32bb-4bfd-9912-7ceb35ffc4b6", "value": "cahayailmukreatif.web.id", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168167", "to_ids": true, "type": "domain", "uuid": "17a02325-4841-4151-a0ff-0d51ee62b7a3", "value": "transitopalermo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168188", "to_ids": true, "type": "domain", "uuid": "f2129dda-1295-40da-ba6a-e92ed62ea648", "value": "vatrobran.hr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168209", "to_ids": true, "type": "hostname", "uuid": "919b6dbc-06fa-46be-b511-5a3c1d2098cf", "value": "welcome.supp0v3.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168230", "to_ids": true, "type": "url", "uuid": "0821b089-320e-4b3a-96b6-12f9e0bc2071", "value": "https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/perfmonitor/perfmonitor-2_2.04.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168252", "to_ids": true, "type": "url", "uuid": "5cc489ed-b12b-4dcd-b2f5-3c6ada43480a", "value": "https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/perfmonitor/PerfMonitor2_Setup.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168273", "to_ids": true, "type": "url", "uuid": "80b5936c-d372-4479-a51e-c7365eaf0ff4", "value": "https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/hwmonitor-pro/hwmonitor-pro_1.57.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168294", "to_ids": true, "type": "url", "uuid": "e9a1fa5d-6ede-4414-b2db-5b3f80eca394", "value": "https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/hwmonitor_1.63.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168316", "to_ids": true, "type": "url", "uuid": "cd6545b4-7dd3-44eb-95c0-183404468caa", "value": "https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/hwmonitor/hwinfo_monitor_setup.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168337", "to_ids": true, "type": "url", "uuid": "492522d3-b98d-4974-838e-abe242c263ee", "value": "https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/cpu-z_2.19-en.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776168359", "to_ids": true, "type": "url", "uuid": "d8a044b9-b5f5-4de8-bc0c-eebcfce3981d", "value": "https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/hwmonitor-pro/hwmonitorpro_1.57_setup.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168380", "uuid": "5a1443e6-f210-4691-9aca-351361d48202", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168380", "to_ids": true, "type": "md5", "uuid": "4725ec37-02f4-4c81-bb72-7299a0aeffa9", "value": "053f5c90467dc3ccedb14a18afd63dd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167007", "to_ids": true, "type": "sha1", "uuid": "cda4b290-22c0-4a9c-83d4-63e5e3942632", "value": "9253111b359c610b5f95ef33c2d1c06795ab01e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167007", "to_ids": true, "type": "sha256", "uuid": "024e7a77-2e47-49e0-ac06-991237a239f5", "value": "66ad4aaf260a5173d8eaa14db52629fd361add8b772f6a4bcc5c10328f0cc3c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166381", "to_ids": true, "type": "ssdeep", "uuid": "000a3d22-41bf-409e-ab85-66e599a69cd3", "value": "98304:Q5OnbpBJcoST4qKHjewHlv2/MKrsSLRhaQ:UtKDeEZ9bQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166381", "to_ids": false, "type": "size-in-bytes", "uuid": "f0997823-46a8-4323-9a73-f5cb88f09780", "value": "4534343" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166381", "to_ids": true, "type": "vhash", "uuid": "0f64f886-e162-4361-b499-75072b9aa1ae", "value": "0460b6666d5c0d5d151c00d016z699zfaz1fz2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166381", "to_ids": true, "type": "filename", "uuid": "54173621-b7e8-4bef-928d-3565cc8a779b", "value": "HWMonitorPro_1.57_Setup.exe" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166381", "to_ids": false, "type": "text", "uuid": "90cedf01-a5a9-43ee-a238-e571adef1af0", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:40/72\nFirst Submission:2026-04-09T17:31:46.000000+00:00\nLast Submission:2026-04-10T22:12:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168401", "uuid": "52a6f05f-b4a3-4ae9-b384-809df6add112", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168401", "to_ids": true, "type": "md5", "uuid": "f8b5f53e-640e-4317-a4d1-ce876374759a", "value": "a8e6a5d92d3e55d901ace395c281ffa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167008", "to_ids": true, "type": "sha1", "uuid": "cb5f49a0-f65e-47db-ac05-d687e167ff1d", "value": "4597f546a622ae55e0775cbcc416b3f1dfd096ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167008", "to_ids": true, "type": "sha256", "uuid": "b52f4799-c410-476a-a4ac-db3833fd5335", "value": "49685018878b9a65ced16730a1842281175476ee5c475f608cadf1cdcc2d9524", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166424", "to_ids": true, "type": "ssdeep", "uuid": "5dceb295-edc4-42d9-992c-82a43e2cd763", "value": "24576:via/5o2ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:vZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166424", "to_ids": false, "type": "size-in-bytes", "uuid": "e9e75815-5551-4972-8c0c-3a322681e437", "value": "2179584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166424", "to_ids": true, "type": "vhash", "uuid": "ddd42cd4-10c9-47c2-8cd5-807b73c51848", "value": "12607665151d151d055az113z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166424", "to_ids": true, "type": "filename", "uuid": "922f39ab-bf5f-4af2-adcf-af422d1b6bd6", "value": "CRYPTBASE.dll" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166424", "to_ids": false, "type": "text", "uuid": "5b57a85b-232e-4d64-a8ae-0d6399f68483", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Supdor\nVT Total Detection:43/72\nFirst Submission:2026-04-09T22:23:20.000000+00:00\nLast Submission:2026-04-13T20:52:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168422", "uuid": "90b508bb-7295-42ba-8162-b0c2065603a7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168422", "to_ids": true, "type": "md5", "uuid": "377486d1-5292-44f3-81e7-5e71a120621f", "value": "bb66fbe524c1ebd85733711db5ce51bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167009", "to_ids": true, "type": "sha1", "uuid": "e5fc7c79-a0b8-4164-a7de-dda656c00c60", "value": "4f3d8c47239bd1585488ce431d931457f101104c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167009", "to_ids": true, "type": "sha256", "uuid": "7fa13026-a1ed-4f1f-9abb-de51574801ec", "value": "1da87f0b8f820f4d4ef71c54c239f176bb2af6f18666cbf5b2433ddc4f87e711", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166446", "to_ids": true, "type": "ssdeep", "uuid": "b6ee6fdf-8b83-4cb4-bf60-9556f1886a24", "value": "24576:WivCQh+82ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:WCCt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166446", "to_ids": false, "type": "size-in-bytes", "uuid": "f218a532-495e-4a61-9841-caa65aec7133", "value": "2179584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166446", "to_ids": true, "type": "vhash", "uuid": "ab98e686-0013-4eea-903e-8bd42a895b1d", "value": "1260766d151d151d055az113z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166446", "to_ids": true, "type": "filename", "uuid": "cbd2b0e7-d63b-4b81-ae26-b3b6ed0fbcbb", "value": "7r9k2hf.exe" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166446", "to_ids": false, "type": "text", "uuid": "2f2d8065-0ae5-4ffb-be94-3b5e512cf52f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Supdor\nVT Total Detection:39/72\nFirst Submission:2026-04-09T22:31:42.000000+00:00\nLast Submission:2026-04-09T22:31:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168443", "uuid": "64dd9d33-1e47-43d6-a5b6-d4f99376a9ed", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168443", "to_ids": true, "type": "md5", "uuid": "34fec82f-9c2b-43c1-82d9-cd3a334598d2", "value": "cdc459a866361463d719bc89622300f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167010", "to_ids": true, "type": "sha1", "uuid": "65b80e01-35aa-426d-b5c1-4d7e0db42148", "value": "02a53d660332c25af623bbb7df57c2aad1b0b91b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167010", "to_ids": true, "type": "sha256", "uuid": "09ceba43-4ea0-4112-b2b6-1d4a6cda4918", "value": "eefc0f986dd3ea376a4a54f80ce0dc3e6491165aefdd7d5d6005da3892ce248f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166468", "to_ids": true, "type": "ssdeep", "uuid": "676704d0-88d6-47d1-a9e8-5f84ff904415", "value": "49152:VuI2hj6XF18ahT8kRdwIcwcBQSuBP9HqT9LnTiHejJkT6Dt7ON9Vnc:V5Oj6JR8kRdwIHcBIHqxLnmMBJ+c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166468", "to_ids": false, "type": "size-in-bytes", "uuid": "ed7eb9f9-c1d6-472a-9a56-6f85129b189c", "value": "4233610" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166468", "to_ids": true, "type": "vhash", "uuid": "7065c769-18b1-4faa-ad30-aca38b394a0a", "value": "0460b6666d5c0d5d151c00d016z699zfaz1fz2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166468", "to_ids": true, "type": "filename", "uuid": "58382614-aff0-4fdf-a26c-41395fdbb468", "value": "eefc0f986dd3ea376a4a54f80ce0dc3e6491165aefdd7d5d6005da3892ce248f.exe" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166468", "to_ids": false, "type": "text", "uuid": "b9d31838-aa8e-4530-b26a-228b9088288d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:53/72\nFirst Submission:2026-04-09T15:23:12.000000+00:00\nLast Submission:2026-04-14T04:20:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168464", "uuid": "413e8541-1f27-4386-bbaf-2a29bb7377e8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168464", "to_ids": true, "type": "md5", "uuid": "ddf9c9a4-5c0c-49d5-92b2-4bdb7e2cd5af", "value": "ff34822b13243c09cbdee05d0410a599", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167012", "to_ids": true, "type": "sha1", "uuid": "696bafad-0524-4289-947a-218cf5855b60", "value": "7c615ce495ac5be1b64604a7c145347adbcd900c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167012", "to_ids": true, "type": "sha256", "uuid": "1bc79bd9-7ffd-420e-a1f1-4903b4c94ec2", "value": "3e791c88d49ac569bc130fc9f41bd7422b4fd24f32458e11e890647478005a7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166489", "to_ids": true, "type": "ssdeep", "uuid": "ff471d98-7584-4b0b-8ff0-6a97a836468d", "value": "49152:uIdel9AXyWf8E/pdCHDoXStl5WmUHaBvSVV1/4CYlXjOAm1YSZ/NDnS7:foQyr8XhHQSVbcjM1Yc/N0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166489", "to_ids": false, "type": "size-in-bytes", "uuid": "5f52bdae-c072-4a06-a1ba-60b1c87bc62a", "value": "2950958" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166489", "to_ids": true, "type": "vhash", "uuid": "75b2e3c9-e597-4a09-b095-a18ebda1716d", "value": "10c4f480811c19729d567655bc037786" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166489", "to_ids": true, "type": "filename", "uuid": "28296c28-7ff0-4d3b-ac5a-c6d2642266a6", "value": "hwmonitor_1.63.zip" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166489", "to_ids": false, "type": "text", "uuid": "0c65e09f-0659-437d-a68e-5dc1c2aded6c", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:21/69\nFirst Submission:2026-04-09T20:54:01.000000+00:00\nLast Submission:2026-04-14T08:38:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168486", "uuid": "fca8aaeb-7bdb-4244-a9c9-2b10e460fcc8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168486", "to_ids": true, "type": "md5", "uuid": "2c143d20-d0cb-4c64-8a58-2e61b25e2948", "value": "efb925113b21da57a68a6ddd0e3f79c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167013", "to_ids": true, "type": "sha1", "uuid": "b1bba7ba-0330-4dfd-84f0-4ce2890747e9", "value": "2f717a77780b8f6b2d853dc4df5ed2b90a3a349a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167013", "to_ids": true, "type": "sha256", "uuid": "57448433-ab3b-44f8-a4ca-b06a9e2602ed", "value": "1009987fe47573275735cc7a5d47b3b96800366784f4155ac416e70cad80ed34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166513", "to_ids": true, "type": "ssdeep", "uuid": "33cb4658-33ec-472d-b9ea-c6f640be7563", "value": "98304:EhFEegBaQbUOGq4Y0UiKHdfGwnqx+OoLamMMrku7:I6aYUrqtiKHdo0Z2mMMrkC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166513", "to_ids": false, "type": "size-in-bytes", "uuid": "254d8c9f-827e-4754-a996-c4a3d6e7388c", "value": "3423845" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166513", "to_ids": true, "type": "vhash", "uuid": "c47b4e27-4824-4385-98c7-2f321e24999c", "value": "7700f5d5a6dfcf430e4da82038774d8c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166513", "to_ids": true, "type": "filename", "uuid": "62164929-9f74-4381-8f3c-a9f978869ee2", "value": "hwmonitor-pro_1.57.zip" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166513", "to_ids": false, "type": "text", "uuid": "b642bb8e-2b29-4026-875d-3d7e4a16acf1", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Suschil!rfn\nVT Total Detection:39/69\nFirst Submission:2026-04-10T02:37:30.000000+00:00\nLast Submission:2026-04-13T23:29:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168507", "uuid": "0852f213-2603-45a8-976e-d2b939e245e9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168507", "to_ids": true, "type": "md5", "uuid": "872b327e-3037-48c2-98cf-304b5c90bf62", "value": "41fa599cadbad1cf32ffd08650755090", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167014", "to_ids": true, "type": "sha1", "uuid": "455f3e22-a11b-46c7-afc9-b7ca05c5b721", "value": "3041a4e2bc5ccefbfd2222a9e23614fb79d6db63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167014", "to_ids": true, "type": "sha256", "uuid": "b2841c38-a57e-4f33-b611-3da40faa4a66", "value": "a6afdcc64e697c013ded61d1e1dff950884ac162323a217e04d1b4d0a24bde07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166535", "to_ids": true, "type": "ssdeep", "uuid": "8a43112d-7452-43eb-b017-7aebb63acddc", "value": "24576:via/5J2ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:vZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166535", "to_ids": false, "type": "size-in-bytes", "uuid": "31ed6526-1715-480e-addc-3a66620a4a49", "value": "2179584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166535", "to_ids": true, "type": "vhash", "uuid": "50630122-8522-4868-91d0-cf1fe06ea9a3", "value": "12607665151d151d055az113z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166535", "to_ids": true, "type": "filename", "uuid": "45978a22-24b5-4749-817a-c54715ba8e7c", "value": "CRYPTBASE.dll" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166535", "to_ids": false, "type": "text", "uuid": "040d3b28-f3da-4108-985b-789566f94215", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DLLHijack.DN!MTB\nVT Total Detection:46/72\nFirst Submission:2026-04-09T15:30:09.000000+00:00\nLast Submission:2026-04-11T04:27:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168528", "uuid": "3e4d275d-9df1-4a17-be98-a4fc80741e41", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168528", "to_ids": true, "type": "md5", "uuid": "ce54f0a9-7c7f-4795-beeb-dfb63ea56c11", "value": "07e6560a11578548bea6a45be490bb41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167015", "to_ids": true, "type": "sha1", "uuid": "3c5d6693-d745-4f6a-b38b-2943fe34511f", "value": "4e3195399a9135247e55781ad13226c6b0e86c0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167015", "to_ids": true, "type": "sha256", "uuid": "145ce644-afb3-4e05-a37c-75a525febffd", "value": "0d5578b212c64d91772a146f7e56f91824ecc10c8394a3ee6ec3e7b99937712c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166556", "to_ids": true, "type": "ssdeep", "uuid": "4ce4c3f9-057b-4e0c-bc80-c1d600a2d888", "value": "24576:via/5A2ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:vZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166556", "to_ids": false, "type": "size-in-bytes", "uuid": "a0aee7c2-ac28-4feb-9880-681c50970fda", "value": "2179584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166556", "to_ids": true, "type": "vhash", "uuid": "7556ee1a-6a82-4008-8071-0ed0da6370f9", "value": "12607665151d151d055az113z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166556", "to_ids": true, "type": "filename", "uuid": "5d71647e-e5cd-4470-9267-18cfacc09a3d", "value": "CRYPTBASE.dll" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166556", "to_ids": false, "type": "text", "uuid": "220eccca-9591-40cb-b738-1a8c05172780", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DLLHijack.DN!MTB\nVT Total Detection:44/72\nFirst Submission:2026-04-09T16:51:13.000000+00:00\nLast Submission:2026-04-14T00:09:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168550", "uuid": "4fae256f-3d23-4db4-b11d-e20ae225fb76", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168550", "to_ids": true, "type": "md5", "uuid": "f4f5249d-9282-4499-af05-123afc60621e", "value": "ed1d6a8b89224e6be13c5b821584d05e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167016", "to_ids": true, "type": "sha1", "uuid": "4d7823ea-90fd-403e-ab84-7907f8eac09d", "value": "6a71656c289201f742787f48398056fcd2aa7274", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167016", "to_ids": true, "type": "sha256", "uuid": "432783d9-337e-47e1-ac46-fcc6c1b429a4", "value": "e0541fb863142ed5fb7b23666bde75d952234038e1fef4c8218ddbc2bba403a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166578", "to_ids": true, "type": "ssdeep", "uuid": "c8d93f01-4609-4c7f-901e-937c95e1462f", "value": "24576:5tIF7+WKi7JTENLd5khlHXdxbTO99Q/J4o2G9xpIVjj3yJSPcNNWT2dzs:3I9+WhsdevbbTccH2oxpI5CJSPcvRzs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166578", "to_ids": false, "type": "size-in-bytes", "uuid": "b9e802fb-bc4a-4b4c-bd1f-7b82c490d605", "value": "1396662" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166578", "to_ids": true, "type": "vhash", "uuid": "8225adab-3cad-46d8-8987-00522a35e683", "value": "9d91a59f13500bf6bde626f632934c76" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166578", "to_ids": true, "type": "filename", "uuid": "236b5dfc-d8c3-4cae-bd9c-747f5b8a8d64", "value": "perfmonitor-2_2.04.zip" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166578", "to_ids": false, "type": "text", "uuid": "4bd971d6-69d0-4592-8f0d-77d0df39edf7", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Suschil!rfn\nVT Total Detection:35/69\nFirst Submission:2026-04-10T01:24:34.000000+00:00\nLast Submission:2026-04-10T05:22:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168571", "uuid": "bb094d87-53f4-4ebf-b347-28c0ddc0e147", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168571", "to_ids": true, "type": "md5", "uuid": "ebfcf58e-2b32-4c78-a859-38876a8e8f6d", "value": "f08df72ec2622006d506ea48b2325b23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167017", "to_ids": true, "type": "sha1", "uuid": "f4e13455-40f3-4321-9908-aca6831932db", "value": "6b49823483889bc1ad152a1be52d1385c4e0affb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167017", "to_ids": true, "type": "sha256", "uuid": "c5d6b3fc-27f3-43dd-8bf4-0b243711beea", "value": "98e0f9c8f5342c1924b3f4c3a7b6b1a566cec326e28b391c47ac7c24f6738dba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166600", "to_ids": true, "type": "ssdeep", "uuid": "016f58d8-d646-4d31-a74d-583c43a17ed3", "value": "24576:via/5E2ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:vZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166600", "to_ids": false, "type": "size-in-bytes", "uuid": "c8b92df2-ff7f-4350-a322-1dba6a9dbd1c", "value": "2179584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166600", "to_ids": true, "type": "vhash", "uuid": "6b713a5c-951f-4663-8029-b1bc06340fc0", "value": "12607665151d151d055az113z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166600", "to_ids": true, "type": "filename", "uuid": "ffa0b199-ab83-4b3b-8ea2-781fa9c22645", "value": "CRYPTBASE.dll" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166600", "to_ids": false, "type": "text", "uuid": "3b2cfbdc-e36f-47da-8ace-ad6041a75a5c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Supdor\nVT Total Detection:47/72\nFirst Submission:2026-04-10T01:49:12.000000+00:00\nLast Submission:2026-04-13T01:31:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168593", "uuid": "d7eee3fd-bbfa-4bac-b44e-4227f84a4f13", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168593", "to_ids": true, "type": "md5", "uuid": "9ae623b5-4b32-4bcd-8b1c-c81db649a51e", "value": "10a4830d3d837741d12efe8a7cc2920a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167018", "to_ids": true, "type": "sha1", "uuid": "56675446-4adc-4cee-8036-b6957901041c", "value": "8351a43a0c0455e4b0793d841fe12625f072f9b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167018", "to_ids": true, "type": "sha256", "uuid": "b9e64a45-3baf-450a-80c3-7236c1b86f72", "value": "58814edae4c0adad75f48092c4c2d312901e8a8b6d6aec5ca724c33ca37a5311", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166622", "to_ids": true, "type": "ssdeep", "uuid": "d1221250-3761-4428-b98e-bf92e5d8ee45", "value": "49152:VuI2hAFuALd9R7FxjZabsSxH80fNTiHejJkT6Dt7ON9Vnz86:V5OrgV7FxFabsSxcANmMBJ+zJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166622", "to_ids": false, "type": "size-in-bytes", "uuid": "a5331728-c385-4a71-874c-9f199bc2dd84", "value": "3206264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166622", "to_ids": true, "type": "vhash", "uuid": "36af6209-348d-4d88-bc10-4f100aac1481", "value": "0360b6666d5c0d5d151c00d016z699zfaz1fz2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166622", "to_ids": true, "type": "filename", "uuid": "026e4889-35d0-4d7b-8d2a-6d74ea2088de", "value": "PerfMonitor2_Setup.exe" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166622", "to_ids": false, "type": "text", "uuid": "b35b4c0f-5ec7-4c52-a582-996080615aba", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win64/Supdor\nVT Total Detection:42/72\nFirst Submission:2026-04-10T01:24:27.000000+00:00\nLast Submission:2026-04-13T23:28:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168615", "uuid": "fd63facc-e5a0-4109-b9e9-49575fff5582", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168615", "to_ids": true, "type": "md5", "uuid": "25264d0a-70fc-4df9-93c6-b0160b53727b", "value": "457384589e445815791358c6f10a68b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167019", "to_ids": true, "type": "sha1", "uuid": "38c8c55a-bca5-4f6d-a92b-97db43eb7e87", "value": "a06955d253711385eaa6f5af76fa9fa47bdeb1e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167019", "to_ids": true, "type": "sha256", "uuid": "ab556f17-d221-4ecb-a76b-86fd16a7fae2", "value": "cd7385e7efb41f530027faf485a825175aa483c7b69f5ac73f1e57d2d4eedffb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166644", "to_ids": true, "type": "ssdeep", "uuid": "48561d32-5c52-4969-b6bc-8b6774345ed7", "value": "24576:via/5u2ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:vZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166644", "to_ids": false, "type": "size-in-bytes", "uuid": "e058fe09-cf80-4de8-89c5-51c3c2edb09a", "value": "2179584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166644", "to_ids": true, "type": "vhash", "uuid": "fecb9996-9bdb-48cf-9c0e-f56979ebc337", "value": "12607665151d151d055az113z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166644", "to_ids": true, "type": "filename", "uuid": "e74fb82e-955f-4cba-a2c6-093365c6cbaa", "value": "CRYPTBASE.dll" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166644", "to_ids": false, "type": "text", "uuid": "18ea5570-a594-4b49-92a3-0a1d65b6776f", "value": "Type Description: Win32 DLL\nNoneMicrosoft: Trojan:Win64/Supdor\nVT Total Detection:44/71\nFirst Submission:2026-04-10T01:26:35.000000+00:00\nLast Submission:2026-04-10T01:26:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168636", "uuid": "b5c53471-27ea-4a58-9758-3de59c43fbc1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168636", "to_ids": true, "type": "md5", "uuid": "f74314e4-1782-4281-9099-fce9475a3a07", "value": "82d02f796d124239af2419ddd8b8082a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167020", "to_ids": true, "type": "sha1", "uuid": "f52a0be1-4871-496d-b959-74efb706393e", "value": "ba19e03ca03785e89010672d7e273ac343e4699a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167020", "to_ids": true, "type": "sha256", "uuid": "aa6049f7-9d3b-4175-ae45-522090362114", "value": "2c377564149f40b8eae7ff55f92ff4843d2c031041025ac3c196f51c94f1c54b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166665", "to_ids": true, "type": "ssdeep", "uuid": "8139dd03-a0df-46cd-9749-1d2e9bd12d2c", "value": "24576:via/5S2ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:vZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166665", "to_ids": false, "type": "size-in-bytes", "uuid": "6327ff57-bcb2-479b-b28f-07bdabe1083e", "value": "2179584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166665", "to_ids": true, "type": "vhash", "uuid": "33e4be09-3a89-41c3-8797-517842fd7763", "value": "12607665151d151d055az113z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166665", "to_ids": true, "type": "filename", "uuid": "ed7bd867-d1ce-4579-86f7-89e86f4cfc33", "value": "CRYPTBASE.dll" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166665", "to_ids": false, "type": "text", "uuid": "3ff7bb5e-a8c4-4fa4-ade1-1d3991b0c3a7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Supdor\nVT Total Detection:44/72\nFirst Submission:2026-04-09T17:54:08.000000+00:00\nLast Submission:2026-04-12T10:36:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168657", "uuid": "cd9ade73-2727-4181-a742-d5b9c08e5dc8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168657", "to_ids": true, "type": "md5", "uuid": "4f916b88-1d1d-41ec-8de9-69a18941dfce", "value": "caa1ff889074070addf97811a4a0ed66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167021", "to_ids": true, "type": "sha1", "uuid": "f47bc48b-c9c9-47fe-afe6-ea87d29b586d", "value": "c417c3a4b094646d06a06103639a5c9faabc9ba4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167021", "to_ids": true, "type": "sha256", "uuid": "c99b9bdf-3747-462b-af6e-ee170e853d4e", "value": "f43b44d3e8e28930c23dd29db13909281fc896f5704162d4139a264616ad0df5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166687", "to_ids": true, "type": "ssdeep", "uuid": "c59ffbac-deb0-4946-8a87-dc25fa2605ec", "value": "49152:RIZdFoqot8E/pdCHDoXStl5WmUHaBvSVb1/4CYlXjOAm1YSZ/NDnSi:SZ9oQ8XhHQSVFcjM1Yc/N9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166687", "to_ids": false, "type": "size-in-bytes", "uuid": "7eb6df7d-ae65-42b3-9b7a-b50899d5c40f", "value": "2951001" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166687", "to_ids": true, "type": "vhash", "uuid": "eb957514-f6e2-4494-ac96-19418b32f051", "value": "10c4f480811c19729d567655bc037786" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166687", "to_ids": true, "type": "filename", "uuid": "c6e45579-b23c-4da4-9ed9-785a1de715fd", "value": "hwmonitor_1.63 (2).zip" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166687", "to_ids": false, "type": "text", "uuid": "e3184a29-bf12-48eb-b2eb-e2b4c89003b8", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Suschil!rfn\nVT Total Detection:37/69\nFirst Submission:2026-04-09T15:28:50.000000+00:00\nLast Submission:2026-04-14T08:35:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168679", "uuid": "faaf839e-a5b9-4761-b3b2-870bab399648", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168679", "to_ids": true, "type": "md5", "uuid": "09c1eec9-6554-4aed-9cf4-afdde957a60f", "value": "8b76280eaa6f34b3d3fc55e14f676314", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167023", "to_ids": true, "type": "sha1", "uuid": "d59e0e79-e96a-457c-97fb-5cafa2b4150d", "value": "c65e515b9c9655c651c939b94574cf39b40a8be2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167023", "to_ids": true, "type": "sha256", "uuid": "467200ab-3dcc-4834-b918-9bf171673007", "value": "776446faf98a68f6ebc36e800455645cf04197edd4c249c6b2fe178c86b18652", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166709", "to_ids": true, "type": "ssdeep", "uuid": "40c0e478-4fcd-43d0-ac44-e6080e182d38", "value": "24576:via/5G2ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:vZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166709", "to_ids": false, "type": "size-in-bytes", "uuid": "4207d7ce-e4cb-4d00-b8ef-cfc0fa067f0d", "value": "2179584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166709", "to_ids": true, "type": "vhash", "uuid": "f2516be1-c0bd-43a0-8d9a-df5219316826", "value": "12607665151d151d055az113z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166709", "to_ids": true, "type": "filename", "uuid": "5c527016-ce40-4498-ad3a-d0de09cdbe35", "value": "CRYPTBASE.dll" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166709", "to_ids": false, "type": "text", "uuid": "e0cfd3c7-5bac-42b6-885d-48d3b8744cc9", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/DLLHijack.DN!MTB\nVT Total Detection:47/72\nFirst Submission:2026-04-10T01:46:22.000000+00:00\nLast Submission:2026-04-13T15:04:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168700", "uuid": "66c5b5ba-7043-41d1-9e1f-860619173d06", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168700", "to_ids": true, "type": "md5", "uuid": "ff5f9d7f-fe5c-447d-93eb-42cdd8fb3a0a", "value": "9bb330aabcc41bae4c596a0c5f36c013", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167024", "to_ids": true, "type": "sha1", "uuid": "a48bb4d9-e09f-46a8-b079-4472190bab4c", "value": "d0568eaa55f495fd756fa205997ae8d93588d2a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167024", "to_ids": true, "type": "sha256", "uuid": "f9bdafa0-f4a0-4d8a-b9b3-15f9f8ceb87a", "value": "9932fa8d24b3e9a1e39a722fe6e34e75cdd3feb51fcdab67d636d95b4f068935", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166730", "to_ids": true, "type": "ssdeep", "uuid": "f02c034b-6898-4a07-8e50-f5fab1a1c5ba", "value": "98304:xowHq8jJTsBta+056pchCmjU9GNbvgpuJz5SBUvnxY0vaed5F:bljJjh6mgmj5NiOz5S+vne0CI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166730", "to_ids": false, "type": "size-in-bytes", "uuid": "76f383ba-f284-466c-a56d-05d1cb81251a", "value": "6050584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166730", "to_ids": true, "type": "vhash", "uuid": "c676e9bc-65b8-4cb1-ae8b-0f1f32bb3b0d", "value": "4a4c420b64c69789ec47c5d7e10d770d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166730", "to_ids": true, "type": "filename", "uuid": "93e56d3a-d76d-4a7b-bd6d-fc3b0747959e", "value": "cpu-z_2.19-en.zip" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166730", "to_ids": false, "type": "text", "uuid": "970f898c-e531-4560-90f6-24f23512f960", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win64/Supdor\nVT Total Detection:37/69\nFirst Submission:2026-04-09T16:49:33.000000+00:00\nLast Submission:2026-04-14T08:34:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776168722", "uuid": "450705f8-539d-4b70-bcab-ec4b5d06ba01", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776168722", "to_ids": true, "type": "md5", "uuid": "9cefd93a-8da3-4917-b18c-ed4fd8d9c3cf", "value": "f9383b7840ff31fe914e13cd5924993f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776167024", "to_ids": true, "type": "sha1", "uuid": "ddebe240-ad0c-4022-95d1-1aa39dff48eb", "value": "e2464454017cd02a8bc6744596c384cf91cdd67e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776167025", "to_ids": true, "type": "sha256", "uuid": "dbd6c782-5838-45f9-879a-9ec162c75520", "value": "8a6c39f97fb86a4ff9dc9226fa8b3445c5fe123abab532ea6afb9be2608780e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776166752", "to_ids": true, "type": "ssdeep", "uuid": "e3094966-0586-4b48-ab9b-f069689c6c68", "value": "24576:I7Pml7Vo2ZXAdQ0YtjvM2GdXVJKMbcBBp6Rb2qHs96eHNuL:2G7V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776166752", "to_ids": false, "type": "size-in-bytes", "uuid": "2ece33fc-7d5a-427d-9b66-ea4023326e6e", "value": "2217472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776166752", "to_ids": true, "type": "vhash", "uuid": "dddfe845-1014-4e94-bdf1-d5cec7201778", "value": "12607665151d151d055az14z3xz13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776166752", "to_ids": true, "type": "filename", "uuid": "fd0965a0-7192-4408-b7ba-f4e4eba41475", "value": "_8a6c39f97fb86a4ff9dc9226fa8b3445c5fe123abab532ea6afb9be2608780e1.dll" }, { "category": "Other", "comment": "Checked: 14/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776166752", "to_ids": false, "type": "text", "uuid": "36082820-b1c2-428d-9b14-e5789de6a243", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Supdor\nVT Total Detection:45/72\nFirst Submission:2026-03-15T02:28:20.000000+00:00\nLast Submission:2026-04-10T10:27:48.000000+00:00" } ] } ] } }